Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 02 Oct 2008 22:58:00 +0200
From:      Volker Werth <vwe@freebsd.org>
To:        Weldon Godfrey <wgodfrey@ena.com>
Cc:        freebsd-bugs@FreeBSD.org
Subject:   Re: kern/125149: [zfs][nfs] changing into .zfs dir from nfs client causes endless panic loop
Message-ID:  <48E535D8.4030101@freebsd.org>
In-Reply-To: <A7B0A9F02975A74A845FE85D0B95B8FA0A1107A6@misex01.ena.com>
References:  <200810012106.m91L6jq2007417@freefall.freebsd.org> <A7B0A9F02975A74A845FE85D0B95B8FA0A1107A6@misex01.ena.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 10/02/08 21:05, Weldon Godfrey wrote:
> Yes, I can replicate statting .zfs dir from NFS client causes FreeBSD to
> panic and reboot, this time from CentOS 5.0 box.  ...
> 
> 
> Replicate:
> 
> [root@asmtp2 ~]# df
> Filesystem           1K-blocks      Used Available Use% Mounted on
> /dev/mapper/VolGroup00-LogVol00
>                       60817412   2814548  54863692   5% /
> /dev/sda1               101086     28729     67138  30% /boot
> tmpfs                  2008628         0   2008628   0% /dev/shm
> 192.168.2.22:/vol/enamail
>                      1286702144 1032758816 253943328  81%
> /var/spool/mail
> 192.168.2.21:/vol/exports/gaggle
>                      400959408 144327584 256631824  36%
> /var/spool/mail/archive/gaggle
> 192.168.2.36:/export/store1-1
>                      1413955712   4619136 1409336576   1%
> /var/spool/mail/store1-1
> [root@asmtp2 ~]# 
> [root@asmtp2 ~]# 
> [root@asmtp2 ~]# cd /var/spool/mail/store1-1
> [root@asmtp2 store1-1]# ls
> 1  2  3  4  5  6  7  8  9  crap
> [root@asmtp2 store1-1]# cd .zfs
> [root@asmtp2 .zfs]# ls
> (FreeBSD ZFS server panics here)
> 
> Weldon
> 
> Backtrace:
> 
> store1# kgdb /usr/obj/usr/src/sys/GENERIC/kernel.debug vmcore.27
> [GDB will not be able to debug user-mode threads:
> /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
> GNU gdb 6.1.1 [FreeBSD]
> Copyright 2004 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you
> are
> welcome to change it and/or distribute copies of it under certain
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for
> details.
> This GDB was configured as "amd64-marcel-freebsd".
> 
> Unread portion of the kernel message buffer:
> 
> 
> Fatal trap 12: page fault while in kernel mode
> cpuid = 5; apic id = 05
> fault virtual address   = 0x108
> fault code              = supervisor write data, page not present
> instruction pointer     = 0x8:0xffffffff804f06fa
> stack pointer           = 0x10:0xffffffffdf761590
> frame pointer           = 0x10:0x4
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, long 1, def32 0, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 807 (nfsd)
> trap number             = 12
> panic: page fault
> cpuid = 5
> Uptime: 1m19s
> Physical memory: 16367 MB
> Dumping 891 MB: 876 860 844 828 812 796 780 764 748 732 716 700 684 668
> 652 636 620 604 588 572 556 540 524 508 492 476 460 444 428 412 396 380
> 364 348 332 316 300 284 268 252 236 220 204 188 172 156 140 124 108 92
> 76 60 44 28 12
> 
> #0  doadump () at pcpu.h:194
> 194     pcpu.h: No such file or directory.
>         in pcpu.h
> (kgdb) vt
> Undefined command: "vt".  Try "help".
> (kgdb) bt
> #0  doadump () at pcpu.h:194
> #1  0x0000000000000004 in ?? ()
> #2  0xffffffff80477699 in boot (howto=260) at
> /usr/src/sys/kern/kern_shutdown.c:409
> #3  0xffffffff80477a9d in panic (fmt=0x104 <Address 0x104 out of
> bounds>) at /usr/src/sys/kern/kern_shutdown.c:563
> #4  0xffffffff8072ed24 in trap_fatal (frame=0xffffff00059a0340,
> eva=18446742974291977320)
>     at /usr/src/sys/amd64/amd64/trap.c:724
> #5  0xffffffff8072f0f5 in trap_pfault (frame=0xffffffffdf7614e0,
> usermode=0) at /usr/src/sys/amd64/amd64/trap.c:641
> #6  0xffffffff8072fa38 in trap (frame=0xffffffffdf7614e0) at
> /usr/src/sys/amd64/amd64/trap.c:410
> #7  0xffffffff807156ae in calltrap () at
> /usr/src/sys/amd64/amd64/exception.S:169
> #8  0xffffffff804f06fa in vput (vp=0x0) at atomic.h:142
> #9  0xffffffff8060670d in nfsrv_readdirplus (nfsd=0xffffff000584f100,
> slp=0xffffff0005725900, 
>     td=0xffffff00059a0340, mrq=0xffffffffdf761af0) at
> /usr/src/sys/nfsserver/nfs_serv.c:3613
> #10 0xffffffff80615a5d in nfssvc (td=Variable "td" is not available.
> ) at /usr/src/sys/nfsserver/nfs_syscalls.c:461
> #11 0xffffffff8072f377 in syscall (frame=0xffffffffdf761c70) at
> /usr/src/sys/amd64/amd64/trap.c:852
> #12 0xffffffff807158bb in Xfast_syscall () at
> /usr/src/sys/amd64/amd64/exception.S:290
> #13 0x000000080068746c in ?? ()
> Previous frame inner to this frame (corrupt stack?)
> 
> 

Weldon,

can you please try the following from kgdb and send the output:

(kgdb) frame 9
(kgdb) list
(kgdb) p *vp
(kgdb) p *dp
(kgdb) frame 8
(kgdb) list

Please keep the core dump as we might need to check some variable values
later.

I think the problem is the NULL pointer to vput. A maintainer needs to
check how nvp can get a NULL pointer (judging by assuming my fresh
codebase is not too different from yours).

Thanks

Volker

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48E535D8.4030101>