From nobody@FreeBSD.org  Fri Jan 23 12:25:13 2004
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 40A0D16A4CE
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 23 Jan 2004 12:25:13 -0800 (PST)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4D12E43D5C
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 23 Jan 2004 12:25:03 -0800 (PST)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.12.10/8.12.10) with ESMTP id i0NKP3dL062313
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 23 Jan 2004 12:25:03 -0800 (PST)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.10/8.12.10/Submit) id i0NKP3eF062312;
	Fri, 23 Jan 2004 12:25:03 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200401232025.i0NKP3eF062312@www.freebsd.org>
Date: Fri, 23 Jan 2004 12:25:03 -0800 (PST)
From: Greg Valcourt <gval@mts.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: inoinfo size too large, fsck segmentation faults
X-Send-Pr-Version: www-2.0

>Number:         61800
>Category:       misc
>Synopsis:       inoinfo size too large, fsck segmentation faults
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    cperciva
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 23 12:30:08 PST 2004
>Closed-Date:    Tue Jan 27 03:55:36 PST 2004
>Last-Modified:  Tue Jan 27 07:30:19 PST 2004
>Originator:     Greg Valcourt
>Release:        FreeBSD 5.2
>Organization:
Home
>Environment:
FreeBSD  5.2-RELEASE FreeBSD 5.2RELEASE #1: Thu Jan 22 22:27:27 CST 2004
root@:/usr/src/sys/i386/compile/MyKernel   i386
>Description:
I have a filesystem that mounts onto root via a directory called "/media". I noticed that I could not cd into it. Naturally, I did an ls -altr | grep "media":
br-sr-Sr--  8236 1931505524  1953653108   32, 0x65740020 May 23  1975 media

Woh, that's wrong. So I umounted it. I ran fsck on the device:
** /dev/ad2s2c
** Last Mounted on /media
** Phase 1 - Check Blocks and Sizes
cannot alloc 3267166364 bytes for inoinfo
fsck: /dev/ad2s2c: Segmentation fault

Now, mabey there is an error that fsck can't fix, but fsck should recognize this and give an appropriate error. The fact that it segmentation faults tells me that the program could not handle a particular situation.



>How-To-Repeat:
For me, I just run fsck again on that filesystem. For you, I don't know. You would have to encouter a similar corruption on your file system.

I have the core file that it dumped. If you like it, email me and I will send you it. (It's over 6MB).
>Fix:

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->cperciva 
Responsible-Changed-By: cperciva 
Responsible-Changed-When: Sun Jan 25 22:56:27 PST 2004 
Responsible-Changed-Why:  
I'll take this one. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=61800 

From: Colin Percival <colin.percival@wadham.ox.ac.uk>
To: freebsd-gnats-submit@FreeBSD.org, gval@mts.net
Cc:  
Subject: Re: misc/61800: inoinfo size too large, fsck segmentation
  faults
Date: Mon, 26 Jan 2004 07:00:16 +0000

    Assuming that you've still got this damaged filesystem, could
 you verify that the following patch corrects the segfault?
 
 Index: src/sbin/fsck_ffs/pass1.c
 ===================================================================
 RCS file: /home/ncvs/src/sbin/fsck_ffs/pass1.c,v
 retrieving revision 1.38
 diff -u -r1.38 pass1.c
 --- src/sbin/fsck_ffs/pass1.c	3 May 2003 18:41:57 -0000	1.38
 +++ src/sbin/fsck_ffs/pass1.c	26 Jan 2004 06:54:16 -0000
 @@ -141,7 +141,7 @@
   		}
   		info = calloc((unsigned)inosused, sizeof(struct inostat));
   		if (info == NULL)
 -			pfatal("cannot alloc %u bytes for inoinfo\n",
 +			errx(EEXIT, "cannot alloc %u bytes for inoinfo",
   			    (unsigned)(sizeof(struct inostat) * inosused));
   		inostathead[c].il_stat = info;
   		/*
 @@ -175,7 +175,7 @@
   		}
   		info = calloc((unsigned)inosused, sizeof(struct inostat));
   		if (info == NULL)
 -			pfatal("cannot alloc %u bytes for inoinfo\n",
 +			errx(EEXIT, "cannot alloc %u bytes for inoinfo",
   			    (unsigned)(sizeof(struct inostat) * inosused));
   		memmove(info, inostathead[c].il_stat, inosused * sizeof(*info));
   		free(inostathead[c].il_stat);
 
State-Changed-From-To: open->feedback 
State-Changed-By: cperciva 
State-Changed-When: Mon Jan 26 07:16:25 PST 2004 
State-Changed-Why:  
Probable fix committed to -current, waiting for submitter 
to confirm that it works. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=61800 
State-Changed-From-To: feedback->closed 
State-Changed-By: cperciva 
State-Changed-When: Tue Jan 27 03:51:16 PST 2004 
State-Changed-Why:  
Submitter's filesystem is no longer appropriately damaged to 
test this, but the patch committed to -current is believed to 
work. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=61800 

From: greg <gval@mts.net>
To: Colin Percival <colin.percival@wadham.ox.ac.uk>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: misc/61800: inoinfo size too large, fsck segmentation  faults
Date: Mon, 26 Jan 2004 21:15:43 -0600

 Ok, the patch compiled cleanly. However, it seems my filesystem actually
 has been changed some what. When I ran the unpatched fsck recently, it
 no longer gave me the error about inoinfo size too large. So I cannot
 verify that the patch actually fixed the issue.
 
 On Mon, 2004-01-26 at 01:00, Colin Percival wrote:
 >    Assuming that you've still got this damaged filesystem, could
 > you verify that the following patch corrects the segfault?
 > 
 > Index: src/sbin/fsck_ffs/pass1.c
 > ===================================================================
 > RCS file: /home/ncvs/src/sbin/fsck_ffs/pass1.c,v
 > retrieving revision 1.38
 > diff -u -r1.38 pass1.c
 > --- src/sbin/fsck_ffs/pass1.c	3 May 2003 18:41:57 -0000	1.38
 > +++ src/sbin/fsck_ffs/pass1.c	26 Jan 2004 06:54:16 -0000
 > @@ -141,7 +141,7 @@
 >   		}
 >   		info = calloc((unsigned)inosused, sizeof(struct inostat));
 >   		if (info == NULL)
 > -			pfatal("cannot alloc %u bytes for inoinfo\n",
 > +			errx(EEXIT, "cannot alloc %u bytes for inoinfo",
 >   			    (unsigned)(sizeof(struct inostat) * inosused));
 >   		inostathead[c].il_stat = info;
 >   		/*
 > @@ -175,7 +175,7 @@
 >   		}
 >   		info = calloc((unsigned)inosused, sizeof(struct inostat));
 >   		if (info == NULL)
 > -			pfatal("cannot alloc %u bytes for inoinfo\n",
 > +			errx(EEXIT, "cannot alloc %u bytes for inoinfo",
 >   			    (unsigned)(sizeof(struct inostat) * inosused));
 >   		memmove(info, inostathead[c].il_stat, inosused * sizeof(*info));
 >   		free(inostathead[c].il_stat);
 -- 
 greg <gval@mts.net>
 
>Unformatted:
