252700 – page fault in zfsctl_snapdir_lookup

Bug 252700 - page fault in zfsctl_snapdir_lookup

Summary: page fault in zfsctl_snapdir_lookup

Status:	New

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	CURRENT
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	freebsd-fs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-01-15 03:12 UTC by Alan Somers
Modified:	2021-01-15 07:48 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alan Somers freebsd_committer

2021-01-15 03:12:46 UTC

I hit the following page fault on FreeBSD 13.0-CURRENT at revision d2b3ceddccac60b563f642898e3a314647666a10.

It's reproducible by running the sys/cddl/zfs/tests/snapshot/snapshot_test:snapshot_019_pos test case.

#0  __curthread ()
    at /usr/home/somers/src/freebsd.org/src/sys/amd64/include/pcpu_aux.h:55
#1  doadump (textdump=textdump@entry=0)
    at /usr/home/somers/src/freebsd.org/src/sys/kern/kern_shutdown.c:399
#2  0xffffffff804b6f4a in db_dump (dummy=<optimized out>, 
    dummy2=<unavailable>, dummy3=<unavailable>, dummy4=<unavailable>)
    at /usr/home/somers/src/freebsd.org/src/sys/ddb/db_command.c:575
#3  0xffffffff804b6d10 in db_command (last_cmdp=<optimized out>, 
    cmd_table=<optimized out>, dopager=dopager@entry=1)
    at /usr/home/somers/src/freebsd.org/src/sys/ddb/db_command.c:482
#4  0xffffffff804b6a6d in db_command_loop ()
    at /usr/home/somers/src/freebsd.org/src/sys/ddb/db_command.c:535
#5  0xffffffff804b9dd6 in db_trap (type=<optimized out>, code=<optimized out>)
    at /usr/home/somers/src/freebsd.org/src/sys/ddb/db_main.c:270
#6  0xffffffff80c406a4 in kdb_trap (type=type@entry=3, code=code@entry=0, 
    tf=<optimized out>, tf@entry=0xfffffe0084f87f20)
    at /usr/home/somers/src/freebsd.org/src/sys/kern/subr_kdb.c:727
#7  0xffffffff8104719e in trap (frame=0xfffffe0084f87f20)
    at /usr/home/somers/src/freebsd.org/src/sys/amd64/amd64/trap.c:576
#8  <signal handler called>
#9  kdb_enter (why=0xffffffff8122e0ac "panic", msg=<optimized out>)
    at /usr/home/somers/src/freebsd.org/src/sys/kern/subr_kdb.c:506
#10 0xffffffff80bf41a2 in vpanic (fmt=<optimized out>, ap=<optimized out>, 
    ap@entry=0xfffffe0084f88080)
    at /usr/home/somers/src/freebsd.org/src/sys/kern/kern_shutdown.c:907
#11 0xffffffff80bf3f33 in panic (
    fmt=0xffffffff81c94178 <cnputs_mtx> "\375\342\036\201\377\377\377\377")
    at /usr/home/somers/src/freebsd.org/src/sys/kern/kern_shutdown.c:843
#12 0xffffffff810475f7 in trap_fatal (frame=0xfffffe0084f88280, eva=0)
    at /usr/home/somers/src/freebsd.org/src/sys/amd64/amd64/trap.c:915
#13 0xffffffff81047697 in trap_pfault (frame=frame@entry=0xfffffe0084f88280, 
    usermode=false, signo=<optimized out>, signo@entry=0x0, 
    ucode=<optimized out>, ucode@entry=0x0)
    at /usr/home/somers/src/freebsd.org/src/sys/amd64/amd64/trap.c:732
#14 0xffffffff81046c8b in trap (frame=0xfffffe0084f88280)
    at /usr/home/somers/src/freebsd.org/src/sys/amd64/amd64/trap.c:398
#15 <signal handler called>
#16 0x0000000000000000 in ?? ()
#17 0xffffffff81109215 in VOP_CLOSE_APV (
    vop=0xffffffff826f0a90 <zfsctl_ops_snapshot>, 
    a=a@entry=0xfffffe0084f88370) at vnode_if.c:498
#18 0xffffffff80cd9839 in VOP_CLOSE (vp=0xfffff801d8df91e8, fflag=4, 
    cred=0x0, td=0xfffffe0085416e00) at ./vnode_if.h:249
#19 vgonel (vp=vp@entry=0xfffff801d8df91e8)
    at /usr/home/somers/src/freebsd.org/src/sys/kern/vfs_subr.c:3913
#20 0xffffffff80cda05f in vgone (vp=vp@entry=0xfffff801d8df91e8)
    at /usr/home/somers/src/freebsd.org/src/sys/kern/vfs_subr.c:3788
#21 0xffffffff80cc8104 in vfs_hash_insert (vp=0xfffff801d8df91e8, 
    hash=hash@entry=138, flags=flags@entry=2097152, td=<optimized out>, 
    td@entry=0xfffffe0085416e00, vpp=vpp@entry=0xfffffe0084f889f8, 
    fn=0xffffffff82438590 <sfs_compare_ids>, arg=0xfffff80136d08a80)
    at /usr/home/somers/src/freebsd.org/src/sys/kern/vfs_hash.c:175
#22 0xffffffff8243852b in sfs_vnode_insert (vp=0xfffffe0084f88370, 
    flags=2097152, parent_id=<optimized out>, id=<optimized out>, 
    vpp=0xfffffe0084f889f8)
    at /usr/home/somers/src/freebsd.org/src/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_ctldir.c:152
#23 sfs_vgetx (mp=<optimized out>, flags=62819872, flags@entry=2097152, 
    parent_id=parent_id@entry=2, id=138, tag=<optimized out>, 
    vops=0xffffffff826f0a90 <zfsctl_ops_snapshot>, 
    setup=0xffffffff824397d0 <zfsctl_snapshot_vnode_setup>, 
    arg=0xfffffe0084f885f0, vpp=0xfffffe0084f889f8)
    at /usr/home/somers/src/freebsd.org/src/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_ctldir.c:200
#24 0xffffffff824390bd in zfsctl_snapdir_lookup (ap=<optimized out>)
    at /usr/home/somers/src/freebsd.org/src/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_ctldir.c:949
#25 0xffffffff80cca581 in VOP_LOOKUP (dvp=0xfffff8008c771988, 
    vpp=0xfffffe0084f889f8, cnp=0xfffffe0084f88a20) at ./vnode_if.h:69
#26 lookup (ndp=ndp@entry=0xfffffe0084f889a0)
    at /usr/home/somers/src/freebsd.org/src/sys/kern/vfs_lookup.c:1091
#27 0xffffffff80cc9960 in namei (ndp=ndp@entry=0xfffffe0084f889a0)
    at /usr/home/somers/src/freebsd.org/src/sys/kern/vfs_lookup.c:631
#28 0xffffffff80ce5259 in kern_chdir (td=0xfffffe0085416e00, 
    path=0x8008b73e1 <error: Cannot access memory at address 0x8008b73e1>, 
    pathseg=UIO_USERSPACE)
    at /usr/home/somers/src/freebsd.org/src/sys/kern/vfs_syscalls.c:948
#29 0xffffffff81047fbe in syscallenter (td=<optimized out>)
    at /usr/home/somers/src/freebsd.org/src/sys/amd64/amd64/../../kern/subr_syscall.c:189
#30 amd64_syscall (td=0xfffffe0085416e00, traced=0)
    at /usr/home/somers/src/freebsd.org/src/sys/amd64/amd64/trap.c:1156
#31 <signal handler called>
#32 0x000000080058fa0a in ?? ()

Comment 1 Andriy Gapon freebsd_committer

2021-01-15 07:48:24 UTC

The crash is because sfs does not implement VOP_CLOSE.

#16 0x0000000000000000 in ?? ()
#17 0xffffffff81109215 in VOP_CLOSE_APV (
    vop=0xffffffff826f0a90 <zfsctl_ops_snapshot>, 
    a=a@entry=0xfffffe0084f88370) at vnode_if.c:498
#18 0xffffffff80cd9839 in VOP_CLOSE (vp=0xfffff801d8df91e8, fflag=4, 
    cred=0x0, td=0xfffffe0085416e00) at ./vnode_if.h:249
#19 vgonel (vp=vp@entry=0xfffff801d8df91e8)
    at /usr/home/somers/src/freebsd.org/src/sys/kern/vfs_subr.c:3913
#20 0xffffffff80cda05f in vgone (vp=vp@entry=0xfffff801d8df91e8)
    at /usr/home/somers/src/freebsd.org/src/sys/kern/vfs_subr.c:3788
#21 0xffffffff80cc8104 in vfs_hash_insert (vp=0xfffff801d8df91e8, 
    hash=hash@entry=138, flags=flags@entry=2097152, td=<optimized out>, 
    td@entry=0xfffffe0085416e00, vpp=vpp@entry=0xfffffe0084f889f8, 
    fn=0xffffffff82438590 <sfs_compare_ids>, arg=0xfffff80136d08a80)
    at /usr/home/somers/src/freebsd.org/src/sys/kern/vfs_hash.c:175

It's interesting that vfs_hash_insert wants to vgone that vnode -- so it must doomed already, but apparently vgonel does not see it as doomed?

My instincts suggest that this could be either some very rare / exotic situation or a result of a recent breakage (or, at least, an incompatible change) in VFS.