NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kern/12404 (panic: ffs_alloccg: map corrupted)
The following reply was made to PR kern/12404; it has been noted by GNATS.
From: Havard Eidnes <he%NetBSD.org@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc:
Subject: Re: kern/12404 (panic: ffs_alloccg: map corrupted)
Date: Thu, 17 Jul 2008 08:38:24 +0200 (CEST)
Hi,
as per discussion elsewhere, the diff was probably not fixing the
problem, and is no longer available.
I had another occurrance, and per request, here's "show reg"
output together with a backtrace. This is with 4.99.70 on the
new system (dual-Xeon 2.2GHz, 2GB memory, 205GB RAID on ciss(4)):
start = 1, len = 23751, fs = /u
offset=6024 6024
cg 164
panic: ffs_alloccg: map corrupted
fatal breakpoint trap in supervisor mode
trap type 1 code 0 eip c054d23c cs 8 eflags 246 cr2 bb954000 ilevel 0
Stopped in pid 22468.1 (as) at netbsd:breakpoint+0x4: popl %ebp
db{0}>
db{0}> tra
breakpoint(c0a67f89,cc7b7728,c0a93bc0,c049c585,0,5,0,0,cc7b772c,0) at
netbsd:breakpoint+0x4
panic(c0a15eab,a4,1788,c33480d4,cd98f680,edc0900,0,d2788000,c3348000,1) at
netbsd:panic+0x1b8
ffs_alloccgblk(1db8108,0,2,8000,ffffffff,1,cc7b77e8,0,0,8108) at
netbsd:ffs_alloccgblk
ffs_alloccg(d58142ac,a4,1db8108,0,1000,0,a4,d58142ac,c3348000,c3348000) at
netbsd:ffs_alloccg+0x278
ffs_hashalloc(1db8108,0,1000,c03c49a0,0,0,b700,0,dd38463,0) at
netbsd:ffs_hashalloc+0x3a
ffs_alloc(d58142ac,0,0,1db8108,0,1000,d84f1840,cc7b79d4,de85a530,cc7b798c) at
netbsd:ffs_alloc+0x22f
ffs_balloc(d58130b8,0,0,252,d84f1840,0,0,c0494bb1,cc402480,1) at
netbsd:ffs_balloc+0x11e0
ufs_gop_alloc(d58130b8,0,0,252,0,0,d84f1840,0,1c02,0) at
netbsd:ufs_gop_alloc+0xbe
ufs_balloc_range(d58130b8,248,0,a,0,d84f1840,0,c040817d,0,0) at
netbsd:ufs_balloc_range+0x26a
ffs_write(cc7b7c04,0,c081bbc0,d58130b8,2,20002,cc7b7c1c,c04e57c8,c081b6c0,d58130b8)
at netbsd:ffs_write+0x8f1
VOP_WRITE(d58130b8,cc7b7c7c,10,d84f1840,ffffffff,ffffffff,0,16,a,bb954000) at
netbsd:VOP_WRITE+0x6c
vn_write(cd8f35c0,cd8f35c0,cc7b7c7c,d84f1840,1,e09cc900,dc56fef8,d9fc7a40,bb954000,1000)
at netbsd:vn_write+0xb1
dofilewrite(3,cd8f35c0,bb954000,a,cd8f35c0,1,cc7b7d28,0,0,dba112e0) at
netbsd:dofilewrite+0x75
sys_write(dba112e0,cc7b7d00,cc7b7d28,bb954000,bb954000,d9fc7a40,2,3,bb954000,a)
at netbsd:sys_write+0x6f
syscall(cc7b7d48,bb9400b3,bb9100ab,bfbf001f,bbbc001f,bb954000,bbb61200,bfbfdf28,bbb55118,bbb61200)
at netbsd:syscall+0xab
db{0}> show reg
ds 0x10
es 0x10
fs 0x30
gs 0x10
edi 0x2
esi 0xc0a15eab copyright+0x3302b
ebp 0xcc7b76dc
ebx 0x100
edx 0x8
ecx 0
eax 0x1
eip 0xc054d23c breakpoint+0x4
cs 0x8
eflags 0x246
esp 0xcc7b76dc
ss 0x10
netbsd:breakpoint+0x4: popl %ebp
db{0}>
Looking at the code, it appears that the backtrace is misleading,
the panic() is in ffs_mapsearch(), not in ffs_alloccgblk(). I'll
admit that I don't understand why ddb gets the backtrace wrong.
Here's the disassembly of that function, up to and including the
panic() call:
db{0}> x/i ffs_mapsearch
netbsd:ffs_mapsearch: pushl %ebp
db{0}> x/i,20
netbsd:ffs_mapsearch: pushl %ebp
netbsd:ffs_mapsearch+0x1: movl %esp,%ebp
netbsd:ffs_mapsearch+0x3: pushl %edi
netbsd:ffs_mapsearch+0x4: pushl %esi
netbsd:ffs_mapsearch+0x5: pushl %ebx
netbsd:ffs_mapsearch+0x6: subl $0x4c,%esp
netbsd:ffs_mapsearch+0x9: movl 0xc(%ebp),%ecx
netbsd:ffs_mapsearch+0xc: movl %edx,0xffffffc4(%ebp)
netbsd:ffs_mapsearch+0xf: movl 0x8(%ebp),%edx
netbsd:ffs_mapsearch+0x12: movl %eax,0xffffffc8(%ebp)
netbsd:ffs_mapsearch+0x15: movl %ecx,%eax
netbsd:ffs_mapsearch+0x17: orl %edx,%eax
netbsd:ffs_mapsearch+0x19: jz netbsd:ffs_mapsearch+0x1ef
netbsd:ffs_mapsearch+0x1f: movl 0xffffffc8(%ebp),%ebx
netbsd:ffs_mapsearch+0x22: movl 0xbc(%ebx),%eax
netbsd:ffs_mapsearch+0x28: movl %ecx,0x4(%esp)
netbsd:ffs_mapsearch+0x2c: movl %edx,0(%esp)
netbsd:ffs_mapsearch+0x2f: movl %eax,%ebx
netbsd:ffs_mapsearch+0x31: sarl $0x1f,%ebx
netbsd:ffs_mapsearch+0x34: movl %ebx,0xc(%esp)
netbsd:ffs_mapsearch+0x38: movl %eax,0x8(%esp)
netbsd:ffs_mapsearch+0x3c: call netbsd:__moddi3
netbsd:ffs_mapsearch+0x41: movl %edx,%ebx
netbsd:ffs_mapsearch+0x43: movl %edx,%ecx
netbsd:ffs_mapsearch+0x45: sarl $0x1f,%ebx
netbsd:ffs_mapsearch+0x48: movl %ebx,%ebx
netbsd:ffs_mapsearch+0x4a: sarl $0x1f,%ebx
netbsd:ffs_mapsearch+0x4d: movl %ebx,%ecx
netbsd:ffs_mapsearch+0x4f: movl %ebx,%ecx
netbsd:ffs_mapsearch+0x51: shrl $0x1d,%ecx
netbsd:ffs_mapsearch+0x54: xorl %ebx,%ebx
netbsd:ffs_mapsearch+0x56: addl %eax,%ecx
db{0}>
netbsd:ffs_mapsearch+0x58: adcl %edx,%ebx
netbsd:ffs_mapsearch+0x5a: movl 0xffffffc4(%ebp),%edx
netbsd:ffs_mapsearch+0x5d: shrdl $0x3,%ecx,%ebx
netbsd:ffs_mapsearch+0x61: sarl $0x3,%ebx
netbsd:ffs_mapsearch+0x64: movl %ecx,%esi
netbsd:ffs_mapsearch+0x66: cmpl $0x90255,0x4(%edx)
netbsd:ffs_mapsearch+0x6d: jz netbsd:ffs_mapsearch+0x208
netbsd:ffs_mapsearch+0x73: addl $0x3d8,%edx
netbsd:ffs_mapsearch+0x79: movl %edx,0xffffffdc(%ebp)
netbsd:ffs_mapsearch+0x7c: movl 0xffffffc8(%ebp),%eax
netbsd:ffs_mapsearch+0x7f: movl 0xbc(%eax),%edx
netbsd:ffs_mapsearch+0x85: addl $0x7,%edx
netbsd:ffs_mapsearch+0x88: movl %edx,%eax
netbsd:ffs_mapsearch+0x8a: sarl $0x1f,%eax
netbsd:ffs_mapsearch+0x8d: shrl $0x1d,%eax
netbsd:ffs_mapsearch+0x90: leal 0(%eax,%edx,1),%ebx
netbsd:ffs_mapsearch+0x93: movl 0x10(%ebp),%edx
netbsd:ffs_mapsearch+0x96: sarl $0x3,%ebx
netbsd:ffs_mapsearch+0x99: subl %esi,%ebx
netbsd:ffs_mapsearch+0x9b: decl %edx
netbsd:ffs_mapsearch+0x9c: movl %edx,0xffffffcc(%ebp)
netbsd:ffs_mapsearch+0x9f: movl 0xffffffc8(%ebp),%edx
netbsd:ffs_mapsearch+0xa2: movl 0xffffffcc(%ebp),%edi
netbsd:ffs_mapsearch+0xa5: movl 0x38(%edx),%eax
netbsd:ffs_mapsearch+0xa8: movl %ebx,0(%esp)
netbsd:ffs_mapsearch+0xab: movl %eax,%ecx
netbsd:ffs_mapsearch+0xad: movl netbsd:fragtbl(,%eax,4),%eax
netbsd:ffs_mapsearch+0xb4: andl $0x7,%ecx
netbsd:ffs_mapsearch+0xb7: addl %edi,%ecx
netbsd:ffs_mapsearch+0xb9: movl $0x1,%edi
netbsd:ffs_mapsearch+0xbe: movl %edi,%edx
netbsd:ffs_mapsearch+0xc0: movl %eax,0x8(%esp)
db{0}>
netbsd:ffs_mapsearch+0xc4: movl 0xffffffdc(%ebp),%eax
netbsd:ffs_mapsearch+0xc7: shll %cl,%edx
netbsd:ffs_mapsearch+0xc9: movl %edx,0xc(%esp)
netbsd:ffs_mapsearch+0xcd: addl %esi,%eax
netbsd:ffs_mapsearch+0xcf: movl %eax,0x4(%esp)
netbsd:ffs_mapsearch+0xd3: call netbsd:scanc
netbsd:ffs_mapsearch+0xd8: testl %eax,%eax
netbsd:ffs_mapsearch+0xda: movl %eax,%edx
netbsd:ffs_mapsearch+0xdc: jz netbsd:ffs_mapsearch+0x218
netbsd:ffs_mapsearch+0xe2: leal 0(%esi,%ebx,1),%eax
netbsd:ffs_mapsearch+0xe5: subl %edx,%eax
netbsd:ffs_mapsearch+0xe7: movl 0xffffffc4(%ebp),%edx
netbsd:ffs_mapsearch+0xea: leal 0(,%eax,8),%edi
netbsd:ffs_mapsearch+0xf1: leal 0x8(%edi),%ebx
netbsd:ffs_mapsearch+0xf4: cmpl %ebx,%edi
netbsd:ffs_mapsearch+0xf6: movl %edi,0x2c(%edx)
netbsd:ffs_mapsearch+0xf9: movl %ebx,0xffffffd8(%ebp)
netbsd:ffs_mapsearch+0xfc: jnl netbsd:ffs_mapsearch+0x1ba
netbsd:ffs_mapsearch+0x102: movl 0x10(%ebp),%edx
netbsd:ffs_mapsearch+0x105: movl $0x8,%ecx
netbsd:ffs_mapsearch+0x10a: movl 0xffffffc8(%ebp),%eax
netbsd:ffs_mapsearch+0x10d: movl 0x10(%ebp),%ebx
netbsd:ffs_mapsearch+0x110: movl netbsd:around(,%edx,4),%edx
netbsd:ffs_mapsearch+0x117: movl 0x38(%eax),%eax
netbsd:ffs_mapsearch+0x11a: movl netbsd:inside(,%ebx,4),%ebx
netbsd:ffs_mapsearch+0x121: movl $0xff,0xffffffd0(%ebp)
netbsd:ffs_mapsearch+0x128: movl %edx,0xfffffff0(%ebp)
netbsd:ffs_mapsearch+0x12b: movl 0x10(%ebp),%edx
netbsd:ffs_mapsearch+0x12e: movl %eax,0xffffffe4(%ebp)
netbsd:ffs_mapsearch+0x131: movl 0xffffffe4(%ebp),%esi
netbsd:ffs_mapsearch+0x134: movl %ebx,0xffffffec(%ebp)
netbsd:ffs_mapsearch+0x137: subl %edx,%eax
db{0}>
netbsd:ffs_mapsearch+0x139: movl %eax,0xffffffd4(%ebp)
netbsd:ffs_mapsearch+0x13c: movl 0xffffffe4(%ebp),%eax
netbsd:ffs_mapsearch+0x13f: subl %esi,%ecx
netbsd:ffs_mapsearch+0x141: sarl %cl,0xffffffd0(%ebp)
netbsd:ffs_mapsearch+0x144: addl %edi,%eax
netbsd:ffs_mapsearch+0x146: movl %eax,0xffffffe0(%ebp)
netbsd:ffs_mapsearch+0x149: movl %edi,%eax
netbsd:ffs_mapsearch+0x14b: movl 0xffffffdc(%ebp),%ebx
netbsd:ffs_mapsearch+0x14e: cdq
netbsd:ffs_mapsearch+0x14f: shrl $0x1d,%edx
netbsd:ffs_mapsearch+0x152: leal 0(%edx,%edi,1),%ecx
netbsd:ffs_mapsearch+0x155: movl %ecx,%eax
netbsd:ffs_mapsearch+0x157: sarl $0x3,%eax
netbsd:ffs_mapsearch+0x15a: movzbl 0(%ebx,%eax,1),%eax
netbsd:ffs_mapsearch+0x15e: movl 0xffffffd4(%ebp),%ebx
netbsd:ffs_mapsearch+0x161: testl %ebx,%ebx
netbsd:ffs_mapsearch+0x163: js netbsd:ffs_mapsearch+0x1a2
netbsd:ffs_mapsearch+0x165: movl 0xffffffd0(%ebp),%esi
netbsd:ffs_mapsearch+0x168: andl $0x7,%ecx
netbsd:ffs_mapsearch+0x16b: movzbl %eax,%eax
netbsd:ffs_mapsearch+0x16e: subl %edx,%ecx
netbsd:ffs_mapsearch+0x170: sarl %cl,%eax
netbsd:ffs_mapsearch+0x172: andl %esi,%eax
netbsd:ffs_mapsearch+0x174: leal 0(%eax,%eax,1),%esi
netbsd:ffs_mapsearch+0x177: movl 0xfffffff0(%ebp),%eax
netbsd:ffs_mapsearch+0x17a: andl %esi,%eax
netbsd:ffs_mapsearch+0x17c: cmpl %eax,0xffffffec(%ebp)
netbsd:ffs_mapsearch+0x17f: jz netbsd:ffs_mapsearch+0x1e2
netbsd:ffs_mapsearch+0x181: movl 0xfffffff0(%ebp),%ecx
netbsd:ffs_mapsearch+0x184: xorl %ebx,%ebx
netbsd:ffs_mapsearch+0x186: movl 0xffffffec(%ebp),%edx
netbsd:ffs_mapsearch+0x189: jmp netbsd:ffs_mapsearch+0x19c
db{0}>
netbsd:ffs_mapsearch+0x18b: nop
netbsd:ffs_mapsearch+0x18c: leal 0(%esi),%esi
netbsd:ffs_mapsearch+0x190: addl %ecx,%ecx
netbsd:ffs_mapsearch+0x192: movl %esi,%eax
netbsd:ffs_mapsearch+0x194: addl %edx,%edx
netbsd:ffs_mapsearch+0x196: andl %ecx,%eax
netbsd:ffs_mapsearch+0x198: cmpl %edx,%eax
netbsd:ffs_mapsearch+0x19a: jz netbsd:ffs_mapsearch+0x1e4
netbsd:ffs_mapsearch+0x19c: incl %ebx
netbsd:ffs_mapsearch+0x19d: cmpl 0xffffffd4(%ebp),%ebx
netbsd:ffs_mapsearch+0x1a0: jle netbsd:ffs_mapsearch+0x190
netbsd:ffs_mapsearch+0x1a2: movl 0xffffffe4(%ebp),%eax
netbsd:ffs_mapsearch+0x1a5: addl %eax,0xffffffe0(%ebp)
netbsd:ffs_mapsearch+0x1a8: movl 0xffffffe4(%ebp),%ecx
netbsd:ffs_mapsearch+0x1ab: movl 0xffffffe4(%ebp),%ebx
netbsd:ffs_mapsearch+0x1ae: movl 0xffffffe0(%ebp),%eax
netbsd:ffs_mapsearch+0x1b1: addl %ebx,%edi
netbsd:ffs_mapsearch+0x1b3: subl %ecx,%eax
netbsd:ffs_mapsearch+0x1b5: cmpl %eax,0xffffffd8(%ebp)
netbsd:ffs_mapsearch+0x1b8: jnle netbsd:ffs_mapsearch+0x149
netbsd:ffs_mapsearch+0x1ba: movl 0xffffffc8(%ebp),%eax
netbsd:ffs_mapsearch+0x1bd: movl %edi,0x4(%esp)
netbsd:ffs_mapsearch+0x1c1: movl $0xc0a15ec6,0(%esp)
netbsd:ffs_mapsearch+0x1c8: addl $0xd4,%eax
netbsd:ffs_mapsearch+0x1cd: movl %eax,0x8(%esp)
netbsd:ffs_mapsearch+0x1d1: call netbsd:printf
netbsd:ffs_mapsearch+0x1d6: movl $0xc0a15ed9,0(%esp)
netbsd:ffs_mapsearch+0x1dd: call netbsd:panic
netbsd:ffs_mapsearch+0x1e2: xorl %ebx,%ebx
netbsd:ffs_mapsearch+0x1e4: addl $0x4c,%esp
netbsd:ffs_mapsearch+0x1e7: leal 0(%ebx,%edi,1),%eax
netbsd:ffs_mapsearch+0x1ea: popl %ebx
db{0}>
netbsd:ffs_mapsearch+0x1eb: popl %esi
netbsd:ffs_mapsearch+0x1ec: popl %edi
netbsd:ffs_mapsearch+0x1ed: popl %ebp
netbsd:ffs_mapsearch+0x1ee: ret
netbsd:ffs_mapsearch+0x1ef: movl 0xffffffc4(%ebp),%eax
netbsd:ffs_mapsearch+0x1f2: movl 0xffffffc4(%ebp),%edx
netbsd:ffs_mapsearch+0x1f5: movl 0x2c(%eax),%esi
netbsd:ffs_mapsearch+0x1f8: shrl $0x3,%esi
netbsd:ffs_mapsearch+0x1fb: cmpl $0x90255,0x4(%edx)
netbsd:ffs_mapsearch+0x202: jnz netbsd:ffs_mapsearch+0x73
netbsd:ffs_mapsearch+0x208: movl 0xffffffc4(%ebp),%ebx
netbsd:ffs_mapsearch+0x20b: movl 0x60(%ebx),%eax
netbsd:ffs_mapsearch+0x20e: addl %eax,%ebx
netbsd:ffs_mapsearch+0x210: movl %ebx,0xffffffdc(%ebp)
netbsd:ffs_mapsearch+0x213: jmp netbsd:ffs_mapsearch+0x7c
netbsd:ffs_mapsearch+0x218: movl 0xffffffc8(%ebp),%edx
netbsd:ffs_mapsearch+0x21b: leal 0x1(%esi),%eax
netbsd:ffs_mapsearch+0x21e: movl %eax,0xffffffe8(%ebp)
netbsd:ffs_mapsearch+0x221: movl 0x38(%edx),%eax
netbsd:ffs_mapsearch+0x224: movl 0xffffffcc(%ebp),%edx
netbsd:ffs_mapsearch+0x227: movl %eax,%ecx
netbsd:ffs_mapsearch+0x229: movl netbsd:fragtbl(,%eax,4),%eax
netbsd:ffs_mapsearch+0x230: andl $0x7,%ecx
netbsd:ffs_mapsearch+0x233: addl %edx,%ecx
netbsd:ffs_mapsearch+0x235: movl 0xffffffe8(%ebp),%edx
netbsd:ffs_mapsearch+0x238: shll %cl,%edi
netbsd:ffs_mapsearch+0x23a: movl %eax,0x8(%esp)
netbsd:ffs_mapsearch+0x23e: movl 0xffffffdc(%ebp),%eax
netbsd:ffs_mapsearch+0x241: movl %edi,0xc(%esp)
netbsd:ffs_mapsearch+0x245: movl %edx,0(%esp)
netbsd:ffs_mapsearch+0x248: movl %eax,0x4(%esp)
netbsd:ffs_mapsearch+0x24c: call netbsd:scanc
db{0}>
Home |
Main Index |
Thread Index |
Old Index