GENERIC 7.0-CURRENT from Nov 14 16:00 UTC, vmcore.22 Test with corrupted UFS2 file system. KDB: debugger backends: ddb KDB: current backend: ddb Copyright (c) 1992-2005 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 7.0-CURRENT #16: Mon Nov 14 17:19:26 CET 2005 pho@crashbox.osted.lan:/usr/src/sys/i386/compile/PHO WARNING: WITNESS option enabled, expect reduced performance. ACPI APIC Table: <A M I OEMAPIC > Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel(R) XEON(TM) CPU 1.80GHz (1799.80-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0xf24 Stepping = 4 Features=0x3febfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM> Logical CPUs per core: 2 real memory = 1073676288 (1023 MB) avail memory = 1041006592 (992 MB) : Trying to mount root from ufs:/dev/ad0s1a WARNING: / was not properly dismounted WARNING: /home was not properly dismounted WARNING: /tmp was not properly dismounted WARNING: /usr was not properly dismounted WARNING: /var was not properly dismounted fxp0: link state changed to UP g_vfs_done():md0c[READ(offset=268541952, length=1024)]error = 5 g_vfs_done():md0c[READ(offset=1032192, length=8192)]error = 5 g_vfs_done():md0c[READ(offset=1032192, length=8192)]error = 5 g_vfs_done():md0c[READ(offset=1032192, length=8192)]error = 5 g_vfs_done():md0c[READ(offset=1032192, length=8192)]error = 5 g_vfs_done():md0c[READ(offset=1032192, length=8192)]error = 5 panic: kmem_malloc(1342181376): kmem_map too small: 11620352 total allocated cpuid = 0 KDB: enter: panic [thread pid 2537 tid 100148 ] Stopped at kdb_enter+0x2b: nop db> where Tracing pid 2537 tid 100148 td 0xc54da480 kdb_enter(c0872545) at kdb_enter+0x2b panic(c088d49d,50001000,b15000,c553a280,50001000) at panic+0x14b kmem_malloc(c10600c0,50001000,2,e7725864,c0797ef3) at kmem_malloc+0x89 page_alloc(0,50001000,e7725857,2,2000006) at page_alloc+0x1a uma_large_malloc(50001000,2,c2159328,0,50000414) at uma_large_malloc+0x3b malloc(50000414,c0913880,2,c5268a00,0) at malloc+0xf5 ffs_mountfs(c54df414,c4c9b000,c54da480,c4e137d0,0) at ffs_mountfs+0x5c2 ffs_mount(c4c9b000,c54da480,0,0,c543715c) at ffs_mount+0x992 vfs_domount(c54da480,c4e742d0,c4e48a60,0,c4e131c0) at vfs_domount+0x5b1 vfs_donmount(c54da480,0,e7725ba8,c4cc7700,e) at vfs_donmount+0x135 kernel_mount(c4e482d0,0,804f030,0,fffffffe) at kernel_mount+0x6d ffs_cmount(c4e482d0,bfbfde50,0,c54da480,c0913120) at ffs_cmount+0x5d mount(c54da480,e7725d04,c,c54da480,e7725d30) at mount+0x156 syscall(3b,3b,3b,804ae3f,bfbfe914) at syscall+0x27e Xint0x80_syscall() at Xint0x80_syscall+0x1f --- syscall (21, FreeBSD ELF32, mount), eip = 0x280c140f, esp = 0xbfbfde2c, ebp = 0xbfbfdec8 --- db> call doadump Dumping 1023 MB (2 chunks) chunk 0: 1MB (159 pages) ... ok chunk 1: 1023MB (261872 pages) 1007 991 975 959 943 927 911 895 879 863 847 831 815 799 783 767 751 735 719 703 687 671 655 639 623 607 591 575 559 543 527 511 495 479 463 447 431 415 399 383 367 351 335 319 303 287 271 255 239 223 207 191 175 159 143 127 111 95 79 63 47 31 15 ... ok Dump complete = 0xf db> reset #0 doadump () at pcpu.h:165 165 __asm __volatile("movl %%fs:0,%0" : "=r" (td)); (kgdb) bt #0 doadump () at pcpu.h:165 #1 0xc046a3a3 in db_fncall (dummy1=0xc09b6e60, dummy2=0x0, dummy3=0x0, dummy4=0xe7725600 ",Vrç| \207~À\030Vrç\034Vrç\220\a") at ../../../ddb/db_command.c:489 #2 0xc046a1a8 in db_command (last_cmdp=0xc0923ce4, cmd_table=0x0, aux_cmd_tablep=0xc089e0a4, aux_cmd_tablep_end=0xc089e0c0) at ../../../ddb/db_command.c:404 #3 0xc046a270 in db_command_loop () at ../../../ddb/db_command.c:455 #4 0xc046be89 in db_trap (type=0x3, code=0x0) at ../../../ddb/db_main.c:228 #5 0xc0660924 in kdb_trap (type=0x3, code=0x0, tf=0xe7725798) at ../../../kern/subr_kdb.c:485 #6 0xc0806924 in trap (frame= {tf_fs = 0xe7720008, tf_es = 0xc0660028, tf_ds = 0xc0870028, tf_edi = 0xc088d49d, tf_esi = 0x1, tf_ebp = 0xe77257d8, tf_isp = 0xe77257c4, tf_ebx = 0xe7725804, tf_edx = 0x0, tf_ecx = 0xc1033000, tf_eax = 0x12, tf_trapno = 0x3, tf_err = 0x0, tf_eip = 0xc066062b, tf_cs = 0x20, tf_eflags = 0x286, tf_esp = 0xe77257f8, tf_ss = 0xc064688f}) at ../../../i386/i386/trap.c:612 #7 0xc07f380a in calltrap () at ../../../i386/i386/exception.s:139 #8 0xc066062b in kdb_enter (msg=0x12 <Address 0x12 out of bounds>) at cpufunc.h:60 #9 0xc064688f in panic (fmt=0xc088d49d "kmem_malloc(%ld): kmem_map too small: %ld total allocated") at ../../../kern/kern_shutdown.c:549 #10 0xc079d0e5 in kmem_malloc (map=0xc10600c0, size=0x50001000, flags=0x2) at ../../../vm/vm_kern.c:299 #11 0xc0795f92 in page_alloc (zone=0x0, bytes=0x50001000, pflag=0x12 <Address 0x12 out of bounds>, wait=0x2) at ../../../vm/uma_core.c:958 #12 0xc0797ef3 in uma_large_malloc (size=0x50001000, wait=0x2) at ../../../vm/uma_core.c:2702 #13 0xc063cb79 in malloc (size=0x50001000, mtp=0xc0913880, flags=0x2) at ../../../kern/kern_malloc.c:329 #14 0xc078453e in ffs_mountfs (devvp=0xc54df414, mp=0xc4c9b000, td=0xc54da480) at ../../../ufs/ffs/ffs_vfsops.c:676 #15 0xc0783866 in ffs_mount (mp=0xc4c9b000, td=0xc54da480) at ../../../ufs/ffs/ffs_vfsops.c:355 #16 0xc0698915 in vfs_domount (td=0xc54da480, fstype=0xc0913120 " \001f\031ufs", fspath=0xc4e48a60 "/mnt", fsflags=0x0, fsdata=0xc4e131c0) at ../../../kern/vfs_mount.c:776 #17 0xc0698189 in vfs_donmount (td=0xc54da480, fsflags=0x0, fsoptions=0xe7725ba8) at ../../../kern/vfs_mount.c:529 #18 0xc069a395 in kernel_mount (ma=0xc4e482d0, flags=0x0) at pcpu.h:162 #19 0xc07838fd in ffs_cmount (ma=0xc4e482d0, data=0xc1033000, flags=0x0, td=0xc54da480) at ../../../ufs/ffs/ffs_vfsops.c:382 #20 0xc0698352 in mount (td=0xc54da480, uap=0xe7725d04) at ../../../kern/vfs_mount.c:603 #21 0xc080718a in syscall (frame= {tf_fs = 0x3b, tf_es = 0x3b, tf_ds = 0x3b, tf_edi = 0x804ae3f, tf_esi = 0xbfbfe914, tf_ebp = 0xbfbfdec8, tf_isp = 0xe7725d64, tf_ebx = 0x804f050, tf_edx = 0x0, tf_ecx = 0x1, tf_eax = 0x15, tf_trapno = 0xc, tf_err = 0x2, tf_eip = 0x280c140f, tf_cs = 0x33, tf_eflags = 0x246, tf_esp = 0xbfbfde2c, tf_ss = 0x3b}) at ../../../i386/i386/trap.c:1003 #22 0xc07f385f in Xint0x80_syscall () at ../../../i386/i386/exception.s:200 #23 0x00000033 in ?? () Previous frame inner to this frame (corrupt stack?) (kgdb) f 14 #14 0xc078453e in ffs_mountfs (devvp=0xc54df414, mp=0xc4c9b000, td=0xc54da480) at ../../../ufs/ffs/ffs_vfsops.c:676 676 space = malloc((u_long)size, M_UFSMNT, M_WAITOK); (kgdb) info loc ump = (struct ufsmount *) 0xc549d200 bp = (struct buf *) 0x0 fs = (struct fs *) 0xc54b7000 dev = (struct cdev *) 0xc4fab000 space = (void *) 0x12e sblockloc = 0x10000 error = 0x0 i = 0x0 blks = 0x1 size = 0x50000414 ronly = 0x0 lp = (int32_t *) 0x0 cred = (struct ucred *) 0xc5268a00 cp = (struct g_consumer *) 0xc53f1040 (kgdb) p *fs $1 = {fs_firstfield = 0x0, fs_unused_1 = 0x0, fs_sblkno = 0x48, fs_cblkno = 0x50, fs_iblkno = 0x58, fs_dblkno = 0x68, fs_old_cgoffset = 0x0, fs_old_cgmask = 0x0, fs_old_time = 0x0, fs_old_size = 0x0, fs_old_dsize = 0x0, fs_ncg = 0x10000004, fs_bsize = 0x2000, fs_fsize = 0x400, fs_frag = 0x8, fs_minfree = 0x8, fs_old_rotdelay = 0x0, fs_old_rps = 0x0, fs_bmask = 0xffffe000, fs_fmask = 0xfffffc00, fs_bshift = 0xd, fs_fshift = 0xa, fs_maxcontig = 0x10, fs_maxbpg = 0x400, fs_fragshift = 0x3, fs_fsbtodb = 0x1, fs_sbsize = 0x800, fs_spare1 = {0x0, 0x0}, fs_nindir = 0x400, fs_inopb = 0x20, fs_old_nspf = 0x0, fs_optim = 0x0, fs_old_npsect = 0x0, fs_old_interleave = 0x0, fs_old_trackskew = 0x0, fs_id = {0x4379df24, 0xa5ef44b0}, fs_old_csaddr = 0x0, fs_cssize = 0x400, fs_cgsize = 0x400, fs_spare2 = 0x0, fs_old_nsect = 0x0, fs_old_spc = 0x0, fs_old_ncyl = 0x0, fs_old_cpg = 0x0, fs_ipg = 0x40, fs_fpg = 0x100, fs_old_cstotal = {cs_ndir = 0x0, cs_nbfree = 0x0, cs_nifree = 0x0, cs_nffree = 0x0}, fs_fmod = 0x0, fs_clean = 0x1, fs_ronly = 0x0, fs_old_flags = 0x80, fs_fsmnt = "/mnt", '\0' <repeats 463 times>, fs_volname = '\0' <repeats 31 times>, fs_swuid = 0x0, fs_pad = 0x0, fs_cgrotor = 0x0, fs_ocsp = {0x0 <repeats 28 times>}, fs_contigdirs = 0xc54bcc10 "ÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞÞÀÞ"..., fs_csp = 0xc54bc800, fs_maxcluster = 0xc54bcc00, fs_active = 0x0, fs_old_cpc = 0x0, fs_maxbsize = 0x2000, fs_sparecon64 = {0x0 <repeats 17 times>}, fs_sblockloc = 0x10000, fs_cstotal = {cs_ndir = 0x2, cs_nbfree = 0x61, cs_nifree = 0xf9, cs_nffree = 0x11, cs_numclusters = 0x0, cs_spare = {0x0, 0x0, 0x0}}, fs_time = 0x4379df25, fs_size = 0x3e8, fs_dsize = 0x31f, fs_csaddr = 0x68, fs_pendingblocks = 0x0, fs_pendinginodes = 0x0, fs_snapinum = {0x0 <repeats 20 times>}, fs_avgfilesize = 0x4000, fs_avgfpdir = 0x40, fs_save_cgsize = 0x0, fs_sparecon32 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0 <repeats 16 times>}, fs_flags = 0x2, fs_contigsumsize = 0x10, fs_maxsymlinklen = 0x78, fs_old_inodefmt = 0x0, fs_maxfilesize = 0x80200817fff, fs_qbmask = 0x1fff, fs_qfmask = 0x3ff, fs_state = 0x0, fs_old_postblformat = 0x0, fs_old_nrpos = 0x0, fs_spare5 = {0x0, 0x0}, fs_magic = 0x19540119}