From owner-freebsd-net@FreeBSD.ORG Mon May 26 13:45:50 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B57261065682 for ; Mon, 26 May 2008 13:45:50 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from mail.zoral.com.ua (skuns.zoral.com.ua [91.193.166.194]) by mx1.freebsd.org (Postfix) with ESMTP id 044548FC20 for ; Mon, 26 May 2008 13:45:49 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from deviant.kiev.zoral.com.ua (root@deviant.kiev.zoral.com.ua [10.1.1.148]) by mail.zoral.com.ua (8.14.2/8.14.2) with ESMTP id m4QDUkTx075828 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 26 May 2008 16:30:46 +0300 (EEST) (envelope-from kostikbel@gmail.com) Received: from deviant.kiev.zoral.com.ua (kostik@localhost [127.0.0.1]) by deviant.kiev.zoral.com.ua (8.14.2/8.14.2) with ESMTP id m4QDUkah098603; Mon, 26 May 2008 16:30:46 +0300 (EEST) (envelope-from kostikbel@gmail.com) Received: (from kostik@localhost) by deviant.kiev.zoral.com.ua (8.14.2/8.14.2/Submit) id m4QDUjAF098602; Mon, 26 May 2008 16:30:45 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: deviant.kiev.zoral.com.ua: kostik set sender to kostikbel@gmail.com using -f Date: Mon, 26 May 2008 16:30:45 +0300 From: Kostik Belousov To: Andrew Edwards Message-ID: <20080526133045.GJ21317@deviant.kiev.zoral.com.ua> References: <5230D3C40B842D4F9FB3CD368021BEF7020107F1@exchange-2.sandvine.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="q5r20fdKX+PFtYHw" Content-Disposition: inline In-Reply-To: <5230D3C40B842D4F9FB3CD368021BEF7020107F1@exchange-2.sandvine.com> User-Agent: Mutt/1.4.2.3i X-Virus-Scanned: ClamAV version 0.91.2, clamav-milter version 0.91.2 on skuns.kiev.zoral.com.ua X-Virus-Status: Clean X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.2.4 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on skuns.kiev.zoral.com.ua Cc: freebsd-net@freebsd.org Subject: Re: panic in nfsd in freebsd7-release and -stable X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 May 2008 13:45:50 -0000 --q5r20fdKX+PFtYHw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, May 25, 2008 at 09:28:36PM -0400, Andrew Edwards wrote: > I have a system that was running some version of redhat (I don't > remember now) and I upgraded it to freebsd7 and I would get an immediate > panic when nfsd is started. I then updated to 7-stable (on May 24th) > and built a new kerenl and userland and the panic continued.=20 >=20 > This was happening 100% of the time whenever nfsd is started but what I > later discovered was that because I had used the same IP's as the linux > host there were some systems that still had a filesystem mounted from > before the conversion. I put in an ipfw rule to block those hosts and > then I was able to start nfsd without crashing and then create new > mounts. I have been able to work-around the issue by forcing all of the > servers that were mounting from the linux os to remount, I am only > including this information just in case someone else runs into a similar > problem. >=20 > Thanks, > Andrew >=20 > Here's the backtrace >=20 > Fatal trap 12: page fault while in kernel mode > cpuid =3D 1; apic id =3D 06 > fault virtual address =3D 0x18 > fault code =3D supervisor read, page not present > instruction pointer =3D 0x20:0xc06ce915 > stack pointer =3D 0x28:0xe8f32a48 > frame pointer =3D 0x28:0xe8f32a64 > code segment =3D base 0x0, limit 0xfffff, type 0x1b > =3D DPL 0, pres 1, def32 1, gran 1 > processor eflags =3D resume, IOPL =3D 0 > current process =3D 755 (nfsd) > trap number =3D 12 > panic: page fault > cpuid =3D 1 > Uptime: 40m22s > Physical memory: 3318 MB > Dumping 93 MB: 78 62 46 30 14 >=20 > #0 doadump () at pcpu.h:195 > 195 pcpu.h: No such file or directory. > in pcpu.h > (kgdb) bt > #0 doadump () at pcpu.h:195 > #1 0xc069a917 in boot (howto=3D260) at > /usr/src/sys/kern/kern_shutdown.c:418 > #2 0xc069ac13 in panic (fmt=3DVariable "fmt" is not available. > ) at /usr/src/sys/kern/kern_shutdown.c:572 > #3 0xc0926763 in trap_fatal (frame=3D0xe8f32a08, eva=3D24) > at /usr/src/sys/i386/i386/trap.c:899 > #4 0xc09270ff in trap (frame=3D0xe8f32a08) at > /usr/src/sys/i386/i386/trap.c:280 > #5 0xc090c84b in calltrap () at /usr/src/sys/i386/i386/exception.s:139 > #6 0xc06ce915 in turnstile_broadcast (ts=3D0x0, queue=3D0) > at /usr/src/sys/kern/subr_turnstile.c:835 > #7 0xc068d292 in _mtx_unlock_sleep (m=3D0xc0a47e10, opts=3D0, file=3D0x0, > line=3D0) > at /usr/src/sys/kern/kern_mutex.c:611 > #8 0xc0849b79 in nfsrv3_access (nfsd=3D0xc6ba5d00, slp=3D0xc6b7f700, > td=3D0xc6856c60, mrq=3D0xe8f32c58) at > /usr/src/sys/nfsserver/nfs_serv.c:253 > #9 0xc085bc71 in nfssvc (td=3D0xc6856c60, uap=3D0xe8f32cfc) > at /usr/src/sys/nfsserver/nfs_syscalls.c:461 > #10 0xc0926d35 in syscall (frame=3D0xe8f32d38) > at /usr/src/sys/i386/i386/trap.c:1035 > #11 0xc090c8b0 in Xint0x80_syscall () > at /usr/src/sys/i386/i386/exception.s:196 > #12 0x00000033 in ?? () Please, test the change below. The nfsm_srvmtofh() may execute nfsm_reply(), that contains the goto nfsmou= t. Since the code under the label includes conditional unlock of the Giant, vfslocked must be initialized prior to the nfsm_srvmtofh. I found three ommissions. The patch also contains the removal of the duplicated code for the rev. 1.1= 79. diff --git a/sys/nfsserver/nfs_serv.c b/sys/nfsserver/nfs_serv.c index 5343627..6e716e4 100644 --- a/sys/nfsserver/nfs_serv.c +++ b/sys/nfsserver/nfs_serv.c @@ -210,6 +210,7 @@ nfsrv3_access(struct nfsrv_descript *nfsd, struct nfssv= c_sock *slp, nfsdbprintf(("%s %d\n", __FILE__, __LINE__)); if (!v3) panic("nfsrv3_access: v3 proc called on a v2 connection"); + vfslocked =3D 0; fhp =3D &nfh.fh_generic; nfsm_srvmtofh(fhp); tl =3D nfsm_dissect_nonblock(u_int32_t *, NFSX_UNSIGNED); @@ -1285,6 +1286,7 @@ nfsrv_writegather(struct nfsrv_descript **ndp, struct= nfssvc_sock *slp, i =3D 0; len =3D 0; #endif + vfslocked =3D 0; *mrq =3D NULL; if (*ndp) { nfsd =3D *ndp; @@ -2146,7 +2148,7 @@ nfsrv_remove(struct nfsrv_descript *nfsd, struct nfss= vc_sock *slp, nfsfh_t nfh; fhandle_t *fhp; struct mount *mp =3D NULL; - int vfslocked, vfslocked1; + int vfslocked; =20 nfsdbprintf(("%s %d\n", __FILE__, __LINE__)); ndclear(&nd); @@ -2168,11 +2170,7 @@ nfsrv_remove(struct nfsrv_descript *nfsd, struct nfs= svc_sock *slp, nd.ni_cnd.cn_flags =3D LOCKPARENT | LOCKLEAF | MPSAFE; error =3D nfs_namei(&nd, fhp, len, slp, nam, &md, &dpos, &dirp, v3, &dirfor, &dirfor_ret, td, FALSE); - vfslocked1 =3D NDHASGIANT(&nd); - if (vfslocked && vfslocked1) - VFS_UNLOCK_GIANT(vfslocked1); - if (vfslocked || vfslocked1) - vfslocked =3D 1; + vfslocked =3D nfsrv_lockedpair_nd(vfslocked, &nd); if (dirp && !v3) { vrele(dirp); dirp =3D NULL; @@ -4132,6 +4130,7 @@ nfsrv_pathconf(struct nfsrv_descript *nfsd, struct nf= ssvc_sock *slp, nfsdbprintf(("%s %d\n", __FILE__, __LINE__)); if (!v3) panic("nfsrv_pathconf: v3 proc called on a v2 connection"); + vfslocked =3D 0; fhp =3D &nfh.fh_generic; nfsm_srvmtofh(fhp); error =3D nfsrv_fhtovp(fhp, 1, &vp, &vfslocked, cred, slp, --q5r20fdKX+PFtYHw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEARECAAYFAkg6u4QACgkQC3+MBN1Mb4gT4wCfcI9peb/61zU5j2zYzVzhOPIr r8IAoJQpHmZq2FiQ02R4fiDxJ+bLaY94 =DM3s -----END PGP SIGNATURE----- --q5r20fdKX+PFtYHw--