NetBSD Problem Report #50381
From iamleot@gmail.com Thu Oct 29 15:00:36 2015
Return-Path: <iamleot@gmail.com>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
by mollari.NetBSD.org (Postfix) with ESMTPS id 86AE2A567D
for <gnats-bugs@gnats.NetBSD.org>; Thu, 29 Oct 2015 15:00:36 +0000 (UTC)
Message-Id: <5632348e.a7f3c20a.92471.ffffb01e@mx.google.com>
Date: Thu, 29 Oct 2015 16:00:16 +0100
From: Leonardo Taccari <iamleot@gmail.com>
Reply-To: iamleot@gmail.com
To: gnats-bugs@NetBSD.org
Subject: Exhausting tmpfs filesystem: kernel diagnostic assertion "de->td_node == NULL" failed
X-Send-Pr-Version: 3.95
>Number: 50381
>Category: kern
>Synopsis: Exhausting tmpfs filesystem: kernel diagnostic assertion "de->td_node == NULL" failed
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Oct 29 15:05:00 +0000 2015
>Closed-Date: Sun Nov 08 14:56:49 +0000 2015
>Last-Modified: Sun Nov 08 14:56:49 +0000 2015
>Originator: Leonardo Taccari
>Release: NetBSD 7.99.21
>Organization:
Università Politecnica delle Marche
>Environment:
System: NetBSD boh 7.99.21 NetBSD 7.99.21 (GENERIC) #51: Mon Oct 26 03:30:36 CET 2015 leot@boh:/usr/obj/sys/arch/amd64/compile/GENERIC amd64
Architecture: x86_64
Machine: amd64
>Description:
Exhausting a tmpfs filesystem can lead to kernel diagnostic assertion
"de->td_node == NULL" failed.
>How-To-Repeat:
Given a small enough tmpfs filesystem (256MB):
$ grep "\/tmp" /etc/fstab
tmpfs /tmp tmpfs rw,-m=1777,-s=268886016
...and a big enough tarball (that will fit in the tmpfs but will not fit
it when extracted):
$ cd /tmp
$ ftp 'http://download.documentfoundation.org/libreoffice/src/5.0.3/libreoffice-dictionaries-5.0.3.1.tar.xz'
$ tar xJf libreoffice-dictionaries-5.0.3.1.tar.xz
...will crash the system.
The respective crash(8) output:
$ crash -N netbsd.14 -M netbsd.14.core
Crash version 7.99.21, image version 7.99.21.
System panicked: kernel diagnostic assertion "de->td_node == NULL"
failed: file "/usr/src/sys/fs/tmpfs/tmpfs_subr.c", line 473
Backtrace from time of crash is available.
crash> bt
_KERNEL_OPT_NARCNET() at 0
_KERNEL_OPT_NARCNET() at 0
vpanic() at vpanic+0x141
kern_assert() at kern_assert+0x4f
tmpfs_free_dirent() at tmpfs_free_dirent+0x65
tmpfs_construct_node() at tmpfs_construct_node+0x2aa
VOP_MKDIR() at VOP_MKDIR+0x40
do_sys_mkdirat.constprop.4() at do_sys_mkdirat.constprop.4+0x193
syscall() at syscall+0xbe
--- syscall (number 136) ---
7f7ff70a759a:
If the filesystem is big enough I could not reproduce this problem.
The above problem can be reproduced (less intrusively) also via
rump_tmpfs(8):
# rump_tmpfs -m 1777 -s 256M tmpfs /home/leot/tmp/tmpfs
[...]
$ cp libreoffice-dictionaries-5.0.3.1.tar.xz ~leot/tmp/tmpfs
$ cd ~leot/tmp/tmpfs
$ tar xJf libreoffice-dictionaries-5.0.3.1.tar.xz
$ tar xJf libreoffice-dictionaries-5.0.3.1.tar.xz
tar: Failed write to file libreoffice-5.0.3.1/dictionaries/sk_SK/sk_SK.dic (No space left on device)
tar: Failed write to file libreoffice-5.0.3.1/dictionaries/sk_SK/release_en.txt (No space left on device)
tar: Failed write to file libreoffice-5.0.3.1/dictionaries/sk_SK/sk_SK.aff (No space left on device)
tar: Failed write to file libreoffice-5.0.3.1/dictionaries/sk_SK/release_sk.txt (No space left on device)
tar: Failed write to file libreoffice-5.0.3.1/dictionaries/ro/hyph_ro_RO.dic (No space left on device)
tar: Failed write to file libreoffice-5.0.3.1/dictionaries/ro/META-INF/manifest.xml (No space left on device)
tar: Failed write to file libreoffice-5.0.3.1/dictionaries/ro/description.xml (No space left on device)
tar: Failed write to file libreoffice-5.0.3.1/dictionaries/ro/COPYING.LGPL (No space left on device)
tar: Failed write to file libreoffice-5.0.3.1/dictionaries/ro/README_RO.txt (No space left on device)
tar: Cannot create libreoffice-5.0.3.1/dictionaries/ro/th_ro_RO_v2.dat.PgGSYE (Device not configured)
...and at the same time where I have invoked rump_tmpfs(8):
panic: kernel diagnostic assertion "de->td_node == NULL" failed: file "/usr/src/sys/rump/fs/lib/libtmpfs/../../../../fs/tmpfs/tmpfs_subr.c", line 473
rump kernel halting...
halted
(Possible) relevant lines of "bt full" output of the rump_tmpfs.core:
[...]
#4 0x00007f7ff68645e5 in vpanic (fmt=0x7f7ff7810310 "kernel %sassertion \"%s\" failed: file \"%s\", line %d ", ap=0x7f7fffffcc28)
at /usr/src/lib/librump/../../sys/rump/../kern/subr_prf.c:342
ci = <optimized out>
oci = <optimized out>
bootopt = 4
scratchstr = "kernel diagnostic assertion \"de->td_node == NULL\" failed: file \"/usr/src/sys/rump/fs/lib/libtmpfs/../../../../fs/tmpfs/tmpfs_subr.c\", line 473 ", '\000' <repeats 112 times>
#5 0x00007f7ff684e1f2 in kern_assert (fmt=<optimized out>) at /usr/src/lib/librump/../../sys/rump/../lib/libkern/kern_assert.c:51
---Type <return> to continue, or q <return> to quit---
ap = {{gp_offset = 40, fp_offset = 32639, overflow_arg_area = 0x7f7fffffcc80, reg_save_area = 0x7f7fffffcc40}}
#6 0x00007f7ff780d95e in tmpfs_free_dirent (tmp=0x7f7ff6f4e038, de=0x7f7fdfe416f0)
at /usr/src/sys/rump/fs/lib/libtmpfs/../../../../fs/tmpfs/tmpfs_subr.c:473
No locals.
#7 0x00007f7ff780f161 in tmpfs_construct_node (dvp=0x7f7fdf398718, vpp=0x7f7fffffcd78, vap=0x7f7fdf1d04a8, cnp=<optimized out>,
target=<optimized out>) at /usr/src/sys/rump/fs/lib/libtmpfs/../../../../fs/tmpfs/tmpfs_subr.c:406
tmp = 0x7f7ff6f4e038
dnode = 0x7f7fdf4b5680
node = 0x1c
de = 0x7f7fdfe416f0
wde = <optimized out>
slink = <optimized out>
ssize = <optimized out>
error = 28
#8 0x00007f7ff6857a5e in VOP_CREATE (dvp=0x7f7fdf398718, vpp=0x7f7fffffcd78, cnp=<optimized out>, vap=<optimized out>)
at /usr/src/lib/librump/../../sys/rump/../kern/vnode_if.c:158
error = <optimized out>
mpsafe = <optimized out>
a = {a_desc = 0x7f7ff6ad65c0 <rumpns_vop_create_desc>, a_dvp = 0x7f7fdf398718, a_vpp = 0x7f7fffffcd78, a_cnp = 0x7f7ff7bbd3f0,
a_vap = 0x7f7fdf1d04a8}
#9 0x00007f7ff6c19c68 in RUMP_VOP_CREATE (dvp=dvp@entry=0x7f7fdf398718, vpp=vpp@entry=0x7f7fffffcd78, cnp=cnp@entry=0x7f7ff7bbd3f0,
vap=vap@entry=0x7f7fdf1d04a8) at /usr/src/lib/librumpvfs/../../sys/rump/librump/rumpvfs/rumpvnode_if.c:89
error = <optimized out>
#10 0x00007f7ff7404d18 in do_makenode (pu=<optimized out>, pni=0x7f7fffffce70, pcn=<optimized out>, vap=0x7f7fdf1d04a8,
link_target=link_target@entry=0x0, makefn=0x7f7ff6c19c40 <RUMP_VOP_CREATE>, symfn=symfn@entry=0x0, p2n_dir=<optimized out>)
at /usr/src/lib/libp2k/p2k.c:802
p2m = 0x7f7ff7b09000
dvp = 0x7f7fdf398718
p2n = 0x7f7fdf38f100
cn = 0x7f7ff7bbd3f0
va_x = 0x7f7fdf1d04a8
vp = 0x0
rv = <optimized out>
[...]
Please let me know if more information is needed.
>Fix:
N/A
>Release-Note:
>Audit-Trail:
From: "Leonardo Taccari" <leot@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/50381 CVS commit: src/sys/fs/tmpfs
Date: Thu, 29 Oct 2015 16:19:44 +0000
Module Name: src
Committed By: leot
Date: Thu Oct 29 16:19:44 UTC 2015
Modified Files:
src/sys/fs/tmpfs: tmpfs_subr.c
Log Message:
Make sure that nde->td_node is NULL for asserts.
Thanks and from Mindaugas Rasiukevicius.
Fixes PR kern/50381.
To generate a diff of this commit:
cvs rdiff -u -r1.100 -r1.101 src/sys/fs/tmpfs/tmpfs_subr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->pending-pullups
State-Changed-By: leot@NetBSD.org
State-Changed-When: Tue, 03 Nov 2015 18:23:07 +0000
State-Changed-Why:
pullup-7 #1023
From: "Jeff Rizzo" <riz@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/50381 CVS commit: [netbsd-7] src/sys/fs/tmpfs
Date: Sun, 8 Nov 2015 01:26:56 +0000
Module Name: src
Committed By: riz
Date: Sun Nov 8 01:26:56 UTC 2015
Modified Files:
src/sys/fs/tmpfs [netbsd-7]: tmpfs_subr.c
Log Message:
Pull up following revision(s) (requested by leot in ticket #1023):
sys/fs/tmpfs/tmpfs_subr.c: revision 1.101
Make sure that nde->td_node is NULL for asserts.
Thanks and from Mindaugas Rasiukevicius.
Fixes PR kern/50381.
To generate a diff of this commit:
cvs rdiff -u -r1.96.4.1 -r1.96.4.2 src/sys/fs/tmpfs/tmpfs_subr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Jeff Rizzo" <riz@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/50381 CVS commit: [netbsd-7-0] src/sys/fs/tmpfs
Date: Sun, 8 Nov 2015 01:27:10 +0000
Module Name: src
Committed By: riz
Date: Sun Nov 8 01:27:10 UTC 2015
Modified Files:
src/sys/fs/tmpfs [netbsd-7-0]: tmpfs_subr.c
Log Message:
Pull up following revision(s) (requested by leot in ticket #1023):
sys/fs/tmpfs/tmpfs_subr.c: revision 1.101
Make sure that nde->td_node is NULL for asserts.
Thanks and from Mindaugas Rasiukevicius.
Fixes PR kern/50381.
To generate a diff of this commit:
cvs rdiff -u -r1.96.4.1 -r1.96.4.1.2.1 src/sys/fs/tmpfs/tmpfs_subr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: pending-pullups->closed
State-Changed-By: leot@NetBSD.org
State-Changed-When: Sun, 08 Nov 2015 14:56:49 +0000
State-Changed-Why:
Jeff pulled it up to netbsd-7 and netbsd-7-0.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home