From nobody@FreeBSD.org  Fri Mar  3 08:17:12 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BE61816A420
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  3 Mar 2006 08:17:12 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6F02643D48
	for <freebsd-gnats-submit@FreeBSD.org>; Fri,  3 Mar 2006 08:17:12 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k238HC3r070808
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 3 Mar 2006 08:17:12 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k238HCSN070807;
	Fri, 3 Mar 2006 08:17:12 GMT
	(envelope-from nobody)
Message-Id: <200603030817.k238HCSN070807@www.freebsd.org>
Date: Fri, 3 Mar 2006 08:17:12 GMT
From: Pietro Cerutti <pietro.cerutti@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: dump(8) seg-fault on nullfs
X-Send-Pr-Version: www-2.3

>Number:         94045
>Category:       bin
>Synopsis:       [nullfs] dump(8) seg-fault on nullfs
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 03 08:20:07 GMT 2006
>Closed-Date:    Tue Aug 15 17:54:46 GMT 2006
>Last-Modified:  Tue Aug 15 17:54:46 GMT 2006
>Originator:     Pietro Cerutti
>Release:        6.0-STABLE
>Organization:
-
>Environment:
FreeBSD gahr 6.0-STABLE FreeBSD 6.0-STABLE #4: Wed Mar  1 16:51:41 CET 2006     toor@gahr:/usr/obj/usr/src/sys/GAHR  i386
>Description:
The dump(8) utility crashes on nullfs types, when they are mounted via fstab.

A nullfs is defined in the last row of /etc/fstab:

# Device          Mountpoint           FStype      Options     Dump  Pass#
/dev/ad0s2b       none                 swap        sw          0  0
/dev/ad0s2a       /                    ufs         rw          1  1
/dev/ad0s2f       /home                ufs         rw          2  2
/dev/ad0s2e       /usr                 ufs         rw          2  2
/dev/ad0s2d       /var                 ufs         rw          2  2
/dev/acd0         /cdrom               cd9660      ro,noauto   0  0
/dev/cd0          /cdrom               cd9660      ro,noauto   0  0
/dev/ad0s1        /mnt/win             ntfs        ro,noauto   0  0
/dev/da0          /mnt/pen             msdosfs     rw,noauto   0  0
linprocfs         /compat/linux/proc   linprocfs   rw          0  0
proc              /proc                procfs      rw          0  0
/usr/local/etc    /mnt/tmp             nullfs      rw,noauto   0  0

After mounting it with (# mount /mnt/tmp), it appears in the list of mounted filesystems (# mount). See the last row:

/dev/ad0s2a       on / (ufs, local)
devfs             on /dev (devfs, local)
/dev/ad0s2f       on /home (ufs, local, soft-updates)
/dev/ad0s2e       on /usr (ufs, local, soft-updates)
/dev/ad0s2d       on /var (ufs, local, soft-updates)
linprocfs         on /usr/compat/linux/proc (linprocfs, local)
procfs            on /proc (procfs, local)
pid747@gahr:/net  on /net (nfs)
pid747@gahr:/host on /host (nfs)
srv-file:/share   on /.amd_mnt/srv-file/host/share (nfs, nosuid)
/usr/local/etc    on /mnt/tmp (nullfs, local)

dump(8) seg-faults trying to dump it:

# dump -0 -f usr.local.etc /mnt/tmp
  DUMP: SIGSEGV: ABORTING!
Segmentation fault (core dumped)

The strange is that if the nullfs filesystem is not listed in /etc/fstab, and is mounted by hand (# mount_nullfs /usr/local/etc /mnt/tmp), then dump(8) gives an "unknown filesystem error), which is acceptable:

# mount_nullfs /usr/local/etc/ /mnt/tmp
# dump -0 -f usr.local.etc /mnt/tmp
dump: /mnt/tmp: unknown file system


>How-To-Repeat:
1) add a line in /etc/fstab specifying a nullfs mount point (e.g. /usr/ on /mnt)
2) mount it (e.g. mount /mnt)
3) try to dump it (e.g. dump -0 -f test /mnt)
-> dump should seg-fault

4) remove the line in /etc/fstab
5) mount a nullfs by hand (e.g. mount_nullfs /usr/ mnt/)
6) try to dump it (e.g dump -0 -f test /mnt)
-> dump should say "dump: /mnt: unknown file system"
>Fix:

>Release-Note:
>Audit-Trail:

From: Robert Gogolok <gogo@cs.uni-sb.de>
To: bug-followup@freebsd.org, pietro.cerutti@gmail.com
Cc:  
Subject: Re: bin/94045: [nullfs] dump(8) seg-fault on nullfs
Date: Sat, 4 Mar 2006 16:36:39 +0100

 Backtrace:
 Program received signal SIGSEGV, Segmentation fault.
 0x2811ddb2 in strcmp () from /lib/libc.so.6
 (gdb) bt
 #0  0x2811ddb2 in strcmp () from /lib/libc.so.6
 #1  0x0804b750 in getmntpt (name=3D0x0, mntflagsp=3D0xbfbfeb5c)=20
 at /usr/src/sbin/dump/main.c:607
 #2  0x0804aa14 in main (argc=3D0, argv=3D0xbfbfec48)=20
 at /usr/src/sbin/dump/main.c:325
 
 
 607 =BB=B7=BB=B7if (!strcmp(mntbuf[i].f_mntfromname, name)) {
 
 The variable 'name' in the method=20
 600 getmntpt(char *name, int *mntflagsp)
 on line 607 hast the value 0.
 
 The value is set in the 'if block' on line 314.
    313 =BB=B7if (dt !=3D NULL) {
     314 =BB=B7=BB=B7disk =3D rawname(dt->fs_spec);
     315 =BB=B7=BB=B7(void)strncpy(spcl.c_dev, dt->fs_spec, NAMELEN);
     316 =BB=B7=BB=B7(void)strncpy(spcl.c_filesys, dt->fs_file, NAMELEN);
     317 =BB=B7} else {
     318 =BB=B7=BB=B7(void)strncpy(spcl.c_dev, disk, NAMELEN);
     319 =BB=B7=BB=B7(void)strncpy(spcl.c_filesys, "an unlisted file system",
     320 =BB=B7=BB=B7    NAMELEN);
     321 =BB=B7}
 
 
 The method rawname returns 0 since on line 667
 
 667 =BB=B7if (stat(cp, &sb) =3D=3D 0 && (sb.st_mode & S_IFMT) =3D=3D S_IFCH=
 R)
 668 =BB=B7=BB=B7return (cp);
 
 the comparision=20
 (sb.st_mode & S_IFMT) =3D=3D S_IFCHR=20
 is not true and the rawname methos returns NULL
 674 =BB=B7return (NULL);

From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
To: <bug-followup@FreeBSD.org>, Robert Gogolok <gogo@cs.uni-sb.de>,
	Pietro Cerutti <pietro.cerutti@gmail.com>
Cc:  
Subject: Re: bin/94045: [nullfs] dump(8) seg-fault on nullfs
Date: Tue, 15 Aug 2006 20:45:21 +0400 (MSD)

 --------------Boundary-00=_L7T1PWYXFQQMYJ0CCJD0
 Content-Type: text/plain;
   charset="US-ASCII"
 Content-Transfer-Encoding: 7bit
 
 Hi!
 
 I think the attached patch fix this problem.
 
 -- 
 WBR, Andrey V. Elsukov
 
 --------------Boundary-00=_L7T1PWYXFQQMYJ0CCJD0
 Content-Disposition: attachment;
   Filename="main.c.diff"
 Content-Type: application/octet-stream;
   name="main.c.diff"
 Content-Transfer-Encoding: base64
 
 SW5kZXg6IG1haW4uYwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
 PT09PT09PT09PT09PT09PT09PT09PT09ClJDUyBmaWxlOiAvbmN2cy9zcmMvc2Jpbi9kdW1wL21h
 aW4uYyx2CnJldHJpZXZpbmcgcmV2aXNpb24gMS42MwpkaWZmIC11IC1yMS42MyBtYWluLmMKLS0t
 IG1haW4uYwkxOCBBcHIgMjAwNSAxNTowODoyOSAtMDAwMAkxLjYzCisrKyBtYWluLmMJMTUgQXVn
 IDIwMDYgMTY6NDI6MDQgLTAwMDAKQEAgLTMxMiw2ICszMTIsOCBAQAogCWR0ID0gZnN0YWJzZWFy
 Y2goZGlzayk7CiAJaWYgKGR0ICE9IE5VTEwpIHsKIAkJZGlzayA9IHJhd25hbWUoZHQtPmZzX3Nw
 ZWMpOworCQlpZiAoZGlzayA9PSBOVUxMKQorCQkJZXJyeChYX1NUQVJUVVAsICIlczogdW5rbm93
 biBmaWxlIHN5c3RlbSIsIGR0LT5mc19zcGVjKTsKIAkJKHZvaWQpc3RybmNweShzcGNsLmNfZGV2
 LCBkdC0+ZnNfc3BlYywgTkFNRUxFTik7CiAJCSh2b2lkKXN0cm5jcHkoc3BjbC5jX2ZpbGVzeXMs
 IGR0LT5mc19maWxlLCBOQU1FTEVOKTsKIAl9IGVsc2Ugewo=
 
 --------------Boundary-00=_L7T1PWYXFQQMYJ0CCJD0--

From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
To: bug-followup@FreeBSD.org, gogo@cs.uni-sb.de,
	pietro.cerutti@gmail.com
Cc:  
Subject: Re: bin/94045: [nullfs] dump(8) seg-fault on nullfs
Date: Tue, 15 Aug 2006 21:07:04 +0400 (MSD)

 >I think the attached patch fix this problem.
 Sorry for base64, the patch is simple:
 
 Index: main.c
 ===================================================================
 RCS file: /ncvs/src/sbin/dump/main.c,v
 retrieving revision 1.63
 diff -u -r1.63 main.c
 --- main.c      18 Apr 2005 15:08:29 -0000      1.63
 +++ main.c      15 Aug 2006 16:42:04 -0000
 @@ -312,6 +312,8 @@
         dt = fstabsearch(disk);
         if (dt != NULL) {
                 disk = rawname(dt->fs_spec);
 +               if (disk == NULL)
 +                       errx(X_STARTUP, "%s: unknown file system", dt->fs_spec);
                 (void)strncpy(spcl.c_dev, dt->fs_spec, NAMELEN);
                 (void)strncpy(spcl.c_filesys, dt->fs_file, NAMELEN);
         } else {
 
 
 -- 
 WBR, Andrey V. Elsukov
State-Changed-From-To: open->closed 
State-Changed-By: mjacob 
State-Changed-When: Tue Aug 15 17:54:11 UTC 2006 
State-Changed-Why:  
Applied the suggested patch- thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=94045 
>Unformatted:
