Created attachment 235202 [details] Mangled disk image root@mercat1:/usr/src/sbin/fsck_ffs # gdb /sbin/fsck_ffs GNU gdb (GDB) 11.2 [GDB v11.2 for FreeBSD] Copyright (C) 2022 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-portbld-freebsd14.0". Type "show configuration" for configuration details. For bug reporting instructions, please see: <https://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /sbin/fsck_ffs... (gdb) r -fy /work/diskimage Starting program: /sbin/fsck_ffs -fy /work/diskimage warning: Could not load shared library symbols for [vdso]. Do you need "set solib-search-path" or "set sysroot"? /work/diskimage IS NOT A DISK DEVICE CONTINUE? yes ** /work/diskimage ** Last Mounted on /mnt11 ** Phase 1 - Check Blocks and Sizes Program received signal SIGBUS, Bus error. Object-specific hardware error. 0x0000000001038be6 in pass1 () at /usr/src/sbin/fsck_ffs/pass1.c:90 90 setbmap(i); (gdb) l 85 setbmap(i); 86 } 87 i = sblock.fs_csaddr; 88 cgd = i + howmany(sblock.fs_cssize, sblock.fs_fsize); 89 for (; i < cgd; i++) 90 setbmap(i); 91 92 /* 93 * Find all allocated blocks. 94 */ (gdb) info loc info = 0xa90b69adeeb39d9 idesc = {id_fix = 9, id_func = 0x7fffffffe980, id_bp = 0x0, id_dp = 0x10564c0 <startprog>, id_number = 0x801298b10, id_parent = 0x7fffffffe7c0, id_lbn = 0x8011d522e, id_blkno = 0x62cc20f8, id_level = 0xbd0d614c, id_numfrags = 0xf449bf1f, id_lballoc = 0xa90b69adeeb39d9, id_filesize = 0x9, id_entryno = 0x10564c0, id_loc = 0xffffe9a8, id_dirp = 0x7fffffffe7e0, id_name = 0x8011d4ea1 <clock_gettime+17> "\203\370Nu\016\211\337L\211\366[A^]\351\234\276\t", id_type = 0x3} cgbp = 0x4328ad3200000001 cgp = 0x23a5 inumber = 0x8011d5013 inosused = 0x7fffffffe780 mininos = 0xc490f4 i = 0x200000000000028 cgd = 0x200000000000029 cp = 0x7fffffffe790 "\370 \314b" c = 0x4 rebuildcg = 0xfffffbe0 (gdb) p sblock No symbol "sblock" in current context. (gdb) p *sblk.b_un.b_fs $1 = {fs_firstfield = 0x0, fs_unused_1 = 0x0, fs_sblkno = 0x8, fs_cblkno = 0x10, fs_iblkno = 0x18, fs_dblkno = 0x28, fs_old_cgoffset = 0x0, fs_old_cgmask = 0xffffffff, fs_old_time = 0x62cc1e2d, fs_old_size = 0xa00, fs_old_dsize = 0x977, fs_ncg = 0x4, fs_bsize = 0x8000, fs_fsize = 0x1000, fs_frag = 0x8, fs_minfree = 0x8, fs_old_rotdelay = 0x0, fs_old_rps = 0x3c, fs_bmask = 0xffff8000, fs_fmask = 0xfffff000, fs_bshift = 0xf, fs_fshift = 0xc, fs_maxcontig = 0x20, fs_maxbpg = 0x1000, fs_fragshift = 0x3, fs_fsbtodb = 0x3, fs_sbsize = 0x1000, fs_spare1 = { 0x0, 0x4000000}, fs_nindir = 0x2000, fs_inopb = 0x100, fs_old_nspf = 0x8, fs_optim = 0x0, fs_old_npsect = 0x1440, fs_old_interleave = 0x1, fs_old_trackskew = 0x0, fs_id = {0x62cc1e24, 0xcc40b1d9}, fs_old_csaddr = 0x28, fs_cssize = 0x1000, fs_cgsize = 0x1000, fs_spare2 = 0x0, fs_old_nsect = 0x1440, fs_old_spc = 0x1440, fs_old_ncyl = 0x4, fs_old_cpg = 0x1, fs_ipg = 0x200, fs_fpg = 0x288, fs_old_cstotal = {cs_ndir = 0x3, cs_nbfree = 0xb6, cs_nifree = 0x63f, cs_nffree = 0x11}, fs_fmod = 0x0, fs_clean = 0x1, fs_ronly = 0x0, fs_old_flags = 0x80, fs_fsmnt = "/mnt11", '\000' <repeats 461 times>, fs_volname = '\000' <repeats 31 times>, fs_swuid = 0x0, fs_pad = 0x0, fs_cgrotor = 0x0, fs_ocsp = {0x0 <repeats 15 times>}, fs_si = 0x80182e000, fs_old_cpc = 0x0, fs_maxbsize = 0x8000, fs_unrefs = 0x0, fs_providersize = 0xa00, fs_metaspace = 0x18, fs_sparecon64 = {0x0 <repeats 13 times>}, fs_sblockactualloc = 0x2000, fs_sblockloc = 0x2000, fs_cstotal = {cs_ndir = 0x3, cs_nbfree = 0xb6, cs_nifree = 0x63f, cs_nffree = 0x11, cs_numclusters = 0x0, cs_spare = {0x0, 0x0, 0x0}}, fs_time = 0x62cc1e2d, fs_size = 0xa00, fs_dsize = 0x977, fs_csaddr = 0x200000000000028, fs_pendingblocks = 0x0, fs_pendinginodes = 0x0, fs_snapinum = {0x0 <repeats 20 times>}, fs_avgfilesize = 0x4000, fs_avgfpdir = 0x40, fs_save_cgsize = 0x0, fs_mtime = 0x62cc1e2d, fs_sujfree = 0x0, fs_sparecon32 = { 0x0 <repeats 21 times>}, fs_ckhash = 0x0, fs_metackhash = 0x0, fs_flags = 0x0, fs_contigsumsize = 0x10, fs_maxsymlinklen = 0x3c, fs_old_inodefmt = 0x2, fs_maxfilesize = 0x4002001005ffff, fs_qbmask = 0x7fff, fs_qfmask = 0xfff, fs_state = 0x0, fs_old_postblformat = 0x1, fs_old_nrpos = 0x1, fs_spare5 = {0x0, 0x0}, fs_magic = 0x11954} (gdb) quit debugging session is active. Inferior 1 [process 98582] will be killed. Quit anyway? (y or n) y root@mercat1:/usr/src/sbin/fsck_ffs # exit exit This on main-n256654-3c9ad9398fcdf.
Created attachment 235285 [details] Proposed fix This adds a check to the superblock validation code that checks for this case. The result is that fsck_ffs bails on the filesystem because it does not know how to fix it. In this case the only way to recover is to specify an alternative superblock. This particular filesystem image does not have the parameters set up to allow fsck to do that itself.
Let me know if this fixes the issue.
(In reply to Kirk McKusick from comment #2) The attached patch fixes the problem seen.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=904347a00c1f9a29f3b17e6e676805036d2494f1 commit 904347a00c1f9a29f3b17e6e676805036d2494f1 Author: Kirk McKusick <mckusick@FreeBSD.org> AuthorDate: 2022-07-16 17:31:52 +0000 Commit: Kirk McKusick <mckusick@FreeBSD.org> CommitDate: 2022-07-16 17:31:52 +0000 Additional check for UFS/FFS superblock integrity checks. Tested by: Peter Holm PR: 265162 sys/ufs/ffs/ffs_subr.c | 1 + 1 file changed, 1 insertion(+)
This patch will be MFC'ed to 13 as part of the larger MFC of the superblock integrity checks.