[Bug 219935] Kernel panic in getnewvnode (possibly ZFS related)

Mon Jun 12 09:44:50 UTC 2017

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219935

            Bug ID: 219935
           Summary: Kernel panic in getnewvnode (possibly ZFS related)
           Product: Base System
           Version: 10.3-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: raimo+freebsd at erix.ericsson.se

I have a server that crashes with a page fault every 3-4 days in ZFS when
allocating a new vnode.

The crashes mostly happens during cron daily, often in find, which probably is
from periodic's setuid_status_chksetuid_enable.

The server has also crashed once from nfscl_nget, and once from vfs_msync.

freebsd-version: 10.3-RELEASE-p19

Extracted from the latest crash - /var/crash/cron.txt.8:

sasquatch.otp.ericsson.se dumped core - see /var/crash/vmcore.8

Sun Jun 11 03:04:33 CEST 2017

FreeBSD sasquatch.otp.ericsson.se 10.3-RELEASE-p18 FreeBSD 10.3-RELEASE-p18 #0:
Tue Apr 11 10:31:00 UTC 2017    
root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64

panic: page fault

GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...

Unread portion of the kernel message buffer:
trap number             = 12
panic: page fault
cpuid = 3
KDB: stack backtrace:
#0 0xffffffff8098e7e0 at kdb_backtrace+0x60
#1 0xffffffff809514b6 at vpanic+0x126
#2 0xffffffff80951383 at panic+0x43
#3 0xffffffff80d5646b at trap_fatal+0x36b
#4 0xffffffff80d5676d at trap_pfault+0x2ed
#5 0xffffffff80d55dea at trap+0x47a
#6 0xffffffff80d3bdb2 at calltrap+0x8
#7 0xffffffff809f5980 at getnewvnode+0x1c0
#8 0xffffffff81a51dda at zfs_znode_alloc+0x5a
#9 0xffffffff81a52ee2 at zfs_zget+0x2a2
#10 0xffffffff81a6b195 at zfs_dirent_lock+0x4a5
#11 0xffffffff81a6b43d at zfs_dirlook+0x17d
#12 0xffffffff81a817f0 at zfs_lookup+0x2e0
#13 0xffffffff81a81c9d at zfs_freebsd_lookup+0x6d
#14 0xffffffff80e80bc1 at VOP_CACHEDLOOKUP_APV+0xa1
#15 0xffffffff809e48d6 at vfs_cache_lookup+0xd6
#16 0xffffffff80e80ab1 at VOP_LOOKUP_APV+0xa1
#17 0xffffffff809ecff1 at lookup+0x5a1
Uptime: 2d23h57m24s
Dumping 1889 out of 12215 MB:..1%..11%..21%..31%..41%..51%..61%..71%..81%..91%

Reading symbols from /boot/kernel/zfs.ko.symbols...done.
Loaded symbols for /boot/kernel/zfs.ko.symbols
Reading symbols from /boot/kernel/opensolaris.ko.symbols...done.
Loaded symbols for /boot/kernel/opensolaris.ko.symbols
Reading symbols from /boot/kernel/geom_mirror.ko.symbols...done.
Loaded symbols for /boot/kernel/geom_mirror.ko.symbols
Reading symbols from /boot/kernel/fdescfs.ko.symbols...done.
Loaded symbols for /boot/kernel/fdescfs.ko.symbols
Reading symbols from /boot/kernel/ums.ko.symbols...done.
Loaded symbols for /boot/kernel/ums.ko.symbols
Reading symbols from /boot/kernel/pf.ko.symbols...done.
Loaded symbols for /boot/kernel/pf.ko.symbols
#0  doadump (textdump=<value optimized out>) at pcpu.h:219
219     pcpu.h: No such file or directory.
        in pcpu.h
(kgdb) #0  doadump (textdump=<value optimized out>) at pcpu.h:219
#1  0xffffffff80951112 in kern_reboot (howto=260)
    at /usr/src/sys/kern/kern_shutdown.c:486
#2  0xffffffff809514f5 in vpanic (fmt=<value optimized out>, 
    ap=<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:889
#3  0xffffffff80951383 in panic (fmt=0x0)
    at /usr/src/sys/kern/kern_shutdown.c:818
#4  0xffffffff80d5646b in trap_fatal (frame=<value optimized out>, 
    eva=<value optimized out>) at /usr/src/sys/amd64/amd64/trap.c:858
#5  0xffffffff80d5676d in trap_pfault (frame=0xfffffe034f87aec0, 
    usermode=<value optimized out>) at /usr/src/sys/amd64/amd64/trap.c:681
#6  0xffffffff80d55dea in trap (frame=0xfffffe034f87aec0)
    at /usr/src/sys/amd64/amd64/trap.c:447
#7  0xffffffff80d3bdb2 in calltrap ()
    at /usr/src/sys/amd64/amd64/exception.S:236
#8  0xffffffff809f7725 in vholdl (vp=0xfffff801f6b32938)
    at /usr/src/sys/kern/vfs_subr.c:2468
#9  0xffffffff809f5980 in getnewvnode (tag=0xffffffff81af1c7b "zfs", 
    mp=0xfffff8002cf28330, vops=0xffffffff81b048e0, vpp=0xfffffe034f87b170)
    at /usr/src/sys/kern/vfs_subr.c:2163
#10 0xffffffff81a51dda in zfs_znode_alloc (zfsvfs=0xfffff8002cf29000, 
    db=0xfffff801abbbed80, blksz=512, obj_type=DMU_OT_SA, hdl=0x0)
    at
/usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_znode.c:630
#11 0xffffffff81a52ee2 in zfs_zget (zfsvfs=0xfffff8002cf29000, obj_num=99903, 
    zpp=0xfffffe034f87b328)
    at
/usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_znode.c:1221
#12 0xffffffff81a6b195 in zfs_dirent_lock (dlpp=0xfffffe034f87b330, 
    dzp=<value optimized out>, name=<value optimized out>, 
    zpp=0xfffffe034f87b328, flag=<value optimized out>, 
    direntflags=<value optimized out>, realpnp=<value optimized out>)
    at
/usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_dir.c:318
#13 0xffffffff81a6b43d in zfs_dirlook (dzp=0xfffff802d55c0170, 
    name=0xfffffe034f87b410 "in00016072", vpp=0xfffffe034f87b858, 
    flags=<value optimized out>, deflg=0x0, rpnp=0x0)
    at
/usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_dir.c:426
#14 0xffffffff81a817f0 in zfs_lookup ()
    at
/usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c:1545
#15 0xffffffff81a81c9d in zfs_freebsd_lookup (ap=0xfffffe034f87b578)
    at
/usr/src/sys/modules/zfs/../../cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c:6195
#16 0xffffffff80e80bc1 in VOP_CACHEDLOOKUP_APV (vop=<value optimized out>, 
    a=<value optimized out>) at vnode_if.c:197
#17 0xffffffff809e48d6 in vfs_cache_lookup (ap=<value optimized out>)
    at vnode_if.h:80
#18 0xffffffff80e80ab1 in VOP_LOOKUP_APV (vop=<value optimized out>, 
    a=<value optimized out>) at vnode_if.c:129
#19 0xffffffff809ecff1 in lookup (ndp=0xfffffe034f87b7f8) at vnode_if.h:54
#20 0xffffffff809ec754 in namei (ndp=0xfffffe034f87b7f8)
    at /usr/src/sys/kern/vfs_lookup.c:302
#21 0xffffffff80a00e9e in kern_statat_vnhook (td=0xfffff8002ca9b000, 
    flag=<value optimized out>, fd=-100, 
    path=0x801118088 <Address 0x801118088 out of bounds>, 
    pathseg=UIO_USERSPACE, sbp=0xfffffe034f87b910, hook=0xfffff801f6b329f8)
    at /usr/src/sys/kern/vfs_syscalls.c:2301
#22 0xffffffff80a00dac in sys_fstatat (td=0xfffff801f6b32938, 
    uap=0xfffffe034f87ba40) at /usr/src/sys/kern/vfs_syscalls.c:2281
#23 0xffffffff80d56e3f in amd64_syscall (td=0xfffff8002ca9b000, traced=0)
    at subr_syscall.c:141
#24 0xffffffff80d3c09b in Xfast_syscall ()
    at /usr/src/sys/amd64/amd64/exception.S:396
#25 0x00000008008b6cba in ?? ()
Previous frame inner to this frame (corrupt stack?)
Current language:  auto; currently minimal
(kgdb) 

:
------------------------------------------------------------------------
fstat

fstat: can't read file 1 at 0x200007fffffffff
fstat: can't read file 2 at 0x4000000001fffff
fstat: can't read znode_phys at 0x1
fstat: can't read znode_phys at 0x1
fstat: can't read znode_phys at 0x1
fstat: can't read file 1 at 0x200007fffffffff
fstat: can't read file 2 at 0x4000000001fffff
fstat: can't read znode_phys at 0x1
fstat: can't read znode_phys at 0x1
fstat: can't read znode_phys at 0x1
fstat: can't read file 1 at 0x200007fffffffff
fstat: can't read file 2 at 0x4000000001fffff
fstat: can't read file 4 at 0x780000ffff
fstat: can't read file 5 at 0xc00000000
fstat: can't read znode_phys at 0x1
fstat: can't read znode_phys at 0x1
fstat: can't read znode_phys at 0x1
:
USER     CMD          PID   FD MOUNT      INUM MODE         SZ|DV R/W
root     cat        90061 root -         -       error    -
root     cat        90061   wd -         -       error    -
root     cat        90061 text -         -       error    -
root     cat        90061    0* pipe fffff801b28af2e8 <-> fffff801b28af448     
0 rw
root     sh         90059 root -         -       error    -
root     sh         90059   wd -         -       error    -
root     sh         90059 text -         -       error    -
root     sh         90059    0* pipe fffff801b28af2e8 <-> fffff801b28af448     
0 rw
root     find       90058 root -         -       error    -
root     find       90058   wd -         -       error    -
root     find       90058 text -         -       error    -
root     find       90058    0 /dev         30 crw-rw-rw-    null  r
root     sh         90054 root -         -       error    -
root     sh         90054   wd -         -       error    -
root     sh         90054 text -         -       error    -
root     sh         90054    0 /dev         30 crw-rw-rw-    null  r
root     sh         90054    6 -         -       error    -
root     mail       90053 root -         -       error    -
root     mail       90053   wd -         -       error    -
root     mail       90053 text -         -       error    -
root     mail       90053    0* pipe fffff801f60385d0 <-> fffff801f6038730     
0 rw

-- 
You are receiving this mail because:
You are the assignee for the bug.