From nobody Sun Feb 26 21:44:13 2023 X-Original-To: freebsd-fs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PPxwx2fmGz3v6pM for ; Sun, 26 Feb 2023 21:44:33 +0000 (UTC) (envelope-from marklmi@yahoo.com) Received: from sonic307-55.consmr.mail.gq1.yahoo.com (sonic307-55.consmr.mail.gq1.yahoo.com [98.137.64.31]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4PPxww07c9z4T8B for ; Sun, 26 Feb 2023 21:44:31 +0000 (UTC) (envelope-from marklmi@yahoo.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=yahoo.com header.s=s2048 header.b=I8YwRhJv; spf=pass (mx1.freebsd.org: domain of marklmi@yahoo.com designates 98.137.64.31 as permitted sender) smtp.mailfrom=marklmi@yahoo.com; dmarc=pass (policy=reject) header.from=yahoo.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1677447870; bh=Kdenzm6bfxpUZYSDf4jmxplP2d+Tn10iAXvRVoI8sQ0=; h=From:Subject:Date:To:References:From:Subject:Reply-To; b=I8YwRhJvHI+vLDBVQDhCo3lp+Gwqnj1bRZCKSbxFL0IPwXfVf+RpnbYYZpg2bncHBnOcUhlqGgod9Q17XRZ4r56HOAss1WY6dORDczOFB+EkvQH/4gZngZ2mho8u+hV1OFC58Ie60Fz+fuRN0OEdnaTTYKE4J4t/LcU1Jk4qzB1DCNgH/Aq69vMcRE8R/BrZtslVA8XlgZjDR4uVPfUJCziG8/VQBQbnfn/Vay7/vb3I3oUSCq4znntRdaJJ27wBVa0Cl1EI9nWrOdioJgeL6hPPWGAf/xg2JBNrU9x16/Ta1iu189Kqtvhb364ReYm3m8WGBC1iMCWT/AoqoxK/0g== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1677447870; bh=HYuUhdOZrUfwxoI70nrF03EwGrN+CV5pn5CRSwA6Lc0=; h=X-Sonic-MF:From:Subject:Date:To:From:Subject; b=tcA2lzwX3BoWN38ftn78qroM+wxj5cv6GTjTL6Ff+9iv2c9P/PGXFEBrajkLXAmiGrT6hj6QFxAx8Hri8DP6MIw/PRil0r6HmoXMd/ylbDXM+UOmHHGq4KseDkmWicUdm7Ee+yrYV3BEulcCUNeFQRUwYaxk67JLl9deV63vS5ld79xiviKFapmQnnTj4PnePkjQ3Gi9mpuDbn0E/z9utu/DU0W95oHtRIgFv5pKzhbuElg7h2Ure9EpFtmFvoASbLqGc/ECqvmPnfde6Ay0rHJ5ULmR1O152sxbLq2AvOu6stG467UtsrkXZK6aSwiy3UsVv0OPczqwY0Ozmxi5tg== X-YMail-OSG: 7jHc_rYVM1nlx3w.BD85VHVYjt6PSsEmM0U_eL2LR.N4FpQnelGp4j9km1_i6jh 87Ixofa1tzH.6_zrn9VdtswrmUJXXjhWMa8k0PPzU3SQ6OET4vJh5o6afgqobuKyNsJf3BMIboKs Z3Mi8R7ITHrkQklcPSybo7pZsLOpXbnYDvAxrTq.DubxTWCQ7kHz1_zSdjQ9cxC4qNNktdfl7p5V XmueNqyDtaynbZiSgyDHapGf01psffUgPHwayQr05gLCKON2jUWyE9NJO_Eh5fk9n.IuiHFHnMZb BJKUflUFb5yAvxqBNOH.t3LMZuiE5B779bi.9yGYDZmQEXFQkJgcOV8umcqPS_AJN3gSAR7AHjaJ MpGGu71qeg9YlkcEIEDByuOYF2BdHyaOOrvNU0SEZ25MkXUfx2uWf2xGH125.3SpvQIH18C1OLtp d0XsmSpzM1TpGyCqDh7kbAyL4TBqJw.dfA_LD5ClW8ibZtHXuPa8Zb7BmHkI9JIO0xLse5JZ_p2p .9_TYFFSHRFwQANEIMu2PiMuXpNbn6UlB2fZ1C69U9adrzXtrNjK.8gxLT_IeoH8HxpgQM.kmCb8 NeoHtJ0RmcVLvz3pZOsTM85_mUTeH43Jt7HkcnE5KMqM9jlArzhT23glMKlLl_rR6jQr4dY5da_1 FSAj2Ta_8i_Dpzu6aoyBfk_kjxuGH.1EwktijKAx2lw7EtTMvC.krepATtFpOsQGmCne7i5fD7ZG 0zT0ra6_HjYsl.rjut5IWYV9vOK6XmToQWSfByzLRLY0sxKuMB2AAXwSbYILRLQcdaP4g8a88XwC UooazDjfpnUjxvi1VtAk5cVLdyMPawWO6n1xyYCCsAwnkb23fxi5NlYB7xNEv9RsNUTAYymxrZsp Og5jJF70tWKdLxdajm5G5iyVAjgmoiIg7XC7wEAnlyiWOOu7Flk6Ga3hpifBV3FZE0jOpjQon8bv pMcBMHAnveCUR3bROSDAwVm6vg7QaIirw2cni3fe7TTDLyyKvMlN1yyPRkl83nKqBaKiW9E87fsg mXdCAgx12Zd4n0OOYSH6F3gSxOHY1813_BzHJe4IP1bbHK0Wn_YBPACVYS6IbP6nk1oLJSQPPtwP 3GE.NCEmHVm6_W3hnk_Wc3tEAnL5hCkitC8C7scu0fNFg2wBh9GCmJFQiR4c5flqzGGC03sEwPhl dJ.2QgfJl1r1yG26MSzJJedGkJz9LrxqI45bXeSZK2foSnkL4OcIeaWotE65RlnTZXtTkcIcvpqW 2Fg1iL.jAVYfDMqMDleyCKc9rYu5iZhIr1pr.fgDUI0MJhWjSoOqncry5rpFr2qKDAjYi3b1yQ_S UwCqRRCUiZuYUFn7CI7QOvnI_R2fGI4J5qbBYeL5mN70DwCHbBh8YPnVpijEpwgtuxUL6JrtLJIM 54L31odJZ0X5856_rgpb4rk3HEi9_S0pHyCxBYOoAoEeU2R_Xw5D7arBXulRBhtNBJzoc7wFf3YS TkU_iWByHXpDxJhU.FLSHFDBREzr1_fJzSU6sRiDM38sxF1_rw2XH0hMaKdHHjd2aN1jJAb8.zKv AzYD57guS1pZYCDodYdnO2kRTPq8Al1hYKmYza9Pa8g7ODMG296flGBtjfBdtwWy_Ymz_HH9q39M JyILMpDmUigf3lsRxFzrjzJ2eaU6kIz8L5TaxzbzxKTEG3ckoQHhF_YcKqmqimNXm5LZadgkixde _yRPcUZU3kb.kbwf10Qxd0jChOVVTuR2QEAZwsNhMYupBB0DJztT4oXzWX0gYhh5c6.6lMFgfxYy q6FmphfTlLcOjOqP4osJQA.0HsCq_KvReeuQ_mGGoHAwRZvMRRKG.vjdzl5DRs8h4KmO4oanXvCa CJ6M7p6jxU1A6IrNfl2aZ8pvm61w8a1OKI0uCukx_x37C6cA3WDMSJtMjWEwKEJcf.X1wAANgIRw G1AU0SNqpcU6qavEQppe0FAnd2Y3qdLUYmhOdhCfG5pk8F60FYrOrJUuVqBjNeBMI9fVCdEZ1.hb NhqLmaCCkcgW56mnuqJY2rjA1ePzeVZUrk6JgZuNIKnmUtTEU3zeR4mmLRtnOLYFTZlkzshYG365 3KMG8OBtOG7Chs7uX3gHYECS7bfcESgcVRg50wtPX4QreRIFclyBirlDc.ABsjhLRpeUhF0PQIbp t93bAKKHqszcE.nDqEwdCKFd.ok701G.MR8uQcjVQo9huU1X3_i9Gbc6ktbsTGARy2.NUpPoUoLA fPFA_gt65alj8ziBkmYR2XQ6S5MKKFzgo5SE27TTH_Wi2QAaHrdqmqEs0OxEdVg-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic307.consmr.mail.gq1.yahoo.com with HTTP; Sun, 26 Feb 2023 21:44:30 +0000 Received: by hermes--production-ne1-746bc6c6c4-b28lr (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 6fb48239348e98d124d0fa33737d466b; Sun, 26 Feb 2023 21:44:25 +0000 (UTC) From: Mark Millard Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable List-Id: Filesystems List-Archive: https://lists.freebsd.org/archives/freebsd-fs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-fs@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.400.51.1.1\)) Subject: releng/13.1 context: sys/contrib/openzfs/module/avl/avl.c 's avl_destroy_nodes : lack of appropriately locked context for its use? Wild pointer? Message-Id: Date: Sun, 26 Feb 2023 13:44:13 -0800 To: freebsd-fs@freebsd.org X-Mailer: Apple Mail (2.3731.400.51.1.1) References: X-Spamd-Result: default: False [-2.36 / 15.00]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.998]; NEURAL_HAM_MEDIUM(-0.86)[-0.857]; DMARC_POLICY_ALLOW(-0.50)[yahoo.com,reject]; MV_CASE(0.50)[]; R_DKIM_ALLOW(-0.20)[yahoo.com:s=s2048]; R_SPF_ALLOW(-0.20)[+ptr:yahoo.com]; MIME_GOOD(-0.10)[text/plain]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[yahoo.com:dkim]; ASN(0.00)[asn:36647, ipnet:98.137.64.0/20, country:US]; RCVD_IN_DNSWL_NONE(0.00)[98.137.64.31:from]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_NONE(0.00)[]; FREEMAIL_FROM(0.00)[yahoo.com]; MID_RHS_MATCH_FROM(0.00)[]; DKIM_TRACE(0.00)[yahoo.com:+]; RCVD_TLS_LAST(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FREEMAIL_ENVFROM(0.00)[yahoo.com]; MLMMJ_DEST(0.00)[freebsd-fs@freebsd.org] X-Rspamd-Queue-Id: 4PPxww07c9z4T8B X-Spamd-Bar: -- X-ThisMailContainsUnwantedMimeParts: N Note: This question came up while looking at one type of crash backtrace reported in: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D267028 There is the code: void * avl_destroy_nodes(avl_tree_t *tree, void **cookie) { . . . /* * If we just removed a right child or there isn't one, go up to = parent. */ if (child =3D=3D 1 || parent->avl_child[1] =3D=3D NULL) { node =3D parent; parent =3D AVL_XPARENT(parent); goto done; } /* * Do parent's right child, then leftmost descendent. */ node =3D parent->avl_child[1]; while (node->avl_child[0] !=3D NULL) { parent =3D node; node =3D node->avl_child[0]; } . . . some gdb backtraces report that the "while" line above had a "signal handler called" result. If the avl tree were invariant over avl_destroy_nodes it looks like a wild pointer would need to be the value in a accessed node->avl_child[0] in order for the code to fail. But, if the avl tree was being separately updated during the avl_destroy_nodes activity, that could substitute in a NULL that "node =3D node->avl_child[0];" could get a copy of. Does anyone know which of these is a possibility? Both? The information would be good to add to the bugzilla submittal's comments if it helps narrow down anything. (I supposed a failed context synchronization across some context change, say a cpu migration, could be another way to get an odd value.) For reference, one of the example backtraces is: #6 #7 avl_destroy_nodes (tree=3Dtree@entry=3D0xfffff8003fa1bea0,=20 cookie=3Dcookie@entry=3D0xfffffe0075f2fdd0) at /usr/src/sys/contrib/openzfs/module/avl/avl.c:1023 #8 0xffffffff823dd768 in mze_destroy (zap=3D0xfffff8003fa1bd80) at /usr/src/sys/contrib/openzfs/module/zfs/zap_micro.c:402 #9 zap_evict_sync (dbu=3D0xfffff8003fa1bd80) at /usr/src/sys/contrib/openzfs/module/zfs/zap_micro.c:887 #10 0xffffffff822ae74a in dbuf_evict_user (db=3D0xfffff800391f3378) at /usr/src/sys/contrib/openzfs/module/zfs/dbuf.c:570 #11 dbuf_clear_data (db=3D0xfffff800391f3378) at /usr/src/sys/contrib/openzfs/module/zfs/dbuf.c:1131 #12 dbuf_destroy (db=3D0xfffff800391f3378) at /usr/src/sys/contrib/openzfs/module/zfs/dbuf.c:2804 #13 0xffffffff822b4129 in dbuf_evict_one () at /usr/src/sys/contrib/openzfs/module/zfs/dbuf.c:704 #14 0xffffffff822ac43d in dbuf_evict_thread (unused=3Dunused@entry=3D0x0) at /usr/src/sys/contrib/openzfs/module/zfs/dbuf.c:742 #15 0xffffffff80bd8a9e in fork_exit ( callout=3D0xffffffff822ac120 , arg=3D0x0,=20 frame=3D0xfffffe0075f2ff40) at /usr/src/sys/kern/kern_fork.c:1093 #16 #17 mi_startup () at /usr/src/sys/kern/init_main.c:322 #18 0xffffffff80f76c49 in swapper () at /usr/src/sys/vm/vm_swapout.c:755 #19 0xffffffff80385022 in btext () at = /usr/src/sys/amd64/amd64/locore.S:80 =3D=3D=3D Mark Millard marklmi at yahoo.com