6.0-REL problems with ISA ed0, FFS corruption and ancient hardware

Matt Emmerton matt at compar.com
Sun Mar 19 16:27:31 UTC 2006

[ Asked on -questions on Friday; re-asking now on -stable without

I recently upgraded a 4.11-REL machine to 6.0-REL and have run into some
snags.  While the installation from CD went fine, after configuring and
enabling my ed0 NIC, bad things start to happen.

FWIW, this machine is an ancient (hardware circa 1991, BIOS circa 1994)
dual-Pentium 133 MHz machine, with EISA/PCI and onboard SCSI.

So far I can reliably reproduce two panics, one appears to be a ed driver
bug (based on reports of similar panics with different NICs, notably nge)
and one is a filesystem corruption problem.

Here's the process that I go through to reliably reproduce both problems.
1) Boot machine in multi-user mode
2) After ifconfig ed0, machine panics with a trap 12 in ithread_loop.
3) In debugger, reset (or panic to get vmcore)
4) Reboot in multi-user mode, but set "hint.ed.0.disabled=1" in the boot
loader (to avoid ifconifg panic)
5) Root filesystem is fsckd; all other filesystems are scheduled for
background fsck
6) Encounter panic "ffs_valloc: dup alloc"
7) In debugger, reset (or panic to get vmcore)

Attached is the full dmesg and stacktrace output from kgdb for the *second*
panic, since I figure this is the more critical issue.

Matt Emmerton
-------------- next part --------------
Script started on Sat Mar 18 12:58:13 2006
root at gabby# kgdb /boot/kernel/kernel.debug vmcore.0
[GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: Undefined symbol "ps_pglobal_lookup"]
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd".

Unread portion of the kernel message buffer:
Copyright (c) 1992-2005 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
	The Regents of the University of California. All rights reserved.
FreeBSD 6.0-RELEASE #0: Sat Mar 18 12:00:50 EST 2006
    root at gabby.gsicomp.on.ca:/usr2/obj/usr2/src/sys/GABBY.20060316.01
MPTable: <Default Configuration 6>
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Pentium/P54C (133.16-MHz 586-class CPU)
  Origin = "GenuineIntel"  Id = 0x52c  Stepping = 12
real memory  = 50331648 (48 MB)
avail memory = 43941888 (41 MB)
Intel Pentium detected, installing workaround for F00F bug
ioapic0: Changing APIC ID to 2
ioapic0 <Version 1.1> irqs 0-15 on motherboard
npx0: [FAST]
npx0: <math processor> on motherboard
npx0: INT 16 interface
cpu0 on motherboard
pcib0: <Host to PCI bridge> pcibus 0 on motherboard
pci0: <PCI bus> on pcib0
eisab0: <PCI-EISA bridge> at device 2.0 on pci0
eisa0: <EISA bus> on eisab0
mainboard0: <AIR0702 (System Board)> on eisa0 slot 0
isa0: <ISA bus> on eisab0
ahc0: <Adaptec aic7870 SCSI adapter> port 0xf800-0xf8ff mem 0xffbef000-0xffbeffff irq 11 at device 11.0 on pci0
aic7870: Wide Channel A, SCSI Id=7, 16/253 SCBs
orm0: <ISA Option ROMs> at iomem 0xc0000-0xc7fff,0xc8000-0xca7ff on isa0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
atkbd0: [GIANT-LOCKED]
psm0: <PS/2 Mouse> irq 12 on atkbdc0
psm0: model Generic PS/2 mouse, device ID 0
fdc0: <Enhanced floppy controller> at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0
fdc0: [FAST]
fd0: <1440-KB 3.5" drive> on fdc0 drive 0
ppc0: <Parallel port> at port 0x378-0x37f irq 7 on isa0
ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
ppbus0: <Parallel port bus> on ppc0
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
ppi0: <Parallel I/O> on ppbus0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
sio0: type 16550A
sio1 at port 0x2f8-0x2ff irq 3 on isa0
sio1: type 16550A
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
unknown: <PNP0f13> can't assign resources (irq)
unknown: <PNP0303> can't assign resources (port)
unknown: <PNP0400> can't assign resources (port)
unknown: <PNP0500> can't assign resources (port)
unknown: <PNP0500> can't assign resources (irq)
unknown: <PNP0700> can't assign resources (port)
Timecounter "TSC" frequency 133160146 Hz quality 800
Timecounters tick every 1.000 msec
Waiting 10 seconds for SCSI devices to settle
cd0 at ahc0 bus 0 target 4 lun 0
cd0: <PIONEER CD-ROM DR-U06S 1.05> Removable CD-ROM SCSI-2 device 
cd0: 10.000MB/s transfers (10.000MHz, offset 15)
cd0: Attempt to query device size failed: NOT READY, Medium not present
da1 at ahc0 bus 0 target 5 lun 0
da1: <SEAGATE ST32151N 9470> Fixed Direct Access SCSI-2 device 
da1: 10.000MB/s transfers (10.000MHz, offset 15), Tagged Queueing Enabled
da1: 2049MB (4197405 512 byte sectors: 64H 32S/T 2049C)
da0 at ahc0 bus 0 target 0 lun 0
da0: <SEAGATE ST32430N 0510> Fixed Direct Access SCSI-2 device 
da0: 10.000MB/s transfers (10.000MHz, offset 15), Tagged Queueing Enabled
da0: 2049MB (4197405 512 byte sectors: 64H 32S/T 2049C)
Trying to mount root from ufs:/dev/da0s1a
WARNING: / was not properly dismounted
<118>Loading configuration files.
<118>kernel dumps on /dev/da0s1b
<118>Entropy harvesting:
<118>swapon: adding /dev/da0s1b as swap device
<118>Starting file system checks:
<118>/dev/da0s1a: 1012 files, 21314 used, 52949 free (485 frags, 6558 blocks, 0.7% fragmentation)
<118>/dev/da1s1e: 147526 files, 1872872 used, 159266 free (754 frags, 19814 blocks, 0.0% fragmentation)
WARNING: /usr was not properly dismounted
WARNING: /var was not properly dismounted
mode = 040755, inum = 5, fs = /var
panic: ffs_valloc: dup alloc
KDB: enter: panic
panic: from debugger
Uptime: 1m52s
Dumping 47 MB (2 chunks)
  chunk 0: 1MB (159 pages) ... ok
  chunk 1: 47MB (12032 pages) 32 16

#0  doadump () at pcpu.h:165
165	pcpu.h: No such file or directory.
	in pcpu.h
(kgdb) where
#0  doadump () at pcpu.h:165
#1  0xc04bdd1f in boot (howto=260) at /usr2/src/sys/kern/kern_shutdown.c:399
#2  0xc04bdfe8 in panic (fmt=0xc05fd370 "from debugger")
    at /usr2/src/sys/kern/kern_shutdown.c:555
#3  0xc043d1a9 in db_panic (addr=-1068670697, have_addr=0, count=-1, 
    modif=0xc52e2848 "") at /usr2/src/sys/ddb/db_command.c:438
#4  0xc043d140 in db_command (last_cmdp=0xc064bc24, cmd_table=0x0, 
    aux_cmd_tablep=0xc061d38c, aux_cmd_tablep_end=0xc061d390)
    at /usr2/src/sys/ddb/db_command.c:350
#5  0xc043d208 in db_command_loop () at /usr2/src/sys/ddb/db_command.c:458
#6  0xc043ee15 in db_trap (type=3, code=0) at /usr2/src/sys/ddb/db_main.c:221
#7  0xc04d6393 in kdb_trap (type=3, code=0, tf=0xc52e2988)
    at /usr2/src/sys/kern/subr_kdb.c:473
#8  0xc05e61f4 in trap (frame=
      {tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = 1, tf_esi = -1067380202, tf_ebp = -986830392, tf_isp = -986830412, tf_ebx = -986830348, tf_edx = 0, tf_ecx = -1061072896, tf_eax = 18, tf_trapno = 3, tf_err = 0, tf_eip = -1068670697, tf_cs = 32, tf_eflags = 642, tf_esp = -986830360, tf_ss = -1068769417})
    at /usr2/src/sys/i386/i386/trap.c:591
#9  0xc05d5cda in calltrap () at /usr2/src/sys/i386/i386/exception.s:139
#10 0xc04d6117 in kdb_enter (msg=0x12 <Address 0x12 out of bounds>)
    at cpufunc.h:60
#11 0xc04bdf77 in panic (fmt=0xc0611216 "ffs_valloc: dup alloc")
    at /usr2/src/sys/kern/kern_shutdown.c:539
#12 0xc0577db4 in ffs_valloc (pvp=0xc0e93dd0, mode=16877, cred=0xc0d5be00, 
    vpp=0xc52e2a50) at /usr2/src/sys/ufs/ffs/ffs_alloc.c:933
#13 0xc0591234 in ufs_mkdir (ap=0xc52e2bb8)
    at /usr2/src/sys/ufs/ufs/ufs_vnops.c:1333
#14 0xc05ef828 in VOP_MKDIR_APV (vop=0x12, a=0xc52e2bb8) at vnode_if.c:1251
#15 0xc051c4e5 in kern_mkdir (td=0xc0dc5a80, 
    path=0xbfbfef56 <Address 0xbfbfef56 out of bounds>, segflg=UIO_USERSPACE, 
    mode=511) at vnode_if.h:653
#16 0xc051c1c9 in mkdir (td=0xc0dc5a80, uap=0x12)
    at /usr2/src/sys/kern/vfs_syscalls.c:3301
#17 0xc05e6a67 in syscall (frame=
      {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = -1077940394, tf_esi = 1, tf_ebp = -1077940632, tf_isp = -986829468, tf_ebx = -1077940380, tf_edx = -1, tf_ecx = 672359652, tf_eax = 136, tf_trapno = 12, tf_err = 2, tf_eip = 671833491, tf_cs = 51, tf_eflags = 514, tf_esp = -1077940836, tf_ss = 59})
    at /usr2/src/sys/i386/i386/trap.c:976
#18 0xc05d5d2f in Xint0x80_syscall ()
    at /usr2/src/sys/i386/i386/exception.s:200
#19 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb) quit
root at gabby# exit

Script done on Sat Mar 18 12:58:43 2006

More information about the freebsd-stable mailing list