General protection fault after setting vfs.zfs.vdev.aggregation_limit above SPA_MAXBLOCKSIZE

Fabian Keil freebsd-listen at fabiankeil.de
Wed Sep 17 10:36:35 UTC 2014 

For testing purposes I reduced vfs.zfs.vdev.aggregation_limit
to 32768 and later on set it "back" to 128000 followed by 132768
(not remembering the default and being to lazy to look it up).

A couple of seconds after the last change I got the following panic:

fk at r500 /usr/crash $kgdb kernel.1/kernel.symbols vmcore.1
[...]
Unread portion of the kernel message buffer:
[24663] 
[24663] 
[24663] Fatal trap 9: general protection fault while in kernel mode
[24663] cpuid = 0; apic id = 00
[24663] instruction pointer	= 0x20:0xffffffff810ec708
[24663] stack pointer	        = 0x28:0xfffffe0094e77340
[24663] frame pointer	        = 0x28:0xfffffe0094e77350
[24663] code segment		= base 0x0, limit 0xfffff, type 0x1b
[24663] 			= DPL 0, pres 1, long 1, def32 0, gran 1
[24663] processor eflags	= interrupt enabled, resume, IOPL = 0
[24663] current process		= 11715 (rsync)
[24663] Uptime: 6h51m3s
[24663] Dumping 317 out of 1973 MB:..6%..11%..21%..31%..41%..51%..61%..71%..81%..91%
[...]
Loaded symbols for /usr/crash/kernel.1/geom_gate.ko.symbols
#0  doadump (textdump=1) at pcpu.h:219
219	pcpu.h: No such file or directory.
	in pcpu.h
(kgdb) where
#0  doadump (textdump=1) at pcpu.h:219
#1  0xffffffff8059799d in kern_reboot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:447
#2  0xffffffff80597ef0 in panic (fmt=<value optimized out>) at /usr/src/sys/kern/kern_shutdown.c:746
#3  0xffffffff8030ef57 in db_panic (addr=<value optimized out>, have_addr=-10592, count=0, modif=0x0) at /usr/src/sys/ddb/db_command.c:482
#4  0xffffffff8030eb6d in db_command (cmd_table=0x0) at /usr/src/sys/ddb/db_command.c:449
#5  0xffffffff8030e8e4 in db_command_loop () at /usr/src/sys/ddb/db_command.c:502
#6  0xffffffff80311340 in db_trap (type=<value optimized out>, code=0) at /usr/src/sys/ddb/db_main.c:231
#7  0xffffffff805d7da1 in kdb_trap (type=9, code=0, tf=<value optimized out>) at /usr/src/sys/kern/subr_kdb.c:654
#8  0xffffffff8085b83c in trap_fatal (frame=0xfffffe0094e77290, eva=<value optimized out>) at /usr/src/sys/amd64/amd64/trap.c:861
#9  0xffffffff8085b4de in trap (frame=<value optimized out>) at /usr/src/sys/amd64/amd64/trap.c:201
#10 0xffffffff8083f552 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:231
#11 0xffffffff810ec708 in list_prev (list=0xffffffff81223038, object=0x5345413a317652ac) at /usr/src/sys/cddl/contrib/opensolaris/uts/common/os/list.c:183
#12 0xffffffff810f9d7e in arc_evict (state=0xffffffff81222d00, spa=0, bytes=131072, recycle=<value optimized out>, type=ARC_BUFC_DATA) at /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/arc.c:2037
#13 0xffffffff810f8695 in arc_get_data_buf (buf=0xfffff8006e6f43a8) at /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/arc.c:2865
#14 0xffffffff810f88d6 in arc_loan_buf (spa=<value optimized out>, size=131072) at /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/arc.c:1544
#15 0xffffffff8110bb61 in dmu_request_arcbuf (handle=<value optimized out>, size=0) at /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dmu.c:1299
#16 0xffffffff8119d390 in zfs_freebsd_write (ap=<value optimized out>) at /usr/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c:989
#17 0xffffffff808ea0f5 in VOP_WRITE_APV (vop=<value optimized out>, a=<value optimized out>) at vnode_if.c:997
#18 0xffffffff80663c89 in vn_write (fp=0xfffff8005bf4c320, uio=0xfffffe0094e77ab0, active_cred=<value optimized out>, flags=160, td=0x3e26) at vnode_if.h:413
#19 0xffffffff8065fa1b in vn_io_fault (fp=0xfffff8005bf4c320, uio=0xfffffe0094e77ab0, active_cred=0x5345413a317652ac, flags=0, td=0x3e26) at /usr/src/sys/kern/vfs_vnops.c:1150
#20 0xffffffff805f31f7 in dofilewrite (td=0xfffff8006ec64920, fd=3, fp=0xfffff8005bf4c320, auio=0xfffffe0094e77ab0, offset=<value optimized out>, flags=0) at file.h:299
#21 0xffffffff805f2f28 in kern_writev (td=0xfffff8006ec64920, fd=3, auio=0xfffffe0094e77ab0) at /usr/src/sys/kern/sys_generic.c:467
#22 0xffffffff805f2eb3 in sys_write (td=<value optimized out>, uap=<value optimized out>) at /usr/src/sys/kern/sys_generic.c:382
#23 0xffffffff8085c2db in amd64_syscall (td=0xfffff8006ec64920, traced=0) at subr_syscall.c:133
#24 0xffffffff8083f83b in Xfast_syscall () at /usr/src/sys/amd64/amd64/exception.S:390
#25 0x0000000800e0840a in ?? ()
Previous frame inner to this frame (corrupt stack?)
Current language:  auto; currently minimal
(kgdb) f 11
#11 0xffffffff810ec708 in list_prev (list=0xffffffff81223038, object=0x5345413a317652ac) at /usr/src/sys/cddl/contrib/opensolaris/uts/common/os/list.c:183
183		list_node_t *node = list_d2l(list, object);
(kgdb) p *list
$1 = {list_size = 216, list_offset = 160, list_head = {list_next = 0xfffff80059681328, list_prev = 0xfffff80058a53328}}
(kgdb) p *(arc_buf_hdr_t *)object
Cannot access memory at address 0x5345413a317652ac

The system is FreeBSD 11.0-CURRENT based on r271610.

Assuming this was actually caused by the vfs.zfs.vdev.aggregation_limit
modification I'm unlikely to run into it again, but I'm wondering if it
is the expected and intended behaviour.

Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-fs/attachments/20140917/5ecd1cca/attachment.sig>

More information about the freebsd-fs mailing list