Possible kqueue related issue on STABLE/RC.

Tue Sep 24 08:29:16 UTC 2013

On Tue, Sep 24, 2013 at 09:44:27AM +0200, Patrick Lamaiziere wrote:
> Le Mon, 23 Sep 2013 23:31:41 +0300,
> Konstantin Belousov <kostikbel at gmail.com> a ?crit :
> 
> Hello,
> 
> ...
> 
> 
> > > Ok This has been mfced to 9.2-STABLE. But I still see this panic
> > > with 9-2/STABLE of today (Revision : 255811). This may be better
> > > because before the box paniced within minutes and now within hours
> > > (still using poudriere).
> > > 
> > > panic:
> > > fault code              = supervisor read data, page not present
> > > instruction pointer     = 0x20:0xffffffff808ebfcd
> > > stack pointer           = 0x28:0xffffff824c2e0630
> > > frame pointer           = 0x28:0xffffff824c2e06a0
> > > code segment            = base 0x0, limit 0xfffff, type 0x1b
> > >                         = DPL 0, pres 1, long 1, def32 0, gran 1
> > > processor eflags        = interrupt enabled, resume, IOPL = 0
> > > current process         = 54243 (gvfsd-trash)
> > > trap number             = 12
> > > panic: page fault
> > > cpuid = 2
> > > KDB: stack backtrace:
> > > #0 0xffffffff80939ad6 at kdb_backtrace+0x66
> > > #1 0xffffffff808ffacd at panic+0x1cd
> > > #2 0xffffffff80cdfbe9 at trap_fatal+0x289
> > > #3 0xffffffff80cdff4f at trap_pfault+0x20f
> > > #4 0xffffffff80ce0504 at trap+0x344
> > > #5 0xffffffff80cc9b43 at calltrap+0x8
> > > #6 0xffffffff8099d043 at filt_vfsvnode+0xf3
> > > #7 0xffffffff808c4793 at kqueue_register+0x3e3
> > > #8 0xffffffff808c4de8 at kern_kevent+0x108
> > > #9 0xffffffff808c5950 at sys_kevent+0x90
> > > #10 0xffffffff80cdf3a8 at amd64_syscall+0x5d8
> > > #11 0xffffffff80cc9e27 at Xfast_syscall+0xf7
> > > 
> > > Full core.txt : 
> > > http://user.lamaiziere.net/patrick/public/vfs_vnode-core.txt.0
> > 
> > For start, please load the core into kgdb and for
> > frame 8
> > p *kn
> 
> (kgdb) frame 8
> #8  0xffffffff8099d043 in filt_vfsvnode (kn=0xfffffe0147a7f000, hint=0)
>     at /usr/src/sys/kern/vfs_subr.c:4600
> 4600		VI_LOCK(vp);
> (kgdb) p *kn
> $1 = {kn_link = {sle_next = 0x0}, kn_selnext = {sle_next = 0x0}, 
>   kn_knlist = 0x0, kn_tqe = {tqe_next = 0x0, tqe_prev = 0x0}, 
>   kn_kq = 0xfffffe01079a6200, kn_kevent = {ident = 62, filter = -4, 
>     flags = 32784, fflags = 0, data = 0, udata = 0x0}, kn_status = 24, 
>   kn_sfflags = 47, kn_sdata = 0, kn_ptr = {p_fp = 0xfffffe016949e190, 
>     p_proc = 0xfffffe016949e190, p_aio = 0xfffffe016949e190, 
>     p_lio = 0xfffffe016949e190}, kn_fop = 0xffffffff812fd440, 
>   kn_hook = 0xfffffe0119d0b1f8, kn_hookid = 0}
From the kgdb, also please do
p *(struct vnode *)0xfffffe0119d0b1f8

> 
> 
> > Also, please follow
> > http://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/kerneldebug-deadlocks.html
> > to recompile kernel with the debugging options and try to recreate
> > the panic.
> 
> It's building.

Please try the following.

diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c
index aa165a0..5715f35 100644
--- a/sys/kern/vfs_subr.c
+++ b/sys/kern/vfs_subr.c
@@ -4421,10 +4421,14 @@ filt_vfsdetach(struct knote *kn)
 static int
 filt_vfsread(struct knote *kn, long hint)
 {
-	struct vnode *vp = (struct vnode *)kn->kn_hook;
+	struct vnode *vp;
 	struct vattr va;
 	int res;
 
+	if ((kn->kn_status & KN_DETACHED) != 0)
+		return (0);
+	vp = (struct vnode *)kn->kn_hook;
+
 	/*
 	 * filesystem is gone, so set the EOF flag and schedule
 	 * the knote for deletion.
@@ -4450,8 +4454,11 @@ filt_vfsread(struct knote *kn, long hint)
 static int
 filt_vfswrite(struct knote *kn, long hint)
 {
-	struct vnode *vp = (struct vnode *)kn->kn_hook;
+	struct vnode *vp;
 
+	if ((kn->kn_status & KN_DETACHED) != 0)
+		return (0);
+	vp = (struct vnode *)kn->kn_hook;
 	VI_LOCK(vp);
 
 	/*
@@ -4469,9 +4476,12 @@ filt_vfswrite(struct knote *kn, long hint)
 static int
 filt_vfsvnode(struct knote *kn, long hint)
 {
-	struct vnode *vp = (struct vnode *)kn->kn_hook;
+	struct vnode *vp;
 	int res;
 
+	if ((kn->kn_status & KN_DETACHED) != 0)
+		return (0);
+	vp = (struct vnode *)kn->kn_hook;
 	VI_LOCK(vp);
 	if (kn->kn_sfflags & hint)
 		kn->kn_fflags |= hint;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20130924/e64e73d0/attachment.sig>
