netbsd-bugs: kern/13032: panic accessing ext2fs

Subject: kern/13032: panic accessing ext2fs
To: None <gnats-bugs@gnats.netbsd.org>
From: Gregory McGarry <g.mcgarry@ieee.org>
List: netbsd-bugs
Date: 05/25/2001 08:13:36
>Number:         13032
>Category:       kern
>Synopsis:       panic accessing ext2fs
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu May 24 13:11:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Gregory McGarry
>Release:        NetBSD-1.5.1_BETA2 <NetBSD-current source date>
>Organization:
>Environment:

NetBSD 1.5.1_BETA2 (KERNEL) #12: Tue May 15 07:52:41 NZST 2001
cpu0: AMD Athlon Model 4 (Thunderbird) (686-class), 1009.04 MHz
total memory = 127 MB
avail memory = 116 MB

# /dev/rwd0d:
type: unknown
disk: st320414a
label: 
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 16
sectors/cylinder: 1008
cylinders: 16383
total sectors: 39102336
rpm: 3600
interleave: 1
trackskew: 0
cylinderskew: 0
headswitch: 0		# microseconds
track-to-track seek: 0	# microseconds
drivedata: 0 

9 partitions:
#        size   offset     fstype   [fsize bsize cpg/sgs]
  a:   130851  8948205     4.2BSD     1024  8192    16   # (Cyl. 8877*- 9006)
  b:   524160  9079056       swap                        # (Cyl. 9007 - 9526)
  c: 30154131  8948205     unused        0     0         # (Cyl. 8877*- 38791)
  d: 39102336        0     unused        0     0         # (Cyl.    0 - 38791)
  e:   524160  9603216     4.2BSD     1024  8192    16   # (Cyl. 9527 - 10046)
  f:  3029859 10127376     4.2BSD     1024  8192    16   # (Cyl. 10047 - 13052*)
  g:  2104515  6843690      MSDOS                        # (Cyl. 6789*- 8877*)
  h: 25945101 13157235     4.2BSD     4096 32768    16   # (Cyl. 13052*- 38791)
  i:  6297417       63      MSDOS                        # (Cyl.    0*- 6247*)

/dev/wd0i /linux ext2fs rw,noauto 0 2

>Description:

Panic occurs when accessing ext2fs partition.  Get the following
stack trace:

(gdb) target kcore netbsd.0.core
panic: blkfree: freeing free block
#0  0x1 in ?? ()
(gdb) bt
#0  0x1 in ?? ()
#1  0xc01ec973 in cpu_reboot (howto=0x100, bootstr=0x0)
    at /sys/arch/i386/i386/machdep.c:1174
#2  0xc01134a5 in db_reboot_cmd () at /sys/ddb/db_command.c:657
#3  0xc011307b in db_command (last_cmdp=0xc0261128, cmd_table=0x0)
    at /sys/ddb/db_command.c:320
#4  0xc0113406 in db_command_loop () at /sys/ddb/db_command.c:555
#5  0xc01166d6 in db_trap (type=0x1, code=0x0) at /sys/ddb/db_trap.c:78
#6  0xc01e9827 in kdb_trap (type=0x1, code=0x0, regs=0xc9944b34)
    at /sys/arch/i386/i386/db_interface.c:119
#7  0xc01f047c in trap (frame={tf_es = 0x10, tf_ds = 0x10, 
      tf_edi = 0xc0248181, tf_esi = 0x100, tf_ebp = 0xc9944b6c, 
      tf_ebx = 0xc9944b8c, tf_edx = 0x720, tf_ecx = 0xc0240434, tf_eax = 0x0, 
      tf_trapno = 0x1, tf_err = 0x0, tf_eip = 0xc01e98d8, tf_cs = 0x8, 
      tf_eflags = 0x202, tf_esp = 0xc9944b80, tf_ss = 0xc013f275, 
      tf_vm86_es = 0x80000000, tf_vm86_ds = 0xc0618000, tf_vm86_fs = 0x9af, 
      tf_vm86_gs = 0xc9944bc0}) at /sys/arch/i386/i386/trap.c:297
#8  0xc0100cc5 in calltrap ()
#9  0xc013f275 in panic (fmt=0xc0248181 "blkfree: freeing free block")
    at /sys/kern/subr_prf.c:224
#10 0xc01b5f32 in ext2fs_blkfree (ip=0xc9b51874, bno=0x9b0)
    at /sys/ufs/ext2fs/ext2fs_alloc.c:528
#11 0xc01b7dd7 in ext2fs_indirtrunc (ip=0xc9b51874, lbn=0xffb4e1f4, 
    dbn=0xebb42ba4, lastbn=0xffffffff, level=0x0, countp=0xc9944c74)
    at /sys/ufs/ext2fs/ext2fs_inode.c:489
#12 0xc01b7db9 in ext2fs_indirtrunc (ip=0xc9b51874, lbn=0xffb4fef3, dbn=0x2, 
    lastbn=0xffffffff, level=0x1, countp=0xc9944cdc)
    at /sys/ufs/ext2fs/ext2fs_inode.c:482
#13 0xc01b7db9 in ext2fs_indirtrunc (ip=0xc9b51874, lbn=0xfffefef2, 
    dbn=0x1c01e, lastbn=0xffffffff, level=0x2, countp=0xc9944d6c)
    at /sys/ufs/ext2fs/ext2fs_inode.c:482
#14 0xc01b79cd in ext2fs_truncate (v=0xc9944e40)
    at /sys/ufs/ext2fs/ext2fs_inode.c:340
#15 0xc01b6f92 in ext2fs_inactive (v=0xc9944e6c) at /sys/sys/vnode_if.h:1039
#16 0xc015a4ef in vput (vp=0xc9b4dd20) at /sys/sys/vnode_if.h:723
#17 0xc01612d4 in sys___lstat13 (p=0xc9928b0c, v=0xc9944f88, retval=0xc9944f80)
    at /sys/kern/vfs_syscalls.c:1972
#18 0xc01f0aa8 in syscall (frame={tf_es = 0x1f, tf_ds = 0x1f, tf_edi = 0x0, 
      tf_esi = 0x80b4c37, tf_ebp = 0xbfbfd42c, tf_ebx = 0x0, 
      tf_edx = 0xbfbfd3cc, tf_ecx = 0xbfbfd658, tf_eax = 0x118, 
      tf_trapno = 0x3, tf_err = 0x2, tf_eip = 0x8089807, tf_cs = 0x17, 
      tf_eflags = 0x246, tf_esp = 0xbfbfd340, tf_ss = 0x1f, tf_vm86_es = 0x0, 
      tf_vm86_ds = 0x0, tf_vm86_fs = 0x0, tf_vm86_gs = 0x0})
    at /sys/arch/i386/i386/trap.c:767
#19 0xc0100d71 in syscall1 ()
can not access 0xbfbfd42c, invalid translation (invalid PDE)
can not access 0xbfbfd42c, invalid translation (invalid PDE)
Cannot access memory at address 0xbfbfd42c.

Still have the core files lying around if required.  Interestingly,
/dev/wd0g is an ext2fs filesystem, but I haven't had any problems
with it.  I have only mounted /dev/wd0i once before, but didn't
experience any problems.

>How-To-Repeat:

Mount an ext2fs filesystem.  Use ksh with 'filename completion' enabled
and experience panic when traversing directories in filesystem.

>Fix:

N/A
>Release-Note:
>Audit-Trail:
>Unformatted: