Site Navigation

Date:      Sun, 4 Jun 2017 23:19:49 +0000
From:      Rick Macklem <rmacklem@uoguelph.ca>
To:        Bryan Drewery <bdrewery@FreeBSD.org>
Cc:        FreeBSD FS <freebsd-fs@FreeBSD.org>
Subject:   Re: NFS panic: newnfs_copycred: negative nfsc_ngroups
Message-ID:  <YTXPR01MB0189942CAB532478E7002855DDF50@YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM>
In-Reply-To: <c8df390d-590f-5843-8f62-b284d295240a@FreeBSD.org>
References:  <2b7a77df-8291-d399-6d1f-c454fbb2a5d9@FreeBSD.org>, <c8df390d-590f-5843-8f62-b284d295240a@FreeBSD.org>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

--_002_YTXPR01MB0189942CAB532478E7002855DDF50YTXPR01MB0189CANP_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

You could try the attached little patch (untested) and see if the panics
go away. It is weird that no one else seems to see this, but I can see that
it might be possible for the code to create an open structure and not
initialize the nfso_cred structure in it. This patch makes sure it is set t=
o
the credentials at the time the open is created, which I think is harmless.

If this stops the crashes, I can easily come up with a better patch for thi=
s
and commit it to head.

rick
________________________________________
From: Bryan Drewery <bdrewery@FreeBSD.org>
Sent: Saturday, June 3, 2017 8:24:11 PM
To: Rick Macklem
Cc: FreeBSD FS
Subject: Re: NFS panic: newnfs_copycred: negative nfsc_ngroups

On 6/3/2017 3:43 PM, Bryan Drewery wrote:
> Last reported here but I forgot to follow-up
> https://lists.freebsd.org/pipermail/freebsd-current/2013-July/042996.html
>
> I still get this quite often.
>
> Server is: 10.2-RELEASE-p2
>
> Client is: 12.0-CURRENT #5 r318116M
>
> mount is (no soft or intr since 2013):
>
>> tank:/tank/distfiles/freebsd                        /mnt/distfiles      =
nfs             rw,bg,noatime,rsize=3D65536,wsize=3D65536,readahead=3D8,nfs=
v4,rdirplus    0       0
>
> I have a core for debugging...
>> (kgdb) bt
>> #0  __curthread () at ./machine/pcpu.h:232
>> #1  doadump (textdump=3D1) at /usr/src/sys/kern/kern_shutdown.c:318
>> #2  0xffffffff803abf3c in db_fncall_generic (addr=3D<optimized out>, rv=
=3D<optimized out>, nargs=3D<optimized out>, args=3D<optimized out>) at /us=
r/src/sys/ddb/db_command.c:581
>> #3  db_fncall (dummy1=3D<optimized out>, dummy2=3D<optimized out>, dummy=
3=3D<optimized out>, dummy4=3D<optimized out>) at /usr/src/sys/ddb/db_comma=
nd.c:629
>> #4  0xffffffff803abaaf in db_command (last_cmdp=3D<optimized out>, cmd_t=
able=3D<optimized out>, dopager=3D<optimized out>) at /usr/src/sys/ddb/db_c=
ommand.c:453
>> #5  0xffffffff803ab7e4 in db_command_loop () at /usr/src/sys/ddb/db_comm=
and.c:506
>> #6  0xffffffff803ae89f in db_trap (type=3D<optimized out>, code=3D<optim=
ized out>) at /usr/src/sys/ddb/db_main.c:248
>> #7  0xffffffff80a9fda3 in kdb_trap (type=3D3, code=3D-61456, tf=3D<optim=
ized out>) at /usr/src/sys/kern/subr_kdb.c:654
>> #8  0xffffffff80ee9286 in trap (frame=3D0xfffffe355f840540) at /usr/src/=
sys/amd64/amd64/trap.c:537
>> #9  <signal handler called>
>> #10 kdb_enter (why=3D0xffffffff81455661 "panic", msg=3D<optimized out>) =
at /usr/src/sys/kern/subr_kdb.c:444
>> #11 0xffffffff80a5d759 in vpanic (fmt=3D<optimized out>, ap=3D0xfffffe35=
5f8406d0) at /usr/src/sys/kern/kern_shutdown.c:772
>> #12 0xffffffff80a5d59f in _kassert_panic (fatal=3D1, fmt=3D0xffffffff814=
34d8b "newnfs_copycred: negative nfsc_ngroups") at /usr/src/sys/kern/kern_s=
hutdown.c:669
>> #13 0xffffffff80946ec2 in newnfs_copycred (nfscr=3D0xfffff8047b3eb530, c=
r=3D0xfffff80122cfa500) at /usr/src/sys/fs/nfs/nfs_commonport.c:244
>> #14 0xffffffff8094bddc in nfscl_getstateid (vp=3D<optimized out>, nfhp=
=3D0xfffff80501233902 "\233\262\tM\336\006\236\313\n", fhlen=3D28, mode=3D1=
, fords=3D<optimized out>, cred=3D<optimized out>, p=3D<optimized out>, sta=
teidp=3D<optimized out>, lckpp=3D<optimized out>) at /usr/src/sys/fs/nfscli=
ent/nfs_clstate.c:630
>> #15 0xffffffff8095ca88 in nfsrpc_read (vp=3D0xfffff8030bc209c0, uiop=3D0=
xfffffe355f840af8, cred=3D0xfffff80122cfa500, p=3D0x0, nap=3D0xfffffe355f84=
09d0, attrflagp=3D0xfffffe355f840aa4, stuff=3D<optimized out>) at /usr/src/=
sys/fs/nfsclient/nfs_clrpcops.c:1396
>> #16 0xffffffff8096b90a in ncl_readrpc (vp=3D0xfffff8030bc209c0, uiop=3D0=
xfffffe355f840af8, cred=3D0xfffff801b4913300) at /usr/src/sys/fs/nfsclient/=
nfs_clvnops.c:1375
>> #17 0xffffffff80976656 in ncl_doio (vp=3D0xfffff8030bc209c0, bp=3D0xffff=
fe349a268750, cr=3D<optimized out>, td=3D0x0, called_from_strategy=3D<optim=
ized out>) at /usr/src/sys/fs/nfsclient/nfs_clbio.c:1643
>> #18 0xffffffff80978694 in nfssvc_iod (instance=3D<optimized out>) at /us=
r/src/sys/fs/nfsclient/nfs_clnfsiod.c:302
>> #19 0xffffffff80a1e394 in fork_exit (callout=3D0xffffffff80978420 <nfssv=
c_iod>, arg=3D0xffffffff81c7de64 <nfs_asyncdaemon+4>, frame=3D0xfffffe355f8=
40c00) at /usr/src/sys/kern/kern_fork.c:1038
>> #20 <signal handler called>
>> (kgdb) p *nfscr
>> $3 =3D {nfsc_uid =3D 3735929054, nfsc_groups =3D {3735929054 <repeats 17=
 times>}, nfsc_ngroups =3D -559038242}
>> (kgdb) frame 17
>> #17 0xffffffff80976656 in ncl_doio (vp=3D0xfffff8030bc209c0, bp=3D0xffff=
fe349a268750, cr=3D<optimized out>, td=3D0x0, called_from_strategy=3D<optim=
ized out>) at /usr/src/sys/fs/nfsclient/nfs_clbio.c:1643
>> (kgdb) p vp->v_mount->mnt_stat.f_mntonname
>> $8 =3D "/mnt/distfiles", '\000' <repeats 73 times>
>
> I had some bogus -domain in my nfsuserd options on the client that I
> removed after the recent panic. Not sure if it is relevant.
>

No that had no impact, I've hit it 3 times since sending the last email.

--
Regards,
Bryan Drewery


--_002_YTXPR01MB0189942CAB532478E7002855DDF50YTXPR01MB0189CANP_
Content-Type: application/octet-stream; name="opencredpanic.patch"
Content-Description: opencredpanic.patch
Content-Disposition: attachment; filename="opencredpanic.patch"; size=746;
	creation-date="Sun, 04 Jun 2017 23:19:37 GMT";
	modification-date="Sun, 04 Jun 2017 23:19:37 GMT"
Content-Transfer-Encoding: base64

LS0tIGZzL25mc2NsaWVudC9uZnNfY2xzdGF0ZS5jLmNyZWRwYW5pYwkyMDE3LTA2LTA0IDEwOjQ2
OjA5LjI3MzYxMzAwMCAtMDQwMAorKysgZnMvbmZzY2xpZW50L25mc19jbHN0YXRlLmMJMjAxNy0w
Ni0wNCAxMTowMToyMS41MzYwOTMwMDAgLTA0MDAKQEAgLTI5MCw2ICsyOTAsMTkgQEAgbmZzY2xf
b3Blbih2bm9kZV90IHZwLCB1X2ludDhfdCAqbmZocCwgaQogCSAgICBuZXdvbmVwKTsKIAogCS8q
CisJICogSWYgbmZocCAhPSBOVUxMICYmIG5vcCA9PSBOVUxMLCBhIG5ldyBPcGVuIHN0cnVjdHVy
ZSB3YXMgYWxsb2NhdGVkCisJICogdXNpbmcgKm5vcC4gIEZvciB0aGlzIGNhc2UsIHNldCB0aGUg
Y3JlZGVudGlhbHMgaW4gdGhlIE9wZW4sIHNvCisJICogdGhhdCB0aGV5IGFyZSBuZXZlciB1bmlu
aXRpYWxpemVkLgorCSAqLworCWlmIChuZmhwICE9IE5VTEwgJiYgbm9wID09IE5VTEwpIHsKKwkJ
S0FTU0VSVCgqbmV3b25lcCAhPSAwLCAoIiVzOiBuZXcgb3BlbiB3YXMgYWxsb2NhdGVkXG4iLAor
CQkgICAgX19mdW5jX18pKTsKKwkJS0FTU0VSVChvcCAhPSBOVUxMLCAoIiVzOiBOZXcgb3BlbiBt
dXN0IGJlIHJldHVybmVkXG4iLAorCQkgICAgX19mdW5jX18pKTsKKwkJbmV3bmZzX2NvcHlpbmNy
ZWQoY3JlZCwgJm9wLT5uZnNvX2NyZWQpOworCX0KKworCS8qCiAJICogTm93LCBjaGVjayB0aGUg
bW9kZSBvbiB0aGUgb3BlbiBhbmQgcmV0dXJuIHRoZSBhcHByb3ByaWF0ZQogCSAqIHZhbHVlLgog
CSAqLwo=

--_002_YTXPR01MB0189942CAB532478E7002855DDF50YTXPR01MB0189CANP_--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YTXPR01MB0189942CAB532478E7002855DDF50>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact