FreeBSD Mail Archives

Date:      Mon, 25 Feb 2002 13:17:14 -0800
From:      Kris Kennaway <kris@obsecurity.org>
To:        Ian Dowse <iedowse@maths.tcd.ie>
Cc:        Kris Kennaway <kris@obsecurity.org>, mckusick@mckusick.com, fs@FreeBSD.org, dillon@FreeBSD.org, fanf@chiark.greenend.org.uk
Subject:   Re: UFS panic on -stable
Message-ID:  <20020225131714.B59373@xor.obsecurity.org>
In-Reply-To: <200202251840.aa88376@salmon.maths.tcd.ie>; from iedowse@maths.tcd.ie on Mon, Feb 25, 2002 at 06:40:07PM %2B0000
References:  <20020225014028.A53147@xor.obsecurity.org> <200202251840.aa88376@salmon.maths.tcd.ie>


--hHWLQfXTYDoKhP50
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Feb 25, 2002 at 06:40:07PM +0000, Ian Dowse wrote:
> In message <20020225014028.A53147@xor.obsecurity.org>, Kris Kennaway writ=
es:
>=20
> >Is there anything else I can provide?
>=20
> I don't have any real idea where to start, but the following information
> from frame 11 (ffs_freefile) would be useful. The alternatives are in
> case gdb is confused by register variables.
>=20
> 	*pvp			[or *(struct vnode *)0xce24d180]
> 	*pip			[or *(struct inode *)pvp->v_data]
> 	*fs			[or *pip->i_fs]
> 	*bp
> 	*cgp			[or *(struct cg *)bp->b_data]
> 	inosused[400/8] 	[or *((char *)cgp + cgp->cg_iusedoff + 50)]
> 	inosused[0]@200
>=20
> >From frame 18 (fdrop), "*p" and "*fp" might help to give some context
> too.

Here you go, hope I got everything:

(kgdb) frame 11
#11 0xc02ad7ce in ffs_freefile (pvp=3D0xce24d180, ino=3D400, mode=3D438) at=
 ../../ufs/ffs/ffs_alloc.c:1611
1611                            panic("ffs_vfree: freeing free inode");
(kgdb) print *pip
$1 =3D {i_lock =3D {lk_interlock =3D {lock_data =3D 0}, lk_flags =3D 1088, =
lk_sharecount =3D 0, lk_waitcount =3D 0,
    lk_exclusivecount =3D 1, lk_prio =3D 8, lk_wmesg =3D 0xc0386582 "inode"=
, lk_timo =3D 6,
    lk_lockholder =3D 2216}, i_hash =3D {le_next =3D 0x0, le_prev =3D 0xc16=
3f64c}, i_vnode =3D 0xce24d180,
  i_devvp =3D 0xcde3c780, i_flag =3D 134, i_dev =3D 0xc171d100, i_number =
=3D 400, i_effnlink =3D 0, inode_u =3D {
    fs =3D 0xc16f6000, e2fs =3D 0xc16f6000}, i_dquot =3D {0x0, 0x0}, i_modr=
ev =3D 181199503653679,
  i_lockf =3D 0x0, i_count =3D 0, i_endoff =3D 0, i_diroff =3D 0, i_offset =
=3D 0, i_ino =3D 0, i_reclen =3D 0,
  i_spare =3D {0, 0, 0}, i_dirhash =3D 0x0, i_din =3D {di_mode =3D 0, di_nl=
ink =3D 0, di_u =3D {oldids =3D {0, 0},
      inumber =3D 0}, di_size =3D 0, di_atime =3D 0, di_atimensec =3D 0, di=
_mtime =3D 1014629101,
    di_mtimensec =3D 0, di_ctime =3D 1014629101, di_ctimensec =3D 0, di_db =
=3D {0 <repeats 12 times>},
    di_ib =3D {0, 0, 0}, di_flags =3D 0, di_blocks =3D 0, di_gen =3D 812712=
882, di_uid =3D 0, di_gid =3D 0,
    di_spare =3D {0, 0}}}
(kgdb) print *(struct inode *)pvp->v_data
Cannot access memory at address 0x78.
(kgdb) print *pvp
Cannot access memory at address 0x0.
(kgdb) print *(struct vnode *)0xce24d180
$2 =3D {v_flag =3D 0, v_usecount =3D 0, v_writecount =3D 0, v_holdcnt =3D 0=
, v_id =3D 6943683,
  v_mount =3D 0xc1692000, v_op =3D 0xc1604e00, v_freelist =3D {tqe_next =3D=
 0xce6a6fc0,
    tqe_prev =3D 0xc03e8efc}, v_nmntvnodes =3D {tqe_next =3D 0x0, tqe_prev =
=3D 0xcdfeae64}, v_cleanblkhd =3D {
    tqh_first =3D 0x0, tqh_last =3D 0xce24d1ac}, v_dirtyblkhd =3D {tqh_firs=
t =3D 0x0, tqh_last =3D 0xce24d1b4},
  v_synclist =3D {le_next =3D 0x0, le_prev =3D 0xce5728fc}, v_numoutput =3D=
 0, v_type =3D VNON, v_un =3D {
    vu_mountedhere =3D 0x0, vu_socket =3D 0x0, vu_spec =3D {vu_specinfo =3D=
 0x0, vu_specnext =3D {
        sle_next =3D 0x0}}, vu_fifoinfo =3D 0x0}, v_lease =3D 0x0, v_lastw =
=3D 0, v_cstart =3D 0, v_lasta =3D 0,
  v_clen =3D 0, v_object =3D 0x0, v_interlock =3D {lock_data =3D 0}, v_vnlo=
ck =3D 0xc188f900, v_tag =3D VT_UFS,
  v_data =3D 0xc188f900, v_cache_src =3D {lh_first =3D 0x0}, v_cache_dst =
=3D {tqh_first =3D 0xc1d17680,
    tqh_last =3D 0xc1d17690}, v_dd =3D 0xce24d180, v_ddid =3D 0, v_pollinfo=
 =3D {vpi_lock =3D {lock_data =3D 0},
    vpi_selinfo =3D {si_pid =3D 0, si_note =3D {slh_first =3D 0x0}, si_flag=
s =3D 0}, vpi_events =3D 0,
    vpi_revents =3D 0}, v_vxproc =3D 0x0}
(kgdb) print *fs
$3 =3D {fs_firstfield =3D 0, fs_unused_1 =3D 0, fs_sblkno =3D 8, fs_cblkno =
=3D 16, fs_iblkno =3D 24,
  fs_dblkno =3D 280, fs_cgoffset =3D 1024, fs_cgmask =3D -1, fs_time =3D 10=
14587292, fs_size =3D 1024,
  fs_dsize =3D 743, fs_ncg =3D 1, fs_bsize =3D 16384, fs_fsize =3D 2048, fs=
_frag =3D 8, fs_minfree =3D 8,
  fs_rotdelay =3D 0, fs_rps =3D 60, fs_bmask =3D -16384, fs_fmask =3D -2048=
, fs_bshift =3D 14, fs_fshift =3D 11,
  fs_maxcontig =3D 7, fs_maxbpg =3D 4096, fs_fragshift =3D 3, fs_fsbtodb =
=3D 2, fs_sbsize =3D 2048,
  fs_csmask =3D -1024, fs_csshift =3D 10, fs_nindir =3D 4096, fs_inopb =3D =
128, fs_nspf =3D 4, fs_optim =3D 0,
  fs_npsect =3D 4096, fs_interleave =3D 1, fs_trackskew =3D 0, fs_id =3D {1=
014586946, 723435801},
  fs_csaddr =3D 280, fs_cssize =3D 2048, fs_cgsize =3D 16384, fs_ntrak =3D =
1, fs_nsect =3D 4096, fs_spc =3D 4096,
  fs_ncyl =3D 1, fs_cpg =3D 104, fs_ipg =3D 4096, fs_fpg =3D 106496, fs_cst=
otal =3D {cs_ndir =3D 2,
    cs_nbfree =3D 88, cs_nifree =3D 3362, cs_nffree =3D 5}, fs_fmod =3D 1 '=
\001', fs_clean =3D 0 '\000',
  fs_ronly =3D 0 '\000', fs_flags =3D 0 '\000', fs_fsmnt =3D "/dev", '\000'=
 <repeats 507 times>,
  fs_cgrotor =3D 0, fs_ocsp =3D {0x0 <repeats 29 times>}, fs_contigdirs =3D=
 0xc16f7804 "",
  fs_csp =3D 0xc16f7000, fs_maxcluster =3D 0xc16f7800, fs_cpc =3D 0, fs_opo=
stbl =3D {{0, 0, 0, 0, 0, 0, 0,
      0} <repeats 16 times>}, fs_snapinum =3D {0 <repeats 20 times>}, fs_av=
gfilesize =3D 16384,
  fs_avgfpdir =3D 64, fs_sparecon =3D {0 <repeats 26 times>}, fs_pendingblo=
cks =3D 0, fs_pendinginodes =3D 0,
  fs_contigsumsize =3D 7, fs_maxsymlinklen =3D 60, fs_inodefmt =3D 2, fs_ma=
xfilesize =3D 17592186044415,
  fs_qbmask =3D 16383, fs_qfmask =3D 2047, fs_state =3D 0, fs_postblformat =
=3D 1, fs_nrpos =3D 1,
  fs_postbloff =3D 0, fs_rotbloff =3D 0, fs_magic =3D 72020, fs_space =3D "=
"}
(kgdb) print *bp
$4 =3D {b_hash =3D {le_next =3D 0xc6891dc0, le_prev =3D 0xc68d3fac}, b_vnbu=
fs =3D {tqe_next =3D 0xc68c6f34,
    tqe_prev =3D 0xcde3c7b4}, b_freelist =3D {tqe_next =3D 0xc68350d4, tqe_=
prev =3D 0xc6898ea4}, b_act =3D {
    tqe_next =3D 0x0, tqe_prev =3D 0xc171e190}, b_flags =3D 160, b_qindex =
=3D 0, b_xflags =3D 5 '\005',
  b_lock =3D {lk_interlock =3D {lock_data =3D 0}, lk_flags =3D 1024, lk_sha=
recount =3D 0, lk_waitcount =3D 0,
    lk_exclusivecount =3D 1, lk_prio =3D 20, lk_wmesg =3D 0xc036db70 "bufwa=
it", lk_timo =3D 0,
    lk_lockholder =3D 2216}, b_error =3D 0, b_bufsize =3D 16384, b_runningb=
ufspace =3D 0, b_bcount =3D 16384,
  b_resid =3D 0, b_dev =3D 0xc171d100, b_data =3D 0xc8169000 "", b_kvabase =
=3D 0xc8169000 "",
  b_kvasize =3D 16384, b_lblkno =3D 64, b_blkno =3D 64, b_offset =3D 32768,=
 b_iodone =3D 0,
  b_iodone_chain =3D 0x0, b_vp =3D 0xcde3c780, b_dirtyoff =3D 0, b_dirtyend=
 =3D 0, b_rcred =3D 0x0,
  b_wcred =3D 0x0, b_pblkno =3D 47230112, b_saveaddr =3D 0x0, b_driver1 =3D=
 0x0, b_driver2 =3D 0x0,
  b_caller1 =3D 0x0, b_caller2 =3D 0x0, b_pager =3D {pg_spc =3D 0x0, pg_req=
page =3D 0}, b_cluster =3D {
    cluster_head =3D {tqh_first =3D 0xc689ce20, tqh_last =3D 0xc6818ba0}, c=
luster_entry =3D {
      tqe_next =3D 0xc689ce20, tqe_prev =3D 0xc6818ba0}}, b_pages =3D {0xc0=
c2b61c, 0xc0bef658, 0xc09ce414,
    0xc098d1d0, 0x0 <repeats 28 times>}, b_npages =3D 4, b_dep =3D {lh_firs=
t =3D 0x0}, b_chain =3D {
    parent =3D 0x0, count =3D 0}}
(kgdb) print *cgp
$5 =3D {cg_firstfield =3D 0, cg_magic =3D 590421, cg_time =3D 1014629101, c=
g_cgx =3D 0, cg_ncyl =3D 1,
  cg_niblk =3D 4096, cg_ndblk =3D 1024, cg_cs =3D {cs_ndir =3D 2, cs_nbfree=
 =3D 88, cs_nifree =3D 3362,
    cs_nffree =3D 5}, cg_rotor =3D 312, cg_frotor =3D 312, cg_irotor =3D 81=
, cg_frsum =3D {0, 0, 0, 0, 0, 1, 0,
    0}, cg_btotoff =3D 168, cg_boff =3D 584, cg_iusedoff =3D 792, cg_freeof=
f =3D 1304,
  cg_nextfreeoff =3D 16308, cg_clustersumoff =3D 14612, cg_clusteroff =3D 1=
4644, cg_nclusterblks =3D 128,
  cg_sparecon =3D {0 <repeats 13 times>}, cg_space =3D "X"}
(kgdb) print inosused[400/8]
$6 =3D 254 '=FE'
(kgdb) print inosused[0]@200
$7 =3D "=FF=FF=FF=FF=FF=FF=FF=FF=FF=FF=FD", '=FF' <repeats 39 times>, "=FE"=
, '=FF' <repeats 22 times>, "?=FE", '=FF' <repeats 16 times>, "=F7\017", '\=
000' <repeats 106 times>
(kgdb) print *((char *)cgp + cgp->cg_iusedoff + 50)
$8 =3D -2 '=FE'
(kgdb) frame 18
#18 0xc01a71d4 in fdrop (fp=3D0xc1d658c0, p=3D0xcc2fba00) at ../../sys/file=
.h:217
217             return ((*fp->f_ops->fo_close)(fp, p));
(kgdb) print *p
Cannot access memory at address 0x0.
(kgdb) print *fp
$9 =3D {f_list =3D {le_next =3D 0xc17c1d00, le_prev =3D 0xc1755740}, f_FILL=
ER3 =3D 0, f_type =3D 1, f_flag =3D 3,
  f_cred =3D 0xc1f0c080, f_ops =3D 0xc03b2028, f_seqcount =3D 1, f_nextoff =
=3D 0, f_offset =3D 0,
  f_data =3D 0xce24d180 "", f_count =3D 0, f_msgcount =3D 0}
(kgdb)

Kris

--hHWLQfXTYDoKhP50
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8eqnaWry0BWjoQKURAqJcAKDVnVrpW/T7XaQ8QJouoJF5GUJ3egCfTvrM
xjCN/BmfZenfyAQ3Opot62w=
=jVxw
-----END PGP SIGNATURE-----

--hHWLQfXTYDoKhP50--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-fs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020225131714.B59373>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation