Date: Tue, 02 Aug 2016 21:32:07 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 211535] ZFS crash zap_leaf_array_create() in zap_leaf.c Message-ID: <bug-211535-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211535 Bug ID: 211535 Summary: ZFS crash zap_leaf_array_create() in zap_leaf.c Product: Base System Version: 10.3-RELEASE Hardware: Any OS: Any Status: New Keywords: crash Severity: Affects Some People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: dgilbert@eicat.ca I've to a repeatable crash on a server that is busy, but not overly busy. = The server is a sunfire x4140 (dual 6 core opteron w/ 48 G RAM and 6 1G disks).= =20 The 6 1G disks are in a ZFS z2 array. The crash happens on line 198 of my source, which is inside the ZAP_LEAF_CHUNK() macro. 193 chunk =3D zap_leaf_phys(l)->l_hdr.lh_freelist; 194 ASSERT3U(chunk, <, ZAP_LEAF_NUMCHUNKS(l)); 195 ASSERT3U(ZAP_LEAF_CHUNK(l, chunk).l_free.lf_type, =3D=3D, ZAP_CHUNK_FREE); 196 197 zap_leaf_phys(l)->l_hdr.lh_freelist =3D 198 ZAP_LEAF_CHUNK(l, chunk).l_free.lf_next; 199 200 zap_leaf_phys(l)->l_hdr.lh_nfree--; 201 202 return (chunk); for some reason, I can't print l->l_phys (which is what the macro does firs= t).=20 gdb doesn't see l as having l->phys. The following is the GDB output of bt: panic: vm_fault: fault on nofault entry, addr: fffffe00c79bd000 cpuid =3D 8 KDB: stack backtrace: #0 0xffffffff8098e390 at kdb_backtrace+0x60 #1 0xffffffff80951066 at vpanic+0x126 #2 0xffffffff80950f33 at panic+0x43 #3 0xffffffff80bcfa4c at vm_fault_hold+0x1b2c #4 0xffffffff80bcded7 at vm_fault+0x77 #5 0xffffffff80d5612c at trap_pfault+0x19c #6 0xffffffff80d558fa at trap+0x47a #7 0xffffffff80d3b8d2 at calltrap+0x8 #8 0xffffffff81a49a5a at zap_entry_create+0x27a #9 0xffffffff81a45eee at fzap_add_cd+0xde #10 0xffffffff81a4c051 at zap_add+0x101 #11 0xffffffff81a6bfb5 at zfs_link_create+0x415 #12 0xffffffff81a87a34 at zfs_freebsd_rename+0xac4 #13 0xffffffff80e81e1b at VOP_RENAME_APV+0xab #14 0xffffffff80a03476 at kern_renameat+0x4a6 #15 0xffffffff80d5694f at amd64_syscall+0x40f #16 0xffffffff80d3bbbb at Xfast_syscall+0xfb Uptime: 21m11s GEOM_MIRROR: Device yak-boot: rebuilding provider da7 stopped. Dumping 1978 out of 49123 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..= 91% *** Deleted all the "loading symbols" lines *** #0 doadump (textdump=3D<value optimized out>) at pcpu.h:219 219 pcpu.h: No such file or directory. in pcpu.h (kgdb) bt #0 doadump (textdump=3D<value optimized out>) at pcpu.h:219 #1 0xffffffff80950cc2 in kern_reboot (howto=3D260) at /usr/src/sys/kern/kern_shutdown.c:486 #2 0xffffffff809510a5 in vpanic (fmt=3D<value optimized out>, ap=3D<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:889 #3 0xffffffff80950f33 in panic (fmt=3D0x0) at /usr/src/sys/kern/kern_shutdown.c:818 #4 0xffffffff80bcfa4c in vm_fault_hold (map=3D<value optimized out>, vaddr=3D<value optimized out>, fault_type=3D<value optimized out>, fault_flags=3D<value optimized out>, m_hold=3D<value optimized out>) at /usr/src/sys/vm/vm_fault.c:329 #5 0xffffffff80bcded7 in vm_fault (map=3D0xfffff80002000000, vaddr=3D<value optimized out>, fault_type=3D1 '\001', fault_flags=3D0) at /usr/src/sys/vm/vm_fault.c:273 #6 0xffffffff80d5612c in trap_pfault (frame=3D0xfffffe0c56854320, usermode= =3D0) at /usr/src/sys/amd64/amd64/trap.c:757 #7 0xffffffff80d558fa in trap (frame=3D0xfffffe0c56854320) at /usr/src/sys/amd64/amd64/trap.c:447 #8 0xffffffff80d3b8d2 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:236 #9 0xffffffff81a494c5 in zap_leaf_array_create (l=3D0xfffff8008b3a3b00, buf=3D<value optimized out>, integer_size=3D1, num_integers=3D<value optimized out>) at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/z= ap_leaf.c:198 #10 0xffffffff81a49a5a in zap_entry_create (l=3D0xfffff8008b3a3b00, zn=3D0xfffff8008bf19e00, cd=3DCannot access memory at address 0x0 ) at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/z= ap_leaf.c:644 #11 0xffffffff81a45eee in fzap_add_cd (zn=3D0xfffff8008bf19e00, integer_size=3D<value optimized out>, num_integers=3D1, val=3D0xfffffe0c568546d0, cd=3D4294967295, tx=3D0xfffff80787758c00) at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/z= ap.c:814 #12 0xffffffff81a4c051 in zap_add (os=3D<value optimized out>, zapobj=3D<va= lue optimized out>, key=3D<value optimized out>, integer_size=3D<value optimized out>, num_integers=3D<value optimized o= ut>, val=3D<value optimized out>, tx=3D<value optimized out>) at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/z= ap_micro.c:1014 #13 0xffffffff81a6bfb5 in zfs_link_create (dl=3D0xfffff800966cce00, zp=3D<v= alue optimized out>, tx=3D0xfffff80787758c00, flag=3D<value optimized out>) at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/z= fs_dir.c:767 #14 0xffffffff81a87a34 in zfs_freebsd_rename (ap=3D<value optimized out>) at /usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/z= fs_vnops.c:4067 #15 0xffffffff80e81e1b in VOP_RENAME_APV (vop=3D<value optimized out>, a=3D= <value optimized out>) at vnode_if.c:1546 #16 0xffffffff80a03476 in kern_renameat (td=3D<value optimized out>, oldfd= =3D<value optimized out>, old=3D<value optimized out>, newfd=3D<value optimized out>, new=3D<value optimized out>, pathseg=3D<value optimized out>) at vnode_if.h:636 #17 0xffffffff80d5694f in amd64_syscall (td=3D0xfffff8048f7fd000, traced=3D= 0) at subr_syscall.c:141 #18 0xffffffff80d3bbbb in Xfast_syscall () at /usr/src/sys/amd64/amd64/exception.S:396 #19 0x000000080381fbaa in ?? () Previous frame inner to this frame (corrupt stack?) Current language: auto; currently minimal --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-211535-8>