netbsd-bugs: kern/28367: kernel diagnostic assertion panic in genfs

Subject: kern/28367: kernel diagnostic assertion panic in genfs_getpages with LFS
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: Pavel Cahyna <pavel.cahyna@st.mff.cuni.cz>
List: netbsd-bugs
Date: 11/20/2004 10:08:01
>Number:         28367
>Category:       kern
>Synopsis:       kernel diagnostic assertion panic in genfs_getpages with LFS
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Nov 20 10:08:00 +0000 2004
>Originator:     Pavel Cahyna
>Release:        NetBSD 2.0_BETA i386
>Organization:
>Environment:


System: NetBSD 2.0_BETA (GENERIC_DIAGNOSTIC s patchem D. Reeda - PR#26839) #4: Wed Oct  6 10:13:10 CEST 2004
	pavel@pc:/mnt/obj/kompilace/jadra/compile/GENERIC_DIAGNOSTIC



>Description:


I tried to remove several directories and large files on a cca 4GB LFS partition 
(there was still at least 0.8 GB free space) and the kernel paniced:
panic: kernel diagnostic assertion "(origoffset & (PAGE_SIZE - 1)) == 0 && origoffset >= 0" failed: file "/mnt/obj/clean-2-0/src/sys/miscfs/genfs/genfs_vnops.c", line 507
backtrace:
(gdb) target kcore netbsd-GENERIC_DIAGNOSTIC-4.5.core
panic: kernel %sassertion "%s" failed: file "%s", line %d
#0  0x07efc000 in ?? ()
(gdb) bt
#0  0x07efc000 in ?? ()
#1  0xc04090c7 in cpu_reboot ()
#2  0xc033ec8d in db_reboot_cmd (addr=1, have_addr=0, count=-1068510646, 
    modif=0xc4bff688 "@�\177�\237��\001")
    at /mnt/obj/clean-2-0/src/sys/ddb/db_command.c:689
#3  0xc033e7d3 in db_command (last_cmdp=0xc07710a4, cmd_table=0xc05c0ae0)
    at /mnt/obj/clean-2-0/src/sys/ddb/db_command.c:464
#4  0xc033e4e6 in db_command_loop ()
    at /mnt/obj/clean-2-0/src/sys/ddb/db_command.c:255
#5  0xc03415b0 in db_trap (type=1, code=0)
    at /mnt/obj/clean-2-0/src/sys/ddb/db_trap.c:101
#6  0xc040686a in kdb_trap (type=1, code=0, regs=0xc4bff8dc)
    at /mnt/obj/clean-2-0/src/sys/arch/i386/i386/db_interface.c:225
#7  0xc0413e07 in trap (frame=0xc4bff8dc)
    at /mnt/obj/clean-2-0/src/sys/arch/i386/i386/trap.c:284
#8  0xc0102fc5 in calltrap ()
#9  0xc037e341 in panic (
    fmt=0xc0760f40 "kernel %sassertion \"%s\" failed: file \"%s\", line %d")
    at /mnt/obj/clean-2-0/src/sys/kern/subr_prf.c:226
#10 0xc0591634 in __assert (t=0xc06c57d7 "diagnostic ", 
    f=0xc072b380 "/mnt/obj/clean-2-0/src/sys/miscfs/genfs/genfs_vnops.c", 
    l=507, 
    e=0xc072b3e0 "(origoffset & (PAGE_SIZE - 1)) == 0 && origoffset >= 0")
---Type <return> to continue, or q <return> to quit---
    at /mnt/obj/clean-2-0/src/sys/lib/libkern/__assert.c:47
#11 0xc03aa913 in genfs_getpages (v=0xc4bffae4)
    at /mnt/obj/clean-2-0/src/sys/miscfs/genfs/genfs_vnops.c:650
#12 0xc03a96a6 in VOP_GETPAGES (vp=0xc569a600, offset=-4185982978164416512, 
    m=0xc4bffb54, count=0xc4bffba0, centeridx=0, access_type=1, advice=0, 
    flags=1026) at /mnt/obj/clean-2-0/src/sys/kern/vnode_if.c:1631
#13 0xc0336ba1 in ufs_balloc_range (vp=0xc569a600, off=-4185982978164408593, 
    len=273, cred=0xffffffff, flags=1)
    at /mnt/obj/clean-2-0/src/sys/ufs/ufs/ufs_inode.c:229
#14 0xc032437d in lfs_truncate (v=0xc4bffd44)
    at /mnt/obj/clean-2-0/src/sys/ufs/lfs/lfs_inode.c:298
#15 0xc03a95b0 in VOP_TRUNCATE (vp=0xc569a600, length=0, flags=0, 
    cred=0xffffffff, p=0xc4c00004)
    at /mnt/obj/clean-2-0/src/sys/kern/vnode_if.c:1493
#16 0xc0336925 in ufs_inactive (v=0xc4bffdc4)
    at /mnt/obj/clean-2-0/src/sys/ufs/ufs/ufs_inode.c:97
#17 0xc03a92ac in VOP_INACTIVE (vp=0xc569a600, p=0xc4c00004)
    at /mnt/obj/clean-2-0/src/sys/kern/vnode_if.c:1024
#18 0xc03a030c in vrele (vp=0xc569a600)
    at /mnt/obj/clean-2-0/src/sys/kern/vfs_subr.c:1366
#19 0xc032ab3d in lfs_unmark_dirop (fs=0xc0dfb800)
    at /mnt/obj/clean-2-0/src/sys/ufs/lfs/lfs_subr.c:389
#20 0xc0326b60 in lfs_segwrite (mp=<incomplete type>, flags=5)
---Type <return> to continue, or q <return> to quit---
    at /mnt/obj/clean-2-0/src/sys/ufs/lfs/lfs_segment.c:700
#21 0xc032ffd7 in lfs_sync (mp=0xc0e0c000, waitfor=3, cred=0xc0b10e80, 
    p=0xc4c00004) at /mnt/obj/clean-2-0/src/sys/ufs/lfs/lfs_vfsops.c:1458
#22 0xc03af096 in sync_fsync (v=0xc4bfff14)
    at /mnt/obj/clean-2-0/src/sys/miscfs/syncfs/sync_vnops.c:164
#23 0xc03a9054 in VOP_FSYNC (vp=0xc4e8443c, cred=0xc0b10e80, flags=8, offlo=0, 
    offhi=0, p=0xc4c00004) at /mnt/obj/clean-2-0/src/sys/kern/vnode_if.c:661
#24 0xc03aed7f in sched_sync (v=0xc4bd4528)
    at /mnt/obj/clean-2-0/src/sys/sys/proc.h:386
(gdb) frame 11
#11 0xc03aa913 in genfs_getpages (v=0xc4bffae4)
    at /mnt/obj/clean-2-0/src/sys/miscfs/genfs/genfs_vnops.c:650
(gdb) print origoffset
$1 = -4185982978164416512

I have still the coredump and debugging kernel, if this c


>How-To-Repeat:


not known.


>Fix:


none