Reproducible panic with TRIM and ufs snapshots

Yamagi Burmeister lists at
Tue Jun 21 10:14:56 UTC 2011

I encountered a panic in the 2011/05 snapshot of 9-current. Snapshot
creation an UFS filesystem with or without SU+J leads to panic:

  % mdconfig -a -t malloc -s 128m
  % newfs -U -O2 -t /dev/md0
  % mount /dev/md0 /mnt
  % mksnap_ffs /mnt /mnt/foo
  => panic

My system is:

fbsd-vbox# uname -a
FreeBSD fbsd-vbox.lan 9.0-CURRENT FreeBSD 9.0-CURRENT #0: Thu May 12
11:28:09 UTC 2011
root at  i38

The panic message and the backtrace (starting at stack level 11) are:

Fatal trap 18: integer divide fault while in kernel mode
cpuid = 2; apic id = 02
instruction pointer	= 0x20:0xc0cd493b
stack pointer	        = 0x28:0xd612b3d0
frame pointer	        = 0x28:0xd612b444
code segment		= base 0x0, limit 0xfffff, type 0x1b
 					= DPL 0, pres 1, def32 1, gran 1
processor eflags	= interrupt enabled, resume, IOPL = 0
current process		= 1172 (mksnap_ffs)
Physical memory: 495 MB
Dumping 97 MB: 82 66 50 34 18 2

#0  doadump () at pcpu.h:244
244	pcpu.h: No such file or directory.
 	in pcpu.h
(kgdb) bt
#0  doadump () at pcpu.h:244
#1  0xc04dda49 in db_fncall (dummy1=1, dummy2=0, dummy3=-1055234816, dummy4=0xd612b19c "")
     at /usr/src/sys/ddb/db_command.c:548
#2  0xc04dde41 in db_command (last_cmdp=0xc0fccbfc, cmd_table=0x0, dopager=1)
     at /usr/src/sys/ddb/db_command.c:445
#3  0xc04ddf9a in db_command_loop () at /usr/src/sys/ddb/db_command.c:498
#4  0xc04dff1d in db_trap (type=18, code=0) at /usr/src/sys/ddb/db_main.c:229
#5  0xc09d9ad2 in kdb_trap (type=18, code=0, tf=0xd612b390) at /usr/src/sys/kern/subr_kdb.c:533
#6  0xc0ccab4f in trap_fatal (frame=0xd612b390, eva=0) at /usr/src/sys/i386/i386/trap.c:958
#7  0xc0ccb58c in trap (frame=0xd612b390) at /usr/src/sys/i386/i386/trap.c:754
#8  0xc0cb422c in calltrap () at /usr/src/sys/i386/i386/exception.s:168
#9  0xc0cd493b in __qdivrem (uq=Unhandled dwarf expression opcode 0x93
) at /usr/src/sys/libkern/qdivrem.c:97
#10 0xc0cd4861 in __moddi3 (a=1245184, b=Unhandled dwarf expression opcode 0x93
) at /usr/src/sys/libkern/moddi3.c:60
#11 0xc093c01c in g_io_request (bp=0xc4388dac, cp=0xc3c8fcc0)
     at /usr/src/sys/geom/geom_io.c:427
#12 0xc0bac655 in ffs_blkfree (ump=0xc4a39800, fs=0xd0844000, devvp=0xc3c8fcc0, bno=608,
     size=16384, inum=4, dephd=0x0) at /usr/src/sys/ufs/ffs/ffs_alloc.c:2066
#13 0xc0bb872a in mapacct_ufs2 (vp=0xc3c8fcc0, oldblkp=0xc68e9790, lastblkp=0xc68e97d0,
     fs=0xd0844000, lblkno=4, expungetype=2) at /usr/src/sys/ufs/ffs/ffs_snapshot.c:1533
#14 0xc0bba338 in expunge_ufs2 (snapvp=0xc3c8fcc0, cancelip=0xc68e789c, fs=0xd0844000,
     acctfunc=0xc0bb8640 <mapacct_ufs2>, expungetype=2, clearmode=0)
     at /usr/src/sys/ufs/ffs/ffs_snapshot.c:1330
#15 0xc0bbe7e5 in ffs_snapshot (mp=0xc4b7cca8, snapfile=0xc365d300 "/mnt/tut")
     at /usr/src/sys/ufs/ffs/ffs_snapshot.c:747
#16 0xc0bd7900 in ffs_mount (mp=0xc4b7cca8) at /usr/src/sys/ufs/ffs/ffs_vfsops.c:395
#17 0xc0a361c6 in vfs_donmount (td=0xc34e8b80, fsflags=2166784, fsoptions=0xc3624000)
     at /usr/src/sys/kern/vfs_mount.c:924
#18 0xc0a36804 in nmount (td=0xc34e8b80, uap=0xd612bcec) at /usr/src/sys/kern/vfs_mount.c:409
#19 0xc09e7c13 in syscallenter (td=0xc34e8b80, sa=0xd612bce4)
     at /usr/src/sys/kern/subr_trap.c:344
#20 0xc0ccadd4 in syscall (frame=0xd612bd28) at /usr/src/sys/i386/i386/trap.c:1082
#21 0xc0cb4291 in Xint0x80_syscall () at /usr/src/sys/i386/i386/exception.s:266
#22 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)

More information can be provided if necessary.

Jabber:       yamagi at

