Bug 1028388

Summary: fsck.gfs2 segfaults on bad superblock fields
Product: Red Hat Enterprise Linux 7 Reporter: Andrew Price <anprice>
Component: gfs2-utilsAssignee: Andrew Price <anprice>
Status: CLOSED CURRENTRELEASE QA Contact: Cluster QE <mspqa-list>
Severity: low Docs Contact:
Priority: unspecified    
Version: 7.0CC: adas, agk, anprice, bmarzins, cluster-maint, fdinitto, jpayne, rpeterso, swhiteho
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: gfs2-utils-3.1.6-9.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1019226 Environment:
Last Closed: 2014-06-13 10:56:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1019226    
Bug Blocks:    

Description Andrew Price 2013-11-08 10:53:06 UTC 
+++ This bug was initially created as a clone of Bug #1019226 +++

Description of problem:

fsck.gfs2 crashes with a segmentation fault when sb_bsize is corrupted in the on-disk superblock.

Version-Release number of selected component (if applicable):

Upstream git

How reproducible:

100%

Steps to Reproduce:

# truncate -s 10G tdev
# mkfs.gfs2 -Oplock_nolock tdev
# gfs2_edit -p sb field sb_bsize 0 ./tdev
# fsck.gfs2 tdev

Actual results:

# fsck.gfs2 tdev
Initializing fsck
Segmentation fault (core dumped)

Expected results:

fsck.gfs2 either fixes the superblock or prints a message saying that fsck.gfs2 could not fix it before exiting cleanly.

Additional info:

Program received signal SIGSEGV, Segmentation fault.
0x00000000004292ef in read_sb (sdp=0x7fffffffbe70) at super.c:97
97			sdp->sd_heightsize[x] = space;
Missing separate debuginfos, use: debuginfo-install glibc-2.17-33.el7.x86_64
(gdb) bt
#0  0x00000000004292ef in read_sb (sdp=0x7fffffffbe70) at super.c:97
#1  0x000000000040761e in fill_super_block (sdp=0x7fffffffbe70) at initialize.c:1276
#2  0x0000000000407f53 in initialize (sdp=0x7fffffffbe70, force_check=0, preen=0, all_clean=0x7fffffffbe6c)
    at initialize.c:1520
#3  0x000000000040ae49 in main (argc=2, argv=0x7fffffffe4a8) at main.c:283
(gdb) list
92			space = sdp->sd_heightsize[x - 1] * sdp->sd_inptrs;
93			/* FIXME: Do we really need this first check?? */
94			if (space / sdp->sd_inptrs != sdp->sd_heightsize[x - 1] ||
95			    space % sdp->sd_inptrs != 0)
96				break;
97			sdp->sd_heightsize[x] = space;
98		}
99		if (x > GFS2_MAX_META_HEIGHT){
100			errno = E2BIG;
101			return -1;

--- Additional comment from Andrew Price on 2013-11-08 10:50:37 GMT ---

https://lists.fedorahosted.org/pipermail/cluster-commits/2013-November/003555.html
Comment 1 Andrew Price 2013-11-08 19:28:04 UTC 
There was an issue with the original patch which was fixed in this upstream patch posted earlier:

https://www.redhat.com/archives/cluster-devel/2013-November/msg00040.html

QE: The patches also add build-time tests to cover this.
Comment 2 Andrew Price 2013-11-13 09:36:05 UTC 
Patches pushed to gfs2-utils.git/RHEL7. Besides the above two there's a third one which makes gfs2l build with -D_FILE_OFFSET_BITS=64 to fix the test suite on 32-bit architectures.
Comment 3 Andrew Price 2013-11-13 11:18:33 UTC 
https://brewweb.devel.redhat.com/buildinfo?buildID=309985
Comment 5 Justin Payne 2014-02-24 16:58:11 UTC 
Verified in gfs2-utils-3.1.6-12.el7:

[root@dash-01 ~]# rpm -q gfs2-utils
gfs2-utils-3.1.6-12.el7.x86_64
[root@dash-01 ~]# truncate -s 10G tdev; 
[root@dash-01 ~]# mkfs.gfs2 -Oplock_nolock tdev
This will destroy any data on tdev
Device:                    tdev
Block size:                4096
Device size:               10.00 GB (2621440 blocks)
Filesystem size:           10.00 GB (2621438 blocks)
Journals:                  1
Resource groups:           40
Locking protocol:          "lock_nolock"
Lock table:                ""
UUID:                      d18f3c8c-1627-985d-843e-73226024d1f8
[root@dash-01 ~]# gfs2_edit -p sb field sb_bsize 0 ./tdev
0
[root@dash-01 ~]# fsck.gfs2 tdev
Initializing fsck
Gathering information to repair the gfs2 superblock.  This may take some time.
Block size determined to be: 4096
Found system jindex file at: 0x18
Found system per_node directory at: 0x805b
From per_node's '..' I backtracked the master directory to: 0x17
Found system statfs file at: 0x805d
Found system inum file at: 0x815f
Found system rindex file at: 0x8161
Found system quota file at: 0x8163
Okay to fix the GFS2 superblock? (y/n)y
Validating Resource Group index.
Level 1 rgrp check: Checking if all rgrp and rindex values are good.
(level 1 passed)
Starting pass1
pass1 complete      
Starting pass1b
pass1b complete      
Starting pass1c
pass1c complete      
Starting pass2
pass2 complete      
Starting pass3
pass3 complete      
Starting pass4
pass4 complete      
Starting pass5
pass5 complete      
Starting check_statfs
check_statfs complete      
Writing changes to disk
Superblock was reset. Use tunegfs2 to manually set lock table before mounting.
gfs2_fsck complete
Comment 6 Ludek Smid 2014-06-13 10:56:52 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.