Date: Sun, 18 Dec 2005 02:51:10 GMT From: "Ricardo A. Reis" <ricardo.areis@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/90582: [geom_mirror] Restore cause panic string (ffs_blkfree) Message-ID: <200512180251.jBI2pAAC006550@www.freebsd.org> Resent-Message-ID: <200512180300.jBI30FKs097476@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 90582
>Category: kern
>Synopsis: [geom_mirror] Restore cause panic string (ffs_blkfree)
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Dec 18 03:00:14 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Ricardo A. Reis
>Release: FreeBSD 7.0-CURRENT-SNAP010
>Organization:
UNIFESP
>Environment:
FreeBSD myfreebsd.homeunix.org 7.0-CURRENT-SNAP010 FreeBSD 7.0-CURRENT-SNAP010 #0: Tue Dec 13 11:25:44 UTC 2005 root@harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
>Description:
After create a mirror with gmirror,i resolve reboot the system with this my workstation failed with "uname to mount root", because i not write in loader.conf geom_mirror_load=yes,
for test i use gmirror load and mount gm0 on /mnt, per unknown reason boot.cfg not exist in mirror/gm0, for this i repeat a session "dump and restore. " in handbook.
-----------------------------------------------------------------------------
cat /usr/crash/info.7
Password:
Dump header from device /dev/ad2s1b
Architecture: i386
Architecture Version: 2
Dump Length: 200867840B (191 MB)
Blocksize: 512
Dumptime: Sat Dec 17 21:44:53 2005
Hostname: myfreebsd.homeunix.org
Magic: FreeBSD Kernel Dump
Version String: FreeBSD 7.0-CURRENT-SNAP010 #0: Tue Dec 13 11:25:44 UTC 2005
root@harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC
Panic String: ffs_blkfree: freeing free frag
Dump Parity: 2246706274
Bounds: 7
Dump Status: good
----------------------------------------------------------------------
kgdb kernel.symbols /usr/crash/vmcore.7
Password:
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".
Unread portion of the kernel message buffer:
g_vfs_done():mirror/gm0[READ(offset=18014398509481984, length=16384)]error = 5
dev = mirror/gm0, block = 2048, fs = /tmp
panic: ffs_blkfree: freeing free frag
cpuid = 0
KDB: enter: panic
panic: from debugger
cpuid = 0
Uptime: 10m59s
GEOM_MIRROR: Device gm0: provider mirror/gm0 destroyed.
GEOM_MIRROR: Device gm0 destroyed.
Dumping 191 MB (2 chunks)
chunk 0: 1MB (159 pages) ... ok
chunk 1: 191MB (48880 pages) 175 159 143 127 111 95 79 63 47 31 15
#0 doadump () at pcpu.h:165
165 pcpu.h: No such file or directory.
in pcpu.h
(kgdb) bt full
#0 doadump () at pcpu.h:165
No locals.
#1 0xc064f09c in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:399
first_buf_printf = 1
#2 0xc064f3b1 in panic (fmt=0xc0842e0b "from debugger") at /usr/src/sys/kern/kern_shutdown.c:555
td = (struct thread *) 0xc22c5480
bootopt = 260
newpanic = 0
ap = 0xce9283b4 "h\204\222Îø¤FÀ\027\222fÀ"
buf = "ffs_blkfree: freeing free frag", '\0' <repeats 225 times>
#3 0xc046a561 in db_panic (addr=-1067019753, have_addr=0, count=-1, modif=0xce9283dc "") at /usr/src/sys/ddb/db_command.c:435
No locals.
#4 0xc046a4f8 in db_command (last_cmdp=0xc092bfc4, cmd_table=0x0, aux_cmd_tablep=0xc08a6214, aux_cmd_tablep_end=0xc08a6230) at /usr/src/sys/ddb/db_command.c:404
cmd = (struct command *) 0xc0823be0
t = 0
modif = "\000\204\222Îèó~Àô\203\222Îø\203\222Î\211\a\000\000\211\a\000\000Ï\a\000\000\000\000\000\000 Ð\233À\r\000\000\000 Ð\233À Ð\233À\r\000\000\000\001\000\000\0004\204\222Î\033í~À4\204\222Î4í~À\200ý\231À`\034\231Àx\000\000\000ÀÈ\222À\200T,ÂT\204\222Î\224ÅFÀѧ\207ÀlÂFÀ\200T,ÂÀÈ\222À\036ºFÀ"
addr = -1067019753
count = -1
have_addr = 0
result = 0
#5 0xc046a5c0 in db_command_loop () at /usr/src/sys/ddb/db_command.c:455
No locals.
#6 0xc046c1d9 in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_main.c:221
jb = {{_jb = {-829258604, -829258624, -829258552, 1, -1037282176, -1069104782, -1067011683, 10, -829258352, -829258380, 1, -1037282176}}}
prev_jb = (void *) 0x0
bkpt = 0
#7 0xc0669510 in kdb_trap (type=3, code=0, tf=0xce928574) at /usr/src/sys/kern/subr_kdb.c:485
did_stop_cpus = 1
handled = -829258380
#8 0xc080d624 in trap (frame=
{tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = -1064758081, tf_esi = 1, tf_ebp = -829258316, tf_isp = -829258336, tf_ebx = -829258272, tf_edx = 0, tf_ecx = -1052561408, tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = -1067019753, tf_cs = 32, tf_eflags = 662, tf_esp = -829258284, tf_ss = -1067125917}) at /usr/src/sys/i386/i386/trap.c:614
td = (struct thread *) 0xc22c5480
p = (struct proc *) 0xc22dd000
sticks = 10
i = 0
ucode = 0
type = 3
code = 0
addr = 0
eva = 0
ksi = {ksi_link = {tqe_next = 0xc087a688, tqe_prev = 0x0}, ksi_info = {si_signo = -1064703823, si_errno = -829258460, si_code = 1, si_pid = 12288, si_uid = 0, si_status = 0, si_addr = 0xa, si_value = {sival_int = 2048,
sival_ptr = 0x800}, _reason = {_fault = {_trapno = 0}, _timer = {_timerid = 0, _overrun = 558}, _mesgq = {_mqd = 0}, _poll = {_band = 0}, __spare__ = {__spare1__ = 0, __spare2__ = {558, -1064758117, -1032105768, 4,
808728576, -829258446, -1067047645}}}}, ksi_flags = -1064022864, ksi_sigq = 0x2}
#9 0xc07fa4da in calltrap () at /usr/src/sys/i386/i386/exception.s:137
No locals.
#10 0xc0669217 in kdb_enter (msg=0x12 <Address 0x12 out of bounds>) at cpufunc.h:60
No locals.
#11 0xc064f363 in panic (fmt=0xc08914bf "ffs_blkfree: freeing free frag") at /usr/src/sys/kern/kern_shutdown.c:539
td = (struct thread *) 0xc22c5480
bootopt = 256
newpanic = 1
ap = 0xce9285e0 "\177\024\211Àx4NÂ"
buf = "ffs_blkfree: freeing free frag", '\0' <repeats 225 times>
#12 0xc0774be4 in ffs_blkfree (ump=0xc2474600, fs=0xc27b5000, devvp=0xc27ad840, bno=2048, size=2048, inum=30) at /usr/src/sys/ufs/ffs/ffs_alloc.c:1892
cgp = (struct cg *) 0xc6668000
bp = (struct buf *) 0xc5be1ba8
fragno = 0
cgbno = 2048
cgblkno = Unhandled dwarf expression opcode 0x93
(kgdb) list *0xc0774be4
0xc0774be4 is in ffs_blkfree (/usr/src/sys/ufs/ffs/ffs_alloc.c:1894).
1889 printf("dev = %s, block = %jd, fs = %s\n",
1890 devtoname(dev), (intmax_t)(bno + i),
1891 fs->fs_fsmnt);
1892 panic("ffs_blkfree: freeing free frag");
1893 }
1894 setbit(blksfree, cgbno + i);
1895 }
1896 cgp->cg_cs.cs_nffree += i;
1897 fs->fs_cstotal.cs_nffree += i;
1898 fs->fs_cs(fs, cg).cs_nffree += i;
>How-To-Repeat:
1. creat mirror using gmirror
2. boot the system without geom_mirror_load=YES in loader.cfg,
3. after reboot gmirror load
4. mount /dev/mirror/{label} /mnt
4 dump -L -0 -f- / |(cd /mnt && restore -r -v -f-).
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200512180251.jBI2pAAC006550>