Bug was catched by fsfuzzer pointed to ext2 fs.
panic() at panic+0xe4
vrele() at vrele+0xcf
ext2fs_reclaim() at ext2fs_reclaim+0x47
VOP_RECLAIM() at VOP_RECLAIM+0x2b
vclean() at vclean+0x90
vgonel() at vgonel+0x40
vrecycle() at vrecycle+0x16
ext2fs_inactive() at ext2fs_inactive+0x7a
VOP_INACTIVE() at VOP_INACTIVE+0x28
vput() at vput+0x35
ext2fs_vget() at ext2fs_vget+0x128
ufs_root() at ufs_root+0x1c
vfs_lookup() at vfs_lookup+0x315
namei() at namei+0x21c
vn_open() at vn_open+0x1c4
doopenat() at doopenat+0x125
syscall() at syscall+0x162
--- syscall (number 5) ---
end of kernel
end trace frame: 0x7f7fffff6100, count: -18
0x1301b38707aa:
Full logs are below:
OpenBSD 5.4-beta (GENERIC) #0: Mon Jul 15 23:06:59 MSK 2013
es...@xxxxx.xx:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 4168839168 (3975MB)
avail mem = 4050149376 (3862MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (80 entries)
bios0: vendor LENOVO version "7VET80WW (3.10 )" date 10/02/2009
bios0: LENOVO 406257G
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET SLIC BOOT SSDT SSDT SSDT SSDT
acpi0: wakeup devices LID_(S3) SLPB(S3) UART(S3) IGBE(S4) EXP0(S4) EXP1(S4)
EXP2(S4) EXP3(S4) EXP4(S4) PCI1(S4) USB0(S3) USB3(S3) USB5(S3) EHC0(S3)
EHC1(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiec0 at acpi0
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz, 798.14 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF
cpu0: 6MB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
cpu0: apic clock running at 266MHz
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 20, 24 pins
ioapic0: misconfigured as apic 2, remapped to apid 1
acpimcfg0 at acpi0 addr 0xe0000000, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus 4 (EXP2)
acpiprt5 at acpi0: bus 5 (EXP3)
acpiprt6 at acpi0: bus 13 (EXP4)
acpiprt7 at acpi0: bus 21 (PCI1)
acpicpu0 at acpi0: C3, C2, C1, PSS
acpipwrres0 at acpi0: PUBS
acpitz0 at acpi0: critical temperature is 127 degC
acpitz1 at acpi0: critical temperature is 100 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model "42T4620" serial 929 type LION oem "Panasonic"
acpibat1 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0
acpidock0 at acpi0: GDCK not docked (0)
cpu0: Enhanced SpeedStep 798 MHz: speeds: 2801, 2800, 2133, 1600, 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel GM45 Host" rev 0x07
vga1 at pci0 dev 2 function 0 "Intel GM45 Video" rev 0x07
intagp0 at vga1
agp0 at intagp0: aperture at 0xd0000000, size 0x10000000
inteldrm0 at vga1
drm0 at inteldrm0
inteldrm0: 1920x1200
wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
"Intel GM45 Video" rev 0x07 at pci0 dev 2 function 1 not configured
"Intel GM45 HECI" rev 0x07 at pci0 dev 3 function 0 not configured
em0 at pci0 dev 25 function 0 "Intel ICH9 IGP M" rev 0x03: msi, address
00:22:68:18:b1:0f
uhci0 at pci0 dev 26 function 0 "Intel 82801I USB" rev 0x03: apic 1 int 20
uhci1 at pci0 dev 26 function 1 "Intel 82801I USB" rev 0x03: apic 1 int 21
uhci2 at pci0 dev 26 function 2 "Intel 82801I USB" rev 0x03: apic 1 int 22
ehci0 at pci0 dev 26 function 7 "Intel 82801I USB" rev 0x03: apic 1 int 23
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 "Intel 82801I HD Audio" rev 0x03: msi
azalia0: codecs: Conexant CX20561, 0x0000/0x0000, using Conexant CX20561
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 82801I PCIE" rev 0x03: msi
pci1 at ppb0 bus 2
ppb1 at pci0 dev 28 function 1 "Intel 82801I PCIE" rev 0x03: msi
pci2 at ppb1 bus 3
iwn0 at pci2 dev 0 function 0 "Intel WiFi Link 5100" rev 0x00: msi, MIMO 1T2R,
MoW, address 00:26:c6:41:b8:2e
ppb2 at pci0 dev 28 function 2 "Intel 82801I PCIE" rev 0x03: msi
pci3 at ppb2 bus 4
"Intel Turbo Memory" rev 0x11 at pci3 dev 0 function 0 not configured
ppb3 at pci0 dev 28 function 3 "Intel 82801I PCIE" rev 0x03: msi
pci4 at ppb3 bus 5
ppb4 at pci0 dev 28 function 4 "Intel 82801I PCIE" rev 0x03: msi
pci5 at ppb4 bus 13
uhci3 at pci0 dev 29 function 0 "Intel 82801I USB" rev 0x03: apic 1 int 16
uhci4 at pci0 dev 29 function 1 "Intel 82801I USB" rev 0x03: apic 1 int 17
uhci5 at pci0 dev 29 function 2 "Intel 82801I USB" rev 0x03: apic 1 int 18
ehci1 at pci0 dev 29 function 7 "Intel 82801I USB" rev 0x03: apic 1 int 19
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb5 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x93
pci6 at ppb5 bus 21
cbb0 at pci6 dev 0 function 0 "Ricoh 5C476 CardBus" rev 0xba: apic 1 int 16
sdhc0 at pci6 dev 0 function 2 "Ricoh 5C822 SD/MMC" rev 0x21: apic 1 int 18
sdmmc0 at sdhc0
"Ricoh 5C843 MMC" rev 0x11 at pci6 dev 0 function 3 not configured
"Ricoh 5C592 Memory Stick" rev 0x11 at pci6 dev 0 function 4 not configured
"Ricoh 5C852 xD" rev 0x11 at pci6 dev 0 function 5 not configured
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 22 device 0 cacheline 0x10, lattimer 0xb0
pcmcia0 at cardslot0
pcib0 at pci0 dev 31 function 0 "Intel 82801IBM LPC" rev 0x03
ahci0 at pci0 dev 31 function 2 "Intel 82801I AHCI" rev 0x03: msi, AHCI 1.2
scsibus0 at ahci0: 32 targets
sd0 at scsibus0 targ 0 lun 0: <ATA, ST9500420AS, 0003> SCSI3 0/direct fixed
naa.5000c5001c185963
sd0: 476940MB, 512 bytes/sector, 976773168 sectors
cd0 at scsibus0 targ 1 lun 0: <Optiarc, DVD RW AD-7910S, 1.D2> ATAPI 5/cdrom
removable
ichiic0 at pci0 dev 31 function 3 "Intel 82801I SMBus" rev 0x03: apic 1 int 23
iic0 at ichiic0
usb2 at uhci0: USB revision 1.0
uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb3 at uhci1: USB revision 1.0
uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb4 at uhci2: USB revision 1.0
uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb5 at uhci3: USB revision 1.0
uhub5 at usb5 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb6 at uhci4: USB revision 1.0
uhub6 at usb6 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb7 at uhci5: USB revision 1.0
uhub7 at usb7 "Intel UHCI root hub" rev 1.00/1.00 addr 1
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
aps0 at isa0 port 0x1600/31
mtrr: Pentium Pro MTRR support
ugen0 at uhub3 port 2 "Lenovo Computer Corp ThinkPad Bluetooth with Enhanced
Data Rate II" rev 2.00/3.99 addr 2
ugen1 at uhub7 port 2 "Lenovo Integrated Smart Card Reader" rev 2.00/1.00 addr 2
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
root on sd0a (42a595d9d805c358.a) swap on sd0b dump on sd0b
WARNING: / was not properly unmounted
Ext2 fs: bad block size: 56832 (expected <=2 for ext2 fs)
vrele: bad ref count: 0xfffffe8138e9e768, type VBLK, use 0, write 0, hold 3,
flags (VBIOONFREELIST)
tag VT_UFS, ino 78166, on dev 4, 0 flags 0x0, effnlink 1, nlink 1
mode 060640, owner 0, group 5, size 0
panic: vrele: ref cnt
Stopped at Debugger+0x5: leave
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb> Debugger() at Debugger+0x5
panic() at panic+0xe4
vrele() at vrele+0xcf
ext2fs_reclaim() at ext2fs_reclaim+0x47
VOP_RECLAIM() at VOP_RECLAIM+0x2b
vclean() at vclean+0x90
vgonel() at vgonel+0x40
vrecycle() at vrecycle+0x16
ext2fs_inactive() at ext2fs_inactive+0x7a
VOP_INACTIVE() at VOP_INACTIVE+0x28
vput() at vput+0x35
ext2fs_vget() at ext2fs_vget+0x128
ufs_root() at ufs_root+0x1c
vfs_lookup() at vfs_lookup+0x315
namei() at namei+0x21c
vn_open() at vn_open+0x1c4
doopenat() at doopenat+0x125
syscall() at syscall+0x162
--- syscall (number 5) ---
end of kernel
end trace frame: 0x7f7fffff6100, count: -18
0x1301b38707aa:
ddb> PID PPID PGRP UID S FLAGS WAIT COMMAND
* 5710 22264 22264 0 7 0 bash
22264 7159 22264 0 3 0x80 wait bash
4008 15032 7306 1000 3 0x80 select xlock
4337 20340 4337 1000 3 0x80 ttyin ksh
8740 20340 8740 1000 3 0x80 ttyin ksh
16561 8285 7306 1000 3 0x4100080 kqread soffice.bin
19915 8285 7306 1000 3 0x4100080 netcon soffice.bin
1463 20340 1463 1000 3 0x80 ttyin ksh
20340 1 20340 1000 3 0x80 kqread tmux
29883 24914 29883 1000 3 0x80 kqread tmux
24914 20734 24914 1000 3 0x80 select xterm
29876 8285 7306 1000 3 0x4100080 thrsleep soffice.bin
22899 8285 7306 1000 3 0x80 poll soffice.bin
9607 20734 7306 1000 3 0x4100080 wait oosplash
411 20734 7306 1000 3 0x4100080 thrsleep oosplash
22603 1 16054 1000 3 0x80 poll autocutsel
6528 1 19591 1000 3 0x80 poll autocutsel
489 20734 7306 1000 3 0x80 poll xclock
8285 20734 7306 1000 3 0x80 thrsleep oosplash
21991 20734 7306 1000 3 0x80 select xbattbar
2344 1 26336 1000 3 0x80 select xbindkeys
15032 20734 7306 1000 3 0x80 wait xidle
20734 7306 7306 1000 3 0x80 select cwm
23592 1 23592 1000 3 0x80 select ssh-agent
7306 2988 7306 1000 3 0x88 pause sh
2988 11126 2988 0 3 0x80 wait xdm
5397 1995 1995 0 3 0x80 netio Xorg
4202 1 4202 0 3 0x80 ttyin getty
19130 1 19130 0 3 0x80 ttyin getty
27983 1 27983 0 3 0x80 ttyin getty
6671 1 6671 0 3 0x80 ttyin getty
7159 1 7159 1000 3 0x88 pause ksh
1995 11126 1995 35 3 0x80 select Xorg
11126 1 11126 0 3 0x88 pause xdm
11519 1 11519 0 3 0x80 select cron
16320 1 16320 0 3 0x80 htplev hotplugd
12971 1 12971 0 3 0x80 kqread apmd
12362 1 31484 0 3 0x4100080 ugenri pcscd
24444 1 31484 0 3 0x4100080 nanosleep pcscd
20439 1 31484 0 3 0x80 select pcscd
27392 1 22107 566 2 0x480 tor
7548 1 7548 548 3 0x80 poll polipo
23438 1 31260 1000 3 0x4100080 thrsleep btpd
9514 1 31260 1000 3 0x80 kqread btpd
21241 1 22042 1000 3 0x4100080 thrsleep mpd
25031 1 22042 1000 3 0x4100080 thrsleep mpd
11905 1 22042 1000 3 0x4100080 poll mpd
22042 1 22042 1000 3 0x80 poll mpd
31557 1 31557 99 3 0x80 poll sndiod
11939 1 11939 0 3 0x80 select lpd
4350 1 4350 0 3 0x80 select sshd
11381 25879 25879 100 3 0x80 kqread ldapd
25879 1 25879 0 3 0x80 kqread ldapd
30879 27466 4462 83 3 0x80 poll ntpd
27466 4462 4462 83 3 0x80 poll ntpd
4462 1 4462 0 3 0x80 poll ntpd
14026 9765 9765 74 3 0x80 bpf pflogd
9765 1 9765 0 3 0x80 netio pflogd
5267 29501 29501 73 2 0x80 syslogd
29501 1 29501 0 3 0x80 netio syslogd
21835 1 21835 77 3 0x80 poll dhclient
12225 1 12225 0 3 0x80 poll dhclient
13219 1 13219 0 3 0x80 mfsidl mount_mfs
15 0 0 0 3 0x100200 aiodoned aiodoned
14 0 0 0 3 0x100200 syncer update
13 0 0 0 3 0x100200 cleaner cleaner
12 0 0 0 3 0x100200 reaper reaper
11 0 0 0 3 0x100200 pgdaemon pagedaemon
10 0 0 0 3 0x100200 bored crypto
9 0 0 0 3 0x100200 pftm pfpurge
8 0 0 0 3 0x100200 mmctsk sdmmc0
7 0 0 0 3 0x100200 usbtsk usbtask
6 0 0 0 3 0x100200 usbatsk usbatsk
5 0 0 0 3 0x100200 bored intelrel
4 0 0 0 3 0x40100200 acpi0 acpi0
3 0 0 0 3 0x100200 bored syswq
2 0 0 0 3 0x40100200 idle0
1 0 1 0 3 0x80 wait init
0 -1 0 0 3 0x200 scheduler swapper
ddb> ds 0x292
es 0xe7e0 acpi_pdirpa+0xa280
fs 0xe740 acpi_pdirpa+0xa1e0
gs 0x79e1 acpi_pdirpa+0x3481
rdi 0x1
rsi 0
rbp 0xffff800032dee7d0
rbx 0xffffffff81765092 char_type+0x1c32
rdx 0
rcx 0x292
rax 0x1
r8 0xffff800032dee6f0
r9 0xffff8000256a8c00
r10 0xffffffff
r11 0x1
r12 0x100
r13 0xffff800032dee7e0
r14 0x8
r15 0xffff800000907800
rip 0xffffffff813a3d25 Debugger+0x5
cs 0x8
rflags 0x202
rsp 0xffff800032dee7d0
ss 0x10
Debugger+0x5: leave
ddb> ehci0: reset timeout
ehci1: reset timeout
rebooting...
--
sergeyb@
