Date: Thu, 5 Dec 2002 16:49:21 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Kirk McKusick <mckusick@beastie.mckusick.com> Cc: Kris Kennaway <kris@obsecurity.org>, Robert Watson <rwatson@tislabs.com>, fs@FreeBSD.ORG Subject: Re: panic: ffs_vfree: range: dev = ad4s1c, ino = -1690809896, fs = /mnt2 Message-ID: <20021206004921.GB69174@rot13.obsecurity.org> In-Reply-To: <200212060043.gB60hW59091888@beastie.mckusick.com> References: <20021205214219.GA1190@rot13.obsecurity.org> <200212060043.gB60hW59091888@beastie.mckusick.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 05, 2002 at 04:43:32PM -0800, Kirk McKusick wrote:
> Do you still have this crash dump available? The back trace looks
> "impossible". The call to ffs_vfree at line #16 below shows pvp=0
> and ino=0. Inspection of the code shows this to be impossible
> as three lines above the call to ffs_vfree is a check for ino == 0
> which takes a different path. The call to softdep_freefile at #15
> uses the passed in value of ino, yet shows ino=2604157400. So I
> have no idea what is really going on here. I am guessing that gdb
> must be lying about the values. Alternatively you kernel stack is
> somehow getting trashed. At any rate, if you still have the dump
> available, it would be useful to send me the output from the
> following gdb commands:
>
> frame 17
> print error
> print ino
> print ipref
> print cg
> print pvp
> print *pvp
> print pip
> print *pip
> print fs
> print *fs
(kgdb) frame 17
#17 0xc02aa604 in ffs_valloc (pvp=0xc7b0ea8c, mode=16832, cred=0xc710fe80, vpp=0xdc06aa54)
at ../../../ufs/ffs/ffs_alloc.c:864
864 UFS_VFREE(pvp, ino, mode);
(kgdb) print error
$1 = 5
(kgdb) print ino
$2 = 2604157400
(kgdb) print ipref
$3 = 0
(kgdb) print cg
$4 = 16832
(kgdb) print pvp
$5 = (struct vnode *) 0xc7b0ea8c
(kgdb) print *pvp
$6 = {v_interlock = {mtx_object = {lo_class = 0xc038f2a0,
lo_name = 0xc0367c5d "vnode interlock", lo_type = 0xc0367c5d "vnode interlock",
lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0},
mtx_lock = 4, mtx_recurse = 0, mtx_blocked = {tqh_first = 0x0, tqh_last = 0xc7b0eab0},
mtx_contested = {le_next = 0x0, le_prev = 0x0}, mtx_acqtime = 0, mtx_filename = 0x0,
mtx_lineno = 0}, v_iflag = 512, v_usecount = 1, v_numoutput = 0, v_vxproc = 0x0,
v_holdcnt = 2, v_cleanblkhd = {tqh_first = 0x0, tqh_last = 0xc7b0eae4}, v_cleanblkroot = 0x0,
v_dirtyblkhd = {tqh_first = 0xce594ec0, tqh_last = 0xce594f4c}, v_dirtyblkroot = 0xce594ec0,
v_vflag = 0, v_writecount = 0, v_object = 0x0, v_lastw = 0, v_cstart = 0, v_lasta = 0,
v_clen = 0, v_un = {vu_mountedhere = 0x0, vu_socket = 0x0, vu_spec = {vu_cdev = 0x0,
vu_specnext = {sle_next = 0x0}}, vu_fifoinfo = 0x0}, v_freelist = {tqe_next = 0xc7d53384,
tqe_prev = 0xc03c5174}, v_nmntvnodes = {tqe_next = 0xc7d53384, tqe_prev = 0xc67bcd8c},
v_synclist = {le_next = 0xc67bcce4, le_prev = 0xc7d53434}, v_type = VDIR,
v_tag = 0xc0369ec6 "ufs", v_data = 0xc6475300, v_lock = {lk_interlock = 0xc03c1ab4,
lk_flags = 16778304, lk_sharecount = 0, lk_waitcount = 0, lk_exclusivecount = 1,
lk_prio = 80, lk_wmesg = 0xc0369ec6 "ufs", lk_timo = 6, lk_lockholder = 12154,
lk_newlock = 0x0}, v_vnlock = 0xc7b0eb50, v_op = 0xc403c100, v_mount = 0xc4514800,
v_cache_src = {lh_first = 0xc61aff40}, v_cache_dst = {tqh_first = 0xc72cf100,
tqh_last = 0xc72cf110}, v_id = 27432477, v_dd = 0xc552ace4, v_ddid = 27432291,
v_pollinfo = 0x0, v_label = {l_flags = 0, l_perpolicy = {{l_ptr = 0x0, l_long = 0}, {
l_ptr = 0x0, l_long = 0}, {l_ptr = 0x0, l_long = 0}, {l_ptr = 0x0, l_long = 0}}},
v_cachedfs = 1034, v_cachedid = 4294967295}
(kgdb) print pip
$7 = (struct inode *) 0x5
(kgdb) print *pip
---Can't read userspace from dump, or kernel process---
(kgdb) print fs
$8 = (struct fs *) 0xc4304800
(kgdb) print *fs
$9 = {fs_firstfield = 0, fs_unused_1 = 0, fs_sblkno = 8, fs_cblkno = 16, fs_iblkno = 24,
fs_dblkno = 792, fs_old_cgoffset = 1024, fs_old_cgmask = -1, fs_old_time = 1038811783,
fs_old_size = 28523391, fs_old_dsize = 28297588, fs_ncg = 288, fs_bsize = 16384,
fs_fsize = 2048, fs_frag = 8, fs_minfree = 8, fs_old_rotdelay = 0, fs_old_rps = 60,
fs_bmask = -16384, fs_fmask = -2048, fs_bshift = 14, fs_fshift = 11, fs_maxcontig = 7,
fs_maxbpg = 4096, fs_fragshift = 3, fs_fsbtodb = 2, fs_sbsize = 2048, fs_spare1 = {-1024,
10}, fs_nindir = 4096, fs_inopb = 128, fs_old_nspf = 4, fs_optim = 0, fs_old_npsect = 4096,
fs_old_interleave = 1, fs_old_trackskew = 0, fs_id = {852110010, 602686169},
fs_old_csaddr = 792, fs_cssize = 6144, fs_cgsize = 16384, fs_spare2 = 1, fs_old_nsect = 4096,
fs_old_spc = 4096, fs_old_ncyl = 27855, fs_old_cpg = 97, fs_ipg = 12288, fs_fpg = 99328,
fs_old_cstotal = {cs_ndir = 175477, cs_nbfree = 2335208, cs_nifree = 2455182,
cs_nffree = 134981}, fs_fmod = 1 '\001', fs_clean = 0 '\0', fs_ronly = 0 '\0',
fs_old_flags = -126 '\202', fs_fsmnt = "/mnt2", '\0' <repeats 506 times>, fs_cgrotor = 33,
fs_ocsp = {0x0 <repeats 28 times>}, fs_contigdirs = 0xc418dc80 "", fs_csp = 0xc418c000,
fs_maxcluster = 0xc418d800, fs_active = 0x0, fs_old_cpc = 0, fs_maxbsize = 16384,
fs_sparecon64 = {0 <repeats 17 times>}, fs_sblockloc = 8192, fs_cstotal = {cs_ndir = 200327,
cs_nbfree = 2081558, cs_nifree = 2374747, cs_nffree = 165297, cs_numclusters = 0,
cs_spare = {0, 0, 0}}, fs_time = 1039118152, fs_size = 28523391, fs_dsize = 28297588,
fs_csaddr = 792, fs_pendingblocks = 14244, fs_pendinginodes = 61, fs_snapinum = {
0 <repeats 20 times>}, fs_avgfilesize = 16384, fs_avgfpdir = 64, fs_save_cgsize = 0,
fs_sparecon32 = {0 <repeats 26 times>}, fs_flags = 2, fs_contigsumsize = 7,
fs_maxsymlinklen = 60, fs_old_inodefmt = 2, fs_maxfilesize = 17592186044415,
fs_qbmask = 16383, fs_qfmask = 2047, fs_state = 0, fs_old_postblformat = 1, fs_old_nrpos = 1,
fs_spare5 = {0, 0}, fs_magic = 72020}
(kgdb)
Kris
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-fs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021206004921.GB69174>