From owner-freebsd-current@FreeBSD.ORG  Wed Apr 15 00:19:03 2009
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: current@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 621951065670;
	Wed, 15 Apr 2009 00:19:03 +0000 (UTC)
	(envelope-from rmacklem@uoguelph.ca)
Received: from mailhub.cs.uoguelph.ca (mailhub.cs.uoguelph.ca [131.104.94.205])
	by mx1.freebsd.org (Postfix) with ESMTP id C66708FC15;
	Wed, 15 Apr 2009 00:19:02 +0000 (UTC)
	(envelope-from rmacklem@uoguelph.ca)
Received: from muncher.cs.uoguelph.ca (muncher.cs.uoguelph.ca [131.104.91.102])
	by mailhub.cs.uoguelph.ca (8.13.1/8.13.1) with ESMTP id n3ENrlDJ004931; 
	Tue, 14 Apr 2009 19:53:48 -0400
Received: from localhost (rmacklem@localhost)
	by muncher.cs.uoguelph.ca (8.11.7p3+Sun/8.11.6) with ESMTP id
	n3F00HO04218; Tue, 14 Apr 2009 20:00:17 -0400 (EDT)
X-Authentication-Warning: muncher.cs.uoguelph.ca: rmacklem owned process doing
	-bs
Date: Tue, 14 Apr 2009 20:00:17 -0400 (EDT)
From: Rick Macklem <rmacklem@uoguelph.ca>
X-X-Sender: rmacklem@muncher.cs.uoguelph.ca
To: Joe Marcus Clarke <marcus@FreeBSD.org>
In-Reply-To: <1239689868.1304.209.camel@shumai.marcuscom.com>
Message-ID: <Pine.GSO.4.63.0904141955360.3394@muncher.cs.uoguelph.ca>
References: <1239689868.1304.209.camel@shumai.marcuscom.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Scanned-By: MIMEDefang 2.63 on 131.104.94.205
Cc: current <current@FreeBSD.org>
Subject: Re: Panic in vfs_cache on i386
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Apr 2009 00:19:03 -0000



On Tue, 14 Apr 2009, Joe Marcus Clarke wrote:

> I'm seeing this panic on my -CURRENT i386 Tinderbox machine (using
> looped back NFS).  The backtrace does not point to a line number in
> vfs_cache.c, and I can't figure out how atomic_cmpset_int is being
> called, so I'm confused as to exactly what is causing this.  Any clues?
>
Only a clue. but I'd guess it's one of the SDT_PROBE()s. I think they
us sx_xlock() and that uses atomic_cmpset_int(). I don't know anything
about SDT_PROBE(), but I did notice that this one uses cn_nameptr, which
I don't think is always null terminated.

You could try commenting out the SDT_PROBE()s in cache_lookup() and see
if it helps? rick

- around line #440 in vfs_cache.c

 	/* We failed to find an entry */
 	if (ncp == NULL) {
--->		SDT_PROBE(vfs, namecache, lookup, miss, dvp, cnp->cn_nameptr,
 		    NULL, 0, 0);
 		if ((cnp->cn_flags & MAKEENTRY) == 0) {
 			nummisszap++;
 		} else {
 			nummiss++;
 		}
 		nchstats.ncs_miss++;
 		goto unlock;
 	}