Date: Mon, 10 Dec 2012 12:30:40 GMT From: Petr Lampa <lampa@fit.vutbr.cz> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/174324: syncer quota panic Message-ID: <201212101230.qBACUe0u081279@red.freebsd.org> Resent-Message-ID: <201212101240.qBACe07q070893@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 174324
>Category: kern
>Synopsis: syncer quota panic
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Dec 10 12:40:00 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Petr Lampa
>Release: 9.1-PRERELEASE
>Organization:
BUT FIT
>Environment:
FreeBSD xxx 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #7: Mon Dec 10 10:55:10 CET 2012 root@xxxxxx:/usr/src/sys/i386/compile/GATE i386
>Description:
Kernel panic with quota enabled in qsync():
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x0
Stopped at __mnt_vnode_markerfree_all+0x78: movl %eax,0(%edx)
where
#12 0xc06f3bc8 in __mnt_vnode_markerfree_all (mvp=0xec05bb70, mp=0xc60c0ce4)
at /usr/src/sys/kern/vfs_subr.c:4723
#13 0xc07e39ae in qsync (mp=0xc60c0ce4)
at /usr/src/sys/ufs/ufs/ufs_quota.c:1055
#14 0xc07d3a2f in ffs_sync (mp=0xc60c0ce4, waitfor=3)
at /usr/src/sys/ufs/ffs/ffs_vfsops.c:1469
#15 0xc06fc6d2 in sync_fsync (ap=0xec05bc4c)
at /usr/src/sys/kern/vfs_subr.c:3692
#16 0xc087d7d2 in VOP_FSYNC_APV (vop=0xc0928820, a=0xec05bc4c)
at vnode_if.c:1267
#17 0xc06fa3ce in sync_vnode (slp=Variable "slp" is not available.
) at vnode_if.h:549
#18 0xc06fa7c2 in sched_sync () at /usr/src/sys/kern/vfs_subr.c:1914
#19 0xc062f166 in fork_exit (callout=0xc06fa500 <sched_sync>, arg=0x0,
frame=0xec05bd08) at /usr/src/sys/kern/kern_fork.c:992
#20 0xc0845454 in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:276
(kgdb) p **mvp
$2 = {v_type = VMARKER, v_tag = 0x0, v_op = 0x0, v_data = 0x0,
v_mount = 0xc60c0ce4, v_nmntvnodes = {tqe_next = 0x0, tqe_prev = 0x0},
v_un = {vu_mount = 0x0, vu_socket = 0x0, vu_cdev = 0x0, vu_fifoinfo = 0x0},
v_hashlist = {le_next = 0x0, le_prev = 0x0}, v_hash = 0, v_cache_src = {
lh_first = 0x0}, v_cache_dst = {tqh_first = 0x0, tqh_last = 0x0},
v_cache_dd = 0x0, v_cstart = 0, v_lasta = 0, v_lastw = 0, v_clen = 0,
v_lock = {lock_object = {lo_name = 0x0, lo_flags = 0, lo_data = 0,
lo_witness = 0x0}, lk_lock = 0, lk_exslpfail = 0, lk_timo = 0,
lk_pri = 0}, v_interlock = {lock_object = {lo_name = 0x0, lo_flags = 0,
lo_data = 0, lo_witness = 0x0}, mtx_lock = 0}, v_vnlock = 0x0,
v_holdcnt = 0, v_usecount = 0, v_iflag = 0, v_vflag = 0, v_writecount = 0,
v_actfreelist = {tqe_next = 0xc76407c4, tqe_prev = 0xc7643f10}, v_bufobj = {
bo_mtx = {lock_object = {lo_name = 0x0, lo_flags = 0, lo_data = 0,
lo_witness = 0x0}, mtx_lock = 0}, bo_clean = {bv_hd = {
tqh_first = 0x0, tqh_last = 0x0}, bv_root = 0x0, bv_cnt = 0},
bo_dirty = {bv_hd = {tqh_first = 0x0, tqh_last = 0x0}, bv_root = 0x0,
bv_cnt = 0}, bo_numoutput = 0, bo_flag = 0, bo_ops = 0x0, bo_bsize = 0,
bo_object = 0x0, bo_synclist = {le_next = 0x0, le_prev = 0x0},
bo_private = 0x0, __bo_vnode = 0x0}, v_pollinfo = 0x0, v_label = 0x0,
v_lockf = 0x0, v_rl = {rl_waiters = {tqh_first = 0x0, tqh_last = 0x0},
rl_currdep = 0x0}}
It looks that qsync() in ufs_quota.c tries to free VNODE_MARKER for active list using MNT_VNODE_FOREACH_ALL_ABORT() which frees VNODE_MARKER for inactive list!
>How-To-Repeat:
>Fix:
Change MNT_VNODE_FOREACH_ALL_ABORT() to MNT_VNODE_FOREACH_ACTIVE_ABORT()?
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201212101230.qBACUe0u081279>