I saw this once too. The following change should fix this. _at__at_ -965,7 +969,7 _at__at_ nfsmout: if (error) { if (newvp != NULLVP) { - vrele(newvp); + vput(newvp); *vpp = NULLVP; } if ((cnp->cn_nameiop == CREATE || cnp->cn_nameiop == RENAME) && Will check it into current soon. mohan --- Xin LI <delphij_at_frontfree.net> wrote: > Hi, > > On a production CVS server of ours we got panics when there is some wrong > data was injected to the NFS TCP connection. This may indicate some error > in our error handling code of NFS client. > > However, the issue happens only when the gateway between the CVS server and > the NFS server is heavily loaded, therefore reproducing the issue is somewhat > hard. I have enabled DEBUG_VFS_LOCK to see if I can catch something. > > The backtrace goes here: > > GNU gdb 6.1.1 [FreeBSD] > Copyright 2004 Free Software Foundation, Inc. > GDB is free software, covered by the GNU General Public License, and you are > welcome to change it and/or distribute copies of it under certain conditions. > Type "show copying" to see the conditions. > There is absolutely no warranty for GDB. Type "show warranty" for details. > This GDB was configured as "i386-marcel-freebsd". > > Unread portion of the kernel message buffer: > <3>impossible packet length (745074944) from nfs server > 10.88.15.238:/data0/vhost/wiki/vol/APPLE/matrixdata/docroot > panic: lockmgr: locking against myself > KDB: enter: panic > Dumping 1022 MB (2 chunks) > chunk 0: 1MB (159 pages) ... ok > chunk 1: 1022MB (261600 pages) 1006 990 974 958 942 926 910 894 878 862 846 830 814 798 782 > 766 750 734 718 702 686 670 654 638 622 606 590 574 558 542 526 510 494 478 462 446 430 414 398 > 382 366 350 334 318 302 286 270 254 238 222 206 190 174 158 142 126 110 94 78 62 46 30 14 > > #0 doadump () at pcpu.h:165 > in pcpu.h > (kgdb) bt full > #0 doadump () at pcpu.h:165 > No locals. > #1 0xc047f373 in db_fncall (dummy1=-1066385920, dummy2=0, dummy3=-1067193049, > dummy4=0xe775d7a0 "Ì×uç\224ÔcÀ¸×uç¼×uç\220\a") at /usr/src/sys/ddb/db_command.c:492 > fn_addr = -1068348316 > args = {1, 0, 544593784, -1067199340, -1066463456, -1066463680, 0, -411707512, 2, -1066737952} > nargs = 0 > retval = 0 > t = 0 > #2 0xc047f178 in db_command (last_cmdp=0xc06dc4c4, cmd_table=0x0, aux_cmd_tablep=0xc06a83f4, > aux_cmd_tablep_end=0xc06a8410) at /usr/src/sys/ddb/db_command.c:350 > cmd = (struct command *) 0xc06ae080 > t = 0 > modif = > "Ì×uç\224ÔcÀ¸×uç¼×uç\220\a\000\000\220\a\000\000Ï\a\000\000\000\000\000\000\000>pÀ\r\000\000\000\000>pÀ\000>pÀ\r\000\000\000\001\000\000\000ø×uçOÎcÀø×uçhÎcÀ_at_\016oÀ`rnÀx\000\000\000ÀÍmÀ\000\000\000\000\030Øuçð\021HÀ\000$iÀà\016HÀ\000\000\000\000ÀÍmÀ\222\006H? > addr = -1066385920 > count = -1067193049 > have_addr = 0 > result = 0 > #3 0xc047f240 in db_command_loop () at /usr/src/sys/ddb/db_command.c:458 > No locals. > #4 0xc0480e4d in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_main.c:221 > jb = {{_jb = {-411707304, -411707324, -411707252, -1006365520, 0, -1069019674, -1068274507, > -1066851157, > -1066845781, -1066851596, -411707248, -1068273655}}} > prev_jb = (void *) 0x0 > bkpt = 0 > #5 0xc053e2af in kdb_trap (type=3, code=0, tf=0xe775d8e0) at /usr/src/sys/kern/subr_kdb.c:473 > handled = -411707168 > #6 0xc0659578 in trap (frame= > {tf_fs = -411762680, tf_es = -1068302296, tf_ds = -1066860504, tf_edi = 1, tf_esi = > -1066857605, tf_ebp = -411707104, tf_isp = -411707124, tf_ebx = -411707060, tf_edx = 0, tf_ecx = > -1061072896, tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = -1068244941, tf_cs = 32, tf_eflags > = 658, tf_esp = -411707072, tf_ss = -1068346465}) > at /usr/src/sys/i386/i386/trap.c:591 > td = (struct thread *) 0xc40414b0 > p = (struct proc *) 0xc4044418 > sticks = 17104896 > i = 0 > ucode = 0 > type = 3 > code = 0 > eva = 0 > #7 0xc06498aa in calltrap () at /usr/src/sys/i386/i386/exception.s:139 > No locals. > #8 0xc053e033 in kdb_enter (msg=0x12 <Address 0x12 out of bounds>) at cpufunc.h:60 > No locals. > #9 0xc052539f in panic (fmt=0xc0690b7b "lockmgr: locking against myself") at > /usr/src/sys/kern/kern_shutdown.c:539 > td = (struct thread *) 0xc40414b0 > bootopt = 256 > newpanic = 1 > ap = 0xe775d94c "°\024\004? > buf = "lockmgr: locking against myself", '\0' <repeats 224 times> > #10 0xc0518966 in lockmgr (lkp=0xc2d109e8, flags=8194, interlkp=0x80, td=0xc40414b0) at > /usr/src/sys/kern/kern_lock.c:330 > error = 0 > thr = (struct thread *) 0xc40414b0 > extflags = 128 > lockflags = 18 > #11 0xc0573246 in vop_stdlock (ap=0x0) at /usr/src/sys/kern/vfs_default.c:258 > vp = (struct vnode *) 0xc0c15000 > #12 0xc0669583 in VOP_LOCK_APV (vop=0xc06c2c60, a=0xe775d9b0) at vnode_if.c:1642 > rc = -1066652576 > #13 0xc0587e78 in vn_lock (vp=0xc2d10990, flags=8194, td=0xc40414b0) at vnode_if.h:844 > error = 18 > #14 0xc057be9a in vrele (vp=0xc2d10990) at /usr/src/sys/kern/vfs_subr.c:2050 > td = (struct thread *) 0xc40414b0 > #15 0xc05cbe2c in nfs_lookup (ap=0x12) at /usr/src/sys/nfsclient/nfs_vnops.c:893 > cnp = (struct componentname *) 0xe775dc90 > dvp = (struct vnode *) 0xc43ab110 > vpp = (struct vnode **) 0xe775dc7c > flags = 16814096 > newvp = (struct vnode *) 0xc2d10990 > bpos = 0xc511d150 "h" > dpos = 0xc44e0ab0 "" > mreq = (struct mbuf *) 0xc511d100 > mrep = (struct mbuf *) 0x0 > md = (struct mbuf *) 0xc44e0a00 > mb = (struct mbuf *) 0xc511d100 > len = 72 > fhp = (nfsfh_t *) 0xc44e0a38 > np = (struct nfsnode *) 0xc44ee564 > error = 72 > attrflag = 0 > fhsize = 28 > v3 = 512 > td = (struct thread *) 0xc40414b0 > #16 0xc06689a7 in VOP_LOOKUP_APV (vop=0xc06c8820, a=0xe775db3c) at vnode_if.c:99 > rc = -1066629088 > #17 0xc0575389 in lookup (ndp=0xe775dc68) at vnode_if.h:56 > cp = 0xc2a2805b "" > dp = (struct vnode *) 0xc43ab110 > tdp = (struct vnode *) 0xc2290bb0 > mp = (struct mount *) 0xc2a2805b > docache = 0 > wantparent = 16 > rdonly = 0 > trailing_slash = 0 > error = 0 > dpunlocked = 0 > cnp = (struct componentname *) 0xe775dc90 > td = (struct thread *) 0xc40414b0 > vfslocked = 1 > tvfslocked = 1 > #18 0xc0574cca in namei (ndp=0xe775dc68) at /usr/src/sys/kern/vfs_lookup.c:203 > fdp = (struct filedesc *) 0xc2ba2000 > cp = 0xc2ba2000 "d ºÂ?ºÂ ÂiÂPe\035ÂPe\035Â\024" > dp = (struct vnode *) 0xc21d6550 > aiov = {iov_base = 0xc0582a7b, iov_len = 8194} > auio = {uio_iov = 0xe775dbb4, uio_iovcnt = 128, uio_offset = -4322306996204929024, uio_resid = > 0, > uio_segflg = 3228314720, uio_rw = 3883260924, uio_td = 0x4} > error = -1038260912 > linklen = -1038260912 > cnp = (struct componentname *) 0xe775dc90 > td = (struct thread *) 0xc40414b0 > p = (struct proc *) 0x0 > vfslocked = 0 > #19 0xc0583d90 in kern_rename (td=0xc40414b0, from=0x12 <Address 0x12 out of bounds>, > to=0x12 <Address 0x12 out of bounds>, pathseg=UIO_USERSPACE) at > /usr/src/sys/kern/vfs_syscalls.c:3188 > mp = (struct mount *) 0x0 > tvp = (struct vnode *) 0x2002 > fvp = (struct vnode *) 0x0 > tdvp = (struct vnode *) 0x0 > fromnd = {ni_dirp = 0x82435dc <Address 0x82435dc out of bounds>, ni_segflg = UIO_USERSPACE, > ni_startdir = 0x0, > ni_rootdir = 0xc21d6550, ni_topdir = 0xc21d6550, ni_vp = 0x0, ni_dvp = 0xc43ab110, ni_pathlen > = 1, > ni_next = 0xc2a2805b "", ni_loopcnt = 0, ni_cnd = {cn_nameiop = 2, cn_flags = 16814096, > cn_thread = 0xc40414b0, > cn_cred = 0xc2757680, cn_lkflags = 2, > cn_pnbuf = 0xc2a28000 > "/usr/local/share/docroot/bkup/cvs/mailtech/FooApp1/myapp10/stuff/nconf/#cvs.cvsup-2172.6595", > cn_nameptr = 0xc2a28047 "#cvs.cvsup-2172.6595", cn_namelen = 20, cn_consume = 0}} > tond = {ni_dirp = 0xc057c1f2 "\203Ä\004d\213\025", ni_segflg = 3268479376, ni_startdir = > 0xc2d10990, > ni_rootdir = 0xe775dc48, ni_topdir = 0xc057bf36, ni_vp = 0xc2d10990, ni_dvp = 0xc06d7940, > ni_pathlen = 3268479376, > ni_next = 0x0, ni_loopcnt = 3288601776, ni_cnd = {cn_nameiop = 1, cn_flags = 0, cn_thread = > 0xe775dcc4, > cn_cred = 0xc0582b05, cn_lkflags = -1026487920, cn_pnbuf = 0xc40414b0 "\030D\004Äà\004N?, > cn_nameptr = 0xc2d10990 "\001", cn_namelen = 493, cn_consume = -411706264}} > tvfslocked = -411706372 > fvfslocked = -1067018852 > error = -1006353384 > #20 0xc0583d49 in rename (td=0xc40414b0, uap=0x12) at /usr/src/sys/kern/vfs_syscalls.c:3167 > No locals. > #21 0xc0659dcb in syscall (frame= > {tf_fs = 1858994235, tf_es = -1078001605, tf_ds = 136249403, tf_edi = 1859007112, tf_esi = > -1077940604, tf_ebp = 136256060, tf_isp = -411706012, tf_ebx = 3, tf_edx = 32768, tf_ecx = 0, > tf_eax = 128, tf_trapno = 22, tf_err = 2, tf_eip = 1859694163, tf_cs = 51, tf_eflags = 530, > tf_esp = 136255664, tf_ss = 59}) at /usr/src/sys/i386/i386/trap.c:976 > params = 0x81f18b4 <Address 0x81f18b4 out of bounds> > callp = (struct sysent *) 0xc06b74c0 > td = (struct thread *) 0xc40414b0 > p = (struct proc *) 0xc4044418 > orig_tf_eflags = 530 > sticks = 688 > error = 0 > narg = 2 > args = {136590812, 136590216, 80, 0, 0, 0, 688, -1006353384} > code = 128 > #22 0xc06498ff in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:200 > No locals. > #23 0x00000033 in ?? () > No symbol table info available. > (kgdb) > > Cheers, > -- > Xin LI <delphij frontfree net> http://www.delphij.net/ > See complete headers for GPG key and other information. > >Received on Fri Oct 28 2005 - 15:22:50 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:46 UTC