Re: zfs: Fatal trap 12: page fault while in kernel mode - Thomas Backman - org.freebsd.freebsd-current

60 messages in org.freebsd.freebsd-currentRe: zfs: Fatal trap 12: page fault wh...

From	Sent On	Attachments
Juergen Unger	Jul 27, 2009 12:24 am
O. Hartmann	Jul 27, 2009 12:58 pm
Juergen Unger	Jul 27, 2009 2:33 pm
Andriy Gapon	Jul 28, 2009 2:50 am
Pawel Jakub Dawidek	Jul 29, 2009 1:47 am
Thomas Backman	Jul 29, 2009 3:31 am
Andriy Gapon	Jul 29, 2009 4:21 am
Andriy Gapon	Jul 29, 2009 4:41 am
Thomas Backman	Jul 29, 2009 5:45 am
Andriy Gapon	Jul 29, 2009 6:03 am
Thomas Backman	Jul 29, 2009 6:23 am
Andriy Gapon	Jul 29, 2009 6:45 am
Thomas Backman	Jul 29, 2009 6:52 am
Andriy Gapon	Jul 29, 2009 6:55 am
Thomas Backman	Jul 29, 2009 7:10 am
Andriy Gapon	Jul 29, 2009 7:35 am
Andriy Gapon	Jul 29, 2009 9:01 am
Thomas Backman	Jul 29, 2009 9:10 am
Thomas Backman	Jul 29, 2009 10:13 am
Andriy Gapon	Jul 29, 2009 10:17 am
Thomas Backman	Jul 29, 2009 11:03 am
Thomas Backman	Jul 29, 2009 1:14 pm
Pawel Jakub Dawidek	Jul 29, 2009 2:17 pm
Thomas Backman	Jul 30, 2009 12:04 am
Andriy Gapon	Jul 30, 2009 5:11 am
Thomas Backman	Jul 30, 2009 5:51 am
Andriy Gapon	Jul 30, 2009 6:13 am
Thomas Backman	Jul 30, 2009 6:31 am
Andriy Gapon	Jul 30, 2009 6:34 am
Andriy Gapon	Jul 30, 2009 7:24 am
Thomas Backman	Jul 30, 2009 7:39 am
Andriy Gapon	Jul 30, 2009 7:45 am
Andriy Gapon	Jul 30, 2009 7:48 am
Thomas Backman	Jul 30, 2009 8:25 am
Andriy Gapon	Jul 30, 2009 8:39 am
Thomas Backman	Jul 30, 2009 9:41 am
Thomas Backman	Jul 30, 2009 11:29 am
Andriy Gapon	Jul 30, 2009 11:41 am
Thomas Backman	Jul 31, 2009 2:04 am
James R. Van Artsdalen	Jul 31, 2009 4:44 am
Thomas Backman	Jul 31, 2009 5:26 am
Thomas Backman	Jul 31, 2009 10:09 am
Tim Kientzle	Aug 1, 2009 10:11 am
Juergen Unger	Aug 2, 2009 2:26 am
Pawel Jakub Dawidek	Aug 2, 2009 2:29 am
Juergen Unger	Aug 3, 2009 1:32 pm
Pawel Jakub Dawidek	Aug 4, 2009 12:33 am
Juergen Unger	Aug 4, 2009 12:53 am
Pawel Jakub Dawidek	Aug 4, 2009 2:49 am
Juergen Unger	Aug 4, 2009 2:56 am
Pawel Jakub Dawidek	Aug 4, 2009 12:50 pm
Thomas Backman	Aug 4, 2009 1:10 pm
Pawel Jakub Dawidek	Aug 4, 2009 1:25 pm
Pawel Jakub Dawidek	Aug 4, 2009 11:49 pm
Thomas Backman	Aug 5, 2009 12:08 am
Thomas Backman	Aug 5, 2009 12:20 am
Pawel Jakub Dawidek	Aug 5, 2009 2:37 am
Thomas Backman	Aug 5, 2009 3:36 am
Thomas Backman	Aug 5, 2009 5:06 am
Pawel Jakub Dawidek	Aug 6, 2009 10:44 pm

Subject:	Re: zfs: Fatal trap 12: page fault while in kernel mode
From:	Thomas Backman (sere...@exscape.org)
Date:	Jul 29, 2009 11:03:52 am
List:	org.freebsd.freebsd-current

On Jul 29, 2009, at 19:18, Andriy Gapon wrote:

Thanks a lot again!

Could you please try the following change? In sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c, in function zfs_inactive() insert the following line: vrecycle(vp, curthread); before the following line: zfs_znode_free(zp);

This is in "if (zp->z_dbuf == NULL)" branch.

I hope that this should work in concert with the patch that Pawel has posted.

P.S. Also Pawel has told me that adding 'CFLAGS+=-DDEBUG=1' to sys/ modules/zfs/Makefile should enable additional debugging checks (ASSERTs) in ZFS code.

Thanks for your work :) However, bad news: it didn't help. It *might* have gotten us further, though, because the DDB backtrace now looks like this:

_sx_xlock_hard() _sx_xlock() zfs_znode_free() zfs_freebsd_inactive() VOP_INACTIVE_APV() vinactive() vput() dounmount() unmount() syscall() XFast_syscall()

KGDB:

Unread portion of the kernel message buffer: kernel trap 9 with interrupts disabled

Fatal trap 9: general protection fault while in kernel mode cpuid = 0; apic id = 00 instruction pointer = 0x20:0xffffffff80342b99 stack pointer = 0x28:0xffffff803e9b7910 frame pointer = 0x28:0xffffff803e9b7970 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = resume, IOPL = 0 current process = 1398 (zpool) panic: from debugger cpuid = 0 KDB: stack backtrace: Uptime: 1m28s Physical memory: 2030 MB Dumping 1405 MB: ... Reading symbols: ...

#9 0xffffffff805986aa in trap (frame=0xffffff803e9b7860) at /usr/src/ sys/amd64/amd64/trap.c:639 #10 0xffffffff8057dfe7 in calltrap () at /usr/src/sys/amd64/amd64/ exception.S:224 #11 0xffffffff80342b99 in _sx_xlock_hard (sx=0xffffff0071019181, tid=18446742976093954048, opts=Variable "opts" is not available. ) at /usr/src/sys/kern/kern_sx.c:575 #12 0xffffffff8034350e in _sx_xlock (sx=Variable "sx" is not available. ) at sx.h:155 #13 0xffffffff80ad6be7 in zfs_znode_free () from /boot/kernel/zfs.ko #14 0xffffffff80b5af20 in ?? () #15 0xffffff803e9b79f0 in ?? () #16 0xffffff0071032000 in ?? () #17 0xffffff803e9b79c0 in ?? () #18 0xffffffff80af719a in zfs_freebsd_inactive () from /boot/kernel/ zfs.ko #19 0xffffffff805c5b5a in VOP_INACTIVE_APV (vop=0xffffff0071101a48, a=0xffffff0071019181) at vnode_if.c:1863 #20 0xffffffff803c6aaa in vinactive (vp=0xffffff0071290938, td=0xffffff0071019001) at vnode_if.h:807 #21 0xffffffff803cbf26 in vput (vp=0xffffff0071290938) at /usr/src/sys/ kern/vfs_subr.c:2257 #22 0xffffffff803c57ef in dounmount (mp=0xffffff0002b9e8d0, flags=0, td=Variable "td" is not available. ) at /usr/src/sys/kern/vfs_mount.c:1333 #23 0xffffffff803c5df8 in unmount (td=0xffffff0071032000, uap=0xffffff803e9b7bf0) at /usr/src/sys/kern/vfs_mount.c:1174 #24 0xffffffff805980bf in syscall (frame=0xffffff803e9b7c80) at /usr/ src/sys/amd64/amd64/trap.c:984 #25 0xffffffff8057e2c1 in Xfast_syscall () at /usr/src/sys/amd64/amd64/ exception.S:373

(kgdb) fr 22 #22 0xffffffff803c57ef in dounmount (mp=0xffffff0002b9e8d0, flags=0, td=Variable "td" is not available. ) at /usr/src/sys/kern/vfs_mount.c:1333 1333 vput(coveredvp); (kgdb) p *mp $1 = {mnt_mtx = {lock_object = {lo_name = 0xffffffff80611acd "struct mount mtx", lo_flags = 16973824, lo_data = 0, lo_witness = 0x0}, mtx_lock = 4}, mnt_gen = 2, mnt_list = {tqe_next = 0x0, tqe_prev = 0xffffff0002c71be8}, mnt_op = 0xffffffff80b5ae80, mnt_vfc = 0xffffffff80b5ae20, mnt_vnodecovered = 0xffffff0071290938, mnt_syncer = 0x0, mnt_ref = 0, mnt_nvnodelist = {tqh_first = 0x0, tqh_last = 0xffffff0002b9e930}, mnt_nvnodelistsize = 0, mnt_writeopcount = 0, mnt_kern_flag = 1627390088, mnt_flag = 4096, mnt_xflag = 0, mnt_noasync = 0, mnt_opt = 0xffffff0002f666f0, mnt_optnew = 0x0, mnt_maxsymlinklen = 0, mnt_stat = {f_version = 537068824, f_type = 4, f_flags = 4096, f_bsize = 131072, f_iosize = 131072, f_blocks = 486, f_bfree = 328, f_bavail = 328, f_files = 334, f_ffree = 328, f_syncwrites = 0, f_asyncwrites = 0, f_syncreads = 0, f_asyncreads = 0, f_spare = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, f_namemax = 255, f_owner = 0, f_fsid = {val = {1968303680, -171280380}}, f_charspare = '\0' <repeats 79 times>, f_fstypename = "zfs", '\0' <repeats 12 times>, f_mntfromname = "crashtestslave/test_orig", '\0' <repeats 63 times>, f_mntonname = "/crashtestslave/crashtestslave/test_orig", '\0' <repeats 47 times>}, mnt_cred = 0xffffff0002f0b700, mnt_data = 0xffffff002489e000, mnt_time = 0, mnt_iosize_max = 65536, mnt_export = 0x0, mnt_label = 0x0, mnt_hashseed = 1597825977, mnt_lockref = 0, mnt_secondary_writes = 0, mnt_secondary_accwrites = 0, mnt_susp_owner = 0x0, mnt_gjprovider = 0x0, mnt_explock = {lock_object = { lo_name = 0xffffffff80611ade "explock", lo_flags = 91422720, lo_data = 0, lo_witness = 0x0}, lk_lock = 1, lk_timo = 0, lk_pri = 80}}

Worth noting above: it's NOT the "pool root FS" that's being unmounted here. The panic can also be triggered on "zfs unmount crashtestslave/ test_orig" (i.e. not the root FS which was the only that panicked with zfs unmount, as opposed to zpool export, before).

(kgdb) fr 21 #21 0xffffffff803cbf26 in vput (vp=0xffffff0071290938) at /usr/src/sys/ kern/vfs_subr.c:2257 2257 vinactive(vp, td); (kgdb) p *vp $3 = {v_type = VBAD, v_tag = 0xffffffff80600ff6 "none", v_op = 0xffffffff80779700, v_data = 0x0, v_mount = 0x0, v_nmntvnodes = {tqe_next = 0x0, tqe_prev = 0xffffff0071290b38}, v_un = {vu_mount = 0x0, vu_socket = 0x0, vu_cdev = 0x0, vu_fifoinfo = 0x0, vu_yield = 0}, v_hashlist = {le_next = 0x0, le_prev = 0x0}, v_hash = 0, v_cache_src = {lh_first = 0x0}, v_cache_dst = {tqh_first = 0x0, tqh_last = 0xffffff0071290998}, v_cache_dd = 0x0, v_cstart = 0, v_lasta = 0, v_lastw = 0, v_clen = 0, v_lock = {lock_object = {lo_name = 0xffffffff80b56367 "zfs", lo_flags = 91947008, lo_data = 0, lo_witness = 0x0}, lk_lock = 18446742976093954048, lk_timo = 51, lk_pri = 80}, v_interlock = {lock_object = {lo_name = 0xffffffff806126d9 "vnode interlock", lo_flags = 16973824, lo_data = 0, lo_witness = 0x0}, mtx_lock = 4}, v_vnlock = 0xffffff00712909d0, v_holdcnt = 1, v_usecount = 0, v_iflag = 2176, v_vflag = 0, v_writecount = 0, v_freelist = {tqe_next = 0x0, tqe_prev = 0xffffff0002cecc18}, v_bufobj = {bo_mtx = {lock_object = {lo_name = 0xffffffff806126e9 "bufobj interlock", lo_flags = 16973824, lo_data = 0, lo_witness = 0x0}, mtx_lock = 4}, bo_clean = {bv_hd = {tqh_first = 0x0, tqh_last = 0xffffff0071290a70}, bv_root = 0x0, bv_cnt = 0}, bo_dirty = {bv_hd = {tqh_first = 0x0, tqh_last = 0xffffff0071290a90}, bv_root = 0x0, bv_cnt = 0}, bo_numoutput = 0, bo_flag = 0, bo_ops = 0xffffffff8079afa0, bo_bsize = 131072, bo_object = 0x0, bo_synclist = {le_next = 0x0, le_prev = 0x0}, bo_private = 0xffffff0071290938, __bo_vnode = 0xffffff0071290938}, v_pollinfo = 0x0, v_label = 0x0, v_lockf = 0x0}

(kgdb) fr 11 #11 0xffffffff80342b99 in _sx_xlock_hard (sx=0xffffff0071019181, tid=18446742976093954048, opts=Variable "opts" is not available. ) at /usr/src/sys/kern/kern_sx.c:575 575 owner = (struct thread *)SX_OWNER(x); (kgdb) p *sx $4 = {lock_object = {lo_name = 0xffffffff80b571 <Address 0xffffffff80b571 out of bounds>, lo_flags = 160000, lo_data = 0, lo_witness = 0x100000000000000}, sx_lock = 16717361816799281152}

Regards, Thomas

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets