[PANIC] ffs_alloccg: map corrupted (w/SU+J)

From: David O'Brien <obrien_at_freebsd.org>
Date: Sat, 5 Mar 2011 15:33:01 -0800
Feb 24 19:43:16 : FreeBSD 9.0-CURRENT #662 r218815:218845M: Tue Feb 22 00:13:31 PST 2011
Feb 24 19:43:16 : /sys/i386/compile/DRAGON i386
[..]
Mar  5 14:41:38 : start = 0, len = 1659, fs = /storage
Mar  5 14:41:38 : panic: ffs_alloccg: map corrupted
Mar  5 14:41:38 : cpuid = 0
Mar  5 14:41:38 : KDB: stack backtrace:
Mar  5 14:41:38 : db_trace_self_wrapper(c084242b,65676172,a0d,4,0,...) at 0xc04ebf46 = db_trace_self_wrapper+0x26
Mar  5 14:41:38 : kdb_backtrace(c0860edc,0,c085531a,eaf4870c,0,...) at 0xc05ff87a = kdb_backtrace+0x2a
Mar  5 14:41:38 : panic(c085531a,0,67b,c65230d4,e000c000,...) at 0xc05d1d67 = panic+0x117
Mar  5 14:41:38 : ffs_mapsearch(4462ea0,0,8,0,0,...) at 0xc0759163 = ffs_mapsearch+0x153
Mar  5 14:41:38 : ffs_alloccgblk(4462ea0,0,4000,5ae,0,...) at 0xc075935c = ffs_alloccgblk+0xec
Mar  5 14:41:38 : ffs_alloccg(c99c29f8,2fa,4462ea0,0,4000,...) at 0xc0759c83 = ffs_alloccg+0x1b3
Mar  5 14:41:38 : ffs_hashalloc(4462ea0,0,4000,4000,c0759ad0,...) at 0xc0756321 = ffs_hashalloc+0x41
Mar  5 14:41:38 : ffs_alloc(c99c29f8,100e,0,4462ea0,0,...) at 0xc075acff = ffs_alloc+0x19f
Mar  5 14:41:38 : ffs_balloc_ufs2(ca740110,4038000,0,4000,c8bc7400,...) at 0xc075cff9 = ffs_balloc_ufs2+0x1949
Mar  5 14:41:38 : ffs_write(eaf48b90,eaf48b4c,eaf48b10,c0780ac2,ca740168,...) at 0xc077fc66 = ffs_write+0x276
Mar  5 14:41:38 : VOP_WRITE_APV(c08bb080,eaf48b90,ca740110,264,0,...) at 0xc08036e4 = VOP_WRITE_APV+0xe4
Mar  5 14:41:38 : vn_write(c7cfcc78,eaf48c24,c8bc7400,0,cddd05c0,...) at 0xc0663ad3 = vn_write+0x1c3
Mar  5 14:41:38 : dofilewrite(eaf48c24,ffffffff,ffffffff,0,c7cfcc78,...) at 0xc060fe55 = dofilewrite+0x95
Mar  5 14:41:38 : kern_writev(cddd05c0,4,eaf48c24,eaf48c44,1,...) at 0xc06100e8 = kern_writev+0x58
Mar  5 14:41:38 : write(cddd05c0,eaf48cec,cddd05c0,eaf48d28,4,...) at 0xc061016f = write+0x4f
Mar  5 14:41:38 : syscallenter(cddd05c0,eaf48ce4,eaf48ce4,0,3,...) at 0xc060b363 = syscallenter+0x2c3
Mar  5 14:41:38 : syscall(eaf48d28) at 0xc07e3114 = syscall+0x34
Mar  5 14:41:38 : Xint0x80_syscall() at 0xc07cf121 = Xint0x80_syscall+0x21
Mar  5 14:41:38 : --- syscall (4, FreeBSD ELF32, write), eip = 0x2818c60b, esp = 0xbfbfe86c, ebp = 0xbfbfe8d8 ---


Changes since my last reported SU+J panic:
1. Newer revision of ahd(4) ASIC
2. New U320 SCA enclosures (different vendor + model).
3. New motherboard

-- 
-- David  (obrien_at_FreeBSD.org)

P.S. I am using this UFS patch:

Index: ufs/ffs/ffs_softdep.c
===================================================================
--- ufs/ffs/ffs_softdep.c	(revision 218815)
+++ ufs/ffs/ffs_softdep.c	(working copy)
_at__at_ -6068,6 +6068,7 _at__at_ indir_trunc(freework, dbn, lbn)
 	struct jnewblk *jnewblk;
 	struct freeblks *freeblks;
 	struct buf *bp;
+	struct bufobj *bo;
 	struct fs *fs;
 	struct worklist *wkn;
 	struct worklist *wk;
_at__at_ -6106,14 +6107,13 _at__at_ indir_trunc(freework, dbn, lbn)
 	 * a complete copy of the indirect block in memory for our use.
 	 * Otherwise we have to read the blocks in from the disk.
 	 */
-#ifdef notyet
-	bp = getblk(freeblks->fb_devvp, dbn, (int)fs->fs_bsize, 0, 0,
-	    GB_NOCREAT);
-#else
-	bp = incore(&freeblks->fb_devvp->v_bufobj, dbn);
-#endif
+	bo = &freeblks->fb_devvp->v_bufobj;
+check_incore:
 	ACQUIRE_LOCK(&lk);
+	BO_LOCK(bo);
+	bp = gbincore(bo, dbn);
 	if (bp != NULL && (wk = LIST_FIRST(&bp->b_dep)) != NULL) {
+		BO_UNLOCK(bo);
 		if (wk->wk_type != D_INDIRDEP ||
 		    (wk->wk_state & GOINGAWAY) == 0)
 			panic("indir_trunc: lost indirdep %p", wk);
_at__at_ -6126,15 +6126,34 _at__at_ indir_trunc(freework, dbn, lbn)
 		ump->um_numindirdeps -= 1;
 		FREE_LOCK(&lk);
 	} else {
-#ifdef notyet
-		if (bp)
-			brelse(bp);
-#endif
 		FREE_LOCK(&lk);
-		if (bread(freeblks->fb_devvp, dbn, (int)fs->fs_bsize,
-		    NOCRED, &bp) != 0) {
-			brelse(bp);
-			return;
+		if (bp != NULL) {
+			if (BUF_LOCK(bp, LK_EXCLUSIVE | LK_NOWAIT |
+			    LK_INTERLOCK, BO_MTX(bo)) != 0) {
+				pause("INDIRT", 1);
+				goto check_incore;
+			}
+		} else {
+			BO_UNLOCK(bo);
+			bp = getblk(freeblks->fb_devvp, dbn, fs->fs_bsize, 0,
+			    0, 0);
+			if (LIST_FIRST(&bp->b_dep) != NULL) {
+				brelse(bp);
+				goto check_incore;
+			}
+		}
+
+		if ((bp->b_flags & B_CACHE) == 0) {
+			bp->b_iocmd = BIO_READ;
+			bp->b_flags &= ~B_INVAL;
+			bp->b_ioflags &= ~BIO_ERROR;
+			vfs_busy_pages(bp, 0);
+			bp->b_iooffset = dbtob(bp->b_blkno);
+			bstrategy(bp);
+			if (bufwait(bp) != 0) {
+				brelse(bp);
+				return;
+			}
 		}
 	}
 	/*
_at__at_ -6805,7 +6824,8 _at__at_ cancel_diradd(dap, dirrem, jremref, dotr
 			mkdir->md_jaddref = NULL;
 			if (mkdir->md_state & MKDIR_PARENT) {
 				if (cancel_jaddref(jaddref, NULL,
-				    &dirrem->dm_jwork) == 0) {
+				    &dirrem->dm_jwork) == 0 &&
+				    dotdotremref != NULL) {
 					free_jremref(dotdotremref);
 					dotdotremref = NULL;
 				}
Received on Sat Mar 05 2011 - 23:28:49 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:12 UTC