On Wed, Jul 17, 2013 at 12:11:34PM +0400, Sergey Bronnikov wrote: > Bug was catched by fsfuzzer. Probably that bug cannot be > found in real life with real usecase, but anyway it is a bug.
Why? A failed consistency check means a bad fs, not necessarily a bug. "inode out of range" seems clear. A tool which "creates initial (valid) filesystem images and then manipulates their binary format and structure for detecting flaws/bugs/design problems in the parsing/handling code" is almost certain to eventually create something that blows up I would think. So, can you please explain why failing this consistency check indicates a bug in the code? Since fsfuzzer is supposed to create logs and allow reproducible tests, sharing those logs and directions on reproducing the failure would also be nice. .... Ken > > panic: ext2fs_dirbadentry > Stopped at Debugger+0x5: leave > RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! > DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! > ddb> Debugger() at Debugger+0x5 > panic() at panic+0xe4 > ext2fs_lookup() at ext2fs_lookup+0x68f > VOP_LOOKUP() at VOP_LOOKUP+0x2c > vfs_lookup() at vfs_lookup+0x271 > namei() at namei+0x21c > vn_open() at vn_open+0x91 > doopenat() at doopenat+0x125 > syscall() at syscall+0x162 > --- syscall (number 5) --- > end of kernel > end trace frame: 0xffffffff, count: -9 > acpi_pdirpa+0x4253fa: > > Full logs are below: > > OpenBSD 5.4-beta (GENERIC) #0: Mon Jul 15 23:06:59 MSK 2013 > es...@xxxx.xxx:/usr/src/sys/arch/amd64/compile/GENERIC > real mem = 4168839168 (3975MB) > avail mem = 4050149376 (3862MB) > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (80 entries) > bios0: vendor LENOVO version "7VET80WW (3.10 )" date 10/02/2009 > bios0: LENOVO 406257G > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S3 S4 S5 > acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET SLIC BOOT SSDT SSDT SSDT SSDT > acpi0: wakeup devices LID_(S3) SLPB(S3) UART(S3) IGBE(S4) EXP0(S4) EXP1(S4) > EXP2(S4) EXP3(S4) EXP4(S4) PCI1(S4) USB0(S3) USB3(S3) USB5(S3) EHC0(S3) > EHC1(S3) HDEF(S4) > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpiec0 at acpi0 > acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz, 798.13 MHz > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF > cpu0: 6MB 64b/line 16-way L2 cache > cpu0: smt 0, core 0, package 0 > cpu0: apic clock running at 266MHz > cpu at mainbus0: not configured > ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 20, 24 pins > ioapic0: misconfigured as apic 2, remapped to apid 1 > acpimcfg0 at acpi0 addr 0xe0000000, bus 0-63 > acpihpet0 at acpi0: 14318179 Hz > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus -1 (AGP_) > acpiprt2 at acpi0: bus 2 (EXP0) > acpiprt3 at acpi0: bus 3 (EXP1) > acpiprt4 at acpi0: bus 4 (EXP2) > acpiprt5 at acpi0: bus 5 (EXP3) > acpiprt6 at acpi0: bus 13 (EXP4) > acpiprt7 at acpi0: bus 21 (PCI1) > acpicpu0 at acpi0: C3, C2, C1, PSS > acpipwrres0 at acpi0: PUBS > acpitz0 at acpi0: critical temperature is 127 degC > acpitz1 at acpi0: critical temperature is 100 degC > acpibtn0 at acpi0: LID_ > acpibtn1 at acpi0: SLPB > acpibat0 at acpi0: BAT0 model "42T4620" serial 929 type LION oem "Panasonic" > acpibat1 at acpi0: BAT1 not present > acpiac0 at acpi0: AC unit online > acpithinkpad0 at acpi0 > acpidock0 at acpi0: GDCK not docked (0) > cpu0: Enhanced SpeedStep 798 MHz: speeds: 2801, 2800, 2133, 1600, 800 MHz > pci0 at mainbus0 bus 0 > pchb0 at pci0 dev 0 function 0 "Intel GM45 Host" rev 0x07 > vga1 at pci0 dev 2 function 0 "Intel GM45 Video" rev 0x07 > intagp0 at vga1 > agp0 at intagp0: aperture at 0xd0000000, size 0x10000000 > inteldrm0 at vga1 > drm0 at inteldrm0 > inteldrm0: 1920x1200 > wsdisplay0 at vga1 mux 1: console (std, vt100 emulation) > wsdisplay0: screen 1-5 added (std, vt100 emulation) > "Intel GM45 Video" rev 0x07 at pci0 dev 2 function 1 not configured > "Intel GM45 HECI" rev 0x07 at pci0 dev 3 function 0 not configured > em0 at pci0 dev 25 function 0 "Intel ICH9 IGP M" rev 0x03: msi, address > 00:22:68:18:b1:0f > uhci0 at pci0 dev 26 function 0 "Intel 82801I USB" rev 0x03: apic 1 int 20 > uhci1 at pci0 dev 26 function 1 "Intel 82801I USB" rev 0x03: apic 1 int 21 > uhci2 at pci0 dev 26 function 2 "Intel 82801I USB" rev 0x03: apic 1 int 22 > ehci0 at pci0 dev 26 function 7 "Intel 82801I USB" rev 0x03: apic 1 int 23 > usb0 at ehci0: USB revision 2.0 > uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 > azalia0 at pci0 dev 27 function 0 "Intel 82801I HD Audio" rev 0x03: msi > azalia0: codecs: Conexant CX20561, 0x0000/0x0000, using Conexant CX20561 > audio0 at azalia0 > ppb0 at pci0 dev 28 function 0 "Intel 82801I PCIE" rev 0x03: msi > pci1 at ppb0 bus 2 > ppb1 at pci0 dev 28 function 1 "Intel 82801I PCIE" rev 0x03: msi > pci2 at ppb1 bus 3 > iwn0 at pci2 dev 0 function 0 "Intel WiFi Link 5100" rev 0x00: msi, MIMO > 1T2R, MoW, address 00:26:c6:41:b8:2e > ppb2 at pci0 dev 28 function 2 "Intel 82801I PCIE" rev 0x03: msi > pci3 at ppb2 bus 4 > "Intel Turbo Memory" rev 0x11 at pci3 dev 0 function 0 not configured > ppb3 at pci0 dev 28 function 3 "Intel 82801I PCIE" rev 0x03: msi > pci4 at ppb3 bus 5 > ppb4 at pci0 dev 28 function 4 "Intel 82801I PCIE" rev 0x03: msi > pci5 at ppb4 bus 13 > uhci3 at pci0 dev 29 function 0 "Intel 82801I USB" rev 0x03: apic 1 int 16 > uhci4 at pci0 dev 29 function 1 "Intel 82801I USB" rev 0x03: apic 1 int 17 > uhci5 at pci0 dev 29 function 2 "Intel 82801I USB" rev 0x03: apic 1 int 18 > ehci1 at pci0 dev 29 function 7 "Intel 82801I USB" rev 0x03: apic 1 int 19 > usb1 at ehci1: USB revision 2.0 > uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1 > ppb5 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x93 > pci6 at ppb5 bus 21 > cbb0 at pci6 dev 0 function 0 "Ricoh 5C476 CardBus" rev 0xba: apic 1 int 16 > sdhc0 at pci6 dev 0 function 2 "Ricoh 5C822 SD/MMC" rev 0x21: apic 1 int 18 > sdmmc0 at sdhc0 > "Ricoh 5C843 MMC" rev 0x11 at pci6 dev 0 function 3 not configured > "Ricoh 5C592 Memory Stick" rev 0x11 at pci6 dev 0 function 4 not configured > "Ricoh 5C852 xD" rev 0x11 at pci6 dev 0 function 5 not configured > cardslot0 at cbb0 slot 0 flags 0 > cardbus0 at cardslot0: bus 22 device 0 cacheline 0x10, lattimer 0xb0 > pcmcia0 at cardslot0 > pcib0 at pci0 dev 31 function 0 "Intel 82801IBM LPC" rev 0x03 > ahci0 at pci0 dev 31 function 2 "Intel 82801I AHCI" rev 0x03: msi, AHCI 1.2 > scsibus0 at ahci0: 32 targets > sd0 at scsibus0 targ 0 lun 0: <ATA, ST9500420AS, 0003> SCSI3 0/direct fixed > naa.5000c5001c185963 > sd0: 476940MB, 512 bytes/sector, 976773168 sectors > cd0 at scsibus0 targ 1 lun 0: <Optiarc, DVD RW AD-7910S, 1.D2> ATAPI 5/cdrom > removable > ichiic0 at pci0 dev 31 function 3 "Intel 82801I SMBus" rev 0x03: apic 1 int 23 > iic0 at ichiic0 > usb2 at uhci0: USB revision 1.0 > uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1 > usb3 at uhci1: USB revision 1.0 > uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1 > usb4 at uhci2: USB revision 1.0 > uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1 > usb5 at uhci3: USB revision 1.0 > uhub5 at usb5 "Intel UHCI root hub" rev 1.00/1.00 addr 1 > usb6 at uhci4: USB revision 1.0 > uhub6 at usb6 "Intel UHCI root hub" rev 1.00/1.00 addr 1 > usb7 at uhci5: USB revision 1.0 > uhub7 at usb7 "Intel UHCI root hub" rev 1.00/1.00 addr 1 > isa0 at pcib0 > isadma0 at isa0 > pckbc0 at isa0 port 0x60/5 > pckbd0 at pckbc0 (kbd slot) > pckbc0: using irq 1 for kbd slot > wskbd0 at pckbd0: console keyboard, using wsdisplay0 > pms0 at pckbc0 (aux slot) > pckbc0: using irq 12 for aux slot > wsmouse0 at pms0 mux 0 > pcppi0 at isa0 port 0x61 > spkr0 at pcppi0 > aps0 at isa0 port 0x1600/31 > mtrr: Pentium Pro MTRR support > ugen0 at uhub3 port 2 "Lenovo Computer Corp ThinkPad Bluetooth with Enhanced > Data Rate II" rev 2.00/3.99 addr 2 > ugen1 at uhub7 port 2 "Lenovo Integrated Smart Card Reader" rev 2.00/1.00 > addr 2 > vscsi0 at root > scsibus1 at vscsi0: 256 targets > softraid0 at root > scsibus2 at softraid0: 256 targets > root on sd0a (42a595d9d805c358.a) swap on sd0b dump on sd0b > WARNING: / was not properly unmounted > ugen0 detached > ugen1 detached > ugen0 at uhub3 port 2 "Lenovo Computer Corp ThinkPad Bluetooth with Enhanced > Data Rate II" rev 2.00/3.99 addr 2 > ugen1 at uhub7 port 2 "Lenovo Integrated Smart Card Reader" rev 2.00/1.00 > addr 2 > pid 1641 (mangle): user write of 4096@0x6fbc2c2c000 at 255832 failed: 14 > Ext2 fs: unsupported revision number: 95 > /dev/vnd0c: file system not clean; please fsck(8) > uid 0 on /mnt/test: out of inodes > uid 0 on /mnt/test: out of inodes > uid 0 on /mnt/test: out of inodes > uid 0 on /mnt/test: out of inodes > uid 0 on /mnt/test: out of inodes > bad directory entry: inode out of bounds > offset=12, inode=3080194, rec_len=1012, name_len=2 > panic: ext2fs_dirbadentry > Stopped at Debugger+0x5: leave > RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! > DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! > ddb> Debugger() at Debugger+0x5 > panic() at panic+0xe4 > ext2fs_lookup() at ext2fs_lookup+0x68f > VOP_LOOKUP() at VOP_LOOKUP+0x2c > vfs_lookup() at vfs_lookup+0x271 > namei() at namei+0x21c > vn_open() at vn_open+0x91 > doopenat() at doopenat+0x125 > syscall() at syscall+0x162 > --- syscall (number 5) --- > end of kernel > end trace frame: 0xffffffff, count: -9 > acpi_pdirpa+0x4253fa: > ddb> PID PPID PGRP UID S FLAGS WAIT COMMAND > > *11952 27679 27679 0 7 0 ls > 27679 8995 27679 0 3 0x88 pause sh > 12495 4635 16885 1000 3 0x4100080 kqread soffice.bin > 29264 4635 16885 1000 3 0x4100080 netcon soffice.bin > 15871 4635 16885 1000 3 0x4100080 thrsleep soffice.bin > 13049 23194 13049 1000 3 0x80 ttyin ksh > 23194 1 23194 1000 3 0x80 kqread tmux > 7048 3799 7048 1000 3 0x80 kqread tmux > 32134 4635 16885 1000 3 0x80 poll soffice.bin > 32538 30093 16885 1000 3 0x4100080 wait oosplash > 3799 30093 3799 1000 3 0x80 select xterm > 8962 30093 16885 1000 3 0x4100080 thrsleep oosplash > 30367 1 15957 1000 3 0x80 poll autocutsel > 15105 1 4994 1000 3 0x80 poll autocutsel > 3305 30093 16885 1000 3 0x80 poll xclock > 4635 30093 16885 1000 3 0x80 thrsleep oosplash > 26894 30093 16885 1000 3 0x80 select xbattbar > 27871 1 4396 1000 3 0x80 select xbindkeys > 1927 30093 16885 1000 3 0x80 select xidle > 30093 16885 16885 1000 3 0x80 select cwm > 25981 1 25981 1000 3 0x80 select ssh-agent > 16885 20779 16885 1000 3 0x88 pause sh > 10089 1 10089 77 3 0x80 poll dhclient > 11631 1 11631 0 3 0x80 poll dhclient > 20779 16733 20779 0 3 0x80 wait xdm > 2394 30205 30205 0 3 0x80 netio Xorg > 13093 1 13093 0 3 0x80 ttyin getty > 19219 1 19219 0 3 0x80 ttyin getty > 19159 1 19159 0 3 0x80 ttyin getty > 29985 1 29985 0 3 0x80 ttyin getty > 8995 1 8995 1000 3 0x88 pause ksh > 30205 16733 30205 35 3 0x80 select Xorg > 16733 1 16733 0 3 0x88 pause xdm > 23460 1 23460 0 3 0x80 select cron > 18470 1 18470 0 3 0x80 htplev hotplugd > 3142 1 3142 0 2 0x480 apmd > 14323 1 26371 0 3 0x4100080 nanosleep pcscd > 4792 1 26371 0 3 0x4100080 nanosleep pcscd > 28982 1 26371 0 3 0x80 select pcscd > 23778 1 361 1000 3 0x4100080 thrsleep mpd > 6715 1 361 1000 3 0x4100080 thrsleep mpd > 8558 1 1647 566 3 0x80 kqread tor > 21466 1 21466 548 3 0x80 poll polipo > 278 1 5535 1000 3 0x4100080 thrsleep btpd > 19804 1 5535 1000 3 0x80 kqread btpd > 19834 1 361 1000 3 0x4100080 thrsleep mpd > 14013 1 361 1000 3 0x4100080 thrsleep mpd > 17279 1 361 1000 3 0x4100080 poll mpd > 361 1 361 1000 3 0x80 poll mpd > 24297 1 24297 99 3 0x80 poll sndiod > 29656 1 29656 0 3 0x80 select lpd > 6884 1 6884 0 3 0x80 select sshd > 6834 470 470 100 3 0x80 kqread ldapd > 470 1 470 0 3 0x80 kqread ldapd > 30569 5298 23936 83 3 0x80 poll ntpd > 5298 23936 23936 83 3 0x80 poll ntpd > 23936 1 23936 0 3 0x80 poll ntpd > 22421 21144 21144 74 3 0x80 bpf pflogd > 21144 1 21144 0 3 0x80 netio pflogd > 24719 1804 1804 73 2 0x80 syslogd > 1804 1 1804 0 3 0x80 netio syslogd > 24028 1 24028 0 3 0x80 mfsidl mount_mfs > 15 0 0 0 3 0x100200 aiodoned aiodoned > 14 0 0 0 3 0x100200 syncer update > 13 0 0 0 3 0x100200 cleaner cleaner > 12 0 0 0 3 0x100200 reaper reaper > 11 0 0 0 3 0x100200 pgdaemon pagedaemon > 10 0 0 0 3 0x100200 bored crypto > 9 0 0 0 3 0x100200 pftm pfpurge > 8 0 0 0 3 0x100200 mmctsk sdmmc0 > 7 0 0 0 3 0x100200 usbtsk usbtask > 6 0 0 0 3 0x100200 usbatsk usbatsk > 5 0 0 0 3 0x100200 bored intelrel > 4 0 0 0 3 0x40100200 acpi0 acpi0 > 3 0 0 0 3 0x100200 bored syswq > 2 0 0 0 3 0x40100200 idle0 > 1 0 1 0 3 0x80 wait init > 0 -1 0 0 3 0x200 scheduler swapper > 7595 7048 7048 1000 5 0x2000 tmux > ddb> ds 0xe84c acpi_pdirpa+0xa2ec > es 0xd > fs 0xf8c0 acpi_pdirpa+0xb360 > gs 0xb40d acpi_pdirpa+0x6ead > rdi 0x1 > rsi 0 > rbp 0xffff800032daf8b0 > rbx 0xffffffff8177b40d mfs_vfsops+0x102d > rdx 0 > rcx 0x292 > rax 0x1 > r8 0xffff800032daf7d0 > r9 0xffff80002573b000 > r10 0xffffffff > r11 0x1 > r12 0x100 > r13 0xffff800032daf8c0 > r14 0xc > r15 0xffff800032dafdb8 > rip 0xffffffff813a3d25 Debugger+0x5 > cs 0x8 > rflags 0x202 > rsp 0xffff800032daf8b0 > ss 0x10 > Debugger+0x5: leave > ddb> No such command > ddb> ehci0: reset timeout > ehci1: reset timeout > rebooting... > > -- > sergeyb@
