Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 13 Sep 2023 12:43:16 +0000
From:      bugzilla-noreply@freebsd.org
To:        fs@FreeBSD.org
Subject:   [Bug 268909] ZFS: panic from null pointer dereference in avl_rotation
Message-ID:  <bug-268909-3630-y0HXPN7Ikq@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-268909-3630@https.bugs.freebsd.org/bugzilla/>
References:  <bug-268909-3630@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D268909

--- Comment #1 from John F. Carr <jfc@mit.edu> ---
This happened again running 13.2-STABLE at 79ce96abd6c5.  It probably happe=
ned
a couple other times since my original submission when the system was unabl=
e to
save or analyze a crash.

The AVL tree is corrupt and avl_walk crashes following a bad pointer.

The initial node is

(kgdb) p/x *(avl_node_t *)0xfffff801476764a0
$20 =3D {avl_child =3D {0x0, 0xfffff80200004d20}, avl_pcb =3D 0xfffff801f1c=
461fa}

Following the avl_child[1] leads to

(kgdb) p/x *(avl_node_t *)0xfffff80200004d20
$21 =3D {avl_child =3D {0x395753c375b177a6, 0xfa91e69b009252c}, avl_pcb =3D
0xfffff801476764a6}

Following avl_child[0] leads to a GPF using 0x395753c375b177a6 as a base
address.

#7  avl_walk (tree=3Dtree@entry=3D0xfffff80009178260,=20
    oldnode=3Doldnode@entry=3D0xfffff80147676440, left=3Dleft@entry=3D1)
    at /usr/src/sys/contrib/openzfs/module/avl/avl.c:147
#8  0xffffffff81c1bea5 in scan_io_queue_gather (queue=3D0xfffff80009178200,=
=20
    list=3D0xfffffe010f60eda8, rs=3D<optimized out>)
    at /usr/src/sys/contrib/openzfs/module/zfs/dsl_scan.c:2942
#9  scan_io_queues_run_one (arg=3D0xfffff80009178200)
    at /usr/src/sys/contrib/openzfs/module/zfs/dsl_scan.c:3093
#10 0xffffffff81b41bbf in taskq_run (arg=3D0xfffff80041735d80,=20
    pending=3D<optimized out>)
    at /usr/src/sys/contrib/openzfs/module/os/freebsd/spl/spl_taskq.c:315

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-268909-3630-y0HXPN7Ikq>