Date: Mon, 12 May 1997 16:31:51 +0100 (BST) From: Richard Crook <richard@sj.co.uk> To: FreeBSD-gnats-submit@FreeBSD.ORG Cc: richard@sj.co.uk Subject: kern/3582: panic: bad dir (mangled entry) in 2.2-STABLE Message-ID: <199705121531.QAA01836@ephebe.local> Resent-Message-ID: <199705121540.IAA17222@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 3582
>Category: kern
>Synopsis: panic: bad dir (mangled entry) in 2.2-STABLE
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon May 12 08:40:01 PDT 1997
>Last-Modified:
>Originator: Richard Crook
>Organization:
SJ Consulting Ltd
>Release: FreeBSD 2.2-STABLE i386 (3rd May 1997)
>Environment:
Intel Classic motherboard
486/66, 16Mb memory, no secondary cache
Adaptec 2940U (7880 controller)
Teles 16.3 ISDN adapter
>Description:
Kernel panic: "bad dir", probably while running find(1) from /etc/security.
Partition stored on disk attached to 2940; NOT mounted async.
The partition in question contains a `leafnode' news spool, storing all
articles for a group in a single (large) directory. The buffer being examined
appears to have had the last 16 bytes cleared to zero (or left unset, or
similar). When checked (although after an fsck on unattended restart), the
relevant entry contained real data: since the entries in the directory are
consecutive five-digit numbers, and the one concerned was in sequence, it
seems unlikely that the disk structures were at fault. (Previous two entries
in buffer are for files "91291" and "91292"; fsdb (the following morning)
shows that the relevant (consecutive) slots contain "91291", "91292",
"91293", (new block) "91294"...) I don't believe fsck could have reconstructed
the missing entry, although I'm quite prepared to be told otherwise.
We also see regular crashes during news fetches, and on occasion during
web cache purges (where the cache is on the same partition).
This appears very similar to kern/2771 (19/02/97, against 2.2-GAMMA),
current status open: also seen on a news spool, via a 2940.
Crash dump and kernel image/configuration available if required.
bash# gdb -k kernel.syms vmcore.4
GDB is free software and you are welcome to distribute copies of it
under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.16 (i386-unknown-freebsd),
Copyright 1996 Free Software Foundation, Inc...
IdlePTD 21d000
current pcb at 1f9d50
panic: bad dir
#0 boot (howto=256) at ../../kern/kern_shutdown.c:243
243 dumppcb.pcb_cr3 = rcr3();
(kgdb) bt
#0 boot (howto=256) at ../../kern/kern_shutdown.c:243
#1 0xf0119932 in panic (fmt=0xf01acda1 "bad dir")
at ../../kern/kern_shutdown.c:367
#2 0xf01acde3 in ufs_dirbad (ip=0xf0773800, offset=73712,
how=0xf01ac140 "mangled entry") at ../../ufs/ufs/ufs_lookup.c:589
#3 0xf01ac641 in ufs_lookup (ap=0xefbffe50) at ../../ufs/ufs/ufs_lookup.c:284
#4 0xf01344d9 in lookup (ndp=0xefbfff0c) at vnode_if.h:31
#5 0xf013401b in namei (ndp=0xefbfff0c) at ../../kern/vfs_lookup.c:156
#6 0xf0137219 in change_dir (ndp=0xefbfff0c, p=0xf07c7c00)
at ../../kern/vfs_syscalls.c:648
#7 0xf013716f in chdir (p=0xf07c7c00, uap=0xefbfff94, retval=0xefbfff84)
at ../../kern/vfs_syscalls.c:597
#8 0xf01c8b7f in syscall (frame={tf_es = 1310759, tf_ds = -272695257,
tf_edi = 53248, tf_esi = 1370880, tf_ebp = -272638668,
tf_isp = -272629788, tf_ebx = 134709344, tf_edx = 29, tf_ecx = 32768,
tf_eax = 12, tf_trapno = 0, tf_err = 7, tf_eip = 134465585, tf_cs = 31,
tf_eflags = 582, tf_esp = -272638688, tf_ss = 39})
at ../../i386/i386/trap.c:890
#9 0x803c831 in ?? ()
#10 0x1673 in ?? ()
#11 0x31c2 in ?? ()
#12 0x1095 in ?? ()
(kgdb) frame 3
#3 0xf01ac641 in ufs_lookup (ap=0xefbffe50) at ../../ufs/ufs/ufs_lookup.c:284
284 ufs_dirbad(dp, dp->i_offset, "mangled entry");
(kgdb) l
279 ep = (struct direct *)((char *)bp->b_data + entryoffsetinblock);
280 if (ep->d_reclen == 0 ||
281 (dirchk && ufs_dirbadentry(vdp, ep, entryoffsetinblock))) {
282 int i;
283
284 ufs_dirbad(dp, dp->i_offset, "mangled entry");
285 i = DIRBLKSIZ - (entryoffsetinblock & (DIRBLKSIZ - 1));
286 dp->i_offset += i;
287 entryoffsetinblock += i;
288 continue;
(kgdb) print *dp
$1 = {i_next = 0x0, i_prev = 0xf072f900, i_vnode = 0xf0695000,
i_devvp = 0xf0699180, i_flag = 40, i_dev = 132101, i_number = 99997,
inode_u = {fs = 0xf06a7000, lfs = 0xf06a7000, e2fs = 0xf06a7000}, i_dquot = {
0x0, 0x0}, i_modrev = 0x336fd672a13e61a0, i_lockf = 0x0,
i_lockholder = 2826, i_lockwaiter = 0, i_count = 0, i_endoff = 0,
i_diroff = 73216, i_offset = 73712, i_ino = 230653, i_reclen = 16,
i_lockcount = 1, i_spare = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, i_din = {
di_mode = 16893, di_nlink = 2, di_u = {oldids = {0, 0}, inumber = 0},
di_size = 76288, di_atime = {tv_sec = 862967403, tv_nsec = 0}, di_mtime = {
tv_sec = 862802095, tv_nsec = 0}, di_ctime = {tv_sec = 862802095,
tv_nsec = 0}, di_db = {427792, 427896, 427928, 428048, 428184, 428256,
428320, 428392, 434056, 434072, 0, 0}, di_ib = {0, 0, 0}, di_flags = 0,
di_blocks = 150, di_gen = 858646127, di_uid = 8, di_gid = 8, di_spare = {
0, 0}}}
(kgdb) print /x entryoffsetinblock
$2 = 0x1ff0
(kgdb) print /x endsearch
$3 = 0x12a00
(kgdb) print *bp
$4 = {b_hash = {le_next = 0x0, le_prev = 0xf01fc0d0}, b_vnbufs = {
le_next = 0xf2685a1c, le_prev = 0xf0695030}, b_freelist = {
tqe_next = 0xf2684b80, tqe_prev = 0xf2682ca0}, b_act = {tqe_next = 0x0,
tqe_prev = 0xf0678f54}, b_proc = 0x0, b_flags = 1049136, b_qindex = 0,
b_usecount = 16 '\020', b_error = 0, b_bufsize = 8192, b_bcount = 8192,
b_resid = 0, b_dev = 132101, b_un = {b_addr = 0xf26b3000 "ùh\001"},
b_kvabase = 0xf26b3000 "ùh\001", b_kvasize = 8192, b_saveaddr = 0x0,
b_lblkno = 8, b_blkno = 868112, b_iodone = 0, b_iodone_chain = 0x0,
b_vp = 0xf0695000, b_dirtyoff = 0, b_dirtyend = 0, b_rcred = 0x0,
b_wcred = 0x0, b_validoff = 0, b_validend = 0, b_pblkno = 2965264,
b_savekva = 0x0, b_driver1 = 0x0, b_driver2 = 0x0, b_spc = 0x0, b_cluster = {
cluster_head = {tqh_first = 0xf2681d18, tqh_last = 0xf267dfc8},
cluster_entry = {tqe_next = 0xf2681d18, tqe_prev = 0xf267dfc8}},
b_pages = {0xf0240aa8, 0xf0253b8c, 0x0 <repeats 14 times>},
b_npages = 992949}
(kgdb) print /x ep
$5 = 0xf26b4ff0
(kgdb) x/32xb 0xf26b4fe0
0xf26b4fe0 <end+38411684>: 0xfd 0x84 0x03 0x00 0x10 0x00 0x08 0x05
0xf26b4fe8 <end+38411692>: 0x39 0x31 0x32 0x39 0x32 0x00 0xc2 0xf0
0xf26b4ff0 <end+38411700>: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
0xf26b4ff8 <end+38411708>: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
>How-To-Repeat:
Heavy access to large directory structures?
>Fix:
Unknown.
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199705121531.QAA01836>