Project

General

Profile

Actions
Copy link

Bug #8806

closed

xattr_dir_inactive() releases used vnode with kernel panic

Added by Vitaliy Gusev over 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Vitaliy Gusev
Category:
-
Start date:
2017-11-15
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:
External Bug:

Description

Kernel panics with:

panic[cpu3]/thread=ffffff00403f5c40:
BAD TRAP: type=d (#gp General protection) rp=ffffff00403f50f0 addr=ffffff00403f55b8

ffffff00403f50f0 unix:_cmntrap+e6 ()
ffffff00403f52e0 zfs:zfs_getattr+181 ()
ffffff00403f5360 genunix:fop_getattr+ae ()
ffffff00403f5460 genunix:xattr_dir_getattr+177 ()
ffffff00403f54e0 genunix:fop_getattr+ae ()
ffffff00403f5720 smbsrv:smb_vop_getattr+af ()
ffffff00403f5870 smbsrv:smb_node_lookup+7a ()
ffffff00403f58f0 smbsrv:smb_odir_openat+f8 ()
ffffff00403f59b0 smbsrv:smb_query_stream_info+84 ()
ffffff00403f59d0 smbsrv:smb2_qif_stream+26 ()
ffffff00403f5a20 smbsrv:smb2_qinfo_file+1a3 ()
ffffff00403f5ac0 smbsrv:smb2_query_info+19f ()
ffffff00403f5b50 smbsrv:smb2sr_work+5c9 ()
ffffff00403f5b80 smbsrv:smb2_tq_work+47 ()

Steps to reproduce (host should have CPU >= 2 cores):

  1. Compile attached test: gcc xattr_test_loop.c -o xtest
  2. Create dataset with 'insensitive' option: zfs create -o casesensitivity="insensitive" rpool/T2
  3. Run xtest once: ./xtest /rpool/T2 "a"
  4. Umount dataset (mount point): zfs umount rpool/T2
  5. Mount dataset again: zfs mount rpool/T2
  6. Run two instances of xtest: ./xtest /rpool/T2 "a" & sleep 5; ./xtest /rpool/T2 "a" &

Files

Download all files
xattr_test_loop.c (564 Bytes) xattr_test_loop.c Vitaliy Gusev, 2017-11-15 04:22 PM
fix-illumos-8806.patch (1.13 KB) fix-illumos-8806.patch Possible fix Vitaliy Gusev, 2017-11-15 04:31 PM
Actions
Copy link
 #1

Updated by Vitaliy Gusev over 5 years ago

Stack can be as well:

ffffff003e350890 unix:trap+10e7 ()
ffffff003e3508a0 unix:_cmntrap+e6 ()
ffffff003e350a20 zfs:dnode_hold_impl+70 ()
ffffff003e350a50 zfs:dnode_hold+18 ()
ffffff003e350ac0 zfs:dmu_buf_hold_noread+34 ()
ffffff003e350b30 zfs:dmu_buf_hold+2d ()
ffffff003e350bc0 zfs:zap_lockdir+3b ()
ffffff003e350c50 zfs:zap_lookup_norm+4a ()
ffffff003e350cf0 zfs:zfs_match_find.isra.1+74 ()
ffffff003e350dd0 zfs:zfs_dirent_lock+2dd ()
ffffff003e350e80 zfs:zfs_dirlook+76 ()
ffffff003e350f10 zfs:zfs_lookup+3a2 ()
ffffff003e350fc0 genunix:fop_lookup+85 ()
ffffff003e351070 genunix:xattr_lookup_cb+b9 ()
ffffff003e351110 genunix:gfs_dir_lookup_dynamic+5f ()
ffffff003e351200 genunix:gfs_dir_lookup+239 ()
ffffff003e351250 genunix:gfs_vop_lookup+26 ()
ffffff003e351300 genunix:fop_lookup+85 ()
ffffff003e3514f0 smbsrv:smb_vop_lookup+121 ()
ffffff003e3515a0 smbsrv:smb_vop_stream_lookup+c8 ()
ffffff003e351660 smbsrv:smb_fsop_lookup_name+132 ()
ffffff003e3517a0 smbsrv:smb_open_subr+28c ()
ffffff003e3517f0 smbsrv:smb_common_open+58 ()
ffffff003e351ac0 smbsrv:smb2_create+3c6 ()
ffffff003e351b50 smbsrv:smb2sr_work+5c9 ()
ffffff003e351b80 smbsrv:smb2_tq_work+47 ()
ffffff003e351c20 genunix:taskq_d_thread+ae ()

Actions
Copy link
 #3

Updated by Vitaliy Gusev over 5 years ago

Normally, reproducer raises panic in 10-20 seconds.

Actions
Copy link
 #5

Updated by Electric Monk about 5 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit be93bc991e25533dcbeb10e952fe0b9314390d90

commit  be93bc991e25533dcbeb10e952fe0b9314390d90
Author: Vitaliy Gusev <gusev.vitaliy@gmail.com>
Date:   2018-01-16T14:53:57.000Z

    8806 xattr_dir_inactive() releases used vnode with kernel panic
    Reviewed by: Marcel Telka <marcel@telka.sk>
    Reviewed by: Gordon Ross <gordon.w.ross@gmail.com>
    Approved by: Dan McDonald <danmcd@joyent.com>

Actions
Copy link

Also available in: Atom PDF