From owner-freebsd-fs  Thu Dec  5 16:49:32 2002
Delivered-To: freebsd-fs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8A98537B401
	for <fs@FreeBSD.ORG>; Thu,  5 Dec 2002 16:49:29 -0800 (PST)
Received: from obsecurity.dyndns.org (adsl-64-169-106-8.dsl.lsan03.pacbell.net [64.169.106.8])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6475043E9C
	for <fs@FreeBSD.ORG>; Thu,  5 Dec 2002 16:49:28 -0800 (PST)
	(envelope-from kris@obsecurity.org)
Received: from rot13.obsecurity.org (rot13.obsecurity.org [10.0.0.5])
	by obsecurity.dyndns.org (Postfix) with ESMTP
	id 09E3866BE3; Thu,  5 Dec 2002 16:49:28 -0800 (PST)
Received: by rot13.obsecurity.org (Postfix, from userid 1000)
	id 85BEC1308; Thu,  5 Dec 2002 16:49:21 -0800 (PST)
Date: Thu, 5 Dec 2002 16:49:21 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: Kirk McKusick <mckusick@beastie.mckusick.com>
Cc: Kris Kennaway <kris@obsecurity.org>,
	Robert Watson <rwatson@tislabs.com>, fs@FreeBSD.ORG
Subject: Re: panic: ffs_vfree: range: dev = ad4s1c, ino = -1690809896, fs = /mnt2
Message-ID: <20021206004921.GB69174@rot13.obsecurity.org>
References: <20021205214219.GA1190@rot13.obsecurity.org> <200212060043.gB60hW59091888@beastie.mckusick.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200212060043.gB60hW59091888@beastie.mckusick.com>
User-Agent: Mutt/1.4i
Sender: owner-freebsd-fs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-fs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-fs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-fs>
X-Loop: FreeBSD.org

On Thu, Dec 05, 2002 at 04:43:32PM -0800, Kirk McKusick wrote:
> Do you still have this crash dump available? The back trace looks
> "impossible". The call to ffs_vfree at line #16 below shows pvp=0
> and ino=0. Inspection of the code shows this to be impossible
> as three lines above the call to ffs_vfree is a check for ino == 0
> which takes a different path. The call to softdep_freefile at #15
> uses the passed in value of ino, yet shows ino=2604157400. So I
> have no idea what is really going on here. I am guessing that gdb
> must be lying about the values. Alternatively you kernel stack is
> somehow getting trashed. At any rate, if you still have the dump
> available, it would be useful to send me the output from the
> following gdb commands:
> 
> frame 17
> print error
> print ino
> print ipref
> print cg
> print pvp
> print *pvp
> print pip
> print *pip
> print fs
> print *fs

(kgdb) frame 17                                                                                  
#17 0xc02aa604 in ffs_valloc (pvp=0xc7b0ea8c, mode=16832, cred=0xc710fe80, vpp=0xdc06aa54)
    at ../../../ufs/ffs/ffs_alloc.c:864
864                     UFS_VFREE(pvp, ino, mode);
(kgdb) print error                                                                               
$1 = 5
(kgdb) print ino                                                                                 
$2 = 2604157400
(kgdb) print ipref                                                                               
$3 = 0
(kgdb) print cg                                                                                  
$4 = 16832
(kgdb) print pvp                                                                                 
$5 = (struct vnode *) 0xc7b0ea8c
(kgdb) print *pvp                                                                                
$6 = {v_interlock = {mtx_object = {lo_class = 0xc038f2a0,
      lo_name = 0xc0367c5d "vnode interlock", lo_type = 0xc0367c5d "vnode interlock",
      lo_flags = 196608, lo_list = {tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0},
    mtx_lock = 4, mtx_recurse = 0, mtx_blocked = {tqh_first = 0x0, tqh_last = 0xc7b0eab0},
    mtx_contested = {le_next = 0x0, le_prev = 0x0}, mtx_acqtime = 0, mtx_filename = 0x0,
    mtx_lineno = 0}, v_iflag = 512, v_usecount = 1, v_numoutput = 0, v_vxproc = 0x0,
  v_holdcnt = 2, v_cleanblkhd = {tqh_first = 0x0, tqh_last = 0xc7b0eae4}, v_cleanblkroot = 0x0,
  v_dirtyblkhd = {tqh_first = 0xce594ec0, tqh_last = 0xce594f4c}, v_dirtyblkroot = 0xce594ec0,
  v_vflag = 0, v_writecount = 0, v_object = 0x0, v_lastw = 0, v_cstart = 0, v_lasta = 0,
  v_clen = 0, v_un = {vu_mountedhere = 0x0, vu_socket = 0x0, vu_spec = {vu_cdev = 0x0,
      vu_specnext = {sle_next = 0x0}}, vu_fifoinfo = 0x0}, v_freelist = {tqe_next = 0xc7d53384,
    tqe_prev = 0xc03c5174}, v_nmntvnodes = {tqe_next = 0xc7d53384, tqe_prev = 0xc67bcd8c},
  v_synclist = {le_next = 0xc67bcce4, le_prev = 0xc7d53434}, v_type = VDIR,
  v_tag = 0xc0369ec6 "ufs", v_data = 0xc6475300, v_lock = {lk_interlock = 0xc03c1ab4,
    lk_flags = 16778304, lk_sharecount = 0, lk_waitcount = 0, lk_exclusivecount = 1,
    lk_prio = 80, lk_wmesg = 0xc0369ec6 "ufs", lk_timo = 6, lk_lockholder = 12154,
    lk_newlock = 0x0}, v_vnlock = 0xc7b0eb50, v_op = 0xc403c100, v_mount = 0xc4514800,
  v_cache_src = {lh_first = 0xc61aff40}, v_cache_dst = {tqh_first = 0xc72cf100,
    tqh_last = 0xc72cf110}, v_id = 27432477, v_dd = 0xc552ace4, v_ddid = 27432291,
  v_pollinfo = 0x0, v_label = {l_flags = 0, l_perpolicy = {{l_ptr = 0x0, l_long = 0}, {
        l_ptr = 0x0, l_long = 0}, {l_ptr = 0x0, l_long = 0}, {l_ptr = 0x0, l_long = 0}}},
  v_cachedfs = 1034, v_cachedid = 4294967295}
(kgdb) print pip                                                                                 
$7 = (struct inode *) 0x5
(kgdb) print *pip                                                                                
---Can't read userspace from dump, or kernel process---

(kgdb) print fs                                                                                  
$8 = (struct fs *) 0xc4304800
(kgdb) print *fs
$9 = {fs_firstfield = 0, fs_unused_1 = 0, fs_sblkno = 8, fs_cblkno = 16, fs_iblkno = 24,
  fs_dblkno = 792, fs_old_cgoffset = 1024, fs_old_cgmask = -1, fs_old_time = 1038811783,
  fs_old_size = 28523391, fs_old_dsize = 28297588, fs_ncg = 288, fs_bsize = 16384,
  fs_fsize = 2048, fs_frag = 8, fs_minfree = 8, fs_old_rotdelay = 0, fs_old_rps = 60,
  fs_bmask = -16384, fs_fmask = -2048, fs_bshift = 14, fs_fshift = 11, fs_maxcontig = 7,
  fs_maxbpg = 4096, fs_fragshift = 3, fs_fsbtodb = 2, fs_sbsize = 2048, fs_spare1 = {-1024,
    10}, fs_nindir = 4096, fs_inopb = 128, fs_old_nspf = 4, fs_optim = 0, fs_old_npsect = 4096,
  fs_old_interleave = 1, fs_old_trackskew = 0, fs_id = {852110010, 602686169},
  fs_old_csaddr = 792, fs_cssize = 6144, fs_cgsize = 16384, fs_spare2 = 1, fs_old_nsect = 4096,
  fs_old_spc = 4096, fs_old_ncyl = 27855, fs_old_cpg = 97, fs_ipg = 12288, fs_fpg = 99328,
  fs_old_cstotal = {cs_ndir = 175477, cs_nbfree = 2335208, cs_nifree = 2455182,
    cs_nffree = 134981}, fs_fmod = 1 '\001', fs_clean = 0 '\0', fs_ronly = 0 '\0',
  fs_old_flags = -126 '\202', fs_fsmnt = "/mnt2", '\0' <repeats 506 times>, fs_cgrotor = 33,
  fs_ocsp = {0x0 <repeats 28 times>}, fs_contigdirs = 0xc418dc80 "", fs_csp = 0xc418c000,
  fs_maxcluster = 0xc418d800, fs_active = 0x0, fs_old_cpc = 0, fs_maxbsize = 16384,
  fs_sparecon64 = {0 <repeats 17 times>}, fs_sblockloc = 8192, fs_cstotal = {cs_ndir = 200327,
    cs_nbfree = 2081558, cs_nifree = 2374747, cs_nffree = 165297, cs_numclusters = 0,
    cs_spare = {0, 0, 0}}, fs_time = 1039118152, fs_size = 28523391, fs_dsize = 28297588,
  fs_csaddr = 792, fs_pendingblocks = 14244, fs_pendinginodes = 61, fs_snapinum = {
    0 <repeats 20 times>}, fs_avgfilesize = 16384, fs_avgfpdir = 64, fs_save_cgsize = 0,
  fs_sparecon32 = {0 <repeats 26 times>}, fs_flags = 2, fs_contigsumsize = 7,
  fs_maxsymlinklen = 60, fs_old_inodefmt = 2, fs_maxfilesize = 17592186044415,
  fs_qbmask = 16383, fs_qfmask = 2047, fs_state = 0, fs_old_postblformat = 1, fs_old_nrpos = 1,
  fs_spare5 = {0, 0}, fs_magic = 72020}
(kgdb)

Kris

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-fs" in the body of the message