kern/132068: [zfs] page fault when using ZFS over NFS on
7.1-RELEASE/amd64
Jaakko Heinonen
jh at saunalahti.fi
Thu Mar 26 12:10:09 PDT 2009
The following reply was made to PR kern/132068; it has been noted by GNATS.
From: Jaakko Heinonen <jh at saunalahti.fi>
To: Edward Fisk <7ogcg7g02 at sneakemail.com>
Cc: bug-followup at FreeBSD.org
Subject: Re: kern/132068: [zfs] page fault when using ZFS over NFS on
7.1-RELEASE/amd64
Date: Thu, 26 Mar 2009 21:01:10 +0200
I was able to trigger a panic on current using this patch:
%%%
Index: sys/nfsserver/nfs_srvsubs.c
===================================================================
--- sys/nfsserver/nfs_srvsubs.c (revision 190316)
+++ sys/nfsserver/nfs_srvsubs.c (working copy)
@@ -1169,6 +1169,8 @@ nfsrv_fhtovp(fhandle_t *fhp, int lockfla
vfs_unbusy(mp);
if (error)
goto out;
+ if ((*vpp)->v_type == VBAD)
+ panic("VBAD *vpp in nfsrv_fhtovp()");
#ifdef MNT_EXNORESPORT
if (!(exflags & (MNT_EXNORESPORT|MNT_EXPUBLIC))) {
saddr = (struct sockaddr_in *)nam;
%%%
#2 0xc08537d2 in panic (fmt=Variable "fmt" is not available.)
at /home/jaakko/src/head/sys/kern/kern_shutdown.c:576
#3 0xc0a1c17e in nfsrv_fhtovp (fhp=0xf48ecae4, lockflag=1, vpp=0xf48ecad8,
vfslockedp=0xf48ecac4, nfsd=0xf48ecbb0, slp=0x0, nam=0xc63aeac4,
rdonlyp=0xf48ecad0, pubflag=1)
at /home/jaakko/src/head/sys/nfsserver/nfs_srvsubs.c:1173
#4 0xc0a0ff20 in nfsrv_commit (nfsd=0xf48ecbb0, slp=0x0, mrq=0xf48ecba8)
at /home/jaakko/src/head/sys/nfsserver/nfs_serv.c:3836
#5 0xc0a1b1a7 in nfssvc_program (rqst=0xca95d000, xprt=0xc63aea00)
at /home/jaakko/src/head/sys/nfsserver/nfs_srvkrpc.c:420
#6 0xc0a35fe2 in svc_run_internal (pool=0xc57a7a80, ismaster=0)
at /home/jaakko/src/head/sys/rpc/svc.c:883
#7 0xc0a362c0 in svc_thread_start (arg=0xc57a7a80)
at /home/jaakko/src/head/sys/rpc/svc.c:1188
#8 0xc082fd38 in fork_exit (callout=0xc0a362b0 <svc_thread_start>,
arg=0xc57a7a80, frame=0xf48ecd38)
at /home/jaakko/src/head/sys/kern/kern_fork.c:821
#9 0xc0b41630 in fork_trampoline ()
at /home/jaakko/src/head/sys/i386/i386/exception.s:270
I now know what is going on. The vnode may be reclaimed during
zfs_zget() because it doesn't hold the vnode lock (except when a new
znode is created).
I tried to modify zfs_zget() to grab the vnode lock and check if the
vnode is doomed. I was able to trigger the condition. However eventually
vnode locking deadlocked with lookup(). I used exclusive locking so
maybe one could avoid deadlocking with shared locking but it isn't a
real solution especially because shared lookups can be disabled. Also
other deadlock scenarios may exist.
On 2009-03-05, Edward Fisk wrote:
> The machine did a panic earlier, but was unfortunately unable to do a dump.
>
> panic: Bad link elm 0xffffff014f3e2400 prev->next != elm
> xprt_unregister_locked() at xprt_unregister_locked+0xad
This is a different issue. You may have already seen this discussion:
http://lists.freebsd.org/pipermail/freebsd-current/2009-March/005097.html
--
Jaakko
More information about the freebsd-fs
mailing list