[Bug 265162] fsck_ffs(8) core dumps with a mangled FS
Date: Tue, 12 Jul 2022 04:21:05 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=265162
Bug ID: 265162
Summary: fsck_ffs(8) core dumps with a mangled FS
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: bin
Assignee: bugs@FreeBSD.org
Reporter: pho@FreeBSD.org
Created attachment 235202
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=235202&action=edit
Mangled disk image
root@mercat1:/usr/src/sbin/fsck_ffs # gdb /sbin/fsck_ffs
GNU gdb (GDB) 11.2 [GDB v11.2 for FreeBSD]
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-portbld-freebsd14.0".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /sbin/fsck_ffs...
(gdb) r -fy /work/diskimage
Starting program: /sbin/fsck_ffs -fy /work/diskimage
warning: Could not load shared library symbols for [vdso].
Do you need "set solib-search-path" or "set sysroot"?
/work/diskimage IS NOT A DISK DEVICE
CONTINUE? yes
** /work/diskimage
** Last Mounted on /mnt11
** Phase 1 - Check Blocks and Sizes
Program received signal SIGBUS, Bus error.
Object-specific hardware error.
0x0000000001038be6 in pass1 () at /usr/src/sbin/fsck_ffs/pass1.c:90
90 setbmap(i);
(gdb) l
85 setbmap(i);
86 }
87 i = sblock.fs_csaddr;
88 cgd = i + howmany(sblock.fs_cssize, sblock.fs_fsize);
89 for (; i < cgd; i++)
90 setbmap(i);
91
92 /*
93 * Find all allocated blocks.
94 */
(gdb) info loc
info = 0xa90b69adeeb39d9
idesc = {id_fix = 9, id_func = 0x7fffffffe980, id_bp = 0x0, id_dp = 0x10564c0
<startprog>, id_number = 0x801298b10, id_parent = 0x7fffffffe7c0,
id_lbn = 0x8011d522e, id_blkno = 0x62cc20f8, id_level = 0xbd0d614c,
id_numfrags = 0xf449bf1f, id_lballoc = 0xa90b69adeeb39d9, id_filesize = 0x9,
id_entryno = 0x10564c0, id_loc = 0xffffe9a8, id_dirp = 0x7fffffffe7e0,
id_name = 0x8011d4ea1 <clock_gettime+17>
"\203\370Nu\016\211\337L\211\366[A^]\351\234\276\t", id_type = 0x3}
cgbp = 0x4328ad3200000001
cgp = 0x23a5
inumber = 0x8011d5013
inosused = 0x7fffffffe780
mininos = 0xc490f4
i = 0x200000000000028
cgd = 0x200000000000029
cp = 0x7fffffffe790 "\370 \314b"
c = 0x4
rebuildcg = 0xfffffbe0
(gdb) p sblock
No symbol "sblock" in current context.
(gdb) p *sblk.b_un.b_fs
$1 = {fs_firstfield = 0x0, fs_unused_1 = 0x0, fs_sblkno = 0x8, fs_cblkno =
0x10, fs_iblkno = 0x18, fs_dblkno = 0x28, fs_old_cgoffset = 0x0,
fs_old_cgmask = 0xffffffff, fs_old_time = 0x62cc1e2d, fs_old_size = 0xa00,
fs_old_dsize = 0x977, fs_ncg = 0x4, fs_bsize = 0x8000,
fs_fsize = 0x1000, fs_frag = 0x8, fs_minfree = 0x8, fs_old_rotdelay = 0x0,
fs_old_rps = 0x3c, fs_bmask = 0xffff8000, fs_fmask = 0xfffff000,
fs_bshift = 0xf, fs_fshift = 0xc, fs_maxcontig = 0x20, fs_maxbpg = 0x1000,
fs_fragshift = 0x3, fs_fsbtodb = 0x3, fs_sbsize = 0x1000, fs_spare1 = {
0x0, 0x4000000}, fs_nindir = 0x2000, fs_inopb = 0x100, fs_old_nspf = 0x8,
fs_optim = 0x0, fs_old_npsect = 0x1440, fs_old_interleave = 0x1,
fs_old_trackskew = 0x0, fs_id = {0x62cc1e24, 0xcc40b1d9}, fs_old_csaddr =
0x28, fs_cssize = 0x1000, fs_cgsize = 0x1000, fs_spare2 = 0x0,
fs_old_nsect = 0x1440, fs_old_spc = 0x1440, fs_old_ncyl = 0x4, fs_old_cpg =
0x1, fs_ipg = 0x200, fs_fpg = 0x288, fs_old_cstotal = {cs_ndir = 0x3,
cs_nbfree = 0xb6, cs_nifree = 0x63f, cs_nffree = 0x11}, fs_fmod = 0x0,
fs_clean = 0x1, fs_ronly = 0x0, fs_old_flags = 0x80,
fs_fsmnt = "/mnt11", '\000' <repeats 461 times>, fs_volname = '\000' <repeats
31 times>, fs_swuid = 0x0, fs_pad = 0x0, fs_cgrotor = 0x0,
fs_ocsp = {0x0 <repeats 15 times>}, fs_si = 0x80182e000, fs_old_cpc = 0x0,
fs_maxbsize = 0x8000, fs_unrefs = 0x0, fs_providersize = 0xa00,
fs_metaspace = 0x18, fs_sparecon64 = {0x0 <repeats 13 times>},
fs_sblockactualloc = 0x2000, fs_sblockloc = 0x2000, fs_cstotal = {cs_ndir =
0x3,
cs_nbfree = 0xb6, cs_nifree = 0x63f, cs_nffree = 0x11, cs_numclusters =
0x0, cs_spare = {0x0, 0x0, 0x0}}, fs_time = 0x62cc1e2d, fs_size = 0xa00,
fs_dsize = 0x977, fs_csaddr = 0x200000000000028, fs_pendingblocks = 0x0,
fs_pendinginodes = 0x0, fs_snapinum = {0x0 <repeats 20 times>},
fs_avgfilesize = 0x4000, fs_avgfpdir = 0x40, fs_save_cgsize = 0x0, fs_mtime =
0x62cc1e2d, fs_sujfree = 0x0, fs_sparecon32 = {
0x0 <repeats 21 times>}, fs_ckhash = 0x0, fs_metackhash = 0x0, fs_flags =
0x0, fs_contigsumsize = 0x10, fs_maxsymlinklen = 0x3c,
fs_old_inodefmt = 0x2, fs_maxfilesize = 0x4002001005ffff, fs_qbmask = 0x7fff,
fs_qfmask = 0xfff, fs_state = 0x0, fs_old_postblformat = 0x1,
fs_old_nrpos = 0x1, fs_spare5 = {0x0, 0x0}, fs_magic = 0x11954}
(gdb) quit
debugging session is active.
Inferior 1 [process 98582] will be killed.
Quit anyway? (y or n) y
root@mercat1:/usr/src/sbin/fsck_ffs # exit
exit
This on main-n256654-3c9ad9398fcdf.
--
You are receiving this mail because:
You are the assignee for the bug.