NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kern/59663: ffs_snapshot_read -> uvm_fault (or pool page empty) doing dump/restore with snapshot

The following reply was made to PR kern/59663; it has been noted by GNATS.

From: Henryk Paluch <hpaluch%seznam.cz@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: kern/59663: ffs_snapshot_read -> uvm_fault (or pool page empty)
 doing dump/restore with snapshot
Date: Thu, 25 Sep 2025 16:40:31 +0200

 Building my own kernel with netbsd.gdb I was able to get full backtrace 
 with source lines. Just enabled:
 
 options       DEBUG           # expensive debugging checks/support
 options       LOCKDEBUG       # expensive locking checks/support
 
 Source code is: 
 https://nycdn.netbsd.org/pub/NetBSD-daily/netbsd-11/20250916040529Z/source/sets/syssrc.tgz
 MD5: MD5 (syssrc.tgz) = 35f104087fa2eab6ef7804f411c529cf
 
 uname -a: NetBSD nbsd-crash3.example.com 11.0_BETA NetBSD 11.0_BETA (HP) 
 #0: Wed Sep 24 20:47:28 CEST 2025 
 root%nbsd-crash3.example.com@localhost:/usr/src/sys/arch/amd64/compile/HP amd64
 
 Commands quickly leading to panic (few seconds):
 
 fssconfig -cx fss0 / /root/backup
 dd if=/dev/fss0 of=/dev/null bs=1024k
 
 [  34.9028584] panic: kernel diagnostic assertion "(i * BITMAP_SIZE) < 
 pp->pr_itemsperpage" failed: file "../../../../kern/subr_pool.c", line 450
 [  34.9129630] cpu1: Begin traceback...
 [  34.9129630] vpanic() at netbsd:vpanic+0x171
 [  34.9129630] kern_assert() at netbsd:kern_assert+0x4b
 [  34.9129630] pool_get() at netbsd:pool_get+0x496
 [  34.9129630] allocbuf() at netbsd:allocbuf+0x113
 [  34.9129630] getblk() at netbsd:getblk+0x18c
 [  34.9129630] bio_doread() at netbsd:bio_doread+0x1d
 [  34.9129630] breadn() at netbsd:breadn+0x24
 [  34.9230632] ffs_snapshot_read() at netbsd:ffs_snapshot_read+0x1b2
 [  34.9230632] VOP_READ() at netbsd:VOP_READ+0x42
 [  34.9230632] vn_rdwr() at netbsd:vn_rdwr+0xf1
 [  34.9230632] fss_bs_io() at netbsd:fss_bs_io+0x89
 [  34.9230632] fss_bs_thread() at netbsd:fss_bs_thread+0x50f
 [  34.9230632] cpu1: End traceback...
 [  34.9230632] fatal breakpoint trap in supervisor mode
 [  34.9230632] trap type 1 code 0 rip 0xffffffff8023541d cs 0x8 rflags 
 0x202 cr2 0x764ef540bce0 ilevel 0 rsp 0xffffcf0154c99b70
 [  34.9331650] curlwp 0xffff8591f760f000 pid 0.1320 lowest kstack 
 0xffffcf0154c952c0
 
 Stacktrace from gdb:
 
 Reading symbols from /usr/src/sys/arch/amd64/compile/HP/netbsd.gdb...
 +target kvm netbsd.0.core
 0xffffffff80239b95 in cpu_reboot (howto=howto@entry=256, 
 bootstr=bootstr@entry=0x0) at ../../../../arch/amd64/amd64/machdep.c:709
 709			dumpsys();
 +bt
 #0  0xffffffff80239b95 in cpu_reboot (howto=howto@entry=256, 
 bootstr=bootstr@entry=0x0) at ../../../../arch/amd64/amd64/machdep.c:709
 #1  0xffffffff80df1efe in kern_reboot (howto=howto@entry=256, 
 bootstr=bootstr@entry=0x0) at ../../../../kern/kern_reboot.c:91
 #2  0xffffffff80b6c1d4 in db_sync_cmd (addr=<optimized out>, 
 have_addr=<optimized out>, count=<optimized out>, modif=<optimized out>) 
 at ../../../../ddb/db_command.c:1651
 #3  0xffffffff80b6c9c4 in db_command 
 (last_cmdp=last_cmdp@entry=0xffffffff81a74220 <db_last_command>) at 
 ../../../../ddb/db_command.c:970
 #4  0xffffffff80b6ce53 in db_command_loop () at 
 ../../../../ddb/db_command.c:629
 #5  0xffffffff80b7119d in db_trap (type=type@entry=1, code=code@entry=0) 
 at ../../../../ddb/db_trap.c:91
 #6  0xffffffff80236a1b in kdb_trap (type=type@entry=1, 
 code=code@entry=0, regs=regs@entry=0xffffcf0154c99a80) at 
 ../../../../arch/amd64/amd64/db_interface.c:251
 #7  0xffffffff8023bf96 in trap (frame=0xffffcf0154c99a80) at 
 ../../../../arch/amd64/amd64/trap.c:314
 #8  0xffffffff80234ad4 in alltraps ()
 #9  0xffffffff8023541d in breakpoint ()
 #10 0xffffffff80e3a289 in vpanic (fmt=0xffffffff8162d8f8 "kernel 
 %sassertion \"%s\" failed: file \"%s\", line %d ", 
 ap=ap@entry=0xffffcf0154c99bb8) at ../../../../kern/subr_prf.c:286
 #11 0xffffffff8100c76e in kern_assert (fmt=fmt@entry=0xffffffff8162d8f8 
 "kernel %sassertion \"%s\" failed: file \"%s\", line %d ") at 
 ../../../../../../lib/libkern/kern_assert.c:51
 #12 0xffffffff80e34f33 in pr_item_bitmap_get (ph=0xffffcf0144320000, 
 pp=0xffffffff81b9c790 <bmempools+1840>) at ../../../../kern/subr_pool.c:450
 #13 pool_get (pp=pp@entry=0xffffffff81b9c790 <bmempools+1840>, 
 flags=flags@entry=2) at ../../../../kern/subr_pool.c:1217
 #14 0xffffffff80e8fca1 in buf_alloc (size=<optimized out>) at 
 ../../../../kern/vfs_bio.c:652
 #15 allocbuf (bp=bp@entry=0xffff8591dc3211b0, size=size@entry=16384, 
 preserve=preserve@entry=0) at ../../../../kern/vfs_bio.c:1337
 #16 0xffffffff80e90cb3 in getblk (vp=vp@entry=0xffff8591f190d840, 
 blkno=16516, size=size@entry=16384, slpflag=slpflag@entry=0, 
 slptimeo=slptimeo@entry=0) at ../../../../kern/vfs_bio.c:1262
 #17 0xffffffff80e90f05 in bio_doread (vp=vp@entry=0xffff8591f190d840, 
 blkno=<optimized out>, size=size@entry=16384, async=async@entry=0) at 
 ../../../../kern/vfs_bio.c:692
 #18 0xffffffff80e9115e in breadn (vp=vp@entry=0xffff8591f190d840, 
 blkno=<optimized out>, size=size@entry=16384, 
 rablks=rablks@entry=0xffffcf0154c99dd8, 
 rasizes=rasizes@entry=0xffffcf0154c99dcc, nrablks=nrablks@entry=1, 
 flags=flags@entry=0, bpp=bpp@entry=0xffffcf0154c99dd0) at 
 ../../../../kern/vfs_bio.c:783
 #19 0xffffffff80d2bef4 in ffs_snapshot_read (vp=0xffff8591f190d840, 
 uio=0xffffcf0154c99e90, ioflag=<optimized out>) at 
 ../../../../ufs/ffs/ffs_snapshot.c:2104
 #20 0xffffffff80ebe5b2 in VOP_READ (vp=0xffff8591f190d840, 
 uio=<optimized out>, ioflag=<optimized out>, cred=<optimized out>) at 
 ../../../../kern/vnode_if.c:785
 #21 0xffffffff80eb5737 in vn_rdwr (rw=rw@entry=UIO_READ, 
 vp=0xffff8591f190d840, base=base@entry=0xffff8591dba51000, 
 len=len@entry=2048, offset=offset@entry=270600192, 
 segflg=segflg@entry=UIO_SYSSPACE, ioflg=ioflg@entry=129, 
 cred=0xffff8591f8725040, aresid=0xffffcf0154c99fb8, l=0x0) at 
 ../../../../kern/vfs_vnops.c:558
 #22 0xffffffff80edd2c6 in fss_bs_io (sc=sc@entry=0xffff8591f7380ac0, 
 rw=rw@entry=FSS_READ, cl=cl@entry=0, off=270600192, len=2048, 
 data=0xffff8591dba51000, resid=resid@entry=0xffffcf0154c99fb8) at 
 ../../../../dev/fss.c:1100
 #23 0xffffffff80eddb06 in fss_bs_thread (arg=0xffff8591f7380ac0) at 
 ../../../../dev/fss.c:1198
 #24 0xffffffff80210327 in lwp_trampoline ()
 #25 0x0000000000000000 in ?? ()
 +q
 
 Please note that quite often I get various uvm_traps when accessing pool 
 which often prevents me to dump core at all.
Home | Main Index | Thread Index | Old Index