Page MenuHomeFreeBSD
Differential D31039

Panic on ufsdirhash_findfree: free mismatch
AcceptedPublic
Actions

Authored by akumar3_isilon.com on Jul 5 2021, 9:05 AM.
Tags
None
Referenced Files
Unknown Object (File)
Dec 22 2023, 9:36 PM
Unknown Object (File)
Dec 10 2023, 8:49 PM
Unknown Object (File)
Sep 26 2023, 8:16 PM
Unknown Object (File)
Aug 15 2023, 12:35 AM
Unknown Object (File)
Aug 15 2023, 12:08 AM
Unknown Object (File)
Jun 11 2023, 6:14 AM
Unknown Object (File)
Jun 6 2023, 4:00 AM
Unknown Object (File)
Mar 20 2023, 10:18 AM
View All 13 Files
Subscribers
vangyzen

Details

Reviewers
mckusick
kib
rlibby
bdrewery
markj
Summary

Looks like we have hit a corner case.
After the command "mkdir /base" was issued the vfs/ufs pulls up the inode 2 (inode for root) and start to lookup space to create a directory entry for /base
It pulls out the dirhash for inode 2 and sees there is space of this directory entry at block 29,
Block 29 is read from the disk to the memory and now we start looking for the free space in this block(block size 512 Bytes)
While iterating over the entries it reaches the very end of the block.
This condition is however not handled by ufsdirhash_findfree (i == 512) and we hit the panic

ufsdirhash_findfree (ip=<optimized out>, slotneeded=16, slotsize=0xfffffe99a1441590)

block2915 KBDownload

inode697 BDownload

dirhash755 BDownload

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

akumar3_isilon.com requested review of this revision.Jul 5 2021, 9:05 AM
akumar3_isilon.com created this revision.
akumar3_isilon.com edited the summary of this revision. (Show Details)Jul 5 2021, 10:07 AM
kib accepted this revision.Jul 5 2021, 11:41 AM
This revision is now accepted and ready to land.Jul 5 2021, 11:41 AM
akumar3_isilon.com added a reviewer: markj.Jul 7 2021, 3:55 PM
rlibby added inline comments.Jul 7 2021, 4:50 PM
sys/ufs/ufs/ufs_dirhash.c
751–769

I don't think this is right. Doesn't this prevent us from using the last slot? As in, it's fine if we get here with i == DIRBLKSIZ if freebytes >= slotneeded. And so I think the condition becomes if (freebytes < slotneeded)--which is exactly what the panic is about.

It may be fine to defensively error out for these cases instead of panic, but something else is also going on here. I think dh_firstfree has to be corrupt to get here.

markj added inline comments.Jul 7 2021, 5:30 PM
sys/ufs/ufs/ufs_dirhash.c
751–769

Indeed, I think this is covering up something else. If i > DIRBLKSIZ then we have a record which crosses a directory block, and I believe that is not permitted. Perhaps there's some race which creates a window where the directory blocks and hash table can get out of sync, or some memory corruption modified either dh_firstfree or the corresponding directory block.

akumar3_isilon.com added inline comments.Jul 9 2021, 4:18 AM
sys/ufs/ufs/ufs_dirhash.c
751–769

Yes, dh_firstfree (expected to be -1, not 29) seems corrupt, and I am digging into it, no culprits found yet.

vangyzen added a subscriber: vangyzen.Jul 12 2021, 1:22 PM

Revision Contents
Changeset List

PathSize
sys/
ufs/
ufs/
4 lines

Diff 91759

View Options

sys/ufs/ufs/ufs_dirhash.c

Loading...