Re: CURRENT r296381 panic in vn_sendfile (/usr/src/sys/kern/kern_sendfile.c:833)
Just forget, system was upgraded to 296385 (just sync with another servers )
Vitalij Satanivskij wrote:
VS>
VS> Hello.
VS>
VS> OK about 3 hours with last patch
VS>
VS> No panic.
VS>
VS> Sysctl -
VS> sysctl kern.ipc.sf_long_headers
VS> kern.ipc.sf_long_headers: 1
VS>
VS>
VS> Gleb Smirnoff wrote:
VS> GS> Vitalij,
VS> GS>
VS> GS> here is latest version of the patch. If you already run the
VS> GS> previous one, no need to switch to this one, keep running as is.
VS> GS> The update covers only FreeBSD 4 and i386 compatibilties.
VS> GS>
VS> GS> current@, a review is appreciated. The patch not only fixes a
VS> GS> recent bug, but also fixes a long standing problem that headers
VS> GS> were not checked against socket buffer size. One could push
VS> GS> unlimited data into sendfile() with headers. The patch also
VS> GS> pushes also compat code under ifdef, so it is cut away if
VS> GS> you aren't interested in COMPAT_FREEBSD4.
VS> GS>
VS> GS> On Wed, Mar 23, 2016 at 04:59:25PM -0700, Gleb Smirnoff wrote:
VS> GS> T> Vitalij,
VS> GS> T>
VS> GS> T> although the first patch should fixup the panic, can you please
VS> GS> T> instead run this one. And if it is possible, can you please
VS> GS> T> monitor this sysctl:
VS> GS> T>
VS> GS> T> sysctl kern.ipc.sf_long_headers
VS> GS> T>
VS> GS> T>
VS> GS> T> --
VS> GS> T> Totus tuus, Glebius.
VS> GS>
VS> GS> T> Index: sys/kern/kern_descrip.c
VS> GS> T> ===
VS> GS> T> --- sys/kern/kern_descrip.c (revision 297217)
VS> GS> T> +++ sys/kern/kern_descrip.c (working copy)
VS> GS> T> @@ -3958,7 +3958,7 @@ badfo_chown(struct file *fp, uid_t uid, gid_t
gid,
VS> GS> T> static int
VS> GS> T> badfo_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio,
VS> GS> T> struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent,
int flags,
VS> GS> T> -int kflags, struct thread *td)
VS> GS> T> +struct thread *td)
VS> GS> T> {
VS> GS> T>
VS> GS> T> return (EBADF);
VS> GS> T> @@ -4044,7 +4044,7 @@ invfo_chown(struct file *fp, uid_t uid, gid_t
gid,
VS> GS> T> int
VS> GS> T> invfo_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio,
VS> GS> T> struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent,
int flags,
VS> GS> T> -int kflags, struct thread *td)
VS> GS> T> +struct thread *td)
VS> GS> T> {
VS> GS> T>
VS> GS> T> return (EINVAL);
VS> GS> T> Index: sys/kern/kern_sendfile.c
VS> GS> T> ===
VS> GS> T> --- sys/kern/kern_sendfile.c (revision 297217)
VS> GS> T> +++ sys/kern/kern_sendfile.c (working copy)
VS> GS> T> @@ -95,6 +95,7 @@ struct sendfile_sync {
VS> GS> T> };
VS> GS> T>
VS> GS> T> counter_u64_t sfstat[sizeof(struct sfstat) / sizeof(uint64_t)];
VS> GS> T> +static counter_u64_t sf_long_headers; /* QQQGL */
VS> GS> T>
VS> GS> T> static void
VS> GS> T> sfstat_init(const void *unused)
VS> GS> T> @@ -102,6 +103,7 @@ sfstat_init(const void *unused)
VS> GS> T>
VS> GS> T> COUNTER_ARRAY_ALLOC(sfstat, sizeof(struct sfstat) /
sizeof(uint64_t),
VS> GS> T> M_WAITOK);
VS> GS> T> +sf_long_headers = counter_u64_alloc(M_WAITOK); /* QQQGL */
VS> GS> T> }
VS> GS> T> SYSINIT(sfstat, SI_SUB_MBUF, SI_ORDER_FIRST, sfstat_init, NULL);
VS> GS> T>
VS> GS> T> @@ -117,6 +119,8 @@ sfstat_sysctl(SYSCTL_HANDLER_ARGS)
VS> GS> T> }
VS> GS> T> SYSCTL_PROC(_kern_ipc, OID_AUTO, sfstat, CTLTYPE_OPAQUE |
CTLFLAG_RW,
VS> GS> T> NULL, 0, sfstat_sysctl, "I", "sendfile statistics");
VS> GS> T> +SYSCTL_COUNTER_U64(_kern_ipc, OID_AUTO, sf_long_headers, CTLFLAG_RW,
VS> GS> T> +_long_headers, "times headers did not fit into socket
buffer");
VS> GS> T>
VS> GS> T> /*
VS> GS> T> * Detach mapped page and release resources back to the system.
Called
VS> GS> T> @@ -516,7 +520,7 @@ sendfile_getsock(struct thread *td, int s, struct
VS> GS> T> int
VS> GS> T> vn_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio,
VS> GS> T> struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent,
int flags,
VS> GS> T> -int kflags, struct thread *td)
VS> GS> T> +struct thread *td)
VS> GS> T> {
VS> GS> T> struct file *sock_fp;
VS> GS> T> struct vnode *vp;
VS> GS> T> @@ -534,7 +538,7 @@ vn_sendfile(struct file *fp, int sockfd, struct
ui
VS> GS> T> so = NULL;
VS> GS> T> m = mh = NULL;
VS> GS> T> sfs = NULL;
VS> GS> T> -sbytes = 0;
VS> GS> T> +hdrlen = sbytes = 0;
VS> GS> T> softerr = 0;
VS> GS> T>
VS> GS> T> error = sendfile_getobj(td, fp, , , , _size,
);
VS> GS> T> @@ -560,26 +564,6 @@ vn_sendfile(struct file *fp, int sockfd, struct
ui
VS> GS> T> cv_init(>cv, "sendfile");
VS> GS> T> }
VS> GS> T>
VS> GS> T> -/* If headers are specified copy them into mbufs. */
VS> GS> T> -if (hdr_uio != NULL && hdr_uio->uio_resid > 0) {
VS> GS> T> -hdr_uio->uio_td = td;
VS> GS> T> -
Re: CURRENT r296381 panic in vn_sendfile (/usr/src/sys/kern/kern_sendfile.c:833)
Hello.
OK about 3 hours with last patch
No panic.
Sysctl -
sysctl kern.ipc.sf_long_headers
kern.ipc.sf_long_headers: 1
Gleb Smirnoff wrote:
GS> Vitalij,
GS>
GS> here is latest version of the patch. If you already run the
GS> previous one, no need to switch to this one, keep running as is.
GS> The update covers only FreeBSD 4 and i386 compatibilties.
GS>
GS> current@, a review is appreciated. The patch not only fixes a
GS> recent bug, but also fixes a long standing problem that headers
GS> were not checked against socket buffer size. One could push
GS> unlimited data into sendfile() with headers. The patch also
GS> pushes also compat code under ifdef, so it is cut away if
GS> you aren't interested in COMPAT_FREEBSD4.
GS>
GS> On Wed, Mar 23, 2016 at 04:59:25PM -0700, Gleb Smirnoff wrote:
GS> T> Vitalij,
GS> T>
GS> T> although the first patch should fixup the panic, can you please
GS> T> instead run this one. And if it is possible, can you please
GS> T> monitor this sysctl:
GS> T>
GS> T> sysctl kern.ipc.sf_long_headers
GS> T>
GS> T>
GS> T> --
GS> T> Totus tuus, Glebius.
GS>
GS> T> Index: sys/kern/kern_descrip.c
GS> T> ===
GS> T> --- sys/kern/kern_descrip.c (revision 297217)
GS> T> +++ sys/kern/kern_descrip.c (working copy)
GS> T> @@ -3958,7 +3958,7 @@ badfo_chown(struct file *fp, uid_t uid, gid_t gid,
GS> T> static int
GS> T> badfo_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio,
GS> T> struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int
flags,
GS> T> -int kflags, struct thread *td)
GS> T> +struct thread *td)
GS> T> {
GS> T>
GS> T> return (EBADF);
GS> T> @@ -4044,7 +4044,7 @@ invfo_chown(struct file *fp, uid_t uid, gid_t gid,
GS> T> int
GS> T> invfo_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio,
GS> T> struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int
flags,
GS> T> -int kflags, struct thread *td)
GS> T> +struct thread *td)
GS> T> {
GS> T>
GS> T> return (EINVAL);
GS> T> Index: sys/kern/kern_sendfile.c
GS> T> ===
GS> T> --- sys/kern/kern_sendfile.c (revision 297217)
GS> T> +++ sys/kern/kern_sendfile.c (working copy)
GS> T> @@ -95,6 +95,7 @@ struct sendfile_sync {
GS> T> };
GS> T>
GS> T> counter_u64_t sfstat[sizeof(struct sfstat) / sizeof(uint64_t)];
GS> T> +static counter_u64_t sf_long_headers; /* QQQGL */
GS> T>
GS> T> static void
GS> T> sfstat_init(const void *unused)
GS> T> @@ -102,6 +103,7 @@ sfstat_init(const void *unused)
GS> T>
GS> T> COUNTER_ARRAY_ALLOC(sfstat, sizeof(struct sfstat) /
sizeof(uint64_t),
GS> T> M_WAITOK);
GS> T> +sf_long_headers = counter_u64_alloc(M_WAITOK); /* QQQGL */
GS> T> }
GS> T> SYSINIT(sfstat, SI_SUB_MBUF, SI_ORDER_FIRST, sfstat_init, NULL);
GS> T>
GS> T> @@ -117,6 +119,8 @@ sfstat_sysctl(SYSCTL_HANDLER_ARGS)
GS> T> }
GS> T> SYSCTL_PROC(_kern_ipc, OID_AUTO, sfstat, CTLTYPE_OPAQUE | CTLFLAG_RW,
GS> T> NULL, 0, sfstat_sysctl, "I", "sendfile statistics");
GS> T> +SYSCTL_COUNTER_U64(_kern_ipc, OID_AUTO, sf_long_headers, CTLFLAG_RW,
GS> T> +_long_headers, "times headers did not fit into socket buffer");
GS> T>
GS> T> /*
GS> T> * Detach mapped page and release resources back to the system. Called
GS> T> @@ -516,7 +520,7 @@ sendfile_getsock(struct thread *td, int s, struct
GS> T> int
GS> T> vn_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio,
GS> T> struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int
flags,
GS> T> -int kflags, struct thread *td)
GS> T> +struct thread *td)
GS> T> {
GS> T> struct file *sock_fp;
GS> T> struct vnode *vp;
GS> T> @@ -534,7 +538,7 @@ vn_sendfile(struct file *fp, int sockfd, struct ui
GS> T> so = NULL;
GS> T> m = mh = NULL;
GS> T> sfs = NULL;
GS> T> -sbytes = 0;
GS> T> +hdrlen = sbytes = 0;
GS> T> softerr = 0;
GS> T>
GS> T> error = sendfile_getobj(td, fp, , , , _size,
);
GS> T> @@ -560,26 +564,6 @@ vn_sendfile(struct file *fp, int sockfd, struct ui
GS> T> cv_init(>cv, "sendfile");
GS> T> }
GS> T>
GS> T> -/* If headers are specified copy them into mbufs. */
GS> T> -if (hdr_uio != NULL && hdr_uio->uio_resid > 0) {
GS> T> -hdr_uio->uio_td = td;
GS> T> -hdr_uio->uio_rw = UIO_WRITE;
GS> T> -/*
GS> T> - * In FBSD < 5.0 the nbytes to send also included
GS> T> - * the header. If compat is specified subtract the
GS> T> - * header size from nbytes.
GS> T> - */
GS> T> -if (kflags & SFK_COMPAT) {
GS> T> -if (nbytes > hdr_uio->uio_resid)
GS> T> -nbytes -= hdr_uio->uio_resid;
GS> T> -
Re: CURRENT r296381 panic in vn_sendfile (/usr/src/sys/kern/kern_sendfile.c:833)
Vitalij,
here is latest version of the patch. If you already run the
previous one, no need to switch to this one, keep running as is.
The update covers only FreeBSD 4 and i386 compatibilties.
current@, a review is appreciated. The patch not only fixes a
recent bug, but also fixes a long standing problem that headers
were not checked against socket buffer size. One could push
unlimited data into sendfile() with headers. The patch also
pushes also compat code under ifdef, so it is cut away if
you aren't interested in COMPAT_FREEBSD4.
On Wed, Mar 23, 2016 at 04:59:25PM -0700, Gleb Smirnoff wrote:
T> Vitalij,
T>
T> although the first patch should fixup the panic, can you please
T> instead run this one. And if it is possible, can you please
T> monitor this sysctl:
T>
T> sysctl kern.ipc.sf_long_headers
T>
T>
T> --
T> Totus tuus, Glebius.
T> Index: sys/kern/kern_descrip.c
T> ===
T> --- sys/kern/kern_descrip.c (revision 297217)
T> +++ sys/kern/kern_descrip.c (working copy)
T> @@ -3958,7 +3958,7 @@ badfo_chown(struct file *fp, uid_t uid, gid_t gid,
T> static int
T> badfo_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio,
T> struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int
flags,
T> -int kflags, struct thread *td)
T> +struct thread *td)
T> {
T>
T> return (EBADF);
T> @@ -4044,7 +4044,7 @@ invfo_chown(struct file *fp, uid_t uid, gid_t gid,
T> int
T> invfo_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio,
T> struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int
flags,
T> -int kflags, struct thread *td)
T> +struct thread *td)
T> {
T>
T> return (EINVAL);
T> Index: sys/kern/kern_sendfile.c
T> ===
T> --- sys/kern/kern_sendfile.c (revision 297217)
T> +++ sys/kern/kern_sendfile.c (working copy)
T> @@ -95,6 +95,7 @@ struct sendfile_sync {
T> };
T>
T> counter_u64_t sfstat[sizeof(struct sfstat) / sizeof(uint64_t)];
T> +static counter_u64_t sf_long_headers; /* QQQGL */
T>
T> static void
T> sfstat_init(const void *unused)
T> @@ -102,6 +103,7 @@ sfstat_init(const void *unused)
T>
T> COUNTER_ARRAY_ALLOC(sfstat, sizeof(struct sfstat) / sizeof(uint64_t),
T> M_WAITOK);
T> +sf_long_headers = counter_u64_alloc(M_WAITOK); /* QQQGL */
T> }
T> SYSINIT(sfstat, SI_SUB_MBUF, SI_ORDER_FIRST, sfstat_init, NULL);
T>
T> @@ -117,6 +119,8 @@ sfstat_sysctl(SYSCTL_HANDLER_ARGS)
T> }
T> SYSCTL_PROC(_kern_ipc, OID_AUTO, sfstat, CTLTYPE_OPAQUE | CTLFLAG_RW,
T> NULL, 0, sfstat_sysctl, "I", "sendfile statistics");
T> +SYSCTL_COUNTER_U64(_kern_ipc, OID_AUTO, sf_long_headers, CTLFLAG_RW,
T> +_long_headers, "times headers did not fit into socket buffer");
T>
T> /*
T> * Detach mapped page and release resources back to the system. Called
T> @@ -516,7 +520,7 @@ sendfile_getsock(struct thread *td, int s, struct
T> int
T> vn_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio,
T> struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int
flags,
T> -int kflags, struct thread *td)
T> +struct thread *td)
T> {
T> struct file *sock_fp;
T> struct vnode *vp;
T> @@ -534,7 +538,7 @@ vn_sendfile(struct file *fp, int sockfd, struct ui
T> so = NULL;
T> m = mh = NULL;
T> sfs = NULL;
T> -sbytes = 0;
T> +hdrlen = sbytes = 0;
T> softerr = 0;
T>
T> error = sendfile_getobj(td, fp, , , , _size, );
T> @@ -560,26 +564,6 @@ vn_sendfile(struct file *fp, int sockfd, struct ui
T> cv_init(>cv, "sendfile");
T> }
T>
T> -/* If headers are specified copy them into mbufs. */
T> -if (hdr_uio != NULL && hdr_uio->uio_resid > 0) {
T> -hdr_uio->uio_td = td;
T> -hdr_uio->uio_rw = UIO_WRITE;
T> -/*
T> - * In FBSD < 5.0 the nbytes to send also included
T> - * the header. If compat is specified subtract the
T> - * header size from nbytes.
T> - */
T> -if (kflags & SFK_COMPAT) {
T> -if (nbytes > hdr_uio->uio_resid)
T> -nbytes -= hdr_uio->uio_resid;
T> -else
T> -nbytes = 0;
T> -}
T> -mh = m_uiotombuf(hdr_uio, M_WAITOK, 0, 0, 0);
T> -hdrlen = m_length(mh, );
T> -} else
T> -hdrlen = 0;
T> -
T> rem = nbytes ? omin(nbytes, obj_size - offset) : obj_size - offset;
T>
T> /*
T> @@ -668,11 +652,23 @@ retry_space:
T> SOCKBUF_UNLOCK(>so_snd);
T>
T> /*
T> - * Reduce space in the socket buffer by the size of
T> - * the header mbuf chain.
T> - * hdrlen is set to 0 after the first loop.
T> + * At the beginning of the first loop check if any headers
T> + * are specified and copy them into
Re: CURRENT r296381 panic in vn_sendfile (/usr/src/sys/kern/kern_sendfile.c:833)
Vitalij,
although the first patch should fixup the panic, can you please
instead run this one. And if it is possible, can you please
monitor this sysctl:
sysctl kern.ipc.sf_long_headers
--
Totus tuus, Glebius.
Index: sys/kern/kern_descrip.c
===
--- sys/kern/kern_descrip.c (revision 297217)
+++ sys/kern/kern_descrip.c (working copy)
@@ -3958,7 +3958,7 @@ badfo_chown(struct file *fp, uid_t uid, gid_t gid,
static int
badfo_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio,
struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int flags,
-int kflags, struct thread *td)
+struct thread *td)
{
return (EBADF);
@@ -4044,7 +4044,7 @@ invfo_chown(struct file *fp, uid_t uid, gid_t gid,
int
invfo_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio,
struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int flags,
-int kflags, struct thread *td)
+struct thread *td)
{
return (EINVAL);
Index: sys/kern/kern_sendfile.c
===
--- sys/kern/kern_sendfile.c (revision 297217)
+++ sys/kern/kern_sendfile.c (working copy)
@@ -95,6 +95,7 @@ struct sendfile_sync {
};
counter_u64_t sfstat[sizeof(struct sfstat) / sizeof(uint64_t)];
+static counter_u64_t sf_long_headers; /* QQQGL */
static void
sfstat_init(const void *unused)
@@ -102,6 +103,7 @@ sfstat_init(const void *unused)
COUNTER_ARRAY_ALLOC(sfstat, sizeof(struct sfstat) / sizeof(uint64_t),
M_WAITOK);
+ sf_long_headers = counter_u64_alloc(M_WAITOK); /* QQQGL */
}
SYSINIT(sfstat, SI_SUB_MBUF, SI_ORDER_FIRST, sfstat_init, NULL);
@@ -117,6 +119,8 @@ sfstat_sysctl(SYSCTL_HANDLER_ARGS)
}
SYSCTL_PROC(_kern_ipc, OID_AUTO, sfstat, CTLTYPE_OPAQUE | CTLFLAG_RW,
NULL, 0, sfstat_sysctl, "I", "sendfile statistics");
+SYSCTL_COUNTER_U64(_kern_ipc, OID_AUTO, sf_long_headers, CTLFLAG_RW,
+_long_headers, "times headers did not fit into socket buffer");
/*
* Detach mapped page and release resources back to the system. Called
@@ -516,7 +520,7 @@ sendfile_getsock(struct thread *td, int s, struct
int
vn_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio,
struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int flags,
-int kflags, struct thread *td)
+struct thread *td)
{
struct file *sock_fp;
struct vnode *vp;
@@ -534,7 +538,7 @@ vn_sendfile(struct file *fp, int sockfd, struct ui
so = NULL;
m = mh = NULL;
sfs = NULL;
- sbytes = 0;
+ hdrlen = sbytes = 0;
softerr = 0;
error = sendfile_getobj(td, fp, , , , _size, );
@@ -560,26 +564,6 @@ vn_sendfile(struct file *fp, int sockfd, struct ui
cv_init(>cv, "sendfile");
}
- /* If headers are specified copy them into mbufs. */
- if (hdr_uio != NULL && hdr_uio->uio_resid > 0) {
- hdr_uio->uio_td = td;
- hdr_uio->uio_rw = UIO_WRITE;
- /*
- * In FBSD < 5.0 the nbytes to send also included
- * the header. If compat is specified subtract the
- * header size from nbytes.
- */
- if (kflags & SFK_COMPAT) {
- if (nbytes > hdr_uio->uio_resid)
-nbytes -= hdr_uio->uio_resid;
- else
-nbytes = 0;
- }
- mh = m_uiotombuf(hdr_uio, M_WAITOK, 0, 0, 0);
- hdrlen = m_length(mh, );
- } else
- hdrlen = 0;
-
rem = nbytes ? omin(nbytes, obj_size - offset) : obj_size - offset;
/*
@@ -668,11 +652,23 @@ retry_space:
SOCKBUF_UNLOCK(>so_snd);
/*
- * Reduce space in the socket buffer by the size of
- * the header mbuf chain.
- * hdrlen is set to 0 after the first loop.
+ * At the beginning of the first loop check if any headers
+ * are specified and copy them into mbufs. Reduce space in
+ * the socket buffer by the size of the header mbuf chain.
+ * Clear hdr_uio here and hdrlen at the end of the first loop.
*/
- space -= hdrlen;
+ if (hdr_uio != NULL) {
+ hdr_uio->uio_td = td;
+ hdr_uio->uio_rw = UIO_WRITE;
+ /* QQQGL remove counter */
+ if (space < hdr_uio->uio_resid)
+counter_u64_add(sf_long_headers, 1);
+ hdr_uio->uio_resid = min(hdr_uio->uio_resid, space);
+ mh = m_uiotombuf(hdr_uio, M_WAITOK, 0, 0, 0);
+ hdrlen = m_length(mh, );
+ space -= hdrlen;
+ hdr_uio = NULL;
+ }
if (vp != NULL) {
error = vn_lock(vp, LK_SHARED);
@@ -944,6 +940,17 @@ sendfile(struct thread *td, struct sendfile_args *
_uio);
if (error != 0)
goto out;
+ /*
+ * In FBSD < 5.0 the nbytes to send also included
+ * the header. If compat is specified subtract the
+ * header size from nbytes.
+ */
+ if (compat) {
+if (uap->nbytes > hdr_uio->uio_resid)
+ uap->nbytes -= hdr_uio->uio_resid;
+else
+ uap->nbytes = 0;
+ }
}
if (hdtr.trailers != NULL) {
error = copyinuio(hdtr.trailers, hdtr.trl_cnt,
@@ -965,7 +972,7 @@ sendfile(struct thread *td, struct sendfile_args *
}
error = fo_sendfile(fp, uap->s, hdr_uio, trl_uio, uap->offset,
- uap->nbytes, , uap->flags, compat ?
Re: CURRENT r296381 panic in vn_sendfile (/usr/src/sys/kern/kern_sendfile.c:833)
Vitalij,
can you please try with this patch?
On Fri, Mar 04, 2016 at 02:40:54PM +0200, Vitalij Satanivskij wrote:
V> Hello.
V>
V> I get kernel panic on high loaded server with messages
V>
V> savecore: reboot after panic:
V>vn_sendfile: mlen 326 space -20 hdrlen 326
V>
V>
V> # kgdb kernel.debug /var/crash/vmcore.0
V>
V> Unread portion of the kernel message buffer:
V> panic: vn_sendfile: mlen 326 space -20 hdrlen 326
V> cpuid = 5
V> KDB: stack backtrace:
V> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
0xfe20206314f0
V> vpanic() at vpanic+0x182/frame 0xfe2020631570
V> kassert_panic() at kassert_panic+0x126/frame 0xfe20206315e0
V> vn_sendfile() at vn_sendfile+0x14ca/frame 0xfe2020631900
V> sys_sendfile() at sys_sendfile+0x11e/frame 0xfe20206319a0
V> amd64_syscall() at amd64_syscall+0x2db/frame 0xfe2020631ab0
V> Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfe2020631ab0
V> --- syscall (393, FreeBSD ELF64, sys_sendfile), rip = 0x801ef062a, rsp =
0x7fffd8d8, rbp = 0x7fffe1d0 ---
V> KDB: enter: panic
V>
V> Reading symbols from /boot/kernel/zfs.ko...Reading symbols from
/usr/lib/debug//boot/kernel/zfs.ko.debug...done.
V> done.
V> Loaded symbols for /boot/kernel/zfs.ko
V> Reading symbols from /boot/kernel/opensolaris.ko...Reading symbols from
/usr/lib/debug//boot/kernel/opensolaris.ko.debug...done.
V> done.
V> Loaded symbols for /boot/kernel/opensolaris.ko
V> Reading symbols from /boot/kernel/carp.ko...Reading symbols from
/usr/lib/debug//boot/kernel/carp.ko.debug...done.
V> done.
V> Loaded symbols for /boot/kernel/carp.ko
V> Reading symbols from /boot/kernel/ums.ko...Reading symbols from
/usr/lib/debug//boot/kernel/ums.ko.debug...done.
V> done.
V> Loaded symbols for /boot/kernel/ums.ko
V> Reading symbols from /boot/kernel/tmpfs.ko...Reading symbols from
/usr/lib/debug//boot/kernel/tmpfs.ko.debug...done.
V> done.
V> Loaded symbols for /boot/kernel/tmpfs.ko
V> #0 doadump (textdump=0) at pcpu.h:221
V> 221 __asm("movq %%gs:%1,%0" : "=r" (td)
V> (kgdb) bt
V> #0 doadump (textdump=0) at pcpu.h:221
V> #1 0x80384a0b in db_dump (dummy=,
dummy2=false, dummy3=0, dummy4=0x0) at /usr/src/sys/ddb/db_command.c:533
V> #2 0x803847fe in db_command (cmd_table=0x0) at
/usr/src/sys/ddb/db_command.c:440
V> #3 0x80384594 in db_command_loop () at
/usr/src/sys/ddb/db_command.c:493
V> #4 0x8038702b in db_trap (type=, code=0) at
/usr/src/sys/ddb/db_main.c:251
V> #5 0x80a656e3 in kdb_trap (type=3, code=0, tf=) at /usr/src/sys/kern/subr_kdb.c:654
V> #6 0x80ea1298 in trap (frame=0xfe2020631420) at
/usr/src/sys/amd64/amd64/trap.c:556
V> #7 0x80e81a77 in calltrap () at
/usr/src/sys/amd64/amd64/exception.S:234
V> #8 0x80a64dcb in kdb_enter (why=0x813b6c2f "panic",
msg=0x80 ) at cpufunc.h:63
V> #9 0x80a27b5f in vpanic (fmt=, ap=) at /usr/src/sys/kern/kern_shutdown.c:750
V> #10 0x80a279b6 in kassert_panic (fmt=) at
/usr/src/sys/kern/kern_shutdown.c:647
V> #11 0x80a25efa in vn_sendfile (fp=,
sockfd=1619, hdr_uio=, trl_uio=0x0, offset=0,
V> nbytes=, sent=, flags=, kflags=, td=0xa8)
V> at /usr/src/sys/kern/kern_sendfile.c:833
V> #12 0x80a2641e in sys_sendfile (td=0xf80253593000,
uap=0xfe2020631a40) at file.h:382
V> #13 0x80ea214b in amd64_syscall (td=0xf80253593000, traced=0) at
subr_syscall.c:135
V> #14 0x80e81d5b in Xfast_syscall () at
/usr/src/sys/amd64/amd64/exception.S:394
V> #15 0x000801ef062a in ?? ()
V> Previous frame inner to this frame (corrupt stack?)
V> Current language: auto; currently minimal
V> (kgdb) list *0x80a25efa
V> 0x80a25efa is in vn_sendfile (/usr/src/sys/kern/kern_sendfile.c:833).
V> 828 free(sfio, M_TEMP);
V> 829 goto done;
V> 830 }
V> 831
V> 832 /* Add the buffer chain to the socket buffer. */
V> 833 KASSERT(m_length(m, NULL) == space + hdrlen,
V> 834 ("%s: mlen %u space %d hdrlen %d",
V> 835 __func__, m_length(m, NULL), space, hdrlen));
V> 836
V> 837 CURVNET_SET(so->so_vnet);
V>
V>
V> System have 128Gb memory
V> zfs as FS
V> DB's worked on it and web pages served by this server.
V>
V> core saved.
V> panic periodicaly repeted (few hours -- up to few days)
V>
V> Before this, old current (about two year old CURRENT ) work on this server
without crashes.
V>
V> Can anybody point me to way of more complex problem diagnostic or any other
useful things
V>
V> Thank you.
V>
V>
V>
V>
V>
V> ___
V> freebsd-current@freebsd.org mailing list
V> https://lists.freebsd.org/mailman/listinfo/freebsd-current
V> To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
--
Totus tuus, Glebius.
Index: kern_sendfile.c
CURRENT r296381 panic in vn_sendfile (/usr/src/sys/kern/kern_sendfile.c:833)
Hello.
I get kernel panic on high loaded server with messages
savecore: reboot after panic:
vn_sendfile: mlen 326 space -20 hdrlen 326
# kgdb kernel.debug /var/crash/vmcore.0
Unread portion of the kernel message buffer:
panic: vn_sendfile: mlen 326 space -20 hdrlen 326
cpuid = 5
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfe20206314f0
vpanic() at vpanic+0x182/frame 0xfe2020631570
kassert_panic() at kassert_panic+0x126/frame 0xfe20206315e0
vn_sendfile() at vn_sendfile+0x14ca/frame 0xfe2020631900
sys_sendfile() at sys_sendfile+0x11e/frame 0xfe20206319a0
amd64_syscall() at amd64_syscall+0x2db/frame 0xfe2020631ab0
Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfe2020631ab0
--- syscall (393, FreeBSD ELF64, sys_sendfile), rip = 0x801ef062a, rsp =
0x7fffd8d8, rbp = 0x7fffe1d0 ---
KDB: enter: panic
Reading symbols from /boot/kernel/zfs.ko...Reading symbols from
/usr/lib/debug//boot/kernel/zfs.ko.debug...done.
done.
Loaded symbols for /boot/kernel/zfs.ko
Reading symbols from /boot/kernel/opensolaris.ko...Reading symbols from
/usr/lib/debug//boot/kernel/opensolaris.ko.debug...done.
done.
Loaded symbols for /boot/kernel/opensolaris.ko
Reading symbols from /boot/kernel/carp.ko...Reading symbols from
/usr/lib/debug//boot/kernel/carp.ko.debug...done.
done.
Loaded symbols for /boot/kernel/carp.ko
Reading symbols from /boot/kernel/ums.ko...Reading symbols from
/usr/lib/debug//boot/kernel/ums.ko.debug...done.
done.
Loaded symbols for /boot/kernel/ums.ko
Reading symbols from /boot/kernel/tmpfs.ko...Reading symbols from
/usr/lib/debug//boot/kernel/tmpfs.ko.debug...done.
done.
Loaded symbols for /boot/kernel/tmpfs.ko
#0 doadump (textdump=0) at pcpu.h:221
221 __asm("movq %%gs:%1,%0" : "=r" (td)
(kgdb) bt
#0 doadump (textdump=0) at pcpu.h:221
#1 0x80384a0b in db_dump (dummy=, dummy2=false,
dummy3=0, dummy4=0x0) at /usr/src/sys/ddb/db_command.c:533
#2 0x803847fe in db_command (cmd_table=0x0) at
/usr/src/sys/ddb/db_command.c:440
#3 0x80384594 in db_command_loop () at
/usr/src/sys/ddb/db_command.c:493
#4 0x8038702b in db_trap (type=, code=0) at
/usr/src/sys/ddb/db_main.c:251
#5 0x80a656e3 in kdb_trap (type=3, code=0, tf=)
at /usr/src/sys/kern/subr_kdb.c:654
#6 0x80ea1298 in trap (frame=0xfe2020631420) at
/usr/src/sys/amd64/amd64/trap.c:556
#7 0x80e81a77 in calltrap () at
/usr/src/sys/amd64/amd64/exception.S:234
#8 0x80a64dcb in kdb_enter (why=0x813b6c2f "panic", msg=0x80
) at cpufunc.h:63
#9 0x80a27b5f in vpanic (fmt=, ap=) at /usr/src/sys/kern/kern_shutdown.c:750
#10 0x80a279b6 in kassert_panic (fmt=) at
/usr/src/sys/kern/kern_shutdown.c:647
#11 0x80a25efa in vn_sendfile (fp=, sockfd=1619,
hdr_uio=, trl_uio=0x0, offset=0,
nbytes=, sent=, flags=, kflags=, td=0xa8)
at /usr/src/sys/kern/kern_sendfile.c:833
#12 0x80a2641e in sys_sendfile (td=0xf80253593000,
uap=0xfe2020631a40) at file.h:382
#13 0x80ea214b in amd64_syscall (td=0xf80253593000, traced=0) at
subr_syscall.c:135
#14 0x80e81d5b in Xfast_syscall () at
/usr/src/sys/amd64/amd64/exception.S:394
#15 0x000801ef062a in ?? ()
Previous frame inner to this frame (corrupt stack?)
Current language: auto; currently minimal
(kgdb) list *0x80a25efa
0x80a25efa is in vn_sendfile (/usr/src/sys/kern/kern_sendfile.c:833).
828 free(sfio, M_TEMP);
829 goto done;
830 }
831
832 /* Add the buffer chain to the socket buffer. */
833 KASSERT(m_length(m, NULL) == space + hdrlen,
834 ("%s: mlen %u space %d hdrlen %d",
835 __func__, m_length(m, NULL), space, hdrlen));
836
837 CURVNET_SET(so->so_vnet);
System have 128Gb memory
zfs as FS
DB's worked on it and web pages served by this server.
core saved.
panic periodicaly repeted (few hours -- up to few days)
Before this, old current (about two year old CURRENT ) work on this server
without crashes.
Can anybody point me to way of more complex problem diagnostic or any other
useful things
Thank you.
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
