Re: repeatable panic - ffs_blkfree: freeing free block

From: Don Lewis <truckman_at_FreeBSD.org> Date: Thu, 13 Jan 2005 19:25:59 -0800 (PST) · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:26 UTC

On 13 Jan, Don Lewis wrote:
> I'm getting a repeatable panic when trying to build openoffice with a
> 2005-01-12 kernel and world.  I manually fsck'ed the file system
> immediately before the build.  The first panic happened during the
> patching phase of the build.  I tried again and this time the panic
> happened during configuration.
> 
> dev = da0s2a, block = 5090392, fs = /mnt
> panic: ffs_blkfree: freeing free block
> cpuid = 0
> KDB: enter: panic
> [thread pid 55 tid 100043 ]
> Stopped at      kdb_enter+0x2c: leave   
> db> tr
> Tracing pid 55 tid 100043 td 0xc22fa450
> kdb_enter(c0848a40,100,c22fa450,1361b80,4b5) at kdb_enter+0x2c
> panic(c085f39d,c085f37d,c26cc280,4dac58,0) at panic+0x17f
> ffs_blkfree(c2863800,c2987114,4dac58,0,4000) at ffs_blkfree+0x3a0
> indir_trunc(136b060,0,0,c,0,e4d5bc4c) at indir_trunc+0x1bf
> handle_workitem_freeblocks(0,0,0,1,0) at handle_workitem_freeblocks+0x2e6
> process_worklist_item(41e7112d,0,0,c247d2bc,23) at process_worklist_item+0x1c0
> softdep_process_worklist(0,29,41e7112d,1,0) at softdep_process_worklist+0x66
> sched_sync(0,e4d5bd48,0,c0677b60,0) at sched_sync+0x3b2
> fork_exit(c0677b60,0,e4d5bd48) at fork_exit+0x7e
> fork_trampoline() at fork_trampoline+0x8
> --- trap 0x1, eip = 0, esp = 0xe4d5bd7c, ebp = 0 ---
> 
> The kernel was built with INVARIANTS, WITNESS, and DEBUG_VFS_LOCKS.
> 
> I was able to get a crash dump from the first panic, so at least doadump
> works for me.
> 
> After the crash, fsck reports some unexpected damage:
> 	PARTIALLY TRUNCATED INODE I=127552
> but this inode doesn't seem to be associated with the block number in
> the panic message.
> % fsdb /dev/da0s2a
> ** /dev/da0s2a (NO WRITE)
> Editing file system `/dev/da0s2a'
> Last Mounted on /mnt
> current inode: directory
> I=2 MODE=40755 SIZE=512
>         MTIME=Feb 14 11:55:43 2004 [0 nsec]
>         CTIME=Feb 14 11:55:43 2004 [0 nsec]
>         ATIME=Jan 13 16:15:58 2005 [0 nsec]
> OWNER=root GRP=wheel LINKCNT=7 FLAGS=0 BLKCNT=4 GEN=53557245
> fsdb (inum: 2)> inode 127552
> current inode: regular file
> I=127552 MODE=100644 SIZE=1932
>         MTIME=Dec 22 07:47:38 2003 [0 nsec]
>         CTIME=Dec 22 07:47:38 2003 [0 nsec]
>         ATIME=Dec 22 07:57:30 2003 [0 nsec]
> OWNER=root GRP=wheel LINKCNT=1 FLAGS=0 BLKCNT=4 GEN=1442a6af
> fsdb (inum: 127552)> blocks
> Blocks for inode 127552:
> Direct blocks:
> 533086 (1 frag)

Some other interesting bits of data:

    The file in question is
    /mnt/usr/ports/editors/openoffice-1.1/work/config_office/configure

    The inode number of this file is same as the inum parameter to
    ffs_blkfree().

    The panic occurs while this script is being executed.

    Some more of the fsck output:
	** /dev/da0s2a (NO WRITE)
	** Last Mounted on /mnt
	** Phase 1 - Check Blocks and Sizes
	PARTIALLY TRUNCATED INODE I=1275522
	SALVAGE? no

	INCORRECT BLOCK COUNT I=1275522 (416 should be 704)
	CORRECT? no

	INCORRECT BLOCK COUNT I=1282133 (704 should be 384)
	CORRECT? no

    It looks like inode 1282133 has been deleted because I can't
    find it in the file system tree.  If I use fsdb to find the
    first few block numbers and dump them out, I see the following:

# Generated by GNU Autoconf 2.59.
#
# Copyright (C) 2003 Free Software Foundation, Inc.
# This configure script is free software; the Free Software Foundation
# gives unlimited permission to copy, distribute and modify it.
## --------------------- ##
## M4sh Initialization.  ##
## --------------------- ##

# Be Bourne compatible
if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
  emulate sh
  NULLCMD=:
  # Zsh 3.x and 4.x performs word splitting on ${1+"$_at_"}, which
  # is contrary to our usage.  Disable this feature.
  alias -g '${1+"$_at_"}'='"$_at_"'
elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
  set -o posix
fi
DUALCASE=1; export DUALCASE # for MKS sh

# Support unset when possible.
if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
  as_unset=unset
else
  as_unset=false
fi

# Work around bugs in pre-3.0 UWIN ksh.
$as_unset ENV MAIL MAILPATH
PS1='$ '
PS2='> '
PS4='+ '

# NLS nuisances.
for as_var in \
  LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \
  LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \
  LC_TELEPHONE LC_TIME
do
  if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
    eval $as_var=C; export $as_var
  else
    $as_unset $as_var
  fi
done
[snip]

    whereas .../work/config_office/configure starts out:

#! /bin/sh
# From configure.in Revision: 1.55.6.10  .
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.59.
#
# Copyright (C) 2003 Free Software Foundation, Inc.
# This configure script is free software; the Free Software Foundation
# gives unlimited permission to copy, distribute and modify it.
## --------------------- ##
## M4sh Initialization.  ##
## --------------------- ##

# Be Bourne compatible
if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
  emulate sh
  NULLCMD=:
  # Zsh 3.x and 4.x performs word splitting on ${1+"$_at_"}, which
  # is contrary to our usage.  Disable this feature.
  alias -g '${1+"$_at_"}'='"$_at_"'
elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then
  set -o posix
fi
DUALCASE=1; export DUALCASE # for MKS sh

# Support unset when possible.
if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
  as_unset=unset
else
  as_unset=false
fi

# Work around bugs in pre-3.0 UWIN ksh.
$as_unset ENV MAIL MAILPATH
PS1='$ '
PS2='> '
PS4='+ '

# NLS nuisances.
for as_var in \
  LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \
  LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \
  LC_TELEPHONE LC_TIME
do
  if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then
    eval $as_var=C; export $as_var
  else
    $as_unset $as_var
  fi
done

It looks like the configure script has just been regenerated and a bug
is being triggered by executing the script shortly after the script file
was regenerated and before softupdates has flushed the changes to disk.

I cleaned things up and ran "make extract".  I don't see anything that
has the contents seen in inode 1282133, so I suspect it is a temporary
file.  The configure script starts off:

#! /bin/sh
# From configure.in Revision: 1.55.6.9.4.2  .
[snip]

so the configure script is definitely being regenerated (and the
configure.in script is  $Revision: 1.55.6.10).

The file system in question is UFS2 with the default 16K/2K
block/fragment sizes.