Date: Tue, 22 May 2012 20:36:06 +0200 From: "Ian FREISLICH" <ianf@clue.co.za> To: current@FreeBSD.org Subject: panic in vfs_lookup/kern_statat_vnhook? Message-ID: <E1SWtwE-0000Ru-Eu@clue.co.za>
next in thread | raw e-mail | index | archive | help
Hi I've had quite a few reproduceable panics that look to be VFS related. The trigger is relatively heavy concurrent disk IO. I can trigger it easily two ways: 1. running my backup script which essentially does: cd /; rsync --one-file-system --delete -aHv . /backup cd /tmp; rsync --one-file-system --delete -aHv . /backup/tmp cd /usr; rsync --one-file-system --delete -aHv . /backup/usr cd /var; rsync --one-file-system --delete -aHv . /backup/var 2. While updating with cvsup or csup, launch firefox. Both reliably provoke the panic: #0 doadump (textdump=1) at pcpu.h:244 #1 0xc06aa895 in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:454 #2 0xc06aad36 in panic (fmt=Variable "fmt" is not available. ) at /usr/src/sys/kern/kern_shutdown.c:642 #3 0xc087adee in trap_fatal (frame=0xedb365c8, eva=28) at /usr/src/sys/i386/i386/trap.c:1022 #4 0xc087aed8 in trap_pfault (frame=0xedb365c8, usermode=0, eva=28) at /usr/src/sys/i386/i386/trap.c:875 #5 0xc087bc4d in trap (frame=0xedb365c8) at /usr/src/sys/i386/i386/trap.c:546 #6 0xc086687c in calltrap () at /usr/src/sys/i386/i386/exception.s:169 #7 0xc0878682 in pmap_enter (pmap=0xc09e4060, va=3359633408, access=7 '\a', m=0xc3073f70, prot=7 '\a', wired=1) at /usr/src/sys/i386/i386/pmap.c:1596 #8 0xc08186d7 in kmem_back (map=0xc0f7308c, addr=3359633408, size=4096, flags=259) at /usr/src/sys/vm/vm_kern.c:432 #9 0xc0818fad in kmem_malloc (map=0xc0f7308c, size=4096, flags=259) at /usr/src/sys/vm/vm_kern.c:312 #10 0xc080cd16 in page_alloc (zone=0xc0f62180, bytes=4096, pflag=0xedb3674f "\002", wait=259) at /usr/src/sys/vm/uma_core.c:1002 #11 0xc080f445 in keg_alloc_slab (keg=0xc0f65600, zone=0xc0f62180, wait=259) at /usr/src/sys/vm/uma_core.c:852 #12 0xc080f9be in keg_fetch_slab (keg=0xc0f65600, zone=0xc0f62180, flags=259) at /usr/src/sys/vm/uma_core.c:2203 #13 0xc080fd23 in zone_fetch_slab (zone=0xc0f62180, keg=0xc0f65600, flags=259) at /usr/src/sys/vm/uma_core.c:2263 #14 0xc0811283 in uma_zalloc_arg (zone=0xc0f62180, udata=0x0, flags=259) at /usr/src/sys/vm/uma_core.c:2433 #15 0xc073c2ec in getnewvnode (tag=0xc09048a8 "ufs", mp=0xc5654290, vops=0xc0984860, vpp=0xedb36868) at uma.h:309 #16 0xc07eefb1 in ffs_vgetf (mp=0xc5654290, ino=13074099, flags=524288, vpp=0xedb36904, ffs_flags=0) at /usr/src/sys/ufs/ffs/ffs_vfsops.c:1681 #17 0xc07ef41e in ffs_vget (mp=0xc5654290, ino=13074099, flags=2097152, vpp=0xedb36904) at /usr/src/sys/ufs/ffs/ffs_vfsops.c:1625 #18 0xc07fc8b1 in ufs_lookup_ino (vdp=0xc83e9aa0, vpp=0xedb36ae4, cnp=0xedb36af8, dd_ino=0x0) at /usr/src/sys/ufs/ufs/ufs_lookup.c:749 #19 0xc07fc944 in ufs_lookup (ap=0xedb3696c) at /usr/src/sys/ufs/ufs/ufs_lookup.c:214 #20 0xc089f772 in VOP_CACHEDLOOKUP_APV (vop=0xc0984860, a=0xedb3696c) at vnode_if.c:187 #21 0xc0724ac5 in vfs_cache_lookup (ap=0xedb369fc) at vnode_if.h:80 #22 0xc08a1851 in VOP_LOOKUP_APV (vop=0xc0984d80, a=0xedb369fc) at vnode_if.c:123 #23 0xc072c164 in lookup (ndp=0xedb36ab8) at vnode_if.h:54 #24 0xc072d1b2 in namei (ndp=0xedb36ab8) at /usr/src/sys/kern/vfs_lookup.c:307 #25 0xc073ebee in kern_statat_vnhook (td=0xc5ad9b80, flag=512, fd=-100, path=0x82a0818 <Address 0x82a0818 out of bounds>, pathseg=UIO_USERSPACE, sbp=0xedb36be8, hook=0) at /usr/src/sys/kern/vfs_syscalls.c:2433 #26 0xc073ed59 in kern_statat (td=0xc5ad9b80, flag=512, fd=-100, path=0x82a0818 <Address 0x82a0818 out of bounds>, pathseg=UIO_USERSPACE, sbp=0xedb36be8) at /usr/src/sys/kern/vfs_syscalls.c:2414 #27 0xc073ed91 in kern_lstat (td=0xc5ad9b80, path=0x82a0818 <Address 0x82a0818 out of bounds>, pathseg=UIO_USERSPACE, sbp=0xedb36be8) at /usr/src/sys/kern/vfs_syscalls.c:2487 #28 0xc073ee25 in sys_lstat (td=0xc5ad9b80, uap=0xedb36ccc) at /usr/src/sys/kern/vfs_syscalls.c:2477 #29 0xc087b419 in syscall (frame=0xedb36d08) at subr_syscall.c:135 #30 0xc08668e1 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:267 #31 0x00000033 in ?? () Previous frame inner to this frame (corrupt stack?) (kgdb) frame 24 #24 0xc072d1b2 in namei (ndp=0xedb36ab8) at /usr/src/sys/kern/vfs_lookup.c:307 307 error = lookup(ndp); (kgdb) l 302 VREF(dp); 303 } 304 if (vfslocked) 305 ndp->ni_cnd.cn_flags |= GIANTHELD; 306 ndp->ni_startdir = dp; 307 error = lookup(ndp); 308 if (error) { 309 uma_zfree(namei_zone, cnp->cn_pnbuf); 310 #ifdef DIAGNOSTIC 311 cnp->cn_pnbuf = NULL; (kgdb) frame 25 #25 0xc073ebee in kern_statat_vnhook (td=0xc5ad9b80, flag=512, fd=-100, path=0x82a0818 <Address 0x82a0818 out of bounds>, pathseg=UIO_USERSPACE, sbp=0xedb36be8, hook=0) at /usr/src/sys/kern/vfs_syscalls.c:2433 2433 if ((error = namei(&nd)) != 0) (kgdb) l 2428 2429 NDINIT_ATRIGHTS(&nd, LOOKUP, ((flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW : 2430 FOLLOW) | LOCKSHARED | LOCKLEAF | AUDITVNODE1 | MPSAFE, pathseg, 2431 path, fd, CAP_FSTAT, td); 2432 2433 if ((error = namei(&nd)) != 0) 2434 return (error); 2435 vfslocked = NDHASGIANT(&nd); 2436 error = vn_stat(nd.ni_vp, &sb, td->td_ucred, NOCRED, td); 2437 if (!error) { This same panic was reported some time back in: Subject: [panic] zfs_zget() panic during 'svn update' From: Glen Barber <gjb@FreeBSD.org> Date: Thu, 17 May 2012 16:18:51 -0400 To: freebsd-current@FreeBSD.org http://people.freebsd.org/~gjb/zfs_zget-panic.kgdb.txt Ian -- Ian Freislich
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1SWtwE-0000Ru-Eu>