[PATCH] xfs_repair: junk last entry in sf dir if name starts beyond dir size
Rui Gomes
rgomes at rvx.is
Thu Apr 9 05:42:35 CDT 2015
Hello Eric,
Sorry for the late late reply, I didn't had the time to dig in to this earlier.
Actually gdb was lying us, the segfault doesn't happen at:
for (i = 0; i < be32_to_cpu(btp->count); i++)
but a bit later at:
if (be32_to_cpu(lep[i].address) == addr &&
be32_to_cpu(lep[i].hashval) == hash)
And the cause of the segfault is lep[i]
So I tried:
(gdb) print lep
$1 = (xfs_dir2_leaf_entry_t *) 0xfffffffc9ac12788
p lep[0].address
Cannot access memory at address 0xfffffffc9ac12794
For what I can see the lep[0] struct doesn't exist!
The inode where this happen bellow:
[root at icess8a xfsprogs-dev]# xfs_db -c "inode 620507648" -c "p" /dev/sdb1
Metadata corruption detected at block 0x4ffed6d08/0x1000
xfs_db: cannot init perag data (117). Continuing anyway.
core.magic = 0x494e
core.mode = 040755
core.version = 2
core.format = 2 (extents)
core.nlinkv2 = 3
core.onlink = 0
core.projid_lo = 0
core.projid_hi = 0
core.uid = 0
core.gid = 0
core.flushiter = 2
core.atime.sec = Fri May 16 12:21:52 2014
core.atime.nsec = 779442171
core.mtime.sec = Tue Mar 24 12:03:59 2009
core.mtime.nsec = 000000000
core.ctime.sec = Fri Feb 28 19:54:03 2014
core.ctime.nsec = 736630717
core.size = 4096
core.nblocks = 1
core.extsize = 0
core.nextents = 1
core.naextents = 0
core.forkoff = 0
core.aformat = 2 (extents)
core.dmevmask = 0
core.dmstate = 0
core.newrtbm = 0
core.prealloc = 0
core.realtime = 0
core.immutable = 0
core.append = 0
core.sync = 0
core.noatime = 0
core.nodump = 0
core.rtinherit = 0
core.projinherit = 0
core.nosymlinks = 0
core.extsz = 0
core.extszinherit = 0
core.nodefrag = 0
core.filestream = 0
core.gen = 3064228498
next_unlinked = null
u.bmx[0] = [startoff,startblock,blockcount,extentflag] 0:[0,38781727,1,0]
Regards
-------------------------------
Rui Gomes
CTO
RVX - Reykjavik Visual Effects
Seljavegur 2,
101 Reykjavik
Iceland
Tel: + 354 527 3330
Mob: + 354 663 3360
----- Original Message -----
From: "Rui Gomes" <rgomes at rvx.is>
To: "Eric Sandeen" <sandeen at sandeen.net>
Cc: "omar" <omar at rvx.is>, "xfs" <xfs at oss.sgi.com>
Sent: Wednesday, 11 March, 2015 16:01:10
Subject: Re: [PATCH] xfs_repair: junk last entry in sf dir if name starts beyond dir size
Hi,
Thank you for pointing out where to look, I will try to dissect this a bit further and report back to you.
Regards
-------------------------------
Rui Gomes
CTO
RVX - Reykjavik Visual Effects
Seljavegur 2,
101 Reykjavik
Iceland
Tel: + 354 527 3330
Mob: + 354 663 3360
----- Original Message -----
From: "Eric Sandeen" <sandeen at sandeen.net>
To: "Rui Gomes" <rgomes at rvx.is>
Cc: "omar" <omar at rvx.is>, "xfs" <xfs at oss.sgi.com>
Sent: Wednesday, 11 March, 2015 15:46:50
Subject: Re: [PATCH] xfs_repair: junk last entry in sf dir if name starts beyond dir size
On 3/11/15 11:04 AM, Rui Gomes wrote:
> Program received signal SIGSEGV, Segmentation fault.
> 0x000000000044dbcd in __xfs_dir3_data_check (dp=dp at entry=0x0, bp=bp at entry=0x1538e810) at xfs_dir2_data.c:148
> 148 for (i = 0; i < be32_to_cpu(btp->count); i++) {
> (gdb) bt
> #0 0x000000000044dbcd in __xfs_dir3_data_check (dp=dp at entry=0x0, bp=bp at entry=0x1538e810) at xfs_dir2_data.c:148
> #1 0x000000000044b9ea in xfs_dir3_block_verify (bp=bp at entry=0x1538e810) at xfs_dir2_block.c:62
Can you do a little digging around in gdb to sort out more
about why it segfaulted?
We got a xfs_dir2_data_hdr_t from the passed-in bp w/ valid magic:
hdr = bp->b_addr;
and from that got btp:
switch (hdr->magic) {
case cpu_to_be32(XFS_DIR2_BLOCK_MAGIC):
btp = xfs_dir2_block_tail_p(mp, hdr);
and this just finds an offset from hdr:
((char *)hdr + mp->m_dirblksize)) - 1;
but then apparently blew up when we tried to use btp:
for (i = 0; i < be32_to_cpu(btp->count); i++) {
I don't see offhand how the hdr is ok, with good magic, but an
offset from the hdr (btp) is causing a segfault. Can you dig around
a bit more in gdb?
-Eric
More information about the xfs
mailing list