Phase 5 - rebuild AG headers and trees... *** glibc detected *** xfs_repair: munmap_chunk(): invalid pointer: 0xb092c008 *** ======= Backtrace: ========= /lib/i686/cmov/libc.so.6(cfree+0x1bb)[0xb7de24ab] | 0xb7de24ab | xfs_repair[0x8061f2d] | 0x08061f2d | : call 0x80492c4 xfs_repair[0x806b311] | 0x0806b311 | : call 0x8061d60 xfs_repair[0x807cb28] | 0x0807cb28 | : call 0x806ae60 /lib/i686/cmov/libc.so.6(__libc_start_main+0xe0)[0xb7d89450] | 0xb7d89450 | <__libc_start_main+226>: call *0x8(%ebp) xfs_repair[0x8049541] | 0x08049541 | <_start+28>: call 0x8049254 <__libc_start_main@plt> ======= Memory map: ======== 08048000-080ce000 r-xp 00000000 03:01 195863 /sbin/xfs_repair 080ce000-080cf000 rw-p 00085000 03:01 195863 /sbin/xfs_repair 080cf000-0aadc000 rw-p 080cf000 00:00 0 [heap] ########## deb [check-valid-until=no] http://snapshot.debian.org/archive/debian/20091004T111800Z/ lenny main deb-src [check-valid-until=no] http://snapshot.debian.org/archive/debian/20091004T111800Z/ lenny main apt-get update apt-get install debian-archive-keyring gdb xfsprogs devscripts dpkg-dev build-essential uuid-dev autoconf debhelper gettext libtool libreadline5-dev gcc-4.1 wget http://snapshot.debian.org/archive/debian/20060822T000000Z/pool/main/x/xfsprogs/xfsprogs_2.8.11-1_i386.deb dpkg -i xfsprogs_2.8.11-1_i386.deb https://buildd.debian.org/status/fetch.php?pkg=xfsprogs&arch=amd64&ver=2.8.11-1&stamp=1156139624&raw=0 # Unfortunately no log for i386 # -> was built with gcc-4.1 ln -sf gcc-4.1 /usr/bin/gcc mkdir xfsprogs/orig -p cd xfsprogs/orig dget http://snapshot.debian.org/archive/debian/20060822T000000Z/pool/main/x/xfsprogs/xfsprogs_2.8.11-1.dsc dpkg-source -x xfsprogs_2.8.11-1.dsc cd ../.. cd xfsprogs cp orig try1 -a cd try1/xfsprogs-2.8.11/ dpkg-buildpackage -b benutzer@debian:~$ objdump -D /sbin/xfs_repair > objdump.txt debian:~/xfsprogs/try1/xfsprogs-2.8.11# file /sbin/xfs_repair /root/xfsprogs/try1/xfsprogs-2.8.11/repair/xfs_repair /sbin/xfs_repair: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.4.1, dynamically linked (uses shared libs), for GNU/Linux 2.4.1, stripped /root/xfsprogs/try1/xfsprogs-2.8.11/repair/xfs_repair: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.6.8, dynamically linked (uses shared libs), for GNU/Linux 2.6.8, not stripped debian:~/xfsprogs/try1/xfsprogs-2.8.11# gdb -q --args /root/xfsprogs/try1/xfsprogs-2.8.11/repair/xfs_repair (gdb) set width 0 (gdb) set pagination off (gdb) disassemble main debian:~# gdb -q --args /sbin/xfs_repair (no debugging symbols found) (gdb) set width 0 (gdb) set pagination off (gdb) b __libc_start_main --- original binary --- | --- rebuild with debug info --- | (gdb) info target | (gdb) info target Symbols from "/sbin/xfs_repair". | Symbols from "/root/xfsprogs/try1/xfsprogs-2.8.11/repair/xfs_repair". Local exec file: | Local exec file: `/sbin/xfs_repair', file type elf32-i386. | `/root/xfsprogs/try1/xfsprogs-2.8.11/repair/xfs_repair', file type elf32-i386. Entry point: 0x8049520 0x08048134 - 0x08048147 is .interp | Entry point: 0x8049590 0x08048134 - 0x08048147 is .interp ... | ... 0x08049520 - 0x080c1434 is .text | 0x08049590 - 0x080bb4dc is .text | | (gdb) disassemble 0x8049520 0x8049520+35 | (gdb) disassemble _start Dump of assembler code from 0x8049520 to 0x8049543: | Dump of assembler code for function _start: 0x08049520 : xor %ebp,%ebp | 0x08049590 <_start+0>: xor %ebp,%ebp 0x08049522 : pop %esi | 0x08049592 <_start+2>: pop %esi 0x08049523 : mov %esp,%ecx | 0x08049593 <_start+3>: mov %esp,%ecx 0x08049525 : and $0xfffffff0,%esp | 0x08049595 <_start+5>: and $0xfffffff0,%esp 0x08049528 : push %eax | 0x08049598 <_start+8>: push %eax 0x08049529 : push %esp | 0x08049599 <_start+9>: push %esp 0x0804952a : push %edx | 0x0804959a <_start+10>: push %edx 0x0804952b : push $0x80c1350 | 0x0804959b <_start+11>: push $0x80bb440 0x08049530 : push $0x80c13a0 | 0x080495a0 <_start+16>: push $0x80bb450 0x08049535 : push %ecx | 0x080495a5 <_start+21>: push %ecx 0x08049536 : push %esi | 0x080495a6 <_start+22>: push %esi 0x08049537 : push $0x807c7a0 | 0x080495a7 <_start+23>: push $0x8079ec0 0x0804953c : call 0x8049374 <__libc_start_main@plt> | 0x080495ac <_start+28>: call 0x8049254 <__libc_start_main@plt> 0x08049541 : hlt | 0x080495b1 <_start+33>: hlt 0x08049542 : nop | End of assembler dump. | | | (gdb) print main | $2 = {int (int, char **)} 0x8079ec0
| --> main starts at 0x807c7a0 | | | (gdb) disassemble 0x807c7a0 0x807c7a0+1650 | (gdb) disassemble 0x08079ec0 0x08079ec0+1640 Dump of assembler code from 0x807c7a0 to 0x807ce12: | Dump of assembler code from 0x8079ec0 to 0x807a528: 0x0807c7a0 : lea 0x4(%esp),%ecx | 0x08079ec0 : lea 0x4(%esp),%ecx 0x0807c7a4 : and $0xfffffff0,%esp | 0x08079ec4 : and $0xfffffff0,%esp ... 0x0807cadd : call 0x807be50 | 0x0807c68f : call 0x807b9e0 0x0807cae2 : lea 0x0(%esi,%eiz,1),%esi | 0x0807c694 : mov 0x80ce9c4,%edi 0x0807cae9 : lea 0x0(%edi,%eiz,1),%edi | 0x0807c69a : test %edi,%edi 0x0807caf0 : mov 0x80ced48,%eax | 0x0807c69c : je 0x807c5d3 0x0807caf5 : test %eax,%eax | 0x0807c6a2 : mov 0x80ce9a4,%esi 0x0807caf7 : je 0x807ca20 | 0x0807c6a8 : test %esi,%esi 0x0807cafd : mov 0x80cedfc,%eax | 0x0807c6aa : jne 0x807c8a5 0x0807cb02 : test %eax,%eax | 0x0807c6b0 : movl $0x80cb7f8,(%esp) 0x0807cb04 : jne 0x807cd09 | 0x0807cb0a : movl $0x80cbc98,(%esp) | 0x0807cb11 : call 0x807be50 | 0x0807c6b7 : call 0x807b9e0 0x0807cb16 : jmp 0x807ca20 | 0x0807c6bc : jmp 0x807c5d3 0x0807cb1b : nop | 0x0807c6c1 : mov %ebx,(%esp) 0x0807cb1c : lea 0x0(%esi,%eiz,1),%esi | 0x0807cb20 : mov %ebx,(%esp) | | 0x0807cb23 : call 0x806b2d0 | 0x0807c6c4 : call 0x806ae60 0x0807cb28 : jmp 0x807c9bb | 0x0807c6c9 : jmp 0x807c573 | 0x0807cb2d : lea 0x0(%esi),%esi | 0x0807c6ce : xchg %ax,%ax 0x0807cb30 : xor %esi,%esi | 0x0807cb32 : call 0x807f390 | 0x0807c6d0 : call 0x807ee60 0x0807cb37 : call 0x807f3b0 | 0x0807c6d5 : call 0x807ee80 0x0807cb3c : mov %esi,0x4(%esp) | 0x0807c6da : movl $0x0,0x4(%esp) 0x0807cb40 : mov %ebx,(%esp) | 0x0807c6e2 : mov %ebx,(%esp) 0x0807cb43 : call 0x807fca0 | 0x0807c6e5 : call 0x807f750 0x0807cb48 : test %eax,%eax | 0x0807c6ea : test %eax,%eax 0x0807cb4a : mov %eax,%edi | 0x0807c6ec : mov %eax,%edi 0x0807cb4c : je 0x807cd4d | 0x0807c6ee : je 0x807c8e9 0x0807cb52 : mov 0x48(%edi),%esi | 0x0807c6f4 : mov 0x48(%edi),%esi 0x0807cb55 : movzwl 0xb0(%esi),%eax | 0x0807c6f7 : movzwl 0xb0(%esi),%eax 0x0807cb5c : test $0x24,%al | 0x0807c6fe : test $0x24,%al 0x0807cb5e : jne 0x807cc66 | 0x0807c700 : jne 0x807c80a 0x0807cb64 : mov 0x80cee2c,%ecx | 0x0807c706 : mov 0x80ce988,%eax 0x0807cb6a : test %ecx,%ecx | 0x0807c70b : test %eax,%eax 0x0807cb6c : jne 0x807cc31 | 0x0807c70d : jne 0x807c7d1 0x0807cb72 : xor %eax,%eax | 0x0807c713 : movl $0x0,0x4(%esp) 0x0807cb74 : mov %eax,0x4(%esp) | 0x0807c71b : mov %edi,(%esp) 0x0807cb78 : mov %edi,(%esp) | 0x0807c71e : call 0x807eec0 | | | | | | | (gdb) disassemble 0x806b2d0 0x806b2d0+800 | (gdb) disassemble phase5 Dump of assembler code from 0x806b2d0 to 0x806b5f0: | Dump of assembler code for function phase5: 0x0806b2d0 : push %ebp | 0x0806ae60 : push %ebp 0x0806b2d1 : mov %esp,%ebp | 0x0806ae61 : mov %esp,%ebp 0x0806b2d3 : push %edi | 0x0806ae63 : push %edi 0x0806b2d4 : push %esi | 0x0806ae64 : push %esi 0x0806b2d5 : push %ebx | 0x0806ae65 : push %ebx 0x0806b2d6 : sub $0x39c,%esp | 0x0806ae66 : sub $0x39c,%esp 0x0806b2dc : mov 0x8(%ebp),%edi | 0x0806ae6c : mov 0x8(%ebp),%edi 0x0806b2df : movl $0x80c7dc4,(%esp) | 0x0806ae6f : movl $0x80c7924,(%esp) 0x0806b2e6 : call 0x807be20 | 0x0806ae76 : call 0x807b9b0 0x0806b2eb : mov %edi,(%esp) | 0x0806ae7b : mov %edi,(%esp) 0x0806b2ee : call 0x8068bf0 | 0x0806ae7e : call 0x8068960 0x0806b2f3 : mov 0x58(%edi),%ebx | 0x0806ae83 : mov 0x58(%edi),%edx 0x0806b2f6 : test %ebx,%ebx | 0x0806ae86 : test %edx,%edx 0x0806b2f8 : je 0x806b566 | 0x0806ae88 : je 0x806b105 0x0806b2fe : xor %esi,%esi | 0x0806ae8e : xor %esi,%esi 0x0806b300 : jmp 0x806b525 | 0x0806ae90 : jmp 0x806b0c0 0x0806b305 : mov %esi,0x4(%esp) | 0x0806ae95 : mov %esi,0x4(%esp) 0x0806b309 : mov %edi,(%esp) | 0x0806ae99 : mov %edi,(%esp) | 0x0806b30c : call 0x8061f10 | 0x0806ae9c : call 0x8061d60 0x0806b311 : lea -0x28(%ebp),%eax | 0x0806aea1 : lea -0x28(%ebp),%eax | 0x0806b314 : lea -0x20(%ebp),%edx | 0x0806aea4 : lea -0x20(%ebp),%edx 0x0806b317 : mov %eax,0x10(%esp) | 0x0806aea7 : mov %eax,0x10(%esp) 0x0806b31b : lea -0x37c(%ebp),%eax | 0x0806aeab : lea -0x37c(%ebp),%eax 0x0806b321 : mov %edx,0xc(%esp) | 0x0806aeb1 : mov %edx,0xc(%esp) 0x0806b325 : mov %eax,0x8(%esp) | 0x0806aeb5 : mov %eax,0x8(%esp) 0x0806b329 : mov %esi,0x4(%esp) | 0x0806aeb9 : mov %esi,0x4(%esp) 0x0806b32d : mov %edi,(%esp) | 0x0806aebd : mov %edi,(%esp) 0x0806b330 : call 0x806a8e0 | 0x0806aec0 : call 0x806a4a0 0x0806b335 : mov -0x20(%ebp),%eax | 0x0806aec5 : mov -0x20(%ebp),%eax 0x0806b338 : add %eax,0x80cee10 | 0x0806aec8 : add %eax,0x80ce9b0 | | | | | (gdb) disassemble 0x8061f10 0x8061f10+50 | (gdb) disassemble teardown_ag_bmap Dump of assembler code from 0x8061f10 to 0x8061f42: | Dump of assembler code for function teardown_ag_bmap: 0x08061f10 : push %ebp | 0x08061d60 : push %ebp 0x08061f11 : mov %esp,%ebp | 0x08061d61 : mov %esp,%ebp 0x08061f13 : push %ebx | 0x08061d63 : push %ebx 0x08061f14 : sub $0x4,%esp | 0x08061d64 : sub $0x4,%esp 0x08061f17 : mov 0xc(%ebp),%ebx | 0x08061d67 : mov 0xc(%ebp),%ebx 0x08061f1a : mov 0x80cede4,%eax | 0x08061d6a : mov 0x80ce908,%eax 0x08061f1f : shl $0x2,%ebx | 0x08061d6f : mov (%eax,%ebx,4),%eax 0x08061f22 : mov (%ebx,%eax,1),%eax | 0x08061d72 : mov %eax,(%esp) 0x08061f25 : mov %eax,(%esp) | 0x08061d75 : call 0x80492c4 0x08061f28 : call 0x8049444 | 0x08061d7a : mov 0x80ce908,%eax 0x08061f2d : mov 0x80cede4,%eax | 0x08061d7f : movl $0x0,(%eax,%ebx,4) 0x08061f32 : movl $0x0,(%ebx,%eax,1) | 0x08061d86 : add $0x4,%esp 0x08061f39 : pop %eax | 0x08061d89 : pop %ebx 0x08061f3a : pop %ebx | 0x08061d8a : pop %ebp 0x08061f3b : pop %ebp | 0x08061d8b : ret 0x08061f3c : ret | End of assembler dump. End of assembler dump. | (gdb) (gdb) list teardown_ag_bmap 114 115 /* ARGSUSED */ 116 void 117 teardown_ag_bmap(xfs_mount_t *mp, xfs_agnumber_t agno) 118 { 119 ASSERT(ba_bmap[agno] != NULL); 120 121 free(ba_bmap[agno]); 122 ba_bmap[agno] = NULL; 123 124 return; 125 } # repair/incore.c (gdb) list phase5 1414 set_inode_used(irec, i); 1415 } 1416 1417 void 1418 phase5(xfs_mount_t *mp) 1419 { 1420 __uint64_t num_inos; 1421 __uint64_t num_free_inos; 1422 bt_status_t bno_btree_curs; 1423 bt_status_t bcnt_btree_curs; 1424 bt_status_t ino_btree_curs; 1425 xfs_agnumber_t agno; 1426 int extra_blocks = 0; 1427 uint num_freeblocks; 1428 xfs_extlen_t freeblks1; 1429 #ifdef DEBUG 1430 xfs_extlen_t freeblks2; 1431 #endif 1432 xfs_agblock_t num_extents; 1433 extern int count_bno_extents(xfs_agnumber_t); 1434 extern int count_bno_extents_blocks(xfs_agnumber_t, uint *); 1435 #ifdef XR_BLD_FREE_TRACE 1436 extern int count_bcnt_extents(xfs_agnumber_t); 1437 #endif 1438 1439 do_log(_("Phase 5 - rebuild AG headers and trees...\n")); 1440 1441 #ifdef XR_BLD_FREE_TRACE 1442 fprintf(stderr, "inobt level 1, maxrec = %d, minrec = %d\n", 1443 XFS_BTREE_BLOCK_MAXRECS(mp->m_sb.sb_blocksize, xfs_inobt, 0), 1444 XFS_BTREE_BLOCK_MINRECS(mp->m_sb.sb_blocksize, xfs_inobt, 0) 1445 ); 1446 fprintf(stderr, "inobt level 0 (leaf), maxrec = %d, minrec = %d\n", 1447 XFS_BTREE_BLOCK_MAXRECS(mp->m_sb.sb_blocksize, xfs_inobt, 1), 1448 XFS_BTREE_BLOCK_MINRECS(mp->m_sb.sb_blocksize, xfs_inobt, 1) 1449 ); 1450 fprintf(stderr, "xr inobt level 0 (leaf), maxrec = %d\n", 1451 XR_INOBT_BLOCK_MAXRECS(mp, 0)); 1452 fprintf(stderr, "xr inobt level 1 (int), maxrec = %d\n", 1453 XR_INOBT_BLOCK_MAXRECS(mp, 1)); 1454 fprintf(stderr, "bnobt level 1, maxrec = %d, minrec = %d\n", 1455 XFS_BTREE_BLOCK_MAXRECS(mp->m_sb.sb_blocksize, xfs_alloc, 0), 1456 XFS_BTREE_BLOCK_MINRECS(mp->m_sb.sb_blocksize, xfs_alloc, 0)); 1457 fprintf(stderr, "bnobt level 0 (leaf), maxrec = %d, minrec = %d\n", 1458 XFS_BTREE_BLOCK_MAXRECS(mp->m_sb.sb_blocksize, xfs_alloc, 1), 1459 XFS_BTREE_BLOCK_MINRECS(mp->m_sb.sb_blocksize, xfs_alloc, 1)); 1460 #endif 1461 1462 /* 1463 * make sure the root and realtime inodes show up allocated 1464 */ 1465 keep_fsinos(mp); 1466 1467 for (agno = 0; agno < mp->m_sb.sb_agcount; agno++) { 1468 /* 1469 * build up incore bno and bcnt extent btrees 1470 */ 1471 num_extents = mk_incore_fstree(mp, agno); 1472 1473 #ifdef XR_BLD_FREE_TRACE 1474 fprintf(stderr, "# of bno extents is %d\n", 1475 count_bno_extents(agno)); 1476 #endif 1477 1478 if (num_extents == 0) { 1479 /* 1480 * XXX - what we probably should do here is pick an 1481 * inode for a regular file in the allocation group 1482 * that has space allocated and shoot it by traversing 1483 * the bmap list and putting all its extents on the 1484 * incore freespace trees, clearing the inode, 1485 * and clearing the in-use bit in the incore inode 1486 * tree. Then try mk_incore_fstree() again. 1487 */ 1488 do_error(_("unable to rebuild AG %u. " 1489 "Not enough free space in on-disk AG.\n"), 1490 agno); 1491 } 1492 1493 /* 1494 * done with the AG bitmap, toss it... 1495 */ 1496 teardown_ag_bmap(mp, agno); 1497 # repair/phase5.c [1] https://git.kernel.org/pub/scm/fs/xfs/xfsprogs-dev.git/commit/repair?id=c1f7a46c4d6403e3313c13487e2f2174f92db670