Tracker crashes when opening Open With menu

[X512]

This hrev53693. Tested on x86 gcc2hybrid and x86_64.

When attempt to move mouse to Open With menu item, Tracker crash.

There was FS corruption before (invalid b+tree) that was fixed by checkfs. Before FS corruption crashes do not appear. After checkfs FS errors are not detected.

Crash appear in BQuery::GetNextRef(entry_ref*). It seems that stack is corrupted, because FP and IP of previous frame is 0xcccccccc.

[X512]

Debug report.

[X512]

Crash not happen if problem volume is not mounted.

[X512]

Debug report for x86_64.

[X512]

In ​https://xref.landonf.org/source/xref/haiku/src/system/kernel/fs/fd.cpp#950 there is risk of writing outside buffer if descriptor->ops->fd_read_dir set count larger than maxCount.

[X512]

I added asserts in _user_read_dir (​https://review.haiku-os.org/c/haiku/+/2082) and ASSERT(sizeToCopy <= bufferSize) fails. Bug seems to be in BFS driver.

[X512]

Assert fail.

[X512]

Syslog.

[X512]

Relevant syslog entries:

KERN: bfs: bfs_create_index:2187: File or Directory already exists
KERN: Last message repeated 3 times.
KERN: bfs: Remove:2125: No such file or directory
KERN: bfs: KERN: Could not find value in index "size"!
KERN: bfs: Remove:2125: No such file or directory
KERN: bfs: KERN: Could not find value in index "last_modified"!
KERN: bfs: InitCheck:325: Bad data
KERN: bfs: KERN: inode at 27724319 is already deleted!
KERN: bfs: GetNextMatching:615: Bad data
KERN: bfs: KERN: could not get inode 27724319 in index "BEOS:APP_SIG"!
KERN: bfs: inode 27724750 in query has no name!
KERN: PANIC: ASSERT FAILED (../src/system/kernel/fs/fd.cpp:998): sizeToCopy <= bufferSize

[X512]

Proposed fix: ​https://review.haiku-os.org/c/haiku/+/2083.

[X512]

Fixed in hrev53696.

[nielx]

Assign tickets with status=closed and resolution=fixed within the R1/beta2 development window to the R1/beta2 Milestone