"panic: len 0" on NFS read
Peter Jeremy
peter at rulingia.com
Thu Dec 25 23:47:11 UTC 2014
Whilst trying to debug a RPC issue with a NFS tunneling tool, I mounted a
NFS filesystem onto the same host and got a panic when I tried to access it.
I'm running FreeBSD/amd64 10-stable r276177.
I mounted the filesystem with:
# mount -o udp,nfsv3 $(hostname):/tank/src92 /dist
(/tank/src92 and / are ZFS)
And then ran:
$ grep zzzz /dist/*
And got:
panic: len 0
cpuid = 3
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfffffe0861448f30
kdb_backtrace() at kdb_backtrace+0x39/frame 0xfffffe0861448fe0
vpanic() at vpanic+0x126/frame 0xfffffe0861449020
kassert_panic() at kassert_panic+0x139/frame 0xfffffe0861449090
nfsm_mbufuio() at nfsm_mbufuio+0x9c/frame 0xfffffe08614490f0
nfsrpc_read() at nfsrpc_read+0x584/frame 0xfffffe08614492d0
ncl_readrpc() at ncl_readrpc+0xa5/frame 0xfffffe08614493e0
ncl_doio() at ncl_doio+0x228/frame 0xfffffe0861449480
ncl_bioread() at ncl_bioread+0xb44/frame 0xfffffe08614495f0
VOP_READ_APV() at VOP_READ_APV+0xf1/frame 0xfffffe0861449620
vn_read() at vn_read+0x211/frame 0xfffffe0861449690
vn_io_fault_doio() at vn_io_fault_doio+0x22/frame 0xfffffe08614496d0
vn_io_fault1() at vn_io_fault1+0x7c/frame 0xfffffe0861449830
vn_io_fault() at vn_io_fault+0x18b/frame 0xfffffe08614498b0
dofileread() at dofileread+0x95/frame 0xfffffe0861449900
kern_readv() at kern_readv+0x68/frame 0xfffffe0861449950
sys_read() at sys_read+0x63/frame 0xfffffe08614499a0
amd64_syscall() at amd64_syscall+0x22e/frame 0xfffffe0861449ab0
Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe0861449ab0
--- syscall (3, FreeBSD ELF64, sys_read), rip = 0x800fd3cba, rsp = 0x7fffffffe048, rbp = 0x7fffffffe090 ---
I have a crashdump that looks sane and relevant bits around nfsm_mbufuio() are:
#4 0xffffffff8041e63c in nfsm_mbufuio (nd=0xfffffe08614491b0, uiop=0xfffffe0861449420, siz=0x4000)
at /usr/src/sys/fs/nfs/nfs_commonsubs.c:222
(kgdb) p mp
$1 = 0xfffff80053bab500
(kgdb) p *mp
$2 = {
m_hdr = {
mh_next = 0xfffff8023433dc00,
mh_nextpkt = 0x0,
mh_data = 0xfffff80053bab57c "���"...,
mh_len = 0x0,
mh_type = 0x1,
mh_flags = 0x2
},
...
(kgdb) p *nd
$4 = {
nd_md = 0xfffff8005366c500,
nd_dpos = 0xfffff80562d92068 "���"...,
...
(kgdb) p *nd->nd_md
$5 = {
m_hdr = {
mh_next = 0xfffff80486b05b00,
mh_nextpkt = 0x0,
mh_data = 0xfffff80562d92000 "",
mh_len = 0x68,
mh_type = 0x1,
mh_flags = 0x1
},
...
(kgdb) p *$5.m_hdr.mh_next
$11 = {
m_hdr = {
mh_next = 0xfffff8005325e400,
mh_nextpkt = 0x0,
mh_data = 0xfffff80234291800 "�",
mh_len = 0x800,
mh_type = 0x1,
mh_flags = 0x1
},
...
(kgdb) p *$11.m_hdr.mh_next
$12 = {
m_hdr = {
mh_next = 0xfffff80486b02400,
mh_nextpkt = 0x0,
mh_data = 0xfffff8023453c000 "\t",
mh_len = 0x800,
mh_type = 0x1,
mh_flags = 0x1
},
...
(kgdb) p *$12.m_hdr.mh_next
$13 = {
m_hdr = {
mh_next = 0xfffff8023433f800,
mh_nextpkt = 0x0,
mh_data = 0xfffff80562d92800 "its",
mh_len = 0x800,
mh_type = 0x1,
mh_flags = 0x1
},
...
(kgdb) p *$13.m_hdr.mh_next
$14 = {
m_hdr = {
mh_next = 0xfffff80020f36500,
mh_nextpkt = 0x0,
mh_data = 0xfffff8058cb1b000 "sbconfig",
mh_len = 0x800,
mh_type = 0x1,
mh_flags = 0x1
},
...
(kgdb) p *$14.m_hdr.mh_next
$15 = {
m_hdr = {
mh_next = 0xfffff800533d5e00,
mh_nextpkt = 0x0,
mh_data = 0xfffff8041b423800 "",
mh_len = 0x800,
mh_type = 0x1,
mh_flags = 0x1
},
...
(kgdb) p *$15.m_hdr.mh_next
$16 = {
m_hdr = {
mh_next = 0xfffff80053182600,
mh_nextpkt = 0x0,
mh_data = 0xfffff8023429a800 "ilters",
mh_len = 0x800,
mh_type = 0x1,
mh_flags = 0x1
},
...
(kgdb) p *$16.m_hdr.mh_next
$17 = {
m_hdr = {
mh_next = 0xfffff8005379b200,
mh_nextpkt = 0x0,
mh_data = 0xfffff8058cb1e000 "",
mh_len = 0x800,
mh_type = 0x1,
mh_flags = 0x1
},
...
(kgdb) p *$17.m_hdr.mh_next
$18 = {
m_hdr = {
mh_next = 0xfffff80053bab500,
mh_nextpkt = 0x0,
mh_data = 0xfffff8058cb1c800 "\002",
mh_len = 0x760,
mh_type = 0x1,
mh_flags = 0x1
},
...
Which is points to mp.
I gather the first mbuf is NFS RPC metadata (since it's skipped). The
remaining mbufs are the start of a 3.9MB binary file (an identifier
database).
Any suggestions as to what has gone wrong?
--
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 949 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-fs/attachments/20141226/3f439881/attachment.sig>
More information about the freebsd-fs
mailing list