Re: CURRENT r296381 panic in vn_sendfile (/usr/src/sys/kern/kern_sendfile.c:833)
Just forget, system was upgraded to 296385 (just sync with another servers ) Vitalij Satanivskij wrote: VS> VS> Hello. VS> VS> OK about 3 hours with last patch VS> VS> No panic. VS> VS> Sysctl - VS> sysctl kern.ipc.sf_long_headers VS> kern.ipc.sf_long_headers: 1 VS> VS> VS> Gleb Smirnoff wrote: VS> GS> Vitalij, VS> GS> VS> GS> here is latest version of the patch. If you already run the VS> GS> previous one, no need to switch to this one, keep running as is. VS> GS> The update covers only FreeBSD 4 and i386 compatibilties. VS> GS> VS> GS> current@, a review is appreciated. The patch not only fixes a VS> GS> recent bug, but also fixes a long standing problem that headers VS> GS> were not checked against socket buffer size. One could push VS> GS> unlimited data into sendfile() with headers. The patch also VS> GS> pushes also compat code under ifdef, so it is cut away if VS> GS> you aren't interested in COMPAT_FREEBSD4. VS> GS> VS> GS> On Wed, Mar 23, 2016 at 04:59:25PM -0700, Gleb Smirnoff wrote: VS> GS> T> Vitalij, VS> GS> T> VS> GS> T> although the first patch should fixup the panic, can you please VS> GS> T> instead run this one. And if it is possible, can you please VS> GS> T> monitor this sysctl: VS> GS> T> VS> GS> T> sysctl kern.ipc.sf_long_headers VS> GS> T> VS> GS> T> VS> GS> T> -- VS> GS> T> Totus tuus, Glebius. VS> GS> VS> GS> T> Index: sys/kern/kern_descrip.c VS> GS> T> === VS> GS> T> --- sys/kern/kern_descrip.c (revision 297217) VS> GS> T> +++ sys/kern/kern_descrip.c (working copy) VS> GS> T> @@ -3958,7 +3958,7 @@ badfo_chown(struct file *fp, uid_t uid, gid_t gid, VS> GS> T> static int VS> GS> T> badfo_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio, VS> GS> T> struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int flags, VS> GS> T> -int kflags, struct thread *td) VS> GS> T> +struct thread *td) VS> GS> T> { VS> GS> T> VS> GS> T> return (EBADF); VS> GS> T> @@ -4044,7 +4044,7 @@ invfo_chown(struct file *fp, uid_t uid, gid_t gid, VS> GS> T> int VS> GS> T> invfo_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio, VS> GS> T> struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int flags, VS> GS> T> -int kflags, struct thread *td) VS> GS> T> +struct thread *td) VS> GS> T> { VS> GS> T> VS> GS> T> return (EINVAL); VS> GS> T> Index: sys/kern/kern_sendfile.c VS> GS> T> === VS> GS> T> --- sys/kern/kern_sendfile.c (revision 297217) VS> GS> T> +++ sys/kern/kern_sendfile.c (working copy) VS> GS> T> @@ -95,6 +95,7 @@ struct sendfile_sync { VS> GS> T> }; VS> GS> T> VS> GS> T> counter_u64_t sfstat[sizeof(struct sfstat) / sizeof(uint64_t)]; VS> GS> T> +static counter_u64_t sf_long_headers; /* QQQGL */ VS> GS> T> VS> GS> T> static void VS> GS> T> sfstat_init(const void *unused) VS> GS> T> @@ -102,6 +103,7 @@ sfstat_init(const void *unused) VS> GS> T> VS> GS> T> COUNTER_ARRAY_ALLOC(sfstat, sizeof(struct sfstat) / sizeof(uint64_t), VS> GS> T> M_WAITOK); VS> GS> T> +sf_long_headers = counter_u64_alloc(M_WAITOK); /* QQQGL */ VS> GS> T> } VS> GS> T> SYSINIT(sfstat, SI_SUB_MBUF, SI_ORDER_FIRST, sfstat_init, NULL); VS> GS> T> VS> GS> T> @@ -117,6 +119,8 @@ sfstat_sysctl(SYSCTL_HANDLER_ARGS) VS> GS> T> } VS> GS> T> SYSCTL_PROC(_kern_ipc, OID_AUTO, sfstat, CTLTYPE_OPAQUE | CTLFLAG_RW, VS> GS> T> NULL, 0, sfstat_sysctl, "I", "sendfile statistics"); VS> GS> T> +SYSCTL_COUNTER_U64(_kern_ipc, OID_AUTO, sf_long_headers, CTLFLAG_RW, VS> GS> T> +_long_headers, "times headers did not fit into socket buffer"); VS> GS> T> VS> GS> T> /* VS> GS> T> * Detach mapped page and release resources back to the system. Called VS> GS> T> @@ -516,7 +520,7 @@ sendfile_getsock(struct thread *td, int s, struct VS> GS> T> int VS> GS> T> vn_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio, VS> GS> T> struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int flags, VS> GS> T> -int kflags, struct thread *td) VS> GS> T> +struct thread *td) VS> GS> T> { VS> GS> T> struct file *sock_fp; VS> GS> T> struct vnode *vp; VS> GS> T> @@ -534,7 +538,7 @@ vn_sendfile(struct file *fp, int sockfd, struct ui VS> GS> T> so = NULL; VS> GS> T> m = mh = NULL; VS> GS> T> sfs = NULL; VS> GS> T> -sbytes = 0; VS> GS> T> +hdrlen = sbytes = 0; VS> GS> T> softerr = 0; VS> GS> T> VS> GS> T> error = sendfile_getobj(td, fp, , , , _size, ); VS> GS> T> @@ -560,26 +564,6 @@ vn_sendfile(struct file *fp, int sockfd, struct ui VS> GS> T> cv_init(>cv, "sendfile"); VS> GS> T> } VS> GS> T> VS> GS> T> -/* If headers are specified copy them into mbufs. */ VS> GS> T> -if (hdr_uio != NULL && hdr_uio->uio_resid > 0) { VS> GS> T> -hdr_uio->uio_td = td; VS> GS> T> -
Re: CURRENT r296381 panic in vn_sendfile (/usr/src/sys/kern/kern_sendfile.c:833)
Hello. OK about 3 hours with last patch No panic. Sysctl - sysctl kern.ipc.sf_long_headers kern.ipc.sf_long_headers: 1 Gleb Smirnoff wrote: GS> Vitalij, GS> GS> here is latest version of the patch. If you already run the GS> previous one, no need to switch to this one, keep running as is. GS> The update covers only FreeBSD 4 and i386 compatibilties. GS> GS> current@, a review is appreciated. The patch not only fixes a GS> recent bug, but also fixes a long standing problem that headers GS> were not checked against socket buffer size. One could push GS> unlimited data into sendfile() with headers. The patch also GS> pushes also compat code under ifdef, so it is cut away if GS> you aren't interested in COMPAT_FREEBSD4. GS> GS> On Wed, Mar 23, 2016 at 04:59:25PM -0700, Gleb Smirnoff wrote: GS> T> Vitalij, GS> T> GS> T> although the first patch should fixup the panic, can you please GS> T> instead run this one. And if it is possible, can you please GS> T> monitor this sysctl: GS> T> GS> T> sysctl kern.ipc.sf_long_headers GS> T> GS> T> GS> T> -- GS> T> Totus tuus, Glebius. GS> GS> T> Index: sys/kern/kern_descrip.c GS> T> === GS> T> --- sys/kern/kern_descrip.c (revision 297217) GS> T> +++ sys/kern/kern_descrip.c (working copy) GS> T> @@ -3958,7 +3958,7 @@ badfo_chown(struct file *fp, uid_t uid, gid_t gid, GS> T> static int GS> T> badfo_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio, GS> T> struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int flags, GS> T> -int kflags, struct thread *td) GS> T> +struct thread *td) GS> T> { GS> T> GS> T> return (EBADF); GS> T> @@ -4044,7 +4044,7 @@ invfo_chown(struct file *fp, uid_t uid, gid_t gid, GS> T> int GS> T> invfo_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio, GS> T> struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int flags, GS> T> -int kflags, struct thread *td) GS> T> +struct thread *td) GS> T> { GS> T> GS> T> return (EINVAL); GS> T> Index: sys/kern/kern_sendfile.c GS> T> === GS> T> --- sys/kern/kern_sendfile.c (revision 297217) GS> T> +++ sys/kern/kern_sendfile.c (working copy) GS> T> @@ -95,6 +95,7 @@ struct sendfile_sync { GS> T> }; GS> T> GS> T> counter_u64_t sfstat[sizeof(struct sfstat) / sizeof(uint64_t)]; GS> T> +static counter_u64_t sf_long_headers; /* QQQGL */ GS> T> GS> T> static void GS> T> sfstat_init(const void *unused) GS> T> @@ -102,6 +103,7 @@ sfstat_init(const void *unused) GS> T> GS> T> COUNTER_ARRAY_ALLOC(sfstat, sizeof(struct sfstat) / sizeof(uint64_t), GS> T> M_WAITOK); GS> T> +sf_long_headers = counter_u64_alloc(M_WAITOK); /* QQQGL */ GS> T> } GS> T> SYSINIT(sfstat, SI_SUB_MBUF, SI_ORDER_FIRST, sfstat_init, NULL); GS> T> GS> T> @@ -117,6 +119,8 @@ sfstat_sysctl(SYSCTL_HANDLER_ARGS) GS> T> } GS> T> SYSCTL_PROC(_kern_ipc, OID_AUTO, sfstat, CTLTYPE_OPAQUE | CTLFLAG_RW, GS> T> NULL, 0, sfstat_sysctl, "I", "sendfile statistics"); GS> T> +SYSCTL_COUNTER_U64(_kern_ipc, OID_AUTO, sf_long_headers, CTLFLAG_RW, GS> T> +_long_headers, "times headers did not fit into socket buffer"); GS> T> GS> T> /* GS> T> * Detach mapped page and release resources back to the system. Called GS> T> @@ -516,7 +520,7 @@ sendfile_getsock(struct thread *td, int s, struct GS> T> int GS> T> vn_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio, GS> T> struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int flags, GS> T> -int kflags, struct thread *td) GS> T> +struct thread *td) GS> T> { GS> T> struct file *sock_fp; GS> T> struct vnode *vp; GS> T> @@ -534,7 +538,7 @@ vn_sendfile(struct file *fp, int sockfd, struct ui GS> T> so = NULL; GS> T> m = mh = NULL; GS> T> sfs = NULL; GS> T> -sbytes = 0; GS> T> +hdrlen = sbytes = 0; GS> T> softerr = 0; GS> T> GS> T> error = sendfile_getobj(td, fp, , , , _size, ); GS> T> @@ -560,26 +564,6 @@ vn_sendfile(struct file *fp, int sockfd, struct ui GS> T> cv_init(>cv, "sendfile"); GS> T> } GS> T> GS> T> -/* If headers are specified copy them into mbufs. */ GS> T> -if (hdr_uio != NULL && hdr_uio->uio_resid > 0) { GS> T> -hdr_uio->uio_td = td; GS> T> -hdr_uio->uio_rw = UIO_WRITE; GS> T> -/* GS> T> - * In FBSD < 5.0 the nbytes to send also included GS> T> - * the header. If compat is specified subtract the GS> T> - * header size from nbytes. GS> T> - */ GS> T> -if (kflags & SFK_COMPAT) { GS> T> -if (nbytes > hdr_uio->uio_resid) GS> T> -nbytes -= hdr_uio->uio_resid; GS> T> -
Re: CURRENT r296381 panic in vn_sendfile (/usr/src/sys/kern/kern_sendfile.c:833)
Vitalij, here is latest version of the patch. If you already run the previous one, no need to switch to this one, keep running as is. The update covers only FreeBSD 4 and i386 compatibilties. current@, a review is appreciated. The patch not only fixes a recent bug, but also fixes a long standing problem that headers were not checked against socket buffer size. One could push unlimited data into sendfile() with headers. The patch also pushes also compat code under ifdef, so it is cut away if you aren't interested in COMPAT_FREEBSD4. On Wed, Mar 23, 2016 at 04:59:25PM -0700, Gleb Smirnoff wrote: T> Vitalij, T> T> although the first patch should fixup the panic, can you please T> instead run this one. And if it is possible, can you please T> monitor this sysctl: T> T> sysctl kern.ipc.sf_long_headers T> T> T> -- T> Totus tuus, Glebius. T> Index: sys/kern/kern_descrip.c T> === T> --- sys/kern/kern_descrip.c (revision 297217) T> +++ sys/kern/kern_descrip.c (working copy) T> @@ -3958,7 +3958,7 @@ badfo_chown(struct file *fp, uid_t uid, gid_t gid, T> static int T> badfo_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio, T> struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int flags, T> -int kflags, struct thread *td) T> +struct thread *td) T> { T> T> return (EBADF); T> @@ -4044,7 +4044,7 @@ invfo_chown(struct file *fp, uid_t uid, gid_t gid, T> int T> invfo_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio, T> struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int flags, T> -int kflags, struct thread *td) T> +struct thread *td) T> { T> T> return (EINVAL); T> Index: sys/kern/kern_sendfile.c T> === T> --- sys/kern/kern_sendfile.c (revision 297217) T> +++ sys/kern/kern_sendfile.c (working copy) T> @@ -95,6 +95,7 @@ struct sendfile_sync { T> }; T> T> counter_u64_t sfstat[sizeof(struct sfstat) / sizeof(uint64_t)]; T> +static counter_u64_t sf_long_headers; /* QQQGL */ T> T> static void T> sfstat_init(const void *unused) T> @@ -102,6 +103,7 @@ sfstat_init(const void *unused) T> T> COUNTER_ARRAY_ALLOC(sfstat, sizeof(struct sfstat) / sizeof(uint64_t), T> M_WAITOK); T> +sf_long_headers = counter_u64_alloc(M_WAITOK); /* QQQGL */ T> } T> SYSINIT(sfstat, SI_SUB_MBUF, SI_ORDER_FIRST, sfstat_init, NULL); T> T> @@ -117,6 +119,8 @@ sfstat_sysctl(SYSCTL_HANDLER_ARGS) T> } T> SYSCTL_PROC(_kern_ipc, OID_AUTO, sfstat, CTLTYPE_OPAQUE | CTLFLAG_RW, T> NULL, 0, sfstat_sysctl, "I", "sendfile statistics"); T> +SYSCTL_COUNTER_U64(_kern_ipc, OID_AUTO, sf_long_headers, CTLFLAG_RW, T> +_long_headers, "times headers did not fit into socket buffer"); T> T> /* T> * Detach mapped page and release resources back to the system. Called T> @@ -516,7 +520,7 @@ sendfile_getsock(struct thread *td, int s, struct T> int T> vn_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio, T> struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int flags, T> -int kflags, struct thread *td) T> +struct thread *td) T> { T> struct file *sock_fp; T> struct vnode *vp; T> @@ -534,7 +538,7 @@ vn_sendfile(struct file *fp, int sockfd, struct ui T> so = NULL; T> m = mh = NULL; T> sfs = NULL; T> -sbytes = 0; T> +hdrlen = sbytes = 0; T> softerr = 0; T> T> error = sendfile_getobj(td, fp, , , , _size, ); T> @@ -560,26 +564,6 @@ vn_sendfile(struct file *fp, int sockfd, struct ui T> cv_init(>cv, "sendfile"); T> } T> T> -/* If headers are specified copy them into mbufs. */ T> -if (hdr_uio != NULL && hdr_uio->uio_resid > 0) { T> -hdr_uio->uio_td = td; T> -hdr_uio->uio_rw = UIO_WRITE; T> -/* T> - * In FBSD < 5.0 the nbytes to send also included T> - * the header. If compat is specified subtract the T> - * header size from nbytes. T> - */ T> -if (kflags & SFK_COMPAT) { T> -if (nbytes > hdr_uio->uio_resid) T> -nbytes -= hdr_uio->uio_resid; T> -else T> -nbytes = 0; T> -} T> -mh = m_uiotombuf(hdr_uio, M_WAITOK, 0, 0, 0); T> -hdrlen = m_length(mh, ); T> -} else T> -hdrlen = 0; T> - T> rem = nbytes ? omin(nbytes, obj_size - offset) : obj_size - offset; T> T> /* T> @@ -668,11 +652,23 @@ retry_space: T> SOCKBUF_UNLOCK(>so_snd); T> T> /* T> - * Reduce space in the socket buffer by the size of T> - * the header mbuf chain. T> - * hdrlen is set to 0 after the first loop. T> + * At the beginning of the first loop check if any headers T> + * are specified and copy them into
Re: CURRENT r296381 panic in vn_sendfile (/usr/src/sys/kern/kern_sendfile.c:833)
Vitalij, although the first patch should fixup the panic, can you please instead run this one. And if it is possible, can you please monitor this sysctl: sysctl kern.ipc.sf_long_headers -- Totus tuus, Glebius. Index: sys/kern/kern_descrip.c === --- sys/kern/kern_descrip.c (revision 297217) +++ sys/kern/kern_descrip.c (working copy) @@ -3958,7 +3958,7 @@ badfo_chown(struct file *fp, uid_t uid, gid_t gid, static int badfo_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio, struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int flags, -int kflags, struct thread *td) +struct thread *td) { return (EBADF); @@ -4044,7 +4044,7 @@ invfo_chown(struct file *fp, uid_t uid, gid_t gid, int invfo_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio, struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int flags, -int kflags, struct thread *td) +struct thread *td) { return (EINVAL); Index: sys/kern/kern_sendfile.c === --- sys/kern/kern_sendfile.c (revision 297217) +++ sys/kern/kern_sendfile.c (working copy) @@ -95,6 +95,7 @@ struct sendfile_sync { }; counter_u64_t sfstat[sizeof(struct sfstat) / sizeof(uint64_t)]; +static counter_u64_t sf_long_headers; /* QQQGL */ static void sfstat_init(const void *unused) @@ -102,6 +103,7 @@ sfstat_init(const void *unused) COUNTER_ARRAY_ALLOC(sfstat, sizeof(struct sfstat) / sizeof(uint64_t), M_WAITOK); + sf_long_headers = counter_u64_alloc(M_WAITOK); /* QQQGL */ } SYSINIT(sfstat, SI_SUB_MBUF, SI_ORDER_FIRST, sfstat_init, NULL); @@ -117,6 +119,8 @@ sfstat_sysctl(SYSCTL_HANDLER_ARGS) } SYSCTL_PROC(_kern_ipc, OID_AUTO, sfstat, CTLTYPE_OPAQUE | CTLFLAG_RW, NULL, 0, sfstat_sysctl, "I", "sendfile statistics"); +SYSCTL_COUNTER_U64(_kern_ipc, OID_AUTO, sf_long_headers, CTLFLAG_RW, +_long_headers, "times headers did not fit into socket buffer"); /* * Detach mapped page and release resources back to the system. Called @@ -516,7 +520,7 @@ sendfile_getsock(struct thread *td, int s, struct int vn_sendfile(struct file *fp, int sockfd, struct uio *hdr_uio, struct uio *trl_uio, off_t offset, size_t nbytes, off_t *sent, int flags, -int kflags, struct thread *td) +struct thread *td) { struct file *sock_fp; struct vnode *vp; @@ -534,7 +538,7 @@ vn_sendfile(struct file *fp, int sockfd, struct ui so = NULL; m = mh = NULL; sfs = NULL; - sbytes = 0; + hdrlen = sbytes = 0; softerr = 0; error = sendfile_getobj(td, fp, , , , _size, ); @@ -560,26 +564,6 @@ vn_sendfile(struct file *fp, int sockfd, struct ui cv_init(>cv, "sendfile"); } - /* If headers are specified copy them into mbufs. */ - if (hdr_uio != NULL && hdr_uio->uio_resid > 0) { - hdr_uio->uio_td = td; - hdr_uio->uio_rw = UIO_WRITE; - /* - * In FBSD < 5.0 the nbytes to send also included - * the header. If compat is specified subtract the - * header size from nbytes. - */ - if (kflags & SFK_COMPAT) { - if (nbytes > hdr_uio->uio_resid) -nbytes -= hdr_uio->uio_resid; - else -nbytes = 0; - } - mh = m_uiotombuf(hdr_uio, M_WAITOK, 0, 0, 0); - hdrlen = m_length(mh, ); - } else - hdrlen = 0; - rem = nbytes ? omin(nbytes, obj_size - offset) : obj_size - offset; /* @@ -668,11 +652,23 @@ retry_space: SOCKBUF_UNLOCK(>so_snd); /* - * Reduce space in the socket buffer by the size of - * the header mbuf chain. - * hdrlen is set to 0 after the first loop. + * At the beginning of the first loop check if any headers + * are specified and copy them into mbufs. Reduce space in + * the socket buffer by the size of the header mbuf chain. + * Clear hdr_uio here and hdrlen at the end of the first loop. */ - space -= hdrlen; + if (hdr_uio != NULL) { + hdr_uio->uio_td = td; + hdr_uio->uio_rw = UIO_WRITE; + /* QQQGL remove counter */ + if (space < hdr_uio->uio_resid) +counter_u64_add(sf_long_headers, 1); + hdr_uio->uio_resid = min(hdr_uio->uio_resid, space); + mh = m_uiotombuf(hdr_uio, M_WAITOK, 0, 0, 0); + hdrlen = m_length(mh, ); + space -= hdrlen; + hdr_uio = NULL; + } if (vp != NULL) { error = vn_lock(vp, LK_SHARED); @@ -944,6 +940,17 @@ sendfile(struct thread *td, struct sendfile_args * _uio); if (error != 0) goto out; + /* + * In FBSD < 5.0 the nbytes to send also included + * the header. If compat is specified subtract the + * header size from nbytes. + */ + if (compat) { +if (uap->nbytes > hdr_uio->uio_resid) + uap->nbytes -= hdr_uio->uio_resid; +else + uap->nbytes = 0; + } } if (hdtr.trailers != NULL) { error = copyinuio(hdtr.trailers, hdtr.trl_cnt, @@ -965,7 +972,7 @@ sendfile(struct thread *td, struct sendfile_args * } error = fo_sendfile(fp, uap->s, hdr_uio, trl_uio, uap->offset, - uap->nbytes, , uap->flags, compat ?
Re: CURRENT r296381 panic in vn_sendfile (/usr/src/sys/kern/kern_sendfile.c:833)
Vitalij, can you please try with this patch? On Fri, Mar 04, 2016 at 02:40:54PM +0200, Vitalij Satanivskij wrote: V> Hello. V> V> I get kernel panic on high loaded server with messages V> V> savecore: reboot after panic: V>vn_sendfile: mlen 326 space -20 hdrlen 326 V> V> V> # kgdb kernel.debug /var/crash/vmcore.0 V> V> Unread portion of the kernel message buffer: V> panic: vn_sendfile: mlen 326 space -20 hdrlen 326 V> cpuid = 5 V> KDB: stack backtrace: V> db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfe20206314f0 V> vpanic() at vpanic+0x182/frame 0xfe2020631570 V> kassert_panic() at kassert_panic+0x126/frame 0xfe20206315e0 V> vn_sendfile() at vn_sendfile+0x14ca/frame 0xfe2020631900 V> sys_sendfile() at sys_sendfile+0x11e/frame 0xfe20206319a0 V> amd64_syscall() at amd64_syscall+0x2db/frame 0xfe2020631ab0 V> Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfe2020631ab0 V> --- syscall (393, FreeBSD ELF64, sys_sendfile), rip = 0x801ef062a, rsp = 0x7fffd8d8, rbp = 0x7fffe1d0 --- V> KDB: enter: panic V> V> Reading symbols from /boot/kernel/zfs.ko...Reading symbols from /usr/lib/debug//boot/kernel/zfs.ko.debug...done. V> done. V> Loaded symbols for /boot/kernel/zfs.ko V> Reading symbols from /boot/kernel/opensolaris.ko...Reading symbols from /usr/lib/debug//boot/kernel/opensolaris.ko.debug...done. V> done. V> Loaded symbols for /boot/kernel/opensolaris.ko V> Reading symbols from /boot/kernel/carp.ko...Reading symbols from /usr/lib/debug//boot/kernel/carp.ko.debug...done. V> done. V> Loaded symbols for /boot/kernel/carp.ko V> Reading symbols from /boot/kernel/ums.ko...Reading symbols from /usr/lib/debug//boot/kernel/ums.ko.debug...done. V> done. V> Loaded symbols for /boot/kernel/ums.ko V> Reading symbols from /boot/kernel/tmpfs.ko...Reading symbols from /usr/lib/debug//boot/kernel/tmpfs.ko.debug...done. V> done. V> Loaded symbols for /boot/kernel/tmpfs.ko V> #0 doadump (textdump=0) at pcpu.h:221 V> 221 __asm("movq %%gs:%1,%0" : "=r" (td) V> (kgdb) bt V> #0 doadump (textdump=0) at pcpu.h:221 V> #1 0x80384a0b in db_dump (dummy=, dummy2=false, dummy3=0, dummy4=0x0) at /usr/src/sys/ddb/db_command.c:533 V> #2 0x803847fe in db_command (cmd_table=0x0) at /usr/src/sys/ddb/db_command.c:440 V> #3 0x80384594 in db_command_loop () at /usr/src/sys/ddb/db_command.c:493 V> #4 0x8038702b in db_trap (type=, code=0) at /usr/src/sys/ddb/db_main.c:251 V> #5 0x80a656e3 in kdb_trap (type=3, code=0, tf=) at /usr/src/sys/kern/subr_kdb.c:654 V> #6 0x80ea1298 in trap (frame=0xfe2020631420) at /usr/src/sys/amd64/amd64/trap.c:556 V> #7 0x80e81a77 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:234 V> #8 0x80a64dcb in kdb_enter (why=0x813b6c2f "panic", msg=0x80 ) at cpufunc.h:63 V> #9 0x80a27b5f in vpanic (fmt=, ap=) at /usr/src/sys/kern/kern_shutdown.c:750 V> #10 0x80a279b6 in kassert_panic (fmt=) at /usr/src/sys/kern/kern_shutdown.c:647 V> #11 0x80a25efa in vn_sendfile (fp=, sockfd=1619, hdr_uio=, trl_uio=0x0, offset=0, V> nbytes=, sent=, flags=, kflags=, td=0xa8) V> at /usr/src/sys/kern/kern_sendfile.c:833 V> #12 0x80a2641e in sys_sendfile (td=0xf80253593000, uap=0xfe2020631a40) at file.h:382 V> #13 0x80ea214b in amd64_syscall (td=0xf80253593000, traced=0) at subr_syscall.c:135 V> #14 0x80e81d5b in Xfast_syscall () at /usr/src/sys/amd64/amd64/exception.S:394 V> #15 0x000801ef062a in ?? () V> Previous frame inner to this frame (corrupt stack?) V> Current language: auto; currently minimal V> (kgdb) list *0x80a25efa V> 0x80a25efa is in vn_sendfile (/usr/src/sys/kern/kern_sendfile.c:833). V> 828 free(sfio, M_TEMP); V> 829 goto done; V> 830 } V> 831 V> 832 /* Add the buffer chain to the socket buffer. */ V> 833 KASSERT(m_length(m, NULL) == space + hdrlen, V> 834 ("%s: mlen %u space %d hdrlen %d", V> 835 __func__, m_length(m, NULL), space, hdrlen)); V> 836 V> 837 CURVNET_SET(so->so_vnet); V> V> V> System have 128Gb memory V> zfs as FS V> DB's worked on it and web pages served by this server. V> V> core saved. V> panic periodicaly repeted (few hours -- up to few days) V> V> Before this, old current (about two year old CURRENT ) work on this server without crashes. V> V> Can anybody point me to way of more complex problem diagnostic or any other useful things V> V> Thank you. V> V> V> V> V> V> ___ V> freebsd-current@freebsd.org mailing list V> https://lists.freebsd.org/mailman/listinfo/freebsd-current V> To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" -- Totus tuus, Glebius. Index: kern_sendfile.c
CURRENT r296381 panic in vn_sendfile (/usr/src/sys/kern/kern_sendfile.c:833)
Hello. I get kernel panic on high loaded server with messages savecore: reboot after panic: vn_sendfile: mlen 326 space -20 hdrlen 326 # kgdb kernel.debug /var/crash/vmcore.0 Unread portion of the kernel message buffer: panic: vn_sendfile: mlen 326 space -20 hdrlen 326 cpuid = 5 KDB: stack backtrace: db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfe20206314f0 vpanic() at vpanic+0x182/frame 0xfe2020631570 kassert_panic() at kassert_panic+0x126/frame 0xfe20206315e0 vn_sendfile() at vn_sendfile+0x14ca/frame 0xfe2020631900 sys_sendfile() at sys_sendfile+0x11e/frame 0xfe20206319a0 amd64_syscall() at amd64_syscall+0x2db/frame 0xfe2020631ab0 Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfe2020631ab0 --- syscall (393, FreeBSD ELF64, sys_sendfile), rip = 0x801ef062a, rsp = 0x7fffd8d8, rbp = 0x7fffe1d0 --- KDB: enter: panic Reading symbols from /boot/kernel/zfs.ko...Reading symbols from /usr/lib/debug//boot/kernel/zfs.ko.debug...done. done. Loaded symbols for /boot/kernel/zfs.ko Reading symbols from /boot/kernel/opensolaris.ko...Reading symbols from /usr/lib/debug//boot/kernel/opensolaris.ko.debug...done. done. Loaded symbols for /boot/kernel/opensolaris.ko Reading symbols from /boot/kernel/carp.ko...Reading symbols from /usr/lib/debug//boot/kernel/carp.ko.debug...done. done. Loaded symbols for /boot/kernel/carp.ko Reading symbols from /boot/kernel/ums.ko...Reading symbols from /usr/lib/debug//boot/kernel/ums.ko.debug...done. done. Loaded symbols for /boot/kernel/ums.ko Reading symbols from /boot/kernel/tmpfs.ko...Reading symbols from /usr/lib/debug//boot/kernel/tmpfs.ko.debug...done. done. Loaded symbols for /boot/kernel/tmpfs.ko #0 doadump (textdump=0) at pcpu.h:221 221 __asm("movq %%gs:%1,%0" : "=r" (td) (kgdb) bt #0 doadump (textdump=0) at pcpu.h:221 #1 0x80384a0b in db_dump (dummy=, dummy2=false, dummy3=0, dummy4=0x0) at /usr/src/sys/ddb/db_command.c:533 #2 0x803847fe in db_command (cmd_table=0x0) at /usr/src/sys/ddb/db_command.c:440 #3 0x80384594 in db_command_loop () at /usr/src/sys/ddb/db_command.c:493 #4 0x8038702b in db_trap (type=, code=0) at /usr/src/sys/ddb/db_main.c:251 #5 0x80a656e3 in kdb_trap (type=3, code=0, tf=) at /usr/src/sys/kern/subr_kdb.c:654 #6 0x80ea1298 in trap (frame=0xfe2020631420) at /usr/src/sys/amd64/amd64/trap.c:556 #7 0x80e81a77 in calltrap () at /usr/src/sys/amd64/amd64/exception.S:234 #8 0x80a64dcb in kdb_enter (why=0x813b6c2f "panic", msg=0x80 ) at cpufunc.h:63 #9 0x80a27b5f in vpanic (fmt=, ap=) at /usr/src/sys/kern/kern_shutdown.c:750 #10 0x80a279b6 in kassert_panic (fmt=) at /usr/src/sys/kern/kern_shutdown.c:647 #11 0x80a25efa in vn_sendfile (fp=, sockfd=1619, hdr_uio=, trl_uio=0x0, offset=0, nbytes=, sent=, flags=, kflags=, td=0xa8) at /usr/src/sys/kern/kern_sendfile.c:833 #12 0x80a2641e in sys_sendfile (td=0xf80253593000, uap=0xfe2020631a40) at file.h:382 #13 0x80ea214b in amd64_syscall (td=0xf80253593000, traced=0) at subr_syscall.c:135 #14 0x80e81d5b in Xfast_syscall () at /usr/src/sys/amd64/amd64/exception.S:394 #15 0x000801ef062a in ?? () Previous frame inner to this frame (corrupt stack?) Current language: auto; currently minimal (kgdb) list *0x80a25efa 0x80a25efa is in vn_sendfile (/usr/src/sys/kern/kern_sendfile.c:833). 828 free(sfio, M_TEMP); 829 goto done; 830 } 831 832 /* Add the buffer chain to the socket buffer. */ 833 KASSERT(m_length(m, NULL) == space + hdrlen, 834 ("%s: mlen %u space %d hdrlen %d", 835 __func__, m_length(m, NULL), space, hdrlen)); 836 837 CURVNET_SET(so->so_vnet); System have 128Gb memory zfs as FS DB's worked on it and web pages served by this server. core saved. panic periodicaly repeted (few hours -- up to few days) Before this, old current (about two year old CURRENT ) work on this server without crashes. Can anybody point me to way of more complex problem diagnostic or any other useful things Thank you. ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"