123962 – gjournal (455Gb data, 8Gb journal), options INVARIANTS, files written via samba3, remove = panic ffs_truncate3

Bug 123962 - gjournal (455Gb data, 8Gb journal), options INVARIANTS, files written via samba3, remove = panic ffs_truncate3

Summary: gjournal (455Gb data, 8Gb journal), options INVARIANTS, files written via sam...

Status:	Closed Overcome By Events

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	7.0-STABLE
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:	crash, needs-qa

Depends on:
Blocks:

Reported:	2008-05-24 19:00 UTC by Lev A. Serebryakov
Modified:	2025-01-10 17:01 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Lev A. Serebryakov freebsd_committer

2008-05-24 19:00:10 UTC

  Kernel is prepared to hunt bugs: invariants, witness, etc. is enables (see kernel config).

  gjournal created on raw 500Gb disk with 8Gb journal on partition of system disk.
  Filesystem with default options is created on jourrnalled volume (-J is used, of course).
  New filesystem is mounted as /usr/home/storage
  /usr/home storage is shared with samba3 from ports (default options) as R/W.
  1-8Gb files (16Mb each) copied from worksation to share.
  `rm *' is issued locally (deleting via samba "works" too), and `ffs_truncate3' invariant is triggered!
  
  Copying files from local filesystems doesn't trigger bug.
  
  100% reproducable.

How-To-Repeat: Script started on Sat May 24 21:21:31 2008
blob# kldstat
Id Refs Address            Size     Name
 1    1 0xffffffff80100000 640258   kernel
blob# gjournal load
blob# gjournal label /dev/ad6 /dev/ad2s1g 
blob# gjournal status
       Name  Status  Components
ad6.journal     N/A  ad6
blob# gjournal list
Geom name: gjournal 1954268551
ID: 1954268551
Providers:
1. Name: ad6.journal
   Mediasize: 500107861504 (466G)
   Sectorsize: 512
   Mode: r0w0e0
Consumers:
1. Name: ad6
   Mediasize: 500107862016 (466G)
   Sectorsize: 512
   Mode: r1w1e1
   Role: Data
2. Name: ad4s1g
   Mediasize: 8590787584 (8.0G)
   Sectorsize: 512
   Mode: r1w1e1
   Jend: 8590787072
   Jstart: 0
   Role: Journal
blob#newfs -O2 -J /dev/ad6.journal
/dev/ad6.journal: 476940.0MB (976773164 sectors) block size 16384, fragment size 2048
	using 2597 cylinder groups of 183.72MB, 11758 blks, 23552 inodes.
super-block backups (for fsck -b #) at:
 160, 376416, 752672, 1128928, 1505184, 1881440, 2257696, 2633952, 3010208, 3386464, 3762720, 4138976, 4515232, 4891488, 5267744, 5644000, 6020256, 6396512, 6772768, 7149024,
[...SKIPPED...]
 970364384, 970740640, 971116896, 971493152, 971869408, 972245664, 972621920, 972998176, 973374432, 973750688, 974126944, 974503200, 974879456, 975255712, 975631968, 976008224,
 976384480, 976760736
blob# gjournal sync
blob# mount /dev/ad6.journal /usr/home/storage
blob# cd /usr/home/storage
blob# ls
.snap
blob# df -h
Filesystem            Size    Used   Avail Capacity  Mounted on
/dev/ad4s1a           989M    567M    343M    62%    /
devfs                 1.0K    1.0K      0B   100%    /dev
/dev/ad4s1e           989M     16K    910M     0%    /tmp
/dev/ad4s1f           267G    5.7G    240G     2%    /usr
/dev/ad4s1d           7.7G    482M    6.7G     7%    /var
gateway:/usr/ports     68G     62G    490M    99%    /usr/ports
/dev/ad6.journal      451G    4.0K    415G     0%    /usr/home/storage
[...FILES ARE COPIED HERE...]
blob# ls
_IGP0006.DNG    _IGP0015.DNG    _IGP0036.DNG    _IGP0064.DNG    _IGP0070.DNG    _IGP0077.DNG    _IGP0081.DNG    _IGP0095.DNG    _IGP0099.DNG    _IGP0111.DNG    _IGP0123.DNG
_IGP0008.DNG    _IGP0020.DNG    _IGP0061.DNG    _IGP0065.DNG    _IGP0071.DNG    _IGP0078.DNG    _IGP0082.DNG    _IGP0096.DNG    _IGP0100.DNG    _IGP0113.DNG
_IGP0010.DNG    _IGP0026.DNG    _IGP0062.DNG    _IGP0067.DNG    _IGP0072.DNG    _IGP0079.DNG    _IGP0083.DNG    _IGP0097.DNG    _IGP0104.DNG    _IGP0114.DNG
_IGP0014.DNG    _IGP0033.DNG    _IGP0063.DNG    _IGP0069.DNG    _IGP0076.DNG    _IGP0080.DNG    _IGP0084.DNG    _IGP0098.DNG    _IGP0108.DNG    _IGP0116.DNG
blob# rm *
panic: ffs_truncate3

================================ kernel backtrace
Unread portion of the kernel message buffer:
panic: ffs_truncate3
cpuid = 0
Uptime: 17m33s
Physical memory: 4021 MB
Dumping 474 MB: 459 443 427 411 395 379 363 347 331 315 299 283 267 251 235 219 203 187 171 155 139 123 107 91 75 59 43 27 11

Reading symbols from /boot/kernel/geom_raid5.ko...Reading symbols from /boot/kernel/geom_raid5.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/geom_raid5.ko
Reading symbols from /boot/kernel/geom_journal.ko...Reading symbols from /boot/kernel/geom_journal.ko.symbols...done.
done.
Loaded symbols for /boot/kernel/geom_journal.ko
#0  doadump () at pcpu.h:194
194             __asm __volatile("movq %%gs:0,%0" : "=r" (td));
(kgdb) bt
#0  doadump () at pcpu.h:194
#1  0xffffffff8025bf68 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418
#2  0xffffffff8025c3ef in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:572
#3  0xffffffff8036efae in ffs_truncate (vp=0xffffff0007376000, length=0, flags=Variable "flags" is not available.
) at /usr/src/sys/ufs/ffs/ffs_inode.c:494
#4  0xffffffff8038a52f in ufs_inactive (ap=Variable "ap" is not available.
) at /usr/src/sys/ufs/ufs/ufs_inode.c:132
#5  0xffffffff802d4bce in vinactive (vp=0xffffff0007376000, td=0xffffff0004ede000) at vnode_if.h:796
#6  0xffffffff802d6f16 in vput (vp=0xffffff0007376000) at /usr/src/sys/kern/vfs_subr.c:2224
#7  0xffffffff802dc297 in kern_unlink (td=0xffffff0004ede000, path=0x90a550 <Address 0x90a550 out of bounds>, pathseg=UIO_USERSPACE) at /usr/src/sys/kern/vfs_syscalls.c:1713
#8  0xffffffff803d4c7f in syscall (frame=0xffffffffb1c38c70) at /usr/src/sys/amd64/amd64/trap.c:852
#9  0xffffffff803bbc2b in Xfast_syscall () at /usr/src/sys/amd64/amd64/exception.S:290
#10 0x0000000801152adc in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb)
================================ kernel backtrace

Comment 1 Mark Linimon freebsd_committer

2008-05-24 20:52:49 UTC

Responsible Changed
From-To: freebsd-bugs->freebsd-geom

Over to maintainer(s).

Comment 2 Eitan Adler freebsd_committer

2017-12-31 07:59:22 UTC

For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped

Comment 3 Lev A. Serebryakov freebsd_committer

2018-10-05 12:16:23 UTC

Maybe, it should be closed as "Overcome By Events"? All versions are not actual already...

Comment 4 Graham Perrin freebsd_committer

2022-10-17 12:17:11 UTC

Keyword: 

    crash

– in lieu of summary line prefix: 

    [panic]

* bulk change for the keyword
* summary lines may be edited manually (not in bulk). 

Keyword descriptions and search interface: 

    <https://bugs.freebsd.org/bugzilla/describekeywords.cgi>

Comment 5 Graham Perrin freebsd_committer

2022-12-10 20:19:11 UTC

Is this reproducible with modern versions of the OS?

Comment 6 Michael Osipov freebsd_committer

2025-01-10 17:01:04 UTC

Samba 3 is dead and FreeBSD 7 as well.