Date: Wed, 20 Nov 2024 18:55:49 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 282878] panic: excl->share in zfs_clone_range when block_cloning is enabled Message-ID: <bug-282878-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D282878 Bug ID: 282878 Summary: panic: excl->share in zfs_clone_range when block_cloning is enabled Product: Base System Version: 15.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: asomers@FreeBSD.org I can immediately reproduce a "panic: excl->share" on FreeBSD 15.0-CURRENT = with witness enabled by using fsx to copy part of a file to another offset of the same file, with copy_file_range. Note that "zpool create" by default enabl= es the block_cloning feature. If I disable that with "zpool create -o feature@block_cloning=3Ddisabled" then I cannot reproduce the crash. Steps to Reproduce =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D $ sudo pkg install -y devel/fsx $ sudo zpool create testpool vtbd5 $ sudo zfs create testpool/fsx $ sudo chmod 1777 /testpool/fsx $ cd /testpool/fsx $ cat > fsx.toml <<HERE > flen =3D 1048576 nomsyncafterwrite =3D false nosizechecks =3D false blockmode =3D false [opsize] max =3D 262144 min =3D 0 align =3D 1 [weights] close_open =3D 1 read =3D 10 write =3D 10 mapread =3D 10 mapwrite =3D 10 invalidate =3D 1 truncate =3D 1 fsync =3D 1 fdatasync =3D 1 posix_fallocate =3D 0 punch_hole =3D 1 sendfile =3D 1 posix_fadvise =3D 1 copy_file_range =3D 1 > HERE $ fsx -f fsx.toml -v fsx.bin Stack Trace =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D (kgdb) #0 __curthread () at /usr/home/somers/src/freebsd.org/src/sys/amd64/include/pcpu_aux.h:57 td =3D <optimized out> #1 doadump (textdump=3Dtextdump@entry=3D0) at /usr/home/somers/src/freebsd.org/src/sys/kern/kern_shutdown.c:404 error =3D 0 coredump =3D <optimized out> #2 0xffffffff80a4feed in db_dump (dummy=3D<optimized out>,=20 dummy2=3D<optimized out>, dummy3=3D<optimized out>, dummy4=3D<optimized= out>) at /usr/home/somers/src/freebsd.org/src/sys/ddb/db_command.c:596 error =3D <optimized out> #3 0xffffffff80a4f50b in db_command (last_cmdp=3D<optimized out>,=20 cmd_table=3D<optimized out>, dopager=3Dtrue) at /usr/home/somers/src/freebsd.org/src/sys/ddb/db_command.c:508 modif =3D '\000' <repeats 11 times>, "\200\000\376\377\377\000\240\000\206\377\377\377\377\000\000\000\000\000\0= 00\000\000\024\000=DE=85\377\377\377\377\270\237\030\266\000\376\377\377\b", '\000' <repeats 23 times>, "\270\237\030\266\000\376\377\377\\\016<\203\377\377\377\377", '\000' <repe= ats 24 times>, "@\267(\264\000\376\377\377" addr =3D -2093216164 count =3D -1 cmd =3D 0xffffffff85c1a938 <db_cmds+616> have_addr =3D <optimized out> t =3D <optimized out> result =3D <optimized out> #4 0xffffffff80a4e5e0 in db_command_loop () at /usr/home/somers/src/freebsd.org/src/sys/ddb/db_command.c:555 No locals. #5 0xffffffff80a604c2 in db_trap (type=3Dtype@entry=3D3, code=3Dcode@entry= =3D0) at /usr/home/somers/src/freebsd.org/src/sys/ddb/db_main.c:267 jb =3D {{_jb =3D {0, -2196000688248, -2196000688048, 0, -2195968188= 488,=20 -2196000688240, 0, -2136603956, 0, -2050388976, -2056072656,= =20 -2047184000}}} bkpt =3D false watchpt =3D false prev_jb =3D 0x0 why =3D 0xffffffff855999e1 "panic" #6 0xffffffff833c44c2 in kdb_trap (type=3Dtype@entry=3D3, code=3D0,=20 tf=3Dtf@entry=3D0xfffffe00b428bc20) at /usr/home/somers/src/freebsd.org/src/sys/kern/subr_kdb.c:790 __pc =3D 0x0 __pc =3D 0x0 other_cpus =3D {__bits =3D {18446741877708864128, 18446741877708864= 608, 0,=20 18446741877741359112, 18446744071616731088, 0, 0, 0, 0, 0, 0, 0= ,=20 18, 3023517235, 18446744069414584320, 18446741877708864600}} be =3D 0xffffffff85c1b4d0 <ddb_dbbe> intr =3D 2 did_stop_cpus =3D <optimized out> handled =3D <optimized out> #7 0xffffffff84fdfad4 in trap (frame=3D0xfffffe00b428bc20) at /usr/home/somers/src/freebsd.org/src/sys/amd64/amd64/trap.c:606 __pc =3D 0x0 __pc =3D 0x0 __pc =3D 0x0 ksi =3D {ksi_link =3D {tqe_next =3D 0xffffffff80a60bb6 <db_printf+6= 30>,=20 tqe_prev =3D 0x0}, ksi_info =3D {si_signo =3D 93489948,=20 si_errno =3D 93489948, si_code =3D 93489948, si_pid =3D 9348994= 8,=20 si_uid =3D 93489948, si_status =3D 93489948, si_addr =3D 0x5755= 560,=20 si_value =3D {sival_int =3D 91780296, sival_ptr =3D 0x57874c805= 7874c8,=20 sigval_int =3D 91780296, sigval_ptr =3D 0x57874c8057874c8},=20 _reason =3D {_fault =3D {_trapno =3D -1148842708}, _timer =3D { _timerid =3D -1148842708, _overrun =3D 1122754903}, _mesgq = =3D { _mqd =3D -1148842708}, _poll =3D {_band =3D 482219559295477= 6876},=20 _capsicum =3D {_syscall =3D -1148842708}, __spare__ =3D { __spare1__ =3D 4822195592954776876, __spare2__ =3D {-123990= 4248,=20 -512, -1272399104, -512, 0, 0, -1272399216}}}},=20 ksi_flags =3D 0, ksi_sigq =3D 0xfffffe00b428bbb0} signo =3D -1 ucode =3D -1239904256 td =3D <optimized out> p =3D <optimized out> dr6 =3D <unavailable> type =3D 3 addr =3D <optimized out> pf =3D <optimized out> i =3D <optimized out> #8 <signal handler called> No locals. #9 kdb_enter (why=3D0xffffffff855999e1 "panic", msg=3D0xffffffff855999e1 "= panic") at /usr/home/somers/src/freebsd.org/src/sys/kern/subr_kdb.c:556 No locals. #10 0xffffffff83207d0b in vpanic (fmt=3D<optimized out>,=20 fmt@entry=3D0xffffffff8555f098 "excl->share", ap=3Dap@entry=3D0xfffffe0= 0b428bf70) at /usr/home/somers/src/freebsd.org/src/sys/kern/kern_shutdown.c:967 buf =3D "excl->share", '\000' <repeats 244 times> __pc =3D 0x0 __pc =3D 0x0 __pc =3D 0x0 other_cpus =3D <optimized out> td =3D 0xfffffe00b125d740 bootopt =3D <optimized out> newpanic =3D <optimized out> #11 0xffffffff832076dd in panic (fmt=3D0xffffffff8555f098 "excl->share") at /usr/home/somers/src/freebsd.org/src/sys/kern/kern_shutdown.c:892 ap =3D {{gp_offset =3D 8, fp_offset =3D 48,=20 overflow_arg_area =3D 0xfffffe00b428bff0,=20 reg_save_area =3D 0xfffffe00b428bf40}} #12 0xffffffff834cf988 in witness_checkorder ( lock=3Dlock@entry=3D0xfffffe00b8781e30, flags=3Dflags@entry=3D1,=20 file=3Dfile@entry=3D0xffffffff89dbd04b "/usr/home/somers/src/freebsd.org/src/sys/contrib/openzfs/include/os/freebs= d/spl/sys/vnode.h", line=3Dline@entry=3D101,=20 interlock=3Dinterlock@entry=3D0x0) at /usr/home/somers/src/freebsd.org/src/sys/kern/subr_witness.c:1183 __pc =3D 0x0 w =3D 0xfffff8043fd86a80 class =3D 0xffffffff85cd2ac8 <lock_class_lockmgr> td =3D <optimized out> lock_list =3D 0xffffffff86052938 <w_locklistdata+198696> lock1 =3D <optimized out> iclass =3D <optimized out> plock =3D <optimized out> w1 =3D <optimized out> lle =3D <optimized out> j =3D <optimized out> i =3D <optimized out> lock2 =3D <optimized out> #13 0xffffffff830f999c in lockmgr_slock (lk=3D0xfffffe00b8781e30, flags=3D2= 098176,=20 file=3D0xffffffff89dbd04b "/usr/home/somers/src/freebsd.org/src/sys/contrib/openzfs/include/os/freebs= d/spl/sys/vnode.h", line=3D101) at /usr/home/somers/src/freebsd.org/src/sys/kern/kern_lock.c:1224 x =3D 0 #14 0xffffffff85481897 in VOP_LOCK1_APV ( vop=3Dvop@entry=3D0xffffffff89e60190 <zfs_vnodeops>,=20 a=3Da@entry=3D0xfffffe00b428c3e0) at vnode_if.c:2241 rc =3D <optimized out> #15 0xffffffff83827f44 in VOP_LOCK1 (vp=3D0xfffffe00b8781dc0, flags=3D20981= 76,=20 file=3D0xffffffff89dbd04b "/usr/home/somers/src/freebsd.org/src/sys/contrib/openzfs/include/os/freebs= d/spl/sys/vnode.h", line=3D101) at ./vnode_if.h:1118 a =3D {a_gen =3D {a_desc =3D 0xffffffff85d7e570 <vop_lock1_desc>},= =20 a_vp =3D 0xfffffe00b8781dc0, a_flags =3D 2098176,=20 a_file =3D 0xffffffff89dbd04b "/usr/home/somers/src/freebsd.org/src/sys/contrib/openzfs/include/os/freebs= d/spl/sys/vnode.h", a_line =3D 101} #16 _vn_lock (vp=3Dvp@entry=3D0xfffffe00b8781dc0, flags=3Dflags@entry=3D209= 8176,=20 file=3D0xffffffff89dbd04b "/usr/home/somers/src/freebsd.org/src/sys/contrib/openzfs/include/os/freebs= d/spl/sys/vnode.h", line=3Dline@entry=3D101) at /usr/home/somers/src/freebsd.org/src/sys/kern/vfs_vnops.c:1829 error =3D <optimized out> #17 0xffffffff89a6043b in vn_flush_cached_data ( vp=3Dvp@entry=3D0xfffffe00b8781dc0, sync=3D1) at /usr/home/somers/src/freebsd.org/src/sys/contrib/openzfs/include/os/freebsd= /spl/sys/vnode.h:101 flags =3D 1 flags =3D <optimized out> #18 0xffffffff89a5d5b4 in zfs_clone_range (inzp=3Dinzp@entry=3D0xfffffe00d5= 49aae0,=20 inoffp=3Dinoffp@entry=3D0xfffffe00b428ccc0,=20 outzp=3Doutzp@entry=3D0xfffffe00d549aae0,=20 outoffp=3Doutoffp@entry=3D0xfffffe00b428ccc8,=20 lenp=3Dlenp@entry=3D0xfffffe00b428c8b8, cr=3Dcr@entry=3D0xfffffe003e1b4= 200) at /usr/home/somers/src/freebsd.org/src/sys/contrib/openzfs/module/zfs/zfs_vno= ps.c:1472 bulk =3D {{sa_data =3D 0xfffffe00b428c610,=20 sa_data_func =3D 0xffffffff834d8c5e <witness_unlock+3838>,=20 sa_length =3D 50720, sa_attr =3D 46120,=20 sa_addr =3D 0xffffffff86052984 <w_locklistdata+198772>,=20 sa_buftype =3D 255, sa_size =3D 0}, {sa_data =3D 0xfffffe00b878= 1e38,=20 sa_data_func =3D 0x0, sa_length =3D 21210, sa_attr =3D 34145,=20 sa_addr =3D 0xfffffe00b428c680, sa_buftype =3D 17785,=20 sa_size =3D 33613}, {sa_data =3D 0xffffffff00000009,=20 sa_data_func =3D 0x0, sa_length =3D 0, sa_attr =3D 0,=20 sa_addr =3D 0xffffffff85cd2ac8 <lock_class_lockmgr>,=20 sa_buftype =3D 10552, sa_size =3D 34309}} mtime =3D {18446744071671194496, 18446741877741359112} ctime =3D {18446741875728397312, 0} nbps =3D 18446741877658343232 clear_setid_bits_txg =3D 0 count =3D 0 last_synced_txg =3D 0 inoff =3D 416811 outoff =3D 461290 len =3D 44479 done =3D 0 inzfsvfs =3D 0xfffffe00bdd7f000 outzfsvfs =3D 0xfffffe00bdd7f000 error =3D <optimized out> inos =3D 0xfffffe00bdc25000 outos =3D 0xfffffe00bdc25000 inlr =3D <optimized out> outlr =3D <optimized out> zilog =3D <optimized out> maxblocks =3D <optimized out> uid =3D <optimized out> gid =3D <optimized out> projid =3D <optimized out> bps =3D <optimized out> size =3D <optimized out> tx =3D <optimized out> db =3D <optimized out> outsize =3D <optimized out> inblksz =3D <optimized out> __sdt_probe36 =3D <optimized out> __sdt_probe37 =3D <optimized out> __sdt_probe38 =3D <optimized out> #19 0xffffffff891ef5a0 in zfs_freebsd_copy_file_range ( ap=3Dap@entry=3D0xfffffe00b428c9e8) at /usr/home/somers/src/freebsd.org/src/sys/contrib/openzfs/module/os/freebsd/= zfs/zfs_vnops_os.c:6179 mp =3D 0xfffffe00a8b62100 len =3D 44479 invp =3D 0xfffffe00b8781dc0 outvp =3D 0xfffffe00b8781dc0 outzfsvfs =3D <optimized out> error =3D <optimized out> #20 0xffffffff85492627 in VOP_COPY_FILE_RANGE_APV ( vop=3Dvop@entry=3D0xffffffff89e60190 <zfs_vnodeops>,=20 a=3Da@entry=3D0xfffffe00b428c9e8) at vnode_if.c:4471 rc =3D <optimized out> #21 0xffffffff8383b16e in VOP_COPY_FILE_RANGE (invp=3D<optimized out>,=20 inoffp=3D0xfffffe00b428ccc0, outvp=3D0xfffffe00b8781dc0,=20 outoffp=3D0xfffffe00b428ccc8, lenp=3D0xfffffe00b428cba0, flags=3D0,=20 incred=3D<optimized out>, outcred=3D<optimized out>, fsizetd=3D<optimiz= ed out>) at ./vnode_if.h:2419 a =3D {a_gen =3D {a_desc =3D 0xffffffff85d831c0 <vop_copy_file_rang= e_desc>},=20 a_invp =3D 0xfffffe00b8781dc0, a_inoffp =3D 0xfffffe00b428ccc0,=20 a_outvp =3D 0xfffffe00b8781dc0, a_outoffp =3D 0xfffffe00b428ccc8,= =20 a_lenp =3D 0xfffffe00b428cba0, a_flags =3D 0,=20 a_incred =3D 0xfffffe003e1b4200, a_outcred =3D 0xfffffe003e1b4200= ,=20 a_fsizetd =3D 0xfffffe00b125d740} #22 vn_copy_file_range (invp=3Dinvp@entry=3D0xfffffe00b8781dc0,=20 inoffp=3Dinoffp@entry=3D0xfffffe00b428ccc0,=20 outvp=3Doutvp@entry=3D0xfffffe00b8781dc0,=20 outoffp=3Doutoffp@entry=3D0xfffffe00b428ccc8,=20 lenp=3Dlenp@entry=3D0xfffffe00b428cba0, flags=3Dflags@entry=3D0,=20 incred=3D0xfffffe003e1b4200, outcred=3D0xfffffe003e1b4200,=20 fsize_td=3D0xfffffe00b125d740) at /usr/home/somers/src/freebsd.org/src/sys/kern/vfs_vnops.c:3141 invpl =3D 0xfffffe00b8781dc0 outvpl =3D 0xfffffe00b8781dc0 len =3D <optimized out> error =3D <optimized out> uval =3D <optimized out> inmp =3D 0xfffffe00a8b62100 outmp =3D 0xfffffe00a8b62100 #23 0xffffffff8381b113 in kern_copy_file_range ( td=3Dtd@entry=3D0xfffffe00b125d740, infd=3Dinfd@entry=3D3, inoffp=3D<op= timized out>,=20 inoffp@entry=3D0xfffffe00b428ccc0, outfd=3Doutfd@entry=3D3,=20 outoffp=3Doutoffp@entry=3D0xfffffe00b428ccc8, len=3D<optimized out>,=20 len@entry=3D44479, flags=3D0) at /usr/home/somers/src/freebsd.org/src/sys/kern/vfs_syscalls.c:5004 infp =3D 0xfffffe00be2a5640 outfp =3D 0xfffffe00be2a5640 retlen =3D 44479 rl_wcookie =3D 0xfffffe00af7c1240 rl_rcookie =3D 0xfffffe00af7c0d80 savinoff =3D 416811 error =3D <optimized out> savoutoff =3D 461290 invp =3D 0xfffffe00b8781dc0 outvp =3D 0xfffffe00b8781dc0 #24 0xffffffff8381bfd1 in sys_copy_file_range (td=3Dtd@entry=3D0xfffffe00b1= 25d740,=20 uap=3Duap@entry=3D0xfffffe00b125db40) at /usr/home/somers/src/freebsd.org/src/sys/kern/vfs_syscalls.c:5042 inoff =3D 416811 outoff =3D 461290 outoffp =3D 0xfffffe00b428ccc8 inoffp =3D 0xfffffe00b428ccc0 error =3D <optimized out> #25 0xffffffff84fe7aaa in syscallenter (td=3D0xfffffe00b125d740) at /usr/home/somers/src/freebsd.org/src/sys/amd64/amd64/../../kern/subr_syscal= l.c:161 se =3D 0xffffffff85cca640 <sysent+18208> p =3D 0xfffffe00d4686020 sa =3D 0xfffffe00b125db30 error =3D <optimized out> sy_thr_static =3D <optimized out> traced =3D <optimized out> _audit_entered =3D <optimized out> #26 amd64_syscall (td=3D0xfffffe00b125d740, traced=3D0) at /usr/home/somers/src/freebsd.org/src/sys/amd64/amd64/trap.c:1192 ksi =3D {ksi_link =3D {tqe_next =3D 0xfffffe00d4686160,=20 tqe_prev =3D 0xfffffe00b125d748}, ksi_info =3D { si_signo =3D -2092083493, si_errno =3D -1, si_code =3D 8, si_pi= d =3D 0,=20 si_uid =3D 0, si_status =3D 0, si_addr =3D 0x0, si_value =3D { sival_int =3D 0, sival_ptr =3D 0x0, sigval_int =3D 0,=20 sigval_ptr =3D 0x0}, _reason =3D {_fault =3D {_trapno =3D -11= 48842708},=20 _timer =3D {_timerid =3D -1148842708, _overrun =3D 1122754903= },=20 _mesgq =3D {_mqd =3D -1148842708}, _poll =3D { _band =3D 4822195592954776876}, _capsicum =3D { _syscall =3D -1148842708}, __spare__ =3D { __spare1__ =3D 4822195592954776876, __spare2__ =3D {0, 0, 0= , -1,=20 0, -512, -1239904248}}}}, ksi_flags =3D 1069188108,=20 ksi_sigq =3D 0xfffffe00b428ce60} #27 <signal handler called> No locals. #28 0x00000076404d133a in ?? () No symbol table info available. Backtrace stopped: Cannot access memory at address 0x763d1f8198 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-282878-227>