panic in vfs_lookup/kern_statat_vnhook?

From: Ian FREISLICH <ianf_at_clue.co.za>
Date: Tue, 22 May 2012 20:36:06 +0200
Hi

I've had quite a few reproduceable panics that look to be VFS
related.  The trigger is relatively heavy concurrent disk IO.
I can trigger it easily two ways:

1. running my backup script which essentially does:
	cd /; rsync --one-file-system --delete -aHv . /backup
	cd /tmp; rsync --one-file-system --delete -aHv . /backup/tmp
	cd /usr; rsync --one-file-system --delete -aHv . /backup/usr
	cd /var; rsync --one-file-system --delete -aHv . /backup/var

2. While updating with cvsup or csup, launch firefox.

Both reliably provoke the panic:

#0  doadump (textdump=1) at pcpu.h:244
#1  0xc06aa895 in kern_reboot (howto=260)
    at /usr/src/sys/kern/kern_shutdown.c:454
#2  0xc06aad36 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:642
#3  0xc087adee in trap_fatal (frame=0xedb365c8, eva=28)
    at /usr/src/sys/i386/i386/trap.c:1022
#4  0xc087aed8 in trap_pfault (frame=0xedb365c8, usermode=0, eva=28)
    at /usr/src/sys/i386/i386/trap.c:875
#5  0xc087bc4d in trap (frame=0xedb365c8) at /usr/src/sys/i386/i386/trap.c:546
#6  0xc086687c in calltrap () at /usr/src/sys/i386/i386/exception.s:169
#7  0xc0878682 in pmap_enter (pmap=0xc09e4060, va=3359633408, access=7 '\a', 
    m=0xc3073f70, prot=7 '\a', wired=1) at /usr/src/sys/i386/i386/pmap.c:1596
#8  0xc08186d7 in kmem_back (map=0xc0f7308c, addr=3359633408, size=4096, 
    flags=259) at /usr/src/sys/vm/vm_kern.c:432
#9  0xc0818fad in kmem_malloc (map=0xc0f7308c, size=4096, flags=259)
    at /usr/src/sys/vm/vm_kern.c:312
#10 0xc080cd16 in page_alloc (zone=0xc0f62180, bytes=4096, 
    pflag=0xedb3674f "\002", wait=259) at /usr/src/sys/vm/uma_core.c:1002
#11 0xc080f445 in keg_alloc_slab (keg=0xc0f65600, zone=0xc0f62180, wait=259)
    at /usr/src/sys/vm/uma_core.c:852
#12 0xc080f9be in keg_fetch_slab (keg=0xc0f65600, zone=0xc0f62180, flags=259)
    at /usr/src/sys/vm/uma_core.c:2203
#13 0xc080fd23 in zone_fetch_slab (zone=0xc0f62180, keg=0xc0f65600, flags=259)
    at /usr/src/sys/vm/uma_core.c:2263
#14 0xc0811283 in uma_zalloc_arg (zone=0xc0f62180, udata=0x0, flags=259)
    at /usr/src/sys/vm/uma_core.c:2433
#15 0xc073c2ec in getnewvnode (tag=0xc09048a8 "ufs", mp=0xc5654290, 
    vops=0xc0984860, vpp=0xedb36868) at uma.h:309
#16 0xc07eefb1 in ffs_vgetf (mp=0xc5654290, ino=13074099, flags=524288, 
    vpp=0xedb36904, ffs_flags=0) at /usr/src/sys/ufs/ffs/ffs_vfsops.c:1681
#17 0xc07ef41e in ffs_vget (mp=0xc5654290, ino=13074099, flags=2097152, 
    vpp=0xedb36904) at /usr/src/sys/ufs/ffs/ffs_vfsops.c:1625
#18 0xc07fc8b1 in ufs_lookup_ino (vdp=0xc83e9aa0, vpp=0xedb36ae4, 
    cnp=0xedb36af8, dd_ino=0x0) at /usr/src/sys/ufs/ufs/ufs_lookup.c:749
#19 0xc07fc944 in ufs_lookup (ap=0xedb3696c)
    at /usr/src/sys/ufs/ufs/ufs_lookup.c:214
#20 0xc089f772 in VOP_CACHEDLOOKUP_APV (vop=0xc0984860, a=0xedb3696c)
    at vnode_if.c:187
#21 0xc0724ac5 in vfs_cache_lookup (ap=0xedb369fc) at vnode_if.h:80
#22 0xc08a1851 in VOP_LOOKUP_APV (vop=0xc0984d80, a=0xedb369fc)
    at vnode_if.c:123
#23 0xc072c164 in lookup (ndp=0xedb36ab8) at vnode_if.h:54
#24 0xc072d1b2 in namei (ndp=0xedb36ab8) at /usr/src/sys/kern/vfs_lookup.c:307
#25 0xc073ebee in kern_statat_vnhook (td=0xc5ad9b80, flag=512, fd=-100, 
    path=0x82a0818 <Address 0x82a0818 out of bounds>, pathseg=UIO_USERSPACE, 
    sbp=0xedb36be8, hook=0) at /usr/src/sys/kern/vfs_syscalls.c:2433
#26 0xc073ed59 in kern_statat (td=0xc5ad9b80, flag=512, fd=-100, 
    path=0x82a0818 <Address 0x82a0818 out of bounds>, pathseg=UIO_USERSPACE, 
    sbp=0xedb36be8) at /usr/src/sys/kern/vfs_syscalls.c:2414
#27 0xc073ed91 in kern_lstat (td=0xc5ad9b80, 
    path=0x82a0818 <Address 0x82a0818 out of bounds>, pathseg=UIO_USERSPACE, 
    sbp=0xedb36be8) at /usr/src/sys/kern/vfs_syscalls.c:2487
#28 0xc073ee25 in sys_lstat (td=0xc5ad9b80, uap=0xedb36ccc)
    at /usr/src/sys/kern/vfs_syscalls.c:2477
#29 0xc087b419 in syscall (frame=0xedb36d08) at subr_syscall.c:135
#30 0xc08668e1 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:267
#31 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) frame 24
#24 0xc072d1b2 in namei (ndp=0xedb36ab8) at /usr/src/sys/kern/vfs_lookup.c:307
307                     error = lookup(ndp);
(kgdb) l
302                             VREF(dp);
303                     }
304                     if (vfslocked)
305                             ndp->ni_cnd.cn_flags |= GIANTHELD;
306                     ndp->ni_startdir = dp;
307                     error = lookup(ndp);
308                     if (error) {
309                             uma_zfree(namei_zone, cnp->cn_pnbuf);
310     #ifdef DIAGNOSTIC
311                             cnp->cn_pnbuf = NULL;
(kgdb) frame 25
#25 0xc073ebee in kern_statat_vnhook (td=0xc5ad9b80, flag=512, fd=-100, 
    path=0x82a0818 <Address 0x82a0818 out of bounds>, pathseg=UIO_USERSPACE, 
    sbp=0xedb36be8, hook=0) at /usr/src/sys/kern/vfs_syscalls.c:2433
2433            if ((error = namei(&nd)) != 0)
(kgdb) l
2428    
2429            NDINIT_ATRIGHTS(&nd, LOOKUP, ((flag & AT_SYMLINK_NOFOLLOW) ? NOFOLLOW :
2430                FOLLOW) | LOCKSHARED | LOCKLEAF | AUDITVNODE1 | MPSAFE, pathseg,
2431                path, fd, CAP_FSTAT, td);
2432    
2433            if ((error = namei(&nd)) != 0)
2434                    return (error);
2435            vfslocked = NDHASGIANT(&nd);
2436            error = vn_stat(nd.ni_vp, &sb, td->td_ucred, NOCRED, td);
2437            if (!error) {

This same panic was reported some time back in:
	Subject: [panic] zfs_zget() panic during 'svn update'
	From: Glen Barber <gjb_at_FreeBSD.org>
	Date: Thu, 17 May 2012 16:18:51 -0400
	To: freebsd-current_at_FreeBSD.org
	
	http://people.freebsd.org/~gjb/zfs_zget-panic.kgdb.txt

Ian

-- 
Ian Freislich
Received on Tue May 22 2012 - 16:36:15 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:27 UTC