From owner-freebsd-fs  Mon Feb 24 13:55:37 2003
Delivered-To: freebsd-fs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BB36437B401
	for <freebsd-fs@FreeBSD.ORG>; Mon, 24 Feb 2003 13:55:34 -0800 (PST)
Received: from gs166.sp.cs.cmu.edu (GS166.SP.CS.CMU.EDU [128.2.205.169])
	by mx1.FreeBSD.org (Postfix) with SMTP id 0E5BE43FAF
	for <freebsd-fs@FreeBSD.ORG>; Mon, 24 Feb 2003 13:55:34 -0800 (PST)
	(envelope-from dpelleg@gs166.sp.cs.cmu.edu)
To: freebsd-fs@FreeBSD.ORG
Subject: UFS panics, NFS+quota
From: Dan Pelleg <daniel+bsd@pelleg.org>
Date: 24 Feb 2003 16:55:19 -0500
Message-ID: <u2sisv9l4xk.fsf@gs166.sp.cs.cmu.edu>
Lines: 80
User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-fs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-fs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-fs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-fs>
X-Loop: FreeBSD.org


I'm getting occasional crashes on this 4.7-RELEASE-p2 NFS server. In the
past the crashes were somewhat correlated with big (multiple files, >10GB
total) deletions on the NFS volume in the 12-24 hours preceding the
crash. This time, it happened during a big write from a NFS
client. Softupdates and quota is on. I'm attaching my attempt at debugging
though I'll admit I know nothing about this piece of code.

Note a similar trace I posted about 10 months ago at:
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=865575+0+/usr/local/www/db/text/2002/freebsd-stable/20020519.freebsd-stable

That one, too, was in getinoquota().

I'll gladly provide more details on request.

-- 

  Dan Pelleg



IdlePTD at phsyical address 0x0047d000
initial pcb at physical address 0x003d1940
panicstr: page fault
panic messages:
---
Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x0
fault code              = supervisor write, page not present
instruction pointer     = 0x8:0xc02c14da
stack pointer           = 0x10:0xeac519a4
frame pointer           = 0x10:0xeac519f4
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 117 (nfsd)
interrupt mask          = none
trap number             = 12
panic: page fault

syncing disks... 25 6 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 
giving up on 1 buffers
Uptime: 68d22h13m15s
(da2:ahc1:0:0:0): SYNCHRONIZE CACHE. CDB: 35 0 0 0 0 0 0 0 0 0 
(da2:ahc1:0:0:0): ILLEGAL REQUEST asc:20,0
(da2:ahc1:0:0:0): Invalid command operation code

...

(kgdb) where
#0  dumpsys () at /usr/src/sys/kern/kern_shutdown.c:487
#1  0xc01c1c97 in boot (howto=256) at /usr/src/sys/kern/kern_shutdown.c:316
#2  0xc01c20bc in poweroff_wait (junk=0xc036376c, howto=-1070189937) at /usr/src/sys/kern/kern_shutdown.c:595
#3  0xc0304b8a in trap_fatal (frame=0xeac51964, eva=0) at /usr/src/sys/i386/i386/trap.c:974
#4  0xc030485d in trap_pfault (frame=0xeac51964, usermode=0, eva=0) at /usr/src/sys/i386/i386/trap.c:867
#5  0xc0304447 in trap (frame={tf_fs = 16, tf_es = -1071972336, tf_ds = 16, tf_edi = -356261184, tf_esi = -961507048, 
      tf_ebp = -356181516, tf_isp = -356181616, tf_ebx = -957144960, tf_edx = 0, tf_ecx = -876541184, tf_eax = 0, tf_trapno = 12, 
      tf_err = 2, tf_eip = -1070852902, tf_cs = 8, tf_eflags = 66118, tf_esp = -876541184, tf_ss = -316964672})
    at /usr/src/sys/i386/i386/trap.c:466
#6  0xc02c14da in dqget (vp=0xed1b80c0, id=100, ump=0xc6d1ae00, type=1, dqp=0xcbc10b48) at /usr/src/sys/ufs/ufs/ufs_quota.c:763
#7  0xc02c091f in getinoquota (ip=0xcbc10b00) at /usr/src/sys/ufs/ufs/ufs_quota.c:104
#8  0xc02c3859 in ufs_mkdir (ap=0xeac51bf8) at /usr/src/sys/ufs/ufs/ufs_vnops.c:1374
#9  0xc02c4a1d in ufs_vnoperate (ap=0xeac51bf8) at /usr/src/sys/ufs/ufs/ufs_vnops.c:2422
#10 0xc0246c98 in nfsrv_mkdir (nfsd=0xc7d5c900, slp=0xc829c400, procp=0xe5b320c0, mrq=0xeac51df8) at vnode_if.h:674
#11 0xc025629a in nfssvc_nfsd (nsd=0xeac51e58, argp=0x807da20 "", p=0xe5b320c0) at /usr/src/sys/nfs/nfs_syscalls.c:602
#12 0xc0255bf3 in nfssvc (p=0xe5b320c0, uap=0xeac51f80) at /usr/src/sys/nfs/nfs_syscalls.c:306
#13 0xc0304e39 in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 0, tf_esi = 0, tf_ebp = -1077936772, tf_isp = -356180012, 
      tf_ebx = 4, tf_edx = 1, tf_ecx = -3, tf_eax = 155, tf_trapno = 12, tf_err = 2, tf_eip = 134518508, tf_cs = 31, tf_eflags = 643, 
      tf_esp = -1077937200, tf_ss = 47}) at /usr/src/sys/i386/i386/trap.c:1175
#14 0xc02f9235 in Xint0x80_syscall ()
#15 0x8048135 in ?? ()
(kgdb) fram 6
#6  0xc02c14da in dqget (vp=0xed1b80c0, id=100, ump=0xc6d1ae00, type=1, dqp=0xcbc10b48) at /usr/src/sys/ufs/ufs/ufs_quota.c:763
763                             TAILQ_REMOVE(&dqfreelist, dq, dq_freelist);
(kgdb) print dq
$1 = (struct dquot *) 0x0
(kgdb) print dq_freelist
No symbol "dq_freelist" in current context.
(kgdb) print dqfreelist
$2 = {tqh_first = 0xc6f36800, tqh_last = 0x0}

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-fs" in the body of the message