Re: softdep panic

On Mon, 17 Jan 2005, Peter Edwards wrote:
> I haven't seen this one reported, so this is just a datapoint. I was
> running in X, no dump, no traceback: just the following left in the
> message buffer after reboot:
>
> panic: softdep_setup_inomapdep: found inode
> KDB: enter: panic
>
> Followed by a hundred or so instances of the following, with various
> values for sp/fp:
> Fatal trap 3: breakpoint instruction fault while in kernel mode
> instruction pointer     = 0x8:0xc04b49b4
> stack pointer           = 0x10:0xda60777c
> frame pointer           = 0x10:0xda60777c
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                        = DPL 0, pres 1, def32 1, gran 1
> processor eflags        = interrupt enabled, IOPL = 0
> current process         = 23309 (vim)
> trap number             = 3
> panic: breakpoint instruction fault
> KDB: enter: panic
>
> This was with a kernel from sources in or around the 11th/12th, and
> its using vfs_subr 1.559, so predates the bug phk says was introduced
> in 1.561.
> This is a UP system with SCHED_ULE and PREEMPTION, with WITNESS disabled.

   I ran into the same panic with -CURRENT cvsup'ed around Jan-10-2005.
It's An UP system with SCHED_4BSD, no PREEMPTION, no WITNESS. If I
remembered correctly, the panic was triggered by making module(which
creates symlink) on a filesystem where the background fsck is running on.

#0  doadump () at pcpu.h:159
#1  0xc045568a in db_fncall (dummy1=-1067591643, dummy2=0, dummy3=-422627384,
     dummy4=0xe6cf3760 "\2247盻") at ../../../ddb/db_command.c:531
#2  0xc0455a20 in db_command_loop () at ../../../ddb/db_command.c:349
#3  0xc0457474 in db_trap (type=3, code=0) at ../../../ddb/db_main.c:221
#4  0xc04f9e82 in kdb_trap (type=3, code=0, tf=0xe6cf3888)
     at ../../../kern/subr_kdb.c:421
#5  0xc05f0e10 in trap (frame=
       {tf_fs = 24, tf_es = 16, tf_ds = 16, tf_edi = 1, tf_esi = 1, tf_ebp = -422627128, tf_isp = -422627148, tf_ebx = -422627084, tf_edx = -1067328525, tf_ecx = -1067012256, tf_eax = -1067322373, tf_trapno = 3, tf_err = 0, tf_eip = -1068524868, tf_cs = 8, tf_eflags = 646, tf_esp = -422627096, tf_ss = -1068628830})
     at ../../../i386/i386/trap.c:573
#6  0xc05df29a in calltrap () at ../../../i386/i386/exception.s:139
#7  0x00000018 in ?? ()
#8  0x00000010 in ?? ()
#9  0x00000010 in ?? ()
#10 0x00000001 in ?? ()
#11 0x00000001 in ?? ()
#12 0xe6cf38c8 in ?? ()
#13 0xe6cf38b4 in ?? ()
#14 0xe6cf38f4 in ?? ()
#15 0xc061dbf3 in ?? ()
#16 0xc066af60 in shutdown_howto ()
#17 0xc061f3fb in ?? ()
#18 0x00000003 in ?? ()
#19 0x00000000 in ?? ()
#20 0xc04f9abc in kdb_enter (msg=0x0) at cpufunc.h:56
#21 0xc04e04a2 in panic (fmt=0x1 <Address 0x1 out of bounds>)
     at ../../../kern/kern_shutdown.c:538
#22 0xc058b732 in softdep_setup_inomapdep (bp=0xd5f357a8, ip=0x0,
     newinum=70995) at ../../../ufs/ffs/ffs_softdep.c:1279
#23 0xc057768a in ffs_nodealloccg (ip=0xc26b271c, cg=3, ipref=339, mode=41453)
     at ../../../ufs/ffs/ffs_alloc.c:1634
#24 0xc057646c in ffs_hashalloc (ip=0xc26b271c, cg=3, pref=72997, size=41453,
     allocator=0xc0577338 <ffs_nodealloccg>)
     at ../../../ufs/ffs/ffs_alloc.c:1178
#25 0xc0576b26 in ffs_valloc (pvp=0xc26a8564, mode=41453, cred=0xc268d680,
     vpp=0xe6cf3a54) at ../../../ufs/ffs/ffs_alloc.c:880
#26 0xc059fb72 in ufs_makeinode (mode=41453, dvp=0xc26a8564, vpp=0xe6cf3c1c,
     cnp=0xe6cf3c30) at ../../../ufs/ufs/ufs_vnops.c:2218
#27 0xc05a0e24 in ufs_symlink (ap=0xe6cf3bc8)
     at ../../../ufs/ufs/ufs_vnops.c:1750
#28 0xc0540217 in kern_symlink (td=0xe6cf3be8,
     path=0xbfbfe912 <Address 0xbfbfe912 out of bounds>, link=0x0,
     segflg=UIO_USERSPACE) at vnode_if.h:1074
#29 0xc05402b5 in symlink (td=0xc26b72e0, uap=0x0)
     at ../../../kern/vfs_syscalls.c:1448
#30 0xc05f12b3 in syscall (frame=
       {tf_fs = 47, tf_es = 47, tf_ds = 47, tf_edi = 0, tf_esi = -1077941998, tf_ebp = -1077942552, tf_isp = -422625932, tf_ebx = -1077941985, tf_edx = 0, tf_ecx = 2, tf_eax = 57, tf_trapno = 12, tf_err = 2, tf_eip = 671877051, tf_cs = 31, tf_eflags = 658, tf_esp = -1077943716, tf_ss = 47})
     at ../../../i386/i386/trap.c:951
#31 0xc05df2ef in Xint0x80_syscall () at ../../../i386/i386/exception.s:200
#32 0x0000002f in ?? ()
#33 0x0000002f in ?? ()
#34 0x0000002f in ?? ()
#35 0x00000000 in ?? ()
#36 0xbfbfe912 in ?? ()
#37 0xbfbfe6e8 in ?? ()
#38 0xe6cf3d74 in ?? ()
#39 0xbfbfe91f in ?? ()
#40 0x00000000 in ?? ()
#41 0x00000002 in ?? ()
#42 0x00000039 in ?? ()
#43 0x0000000c in ?? ()
#44 0x00000002 in ?? ()
#45 0x280c07bb in ?? ()
#46 0x0000001f in ?? ()
#47 0x00000292 in ?? ()
#48 0xbfbfe25c in ?? ()
#49 0x0000002f in ?? ()
#50 0x00000000 in ?? ()
#51 0x00000000 in ?? ()
#52 0x00000000 in ?? ()
#53 0x00000000 in ?? ()
#54 0x2ff65000 in ?? ()
#55 0x00000003 in ?? ()
#56 0xc26b72e0 in ?? ()
#57 0xe6cf3ca8 in ?? ()
#58 0xe6cf3c90 in ?? ()
#59 0xc1eab2e0 in ?? ()
#60 0xc04f2c08 in sched_switch (td=0xbfbfe912, newtd=0xbfbfe91f, flags=Cannot access memory at address 0xbfbfe6f8
)
     at ../../../kern/sched_4bsd.c:963
Previous frame inner to this frame (corrupt stack?)
(kgdb) f 22
#22 0xc058b732 in softdep_setup_inomapdep (bp=0xd5f357a8, ip=0x0,
     newinum=70995) at ../../../ufs/ffs/ffs_softdep.c:1279

1279                    panic("softdep_setup_inomapdep: found inode");
(kgdb) l
1274             * the cylinder group map from which it was allocated.
1275             */
1276            ACQUIRE_LOCK(&lk);
1277            if ((inodedep_lookup(ip->i_fs, newinum, DEPALLOC|NODELAY, &inodedep))) {
1278                    FREE_LOCK(&lk);
1279                    panic("softdep_setup_inomapdep: found inode");
1280            }
1281            inodedep->id_buf = bp;
1282            inodedep->id_state &= ~DEPCOMPLETE;
1283            bmsafemap = bmsafemap_lookup(bp);
(kgdb) up
#23 0xc057768a in ffs_nodealloccg (ip=0xc26b271c, cg=3, ipref=339, mode=41453)
     at ../../../ufs/ffs/ffs_alloc.c:1634

1634                    softdep_setup_inomapdep(bp, ip, cg * fs->fs_ipg + ipref);
(kgdb) print cg
$1 = 3
(kgdb) print newinum
$2 = 70995
(kgdb) print *ip
$3 = {i_hash = {le_next = 0x0, le_prev = 0xc21b94b8}, i_nextsnap = {
     tqe_next = 0x0, tqe_prev = 0x0}, i_vnode = 0xc26a8564, i_ump = 0xc227d100,
   i_flag = 46, i_dev = 0xc2224900, i_number = 72997, i_effnlink = 2,
   i_fs = 0xc21ff800, i_dquot = {0x0, 0x0}, i_modrev = 207041322030,
   i_lockf = 0x0, i_count = 68, i_endoff = 512, i_diroff = 0, i_offset = 12,
   i_ino = 71068, i_reclen = 300, i_un = {dirhash = 0x0, snapblklist = 0x0},
   i_ea_area = 0x0, i_ea_len = 0, i_ea_error = 0, i_mode = 16877, i_nlink = 2,
   i_size = 512, i_flags = 0, i_gen = 480111649, i_uid = 0, i_gid = 0,
   dinode_u = {din1 = 0xc26afd00, din2 = 0xc26afd00}}