Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 26 Mar 2009 19:10:08 GMT
From:      Jaakko Heinonen <jh@saunalahti.fi>
To:        freebsd-fs@FreeBSD.org
Subject:   Re: kern/132068: [zfs] page fault when using ZFS over NFS on 7.1-RELEASE/amd64
Message-ID:  <200903261910.n2QJA8HF015949@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The following reply was made to PR kern/132068; it has been noted by GNATS.

From: Jaakko Heinonen <jh@saunalahti.fi>
To: Edward Fisk <7ogcg7g02@sneakemail.com>
Cc: bug-followup@FreeBSD.org
Subject: Re: kern/132068: [zfs] page fault when using ZFS over NFS on
	7.1-RELEASE/amd64
Date: Thu, 26 Mar 2009 21:01:10 +0200

 I was able to trigger a panic on current using this patch:
 
 %%%
 Index: sys/nfsserver/nfs_srvsubs.c
 ===================================================================
 --- sys/nfsserver/nfs_srvsubs.c	(revision 190316)
 +++ sys/nfsserver/nfs_srvsubs.c	(working copy)
 @@ -1169,6 +1169,8 @@ nfsrv_fhtovp(fhandle_t *fhp, int lockfla
  	vfs_unbusy(mp);
  	if (error)
  		goto out;
 +	if ((*vpp)->v_type == VBAD)
 +		panic("VBAD *vpp in nfsrv_fhtovp()");
  #ifdef MNT_EXNORESPORT
  	if (!(exflags & (MNT_EXNORESPORT|MNT_EXPUBLIC))) {
  		saddr = (struct sockaddr_in *)nam;
 %%%
 
 #2  0xc08537d2 in panic (fmt=Variable "fmt" is not available.)
     at /home/jaakko/src/head/sys/kern/kern_shutdown.c:576
 #3  0xc0a1c17e in nfsrv_fhtovp (fhp=0xf48ecae4, lockflag=1, vpp=0xf48ecad8, 
     vfslockedp=0xf48ecac4, nfsd=0xf48ecbb0, slp=0x0, nam=0xc63aeac4, 
     rdonlyp=0xf48ecad0, pubflag=1)
     at /home/jaakko/src/head/sys/nfsserver/nfs_srvsubs.c:1173
 #4  0xc0a0ff20 in nfsrv_commit (nfsd=0xf48ecbb0, slp=0x0, mrq=0xf48ecba8)
     at /home/jaakko/src/head/sys/nfsserver/nfs_serv.c:3836
 #5  0xc0a1b1a7 in nfssvc_program (rqst=0xca95d000, xprt=0xc63aea00)
     at /home/jaakko/src/head/sys/nfsserver/nfs_srvkrpc.c:420
 #6  0xc0a35fe2 in svc_run_internal (pool=0xc57a7a80, ismaster=0)
     at /home/jaakko/src/head/sys/rpc/svc.c:883
 #7  0xc0a362c0 in svc_thread_start (arg=0xc57a7a80)
     at /home/jaakko/src/head/sys/rpc/svc.c:1188
 #8  0xc082fd38 in fork_exit (callout=0xc0a362b0 <svc_thread_start>, 
     arg=0xc57a7a80, frame=0xf48ecd38)
     at /home/jaakko/src/head/sys/kern/kern_fork.c:821
 #9  0xc0b41630 in fork_trampoline ()
     at /home/jaakko/src/head/sys/i386/i386/exception.s:270
 
 I now know what is going on. The vnode may be reclaimed during
 zfs_zget() because it doesn't hold the vnode lock (except when a new
 znode is created).
 
 I tried to modify zfs_zget() to grab the vnode lock and check if the
 vnode is doomed. I was able to trigger the condition. However eventually
 vnode locking deadlocked with lookup(). I used exclusive locking so
 maybe one could avoid deadlocking with shared locking but it isn't a
 real solution especially because shared lookups can be disabled. Also
 other deadlock scenarios may exist.
 
 On 2009-03-05, Edward Fisk wrote:
 >  The machine did a panic earlier, but was unfortunately unable to do a dump.
 >  
 >  panic: Bad link elm 0xffffff014f3e2400 prev->next != elm
 
 >  xprt_unregister_locked() at xprt_unregister_locked+0xad
 
 This is a different issue. You may have already seen this discussion:
 
 http://lists.freebsd.org/pipermail/freebsd-current/2009-March/005097.html
 
 -- 
 Jaakko

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200903261910.n2QJA8HF015949>