Date: Wed, 23 Mar 2016 11:11:31 -0700 From: Gleb Smirnoff <glebius@FreeBSD.org> To: Vitalij Satanivskij <satan@ukr.net> Cc: current@freebsd.org Subject: Re: CURRENT r296381 panic in vn_sendfile (/usr/src/sys/kern/kern_sendfile.c:833) Message-ID: <20160323181131.GN2616@FreeBSD.org> In-Reply-To: <20160304124053.GA25071@hell.ukr.net> References: <20160304124053.GA25071@hell.ukr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--YZ5djTAD1cGYuMQK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Vitalij, can you please try with this patch? On Fri, Mar 04, 2016 at 02:40:54PM +0200, Vitalij Satanivskij wrote: V> Hello. V> V> I get kernel panic on high loaded server with messages V> V> savecore: reboot after panic: V> vn_sendfile: mlen 326 space -20 hdrlen 326 V> V> V> # kgdb kernel.debug /var/crash/vmcore.0 V> V> Unread portion of the kernel message buffer: V> panic: vn_sendfile: mlen 326 space -20 hdrlen 326 V> cpuid = 5 V> KDB: stack backtrace: V> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe20206314f0 V> vpanic() at vpanic+0x182/frame 0xfffffe2020631570 V> kassert_panic() at kassert_panic+0x126/frame 0xfffffe20206315e0 V> vn_sendfile() at vn_sendfile+0x14ca/frame 0xfffffe2020631900 V> sys_sendfile() at sys_sendfile+0x11e/frame 0xfffffe20206319a0 V> amd64_syscall() at amd64_syscall+0x2db/frame 0xfffffe2020631ab0 V> Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe2020631ab0 V> --- syscall (393, FreeBSD ELF64, sys_sendfile), rip = 0x801ef062a, rsp = 0x7fffffffd8d8, rbp = 0x7fffffffe1d0 --- V> KDB: enter: panic V> V> Reading symbols from /boot/kernel/zfs.ko...Reading symbols from /usr/lib/debug//boot/kernel/zfs.ko.debug...done. V> done. V> Loaded symbols for /boot/kernel/zfs.ko V> Reading symbols from /boot/kernel/opensolaris.ko...Reading symbols from /usr/lib/debug//boot/kernel/opensolaris.ko.debug...done. V> done. V> Loaded symbols for /boot/kernel/opensolaris.ko V> Reading symbols from /boot/kernel/carp.ko...Reading symbols from /usr/lib/debug//boot/kernel/carp.ko.debug...done. V> done. V> Loaded symbols for /boot/kernel/carp.ko V> Reading symbols from /boot/kernel/ums.ko...Reading symbols from /usr/lib/debug//boot/kernel/ums.ko.debug...done. V> done. V> Loaded symbols for /boot/kernel/ums.ko V> Reading symbols from /boot/kernel/tmpfs.ko...Reading symbols from /usr/lib/debug//boot/kernel/tmpfs.ko.debug...done. V> done. V> Loaded symbols for /boot/kernel/tmpfs.ko V> #0 doadump (textdump=0) at pcpu.h:221 V> 221 __asm("movq %%gs:%1,%0" : "=r" (td) V> (kgdb) bt V> #0 doadump (textdump=0) at pcpu.h:221 V> #1 0xffffffff80384a0b in db_dump (dummy=<value optimized out>, dummy2=false, dummy3=0, dummy4=0x0) at /usr/src/sys/ddb/db_command.c:533 V> #2 0xffffffff803847fe in db_command (cmd_table=0x0) at /usr/src/sys/ddb/db_command.c:440 V> #3 0xffffffff80384594 in db_command_loop () at /usr/src/sys/ddb/db_command.c:493 V> #4 0xffffffff8038702b in db_trap (type=<value optimized out>, code=0) at /usr/src/sys/ddb/db_main.c:251 V> #5 0xffffffff80a656e3 in kdb_trap (type=3, code=0, tf=<value optimized out>) at /usr/src/sys/kern/subr_kdb.c:654 V> #6 0xffffffff80ea1298 in trap (frame=0xfffffe2020631420) at /usr/src/sys/amd64/amd64/trap.c:556 V> #7 0xffffffff80e81a77 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:234 V> #8 0xffffffff80a64dcb in kdb_enter (why=0xffffffff813b6c2f "panic", msg=0x80 <Address 0x80 out of bounds>) at cpufunc.h:63 V> #9 0xffffffff80a27b5f in vpanic (fmt=<value optimized out>, ap=<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:750 V> #10 0xffffffff80a279b6 in kassert_panic (fmt=<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:647 V> #11 0xffffffff80a25efa in vn_sendfile (fp=<value optimized out>, sockfd=1619, hdr_uio=<value optimized out>, trl_uio=0x0, offset=0, V> nbytes=<value optimized out>, sent=<value optimized out>, flags=<value optimized out>, kflags=<value optimized out>, td=0xa8) V> at /usr/src/sys/kern/kern_sendfile.c:833 V> #12 0xffffffff80a2641e in sys_sendfile (td=0xfffff80253593000, uap=0xfffffe2020631a40) at file.h:382 V> #13 0xffffffff80ea214b in amd64_syscall (td=0xfffff80253593000, traced=0) at subr_syscall.c:135 V> #14 0xffffffff80e81d5b in Xfast_syscall () at /usr/src/sys/amd64/amd64/exception.S:394 V> #15 0x0000000801ef062a in ?? () V> Previous frame inner to this frame (corrupt stack?) V> Current language: auto; currently minimal V> (kgdb) list *0xffffffff80a25efa V> 0xffffffff80a25efa is in vn_sendfile (/usr/src/sys/kern/kern_sendfile.c:833). V> 828 free(sfio, M_TEMP); V> 829 goto done; V> 830 } V> 831 V> 832 /* Add the buffer chain to the socket buffer. */ V> 833 KASSERT(m_length(m, NULL) == space + hdrlen, V> 834 ("%s: mlen %u space %d hdrlen %d", V> 835 __func__, m_length(m, NULL), space, hdrlen)); V> 836 V> 837 CURVNET_SET(so->so_vnet); V> V> V> System have 128Gb memory V> zfs as FS V> DB's worked on it and web pages served by this server. V> V> core saved. V> panic periodicaly repeted (few hours -- up to few days) V> V> Before this, old current (about two year old CURRENT ) work on this server without crashes. V> V> Can anybody point me to way of more complex problem diagnostic or any other useful things V> V> Thank you. V> V> V> V> V> V> _______________________________________________ V> freebsd-current@freebsd.org mailing list V> https://lists.freebsd.org/mailman/listinfo/freebsd-current V> To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" -- Totus tuus, Glebius. --YZ5djTAD1cGYuMQK Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="sendfile.diff" Index: kern_sendfile.c =================================================================== --- kern_sendfile.c (revision 297210) +++ kern_sendfile.c (working copy) @@ -673,6 +673,8 @@ retry_space: * hdrlen is set to 0 after the first loop. */ space -= hdrlen; + if (space < 0) + space = 0; if (vp != NULL) { error = vn_lock(vp, LK_SHARED); --YZ5djTAD1cGYuMQK--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160323181131.GN2616>