Date: Mon, 25 Feb 2002 13:17:14 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Ian Dowse <iedowse@maths.tcd.ie> Cc: Kris Kennaway <kris@obsecurity.org>, mckusick@mckusick.com, fs@FreeBSD.org, dillon@FreeBSD.org, fanf@chiark.greenend.org.uk Subject: Re: UFS panic on -stable Message-ID: <20020225131714.B59373@xor.obsecurity.org> In-Reply-To: <200202251840.aa88376@salmon.maths.tcd.ie>; from iedowse@maths.tcd.ie on Mon, Feb 25, 2002 at 06:40:07PM %2B0000 References: <20020225014028.A53147@xor.obsecurity.org> <200202251840.aa88376@salmon.maths.tcd.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On Mon, Feb 25, 2002 at 06:40:07PM +0000, Ian Dowse wrote:
> In message <20020225014028.A53147@xor.obsecurity.org>, Kris Kennaway writes:
>
> >Is there anything else I can provide?
>
> I don't have any real idea where to start, but the following information
> from frame 11 (ffs_freefile) would be useful. The alternatives are in
> case gdb is confused by register variables.
>
> *pvp [or *(struct vnode *)0xce24d180]
> *pip [or *(struct inode *)pvp->v_data]
> *fs [or *pip->i_fs]
> *bp
> *cgp [or *(struct cg *)bp->b_data]
> inosused[400/8] [or *((char *)cgp + cgp->cg_iusedoff + 50)]
> inosused[0]@200
>
> >From frame 18 (fdrop), "*p" and "*fp" might help to give some context
> too.
Here you go, hope I got everything:
(kgdb) frame 11
#11 0xc02ad7ce in ffs_freefile (pvp=0xce24d180, ino=400, mode=438) at ../../ufs/ffs/ffs_alloc.c:1611
1611 panic("ffs_vfree: freeing free inode");
(kgdb) print *pip
$1 = {i_lock = {lk_interlock = {lock_data = 0}, lk_flags = 1088, lk_sharecount = 0, lk_waitcount = 0,
lk_exclusivecount = 1, lk_prio = 8, lk_wmesg = 0xc0386582 "inode", lk_timo = 6,
lk_lockholder = 2216}, i_hash = {le_next = 0x0, le_prev = 0xc163f64c}, i_vnode = 0xce24d180,
i_devvp = 0xcde3c780, i_flag = 134, i_dev = 0xc171d100, i_number = 400, i_effnlink = 0, inode_u = {
fs = 0xc16f6000, e2fs = 0xc16f6000}, i_dquot = {0x0, 0x0}, i_modrev = 181199503653679,
i_lockf = 0x0, i_count = 0, i_endoff = 0, i_diroff = 0, i_offset = 0, i_ino = 0, i_reclen = 0,
i_spare = {0, 0, 0}, i_dirhash = 0x0, i_din = {di_mode = 0, di_nlink = 0, di_u = {oldids = {0, 0},
inumber = 0}, di_size = 0, di_atime = 0, di_atimensec = 0, di_mtime = 1014629101,
di_mtimensec = 0, di_ctime = 1014629101, di_ctimensec = 0, di_db = {0 <repeats 12 times>},
di_ib = {0, 0, 0}, di_flags = 0, di_blocks = 0, di_gen = 812712882, di_uid = 0, di_gid = 0,
di_spare = {0, 0}}}
(kgdb) print *(struct inode *)pvp->v_data
Cannot access memory at address 0x78.
(kgdb) print *pvp
Cannot access memory at address 0x0.
(kgdb) print *(struct vnode *)0xce24d180
$2 = {v_flag = 0, v_usecount = 0, v_writecount = 0, v_holdcnt = 0, v_id = 6943683,
v_mount = 0xc1692000, v_op = 0xc1604e00, v_freelist = {tqe_next = 0xce6a6fc0,
tqe_prev = 0xc03e8efc}, v_nmntvnodes = {tqe_next = 0x0, tqe_prev = 0xcdfeae64}, v_cleanblkhd = {
tqh_first = 0x0, tqh_last = 0xce24d1ac}, v_dirtyblkhd = {tqh_first = 0x0, tqh_last = 0xce24d1b4},
v_synclist = {le_next = 0x0, le_prev = 0xce5728fc}, v_numoutput = 0, v_type = VNON, v_un = {
vu_mountedhere = 0x0, vu_socket = 0x0, vu_spec = {vu_specinfo = 0x0, vu_specnext = {
sle_next = 0x0}}, vu_fifoinfo = 0x0}, v_lease = 0x0, v_lastw = 0, v_cstart = 0, v_lasta = 0,
v_clen = 0, v_object = 0x0, v_interlock = {lock_data = 0}, v_vnlock = 0xc188f900, v_tag = VT_UFS,
v_data = 0xc188f900, v_cache_src = {lh_first = 0x0}, v_cache_dst = {tqh_first = 0xc1d17680,
tqh_last = 0xc1d17690}, v_dd = 0xce24d180, v_ddid = 0, v_pollinfo = {vpi_lock = {lock_data = 0},
vpi_selinfo = {si_pid = 0, si_note = {slh_first = 0x0}, si_flags = 0}, vpi_events = 0,
vpi_revents = 0}, v_vxproc = 0x0}
(kgdb) print *fs
$3 = {fs_firstfield = 0, fs_unused_1 = 0, fs_sblkno = 8, fs_cblkno = 16, fs_iblkno = 24,
fs_dblkno = 280, fs_cgoffset = 1024, fs_cgmask = -1, fs_time = 1014587292, fs_size = 1024,
fs_dsize = 743, fs_ncg = 1, fs_bsize = 16384, fs_fsize = 2048, fs_frag = 8, fs_minfree = 8,
fs_rotdelay = 0, fs_rps = 60, fs_bmask = -16384, fs_fmask = -2048, fs_bshift = 14, fs_fshift = 11,
fs_maxcontig = 7, fs_maxbpg = 4096, fs_fragshift = 3, fs_fsbtodb = 2, fs_sbsize = 2048,
fs_csmask = -1024, fs_csshift = 10, fs_nindir = 4096, fs_inopb = 128, fs_nspf = 4, fs_optim = 0,
fs_npsect = 4096, fs_interleave = 1, fs_trackskew = 0, fs_id = {1014586946, 723435801},
fs_csaddr = 280, fs_cssize = 2048, fs_cgsize = 16384, fs_ntrak = 1, fs_nsect = 4096, fs_spc = 4096,
fs_ncyl = 1, fs_cpg = 104, fs_ipg = 4096, fs_fpg = 106496, fs_cstotal = {cs_ndir = 2,
cs_nbfree = 88, cs_nifree = 3362, cs_nffree = 5}, fs_fmod = 1 '\001', fs_clean = 0 '\000',
fs_ronly = 0 '\000', fs_flags = 0 '\000', fs_fsmnt = "/dev", '\000' <repeats 507 times>,
fs_cgrotor = 0, fs_ocsp = {0x0 <repeats 29 times>}, fs_contigdirs = 0xc16f7804 "",
fs_csp = 0xc16f7000, fs_maxcluster = 0xc16f7800, fs_cpc = 0, fs_opostbl = {{0, 0, 0, 0, 0, 0, 0,
0} <repeats 16 times>}, fs_snapinum = {0 <repeats 20 times>}, fs_avgfilesize = 16384,
fs_avgfpdir = 64, fs_sparecon = {0 <repeats 26 times>}, fs_pendingblocks = 0, fs_pendinginodes = 0,
fs_contigsumsize = 7, fs_maxsymlinklen = 60, fs_inodefmt = 2, fs_maxfilesize = 17592186044415,
fs_qbmask = 16383, fs_qfmask = 2047, fs_state = 0, fs_postblformat = 1, fs_nrpos = 1,
fs_postbloff = 0, fs_rotbloff = 0, fs_magic = 72020, fs_space = ""}
(kgdb) print *bp
$4 = {b_hash = {le_next = 0xc6891dc0, le_prev = 0xc68d3fac}, b_vnbufs = {tqe_next = 0xc68c6f34,
tqe_prev = 0xcde3c7b4}, b_freelist = {tqe_next = 0xc68350d4, tqe_prev = 0xc6898ea4}, b_act = {
tqe_next = 0x0, tqe_prev = 0xc171e190}, b_flags = 160, b_qindex = 0, b_xflags = 5 '\005',
b_lock = {lk_interlock = {lock_data = 0}, lk_flags = 1024, lk_sharecount = 0, lk_waitcount = 0,
lk_exclusivecount = 1, lk_prio = 20, lk_wmesg = 0xc036db70 "bufwait", lk_timo = 0,
lk_lockholder = 2216}, b_error = 0, b_bufsize = 16384, b_runningbufspace = 0, b_bcount = 16384,
b_resid = 0, b_dev = 0xc171d100, b_data = 0xc8169000 "", b_kvabase = 0xc8169000 "",
b_kvasize = 16384, b_lblkno = 64, b_blkno = 64, b_offset = 32768, b_iodone = 0,
b_iodone_chain = 0x0, b_vp = 0xcde3c780, b_dirtyoff = 0, b_dirtyend = 0, b_rcred = 0x0,
b_wcred = 0x0, b_pblkno = 47230112, b_saveaddr = 0x0, b_driver1 = 0x0, b_driver2 = 0x0,
b_caller1 = 0x0, b_caller2 = 0x0, b_pager = {pg_spc = 0x0, pg_reqpage = 0}, b_cluster = {
cluster_head = {tqh_first = 0xc689ce20, tqh_last = 0xc6818ba0}, cluster_entry = {
tqe_next = 0xc689ce20, tqe_prev = 0xc6818ba0}}, b_pages = {0xc0c2b61c, 0xc0bef658, 0xc09ce414,
0xc098d1d0, 0x0 <repeats 28 times>}, b_npages = 4, b_dep = {lh_first = 0x0}, b_chain = {
parent = 0x0, count = 0}}
(kgdb) print *cgp
$5 = {cg_firstfield = 0, cg_magic = 590421, cg_time = 1014629101, cg_cgx = 0, cg_ncyl = 1,
cg_niblk = 4096, cg_ndblk = 1024, cg_cs = {cs_ndir = 2, cs_nbfree = 88, cs_nifree = 3362,
cs_nffree = 5}, cg_rotor = 312, cg_frotor = 312, cg_irotor = 81, cg_frsum = {0, 0, 0, 0, 0, 1, 0,
0}, cg_btotoff = 168, cg_boff = 584, cg_iusedoff = 792, cg_freeoff = 1304,
cg_nextfreeoff = 16308, cg_clustersumoff = 14612, cg_clusteroff = 14644, cg_nclusterblks = 128,
cg_sparecon = {0 <repeats 13 times>}, cg_space = "X"}
(kgdb) print inosused[400/8]
$6 = 254 'þ'
(kgdb) print inosused[0]@200
$7 = "ÿÿÿÿÿÿÿÿÿÿý", 'ÿ' <repeats 39 times>, "þ", 'ÿ' <repeats 22 times>, "?þ", 'ÿ' <repeats 16 times>, "÷\017", '\000' <repeats 106 times>
(kgdb) print *((char *)cgp + cgp->cg_iusedoff + 50)
$8 = -2 'þ'
(kgdb) frame 18
#18 0xc01a71d4 in fdrop (fp=0xc1d658c0, p=0xcc2fba00) at ../../sys/file.h:217
217 return ((*fp->f_ops->fo_close)(fp, p));
(kgdb) print *p
Cannot access memory at address 0x0.
(kgdb) print *fp
$9 = {f_list = {le_next = 0xc17c1d00, le_prev = 0xc1755740}, f_FILLER3 = 0, f_type = 1, f_flag = 3,
f_cred = 0xc1f0c080, f_ops = 0xc03b2028, f_seqcount = 1, f_nextoff = 0, f_offset = 0,
f_data = 0xce24d180 "", f_count = 0, f_msgcount = 0}
(kgdb)
Kris
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE8eqnaWry0BWjoQKURAqJcAKDVnVrpW/T7XaQ8QJouoJF5GUJ3egCfTvrM
xjCN/BmfZenfyAQ3Opot62w=
=jVxw
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020225131714.B59373>