From nobody Wed Sep 01 08:03:22 2021 X-Original-To: fs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 9366F17B5198 for ; Wed, 1 Sep 2021 08:03:25 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GzxQ53GShz4dHn; Wed, 1 Sep 2021 08:03:25 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: from [192.168.0.88] (unknown [195.64.148.76]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: avg/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 093B125362; Wed, 1 Sep 2021 08:03:24 +0000 (UTC) (envelope-from avg@FreeBSD.org) From: Andriy Gapon To: freebsd-fs , Mateusz Guzik References: Subject: Re: kernel crash from zpool create -o version=13 Message-ID: <19dca56a-c2b0-c7d2-4d00-ac4497d17cbb@FreeBSD.org> Date: Wed, 1 Sep 2021 11:03:22 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Firefox/78.0 Thunderbird/78.13.0 List-Id: Filesystems List-Archive: https://lists.freebsd.org/archives/freebsd-fs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-fs@freebsd.org MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-ThisMailContainsUnwantedMimeParts: N On 01/09/2021 07:46, Andriy Gapon wrote: > > Just a quick check before I dig into it. > Is this something that could have been fixed recently in OpenZFS? > Seems like a NULL pointer in zfs_mknode -> zfs_aclset_common. The crash is in this piece of code: 1176 if (zp->z_zfsvfs->z_replay == B_FALSE) { 1177 ASSERT_VOP_IN_SEQC(ZTOV(zp)); 1178 } (kgdb) p zp->z_vnode $2 = (vnode_t *) 0x0 It seems that this is to be expected when zfs_mknode is called with IS_ROOT_NODE. > fault virtual address   = 0x4 > fault code              = supervisor read data, page not present > instruction pointer     = 0x20:0xffffffff80370f2e > stack pointer           = 0x28:0xfffffe01f24272a0 > frame pointer           = 0x28:0xfffffe01f2427450 > code segment            = base 0x0, limit 0xfffff, type 0x1b >                         = DPL 0, pres 1, long 1, def32 0, gran 1 > processor eflags        = interrupt enabled, resume, IOPL = 0 > current process         = 27002 (zpool) > trap number             = 12 > panic: page fault > cpuid = 3 > time = 1630470367 > KDB: stack backtrace: > db_trace_self_wrapper() at 0xffffffff805c328b = db_trace_self_wrapper+0x2b/frame > 0xfffffe01f2426e60 > kdb_backtrace() at 0xffffffff80889b17 = kdb_backtrace+0x37/frame 0xfffffe01f2426f10 > vpanic() at 0xffffffff80846aa8 = vpanic+0x188/frame 0xfffffe01f2426f70 > panic() at 0xffffffff808466c3 = panic+0x43/frame 0xfffffe01f2426fd0 > trap_fatal() at 0xffffffff80b33905 = trap_fatal+0x375/frame 0xfffffe01f2427030 > trap_pfault() at 0xffffffff80b339e0 = trap_pfault+0x80/frame 0xfffffe01f24270a0 > trap() at 0xffffffff80b32fc1 = trap+0x271/frame 0xfffffe01f24271b0 > trap_check() at 0xffffffff80b33d39 = trap_check+0x29/frame 0xfffffe01f24271d0 > calltrap() at 0xffffffff80b0f3a8 = calltrap+0x8/frame 0xfffffe01f24271d0 > --- trap 0xc, rip = 0xffffffff80370f2e, rsp = 0xfffffe01f24272a0, rbp = > 0xfffffe01f2427450 --- > zfs_aclset_common() at 0xffffffff80370f2e = zfs_aclset_common+0x5e/frame > 0xfffffe01f2427450 > zfs_mknode() at 0xffffffff803894f3 = zfs_mknode+0xb43/frame 0xfffffe01f2427580 > zfs_create_fs() at 0xffffffff8038cc60 = zfs_create_fs+0x590/frame > 0xfffffe01f24276e0 > dsl_pool_create() at 0xffffffff8041f6df = dsl_pool_create+0x2af/frame > 0xfffffe01f2427740 > spa_create() at 0xffffffff80450986 = spa_create+0x6f6/frame 0xfffffe01f2427800 > zfs_ioc_pool_create() at 0xffffffff804c101b = zfs_ioc_pool_create+0x1fb/frame > 0xfffffe01f2427880 > zfsdev_ioctl_common() at 0xffffffff804bbea6 = zfsdev_ioctl_common+0x306/frame > 0xfffffe01f2427900 > zfsdev_ioctl() at 0xffffffff8036b49c = zfsdev_ioctl+0xfc/frame 0xfffffe01f2427940 > devfs_ioctl() at 0xffffffff80718aef = devfs_ioctl+0xcf/frame 0xfffffe01f24279a0 > VOP_IOCTL_APV() at 0xffffffff80bb5bd2 = VOP_IOCTL_APV+0x92/frame 0xfffffe01f24279c0 > VOP_IOCTL() at 0xffffffff8092a6d4 = VOP_IOCTL+0x34/frame 0xfffffe01f2427a10 > vn_ioctl() at 0xffffffff809259b0 = vn_ioctl+0xc0/frame 0xfffffe01f2427b00 > devfs_ioctl_f() at 0xffffffff80718fde = devfs_ioctl_f+0x1e/frame 0xfffffe01f2427b20 > fo_ioctl() at 0xffffffff808ae30b = fo_ioctl+0xb/frame 0xfffffe01f2427b30 > kern_ioctl() at 0xffffffff808ae2a1 = kern_ioctl+0x1d1/frame 0xfffffe01f2427b80 > sys_ioctl() at 0xffffffff808ae022 = sys_ioctl+0x132/frame 0xfffffe01f2427c50 > syscallenter() at 0xffffffff80b34529 = syscallenter+0x159/frame 0xfffffe01f2427ca0 > amd64_syscall() at 0xffffffff80b34205 = amd64_syscall+0x15/frame 0xfffffe01f2427d30 > fast_syscall_common() at 0xffffffff80b0fcce = fast_syscall_common+0xf8/frame > 0xfffffe01f2427d30 > --- syscall (54, FreeBSD ELF64, sys_ioctl), rip = 0x8004ca3ba, rsp = > 0x7fffffffbb28, rbp = 0x7fffffffbb90 --- > -- Andriy Gapon