Issue #2756 has been updated by tkusumi.
If anyone hits this kernel panic using the latest version of VirtualBox on Linux, try using KVM. I don't hit this issue when running 4.0.3 (which hasn't merged 15bd3c73 yet) as a KVM guest while I do hit this everyday on VirtualBox. The easiest way to reproduce this kernel panic on VirtualBox is to run hammer show. It usually requires the fs to have some GB, and cloning some kernel repositories is a good way to fill a newfsed btree with bunch of nodes. If the hammer show completes then that environment probably isn't likely to hit the issue. This bug is ATA issue so you do see this on UFS as well. If you continue using that environment by rebooting it will eventually get the fs to the point where you can no longer execute hammer cleanup nor write some MB files which is dead end. hammer show on KVM guest (see above posts for VirtualBox) # git clone git://git.dragonflybsd.org/dragonfly.git # git clone git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git # hammer volume-list / /dev/serno/QM00001.s1d # hammer -f /dev/serno/QM00001.s1d show > out # ls -lh out -rw-r--r-- 1 root wheel 319M Feb 8 13:57 out ---------------------------------------- Bug #2756: Hit kernel panic while running hammer show cmd http://bugs.dragonflybsd.org/issues/2756#change-12591 * Author: tkusumi * Status: Closed * Priority: High * Assignee: tuxillo * Category: Kernel * Target version: 4.2.x ---------------------------------------- Hit kernel panic while running hammer show cmd. All I did was # uname -r 4.0-RELEASE # hammer -f /dev/serno/xxxxxxxx.s1d show > show.out where /dev/serno/xxxxxxxx.s1d is a volume for / hammerfs with enough space left. It's running as a virtualbox guest on x86_64. It happens whenever the size of show.out gets around 250MB. # df -h Filesystem Size Used Avail Capacity Mounted on ROOT 74G 8.2G 66G 11% / ... x/i says it died at movl at dscheck+0x8b (ffffffff80618025) ffffffff80618025: 44 8b 7b 0c mov 0xc(%rbx),%r15d ffffffff80618029: 44 3b 7d b8 cmp -0x48(%rbp),%r15d ffffffff8061802d: 77 28 ja ffffffff80618057 <dscheck+0xbd> dscheck() was called as a sequence of btree lookup by hammer show. hammer_vop_strategy_read() -> hammer_ip_first() -> hammer_btree_lookup() -> btree_search() -> hammer_cursor_down() -> hammer_get_node() -> hammer_load_node() -> hammer_get_buffer() -> hammer_load_buffer() -> hammer_io_read() -> hammer_cluster_read() -> ... (failed to catch any further) I saw disas of /boot/kernel/kernel and this movl seems to be null pointer dereference of *ssp at if (slice >= ssp->dss_nslices) of the following. > struct bio * > dscheck(cdev_t dev, struct bio *bio, struct diskslices *ssp) > { > struct buf *bp = bio->bio_buf; > struct bio *nbio; > disklabel_t lp; > disklabel_ops_t ops; > long nsec; > u_int64_t secno; > u_int64_t endsecno; > u_int64_t slicerel_secno; > struct diskslice *sp; > u_int32_t part; > u_int32_t slice; > int shift; > int mask; > > slice = dkslice(dev); > part = dkpart(dev); > > if (bio->bio_offset < 0) { > kprintf("dscheck(%s): negative bio_offset %lld\n", > devtoname(dev), (long long)bio->bio_offset); > goto bad; > } > if (slice >= ssp->dss_nslices) { > kprintf("dscheck(%s): slice too large %d/%d\n", > devtoname(dev), slice, ssp->dss_nslices); > goto bad; > } -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://bugs.dragonflybsd.org/my/account
