Page faults in getnewvnode with memguard(9) enabled

Alan Somers asomers at freebsd.org
Fri Feb 12 20:21:59 UTC 2016 

Prospecting for memory errors in ZFS, I tried running the ZFS test
suite with memguard enabled.  But as soon as I enable it, I hit the
following panic within a few seconds.  Line 1350 of vfs_subr.c simply
accesses an object that was just allocated.  I can't see anything
wrong with the code, so I suspect a bug in memguard.  Has anybody
successfully used memguard on recent kernels?

My memguard setting is "vm.memguard.frequency=100", so all memory
allocations will be protected with a probability of 0.1%.  If instead
I leave vm.memguard.frequency=0 and set vm.memguard.desc=solaris, I
don't hit this panic. I wonder if certain uma zones need to be
off-limits to memguard's protection.

#1  0xffffffff8038a6cb in db_dump (dummy=<value optimized out>, dummy2=false,
    dummy3=0, dummy4=0x0)
    at /usr/home/alans/freebsd/head/sys/ddb/db_command.c:533
#2  0xffffffff8038a4be in db_command (cmd_table=0x0)
    at /usr/home/alans/freebsd/head/sys/ddb/db_command.c:440
#3  0xffffffff8038a254 in db_command_loop ()
    at /usr/home/alans/freebsd/head/sys/ddb/db_command.c:493
#4  0xffffffff8038cd5b in db_trap (type=<value optimized out>, code=0)
    at /usr/home/alans/freebsd/head/sys/ddb/db_main.c:251
#5  0xffffffff80ae34c3 in kdb_trap (type=12, code=0, tf=<value optimized out>)
    at /usr/home/alans/freebsd/head/sys/kern/subr_kdb.c:654
#6  0xffffffff80f38731 in trap_fatal (frame=0xfffffe20b3d1c090,
    eva=<value optimized out>)
    at /usr/home/alans/freebsd/head/sys/amd64/amd64/trap.c:836
#7  0xffffffff80f38964 in trap_pfault (frame=0xfffffe20b3d1c090,
    usermode=<value optimized out>)
    at /usr/home/alans/freebsd/head/sys/amd64/amd64/trap.c:691
#8  0xffffffff80f380fe in trap (frame=0xfffffe20b3d1c090)
    at /usr/home/alans/freebsd/head/sys/amd64/amd64/trap.c:442
#9  0xffffffff80f1b697 in calltrap ()
    at /usr/home/alans/freebsd/head/sys/amd64/amd64/exception.S:234
#10 0xffffffff80b59404 in getnewvnode (tag=0xffffffff821df2a0 "zfs",
    mp=0xfffff80044649cc0, vops=0xffffffff821f1600, vpp=0xfffffe20b3d1c320)
    at /usr/home/alans/freebsd/head/sys/kern/vfs_subr.c:1350
#11 0xffffffff8213f49a in zfs_znode_alloc (zfsvfs=0xfffff8004e187000,
    db=0xfffff8018fbb0ca8, blksz=0, obj_type=DMU_OT_SA,
    hdl=0xfffff801256f5770)
    at /usr/home/alans/freebsd/head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_znode.c:630
#12 0xffffffff8213f30f in zfs_mknode (dzp=<value optimized out>,
    vap=0xfffffe20b3d1c9d0, tx=0xfffff8012595a700, cr=0xfffff80044582400,
    flag=<value optimized out>, zpp=0xfffffe20b3d1c840,
    acl_ids=0xfffffe20b3d1c808)
    at /usr/home/alans/freebsd/head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_znode.c:989
#13 0xffffffff8217655a in zfs_freebsd_mkdir (ap=<value optimized out>)
    at /usr/home/alans/freebsd/head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c:2284
#14 0xffffffff8108f076 in VOP_MKDIR_APV (vop=<value optimized out>,
    a=<value optimized out>) at vnode_if.c:1607
#15 0xffffffff80b6a5b9 in kern_mkdirat (td=<value optimized out>,
    fd=<value optimized out>,
    path=0x8023176c0 <Address 0x8023176c0 out of bounds>,
    segflg=UIO_USERSPACE, mode=<value optimized out>) at vnode_if.h:665
#16 0xffffffff80f39108 in amd64_syscall (td=0xfffff8012537d9a0, traced=0)
    at subr_syscall.c:135
#17 0xffffffff80f1b97b in Xfast_syscall ()
    at /usr/home/alans/freebsd/head/sys/amd64/amd64/exception.S:394
#18 0x0000000801a61dba in ?? ()
Previous frame inner to this frame (corrupt stack?)

-Alan

More information about the freebsd-hackers mailing list