From owner-freebsd-bugs Mon May 12 08:40:04 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id IAA17254 for bugs-outgoing; Mon, 12 May 1997 08:40:04 -0700 (PDT) Received: (from gnats@localhost) by hub.freebsd.org (8.8.5/8.8.5) id IAA17222; Mon, 12 May 1997 08:40:02 -0700 (PDT) Resent-Date: Mon, 12 May 1997 08:40:02 -0700 (PDT) Resent-Message-Id: <199705121540.IAA17222@hub.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@FreeBSD.ORG, richard@sj.co.uk Received: from ephebe.local (sj-rsrch.demon.co.uk [158.152.69.51]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA16848 for ; Mon, 12 May 1997 08:32:18 -0700 (PDT) Received: (from richard@localhost) by ephebe.local (8.8.5/8.8.5) id QAA01836; Mon, 12 May 1997 16:31:51 +0100 (BST) Message-Id: <199705121531.QAA01836@ephebe.local> Date: Mon, 12 May 1997 16:31:51 +0100 (BST) From: Richard Crook Reply-To: richard@sj.co.uk To: FreeBSD-gnats-submit@FreeBSD.ORG Cc: richard@sj.co.uk X-Send-Pr-Version: 3.2 Subject: kern/3582: panic: bad dir (mangled entry) in 2.2-STABLE Sender: owner-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk >Number: 3582 >Category: kern >Synopsis: panic: bad dir (mangled entry) in 2.2-STABLE >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon May 12 08:40:01 PDT 1997 >Last-Modified: >Originator: Richard Crook >Organization: SJ Consulting Ltd >Release: FreeBSD 2.2-STABLE i386 (3rd May 1997) >Environment: Intel Classic motherboard 486/66, 16Mb memory, no secondary cache Adaptec 2940U (7880 controller) Teles 16.3 ISDN adapter >Description: Kernel panic: "bad dir", probably while running find(1) from /etc/security. Partition stored on disk attached to 2940; NOT mounted async. The partition in question contains a `leafnode' news spool, storing all articles for a group in a single (large) directory. The buffer being examined appears to have had the last 16 bytes cleared to zero (or left unset, or similar). When checked (although after an fsck on unattended restart), the relevant entry contained real data: since the entries in the directory are consecutive five-digit numbers, and the one concerned was in sequence, it seems unlikely that the disk structures were at fault. (Previous two entries in buffer are for files "91291" and "91292"; fsdb (the following morning) shows that the relevant (consecutive) slots contain "91291", "91292", "91293", (new block) "91294"...) I don't believe fsck could have reconstructed the missing entry, although I'm quite prepared to be told otherwise. We also see regular crashes during news fetches, and on occasion during web cache purges (where the cache is on the same partition). This appears very similar to kern/2771 (19/02/97, against 2.2-GAMMA), current status open: also seen on a news spool, via a 2940. Crash dump and kernel image/configuration available if required. bash# gdb -k kernel.syms vmcore.4 GDB is free software and you are welcome to distribute copies of it under certain conditions; type "show copying" to see the conditions. There is absolutely no warranty for GDB; type "show warranty" for details. GDB 4.16 (i386-unknown-freebsd), Copyright 1996 Free Software Foundation, Inc... IdlePTD 21d000 current pcb at 1f9d50 panic: bad dir #0 boot (howto=256) at ../../kern/kern_shutdown.c:243 243 dumppcb.pcb_cr3 = rcr3(); (kgdb) bt #0 boot (howto=256) at ../../kern/kern_shutdown.c:243 #1 0xf0119932 in panic (fmt=0xf01acda1 "bad dir") at ../../kern/kern_shutdown.c:367 #2 0xf01acde3 in ufs_dirbad (ip=0xf0773800, offset=73712, how=0xf01ac140 "mangled entry") at ../../ufs/ufs/ufs_lookup.c:589 #3 0xf01ac641 in ufs_lookup (ap=0xefbffe50) at ../../ufs/ufs/ufs_lookup.c:284 #4 0xf01344d9 in lookup (ndp=0xefbfff0c) at vnode_if.h:31 #5 0xf013401b in namei (ndp=0xefbfff0c) at ../../kern/vfs_lookup.c:156 #6 0xf0137219 in change_dir (ndp=0xefbfff0c, p=0xf07c7c00) at ../../kern/vfs_syscalls.c:648 #7 0xf013716f in chdir (p=0xf07c7c00, uap=0xefbfff94, retval=0xefbfff84) at ../../kern/vfs_syscalls.c:597 #8 0xf01c8b7f in syscall (frame={tf_es = 1310759, tf_ds = -272695257, tf_edi = 53248, tf_esi = 1370880, tf_ebp = -272638668, tf_isp = -272629788, tf_ebx = 134709344, tf_edx = 29, tf_ecx = 32768, tf_eax = 12, tf_trapno = 0, tf_err = 7, tf_eip = 134465585, tf_cs = 31, tf_eflags = 582, tf_esp = -272638688, tf_ss = 39}) at ../../i386/i386/trap.c:890 #9 0x803c831 in ?? () #10 0x1673 in ?? () #11 0x31c2 in ?? () #12 0x1095 in ?? () (kgdb) frame 3 #3 0xf01ac641 in ufs_lookup (ap=0xefbffe50) at ../../ufs/ufs/ufs_lookup.c:284 284 ufs_dirbad(dp, dp->i_offset, "mangled entry"); (kgdb) l 279 ep = (struct direct *)((char *)bp->b_data + entryoffsetinblock); 280 if (ep->d_reclen == 0 || 281 (dirchk && ufs_dirbadentry(vdp, ep, entryoffsetinblock))) { 282 int i; 283 284 ufs_dirbad(dp, dp->i_offset, "mangled entry"); 285 i = DIRBLKSIZ - (entryoffsetinblock & (DIRBLKSIZ - 1)); 286 dp->i_offset += i; 287 entryoffsetinblock += i; 288 continue; (kgdb) print *dp $1 = {i_next = 0x0, i_prev = 0xf072f900, i_vnode = 0xf0695000, i_devvp = 0xf0699180, i_flag = 40, i_dev = 132101, i_number = 99997, inode_u = {fs = 0xf06a7000, lfs = 0xf06a7000, e2fs = 0xf06a7000}, i_dquot = { 0x0, 0x0}, i_modrev = 0x336fd672a13e61a0, i_lockf = 0x0, i_lockholder = 2826, i_lockwaiter = 0, i_count = 0, i_endoff = 0, i_diroff = 73216, i_offset = 73712, i_ino = 230653, i_reclen = 16, i_lockcount = 1, i_spare = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0}, i_din = { di_mode = 16893, di_nlink = 2, di_u = {oldids = {0, 0}, inumber = 0}, di_size = 76288, di_atime = {tv_sec = 862967403, tv_nsec = 0}, di_mtime = { tv_sec = 862802095, tv_nsec = 0}, di_ctime = {tv_sec = 862802095, tv_nsec = 0}, di_db = {427792, 427896, 427928, 428048, 428184, 428256, 428320, 428392, 434056, 434072, 0, 0}, di_ib = {0, 0, 0}, di_flags = 0, di_blocks = 150, di_gen = 858646127, di_uid = 8, di_gid = 8, di_spare = { 0, 0}}} (kgdb) print /x entryoffsetinblock $2 = 0x1ff0 (kgdb) print /x endsearch $3 = 0x12a00 (kgdb) print *bp $4 = {b_hash = {le_next = 0x0, le_prev = 0xf01fc0d0}, b_vnbufs = { le_next = 0xf2685a1c, le_prev = 0xf0695030}, b_freelist = { tqe_next = 0xf2684b80, tqe_prev = 0xf2682ca0}, b_act = {tqe_next = 0x0, tqe_prev = 0xf0678f54}, b_proc = 0x0, b_flags = 1049136, b_qindex = 0, b_usecount = 16 '\020', b_error = 0, b_bufsize = 8192, b_bcount = 8192, b_resid = 0, b_dev = 132101, b_un = {b_addr = 0xf26b3000 "ùh\001"}, b_kvabase = 0xf26b3000 "ùh\001", b_kvasize = 8192, b_saveaddr = 0x0, b_lblkno = 8, b_blkno = 868112, b_iodone = 0, b_iodone_chain = 0x0, b_vp = 0xf0695000, b_dirtyoff = 0, b_dirtyend = 0, b_rcred = 0x0, b_wcred = 0x0, b_validoff = 0, b_validend = 0, b_pblkno = 2965264, b_savekva = 0x0, b_driver1 = 0x0, b_driver2 = 0x0, b_spc = 0x0, b_cluster = { cluster_head = {tqh_first = 0xf2681d18, tqh_last = 0xf267dfc8}, cluster_entry = {tqe_next = 0xf2681d18, tqe_prev = 0xf267dfc8}}, b_pages = {0xf0240aa8, 0xf0253b8c, 0x0 }, b_npages = 992949} (kgdb) print /x ep $5 = 0xf26b4ff0 (kgdb) x/32xb 0xf26b4fe0 0xf26b4fe0 : 0xfd 0x84 0x03 0x00 0x10 0x00 0x08 0x05 0xf26b4fe8 : 0x39 0x31 0x32 0x39 0x32 0x00 0xc2 0xf0 0xf26b4ff0 : 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0xf26b4ff8 : 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 >How-To-Repeat: Heavy access to large directory structures? >Fix: Unknown. >Audit-Trail: >Unformatted: