Bug 1164381

Summary: e2fsck crashing (triggered by MALLOC_PERTURB_)
Product: [Fedora] Fedora Reporter: David Lehman <dlehman>
Component: e2fsprogsAssignee: Eric Sandeen <esandeen>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 21CC: esandeen, josef, kzak, oliver
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: e2fsprogs-1.42.11-4.fc21 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-11-18 12:31:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Lehman 2014-11-14 20:39:14 UTC 
Description of problem:
With F21-TC2 I noticed e2fsck crashing. Eventually, I tried unsetting MALLOC_PERTURB_ and it stopped crashing.

Version-Release number of selected component (if applicable):
e2fsprogs-1.42.11-3.fc21.x86_64

How reproducible:
Reliably, but only when called from anaconda+blivet.

Steps to Reproduce:
1. Tell anaconda to resize an existing ext4 filesystem
2.
3.

Actual results:
20:33:09,791 INFO program: Running... e2fsck -f -p -C 0 /dev/sda1
20:33:10,677 INFO program: ^A/dev/sda1: |=                                                       |  1.1%
20:33:10,678 INFO program: ^B^A/dev/sda1: |========================================================| 100.0%
20:33:10,678 INFO program: ^B^A                                                  
20:33:10,678 INFO program: ^B/dev/sda1: 11/128016 files (0.0% non-contiguous), 26666/512000 blocks
20:33:10,678 INFO program: Signal (11) SIGSEGV si_code=SI_KERNEL fault addr=(nil)
20:33:10,679 INFO program: e2fsck[0x427292]
20:33:10,679 INFO program: /lib64/libc.so.6(+0x34950)[0x7f33965c1950]
20:33:10,679 INFO program: /lib64/libext2fs.so.2(ext2fs_free_dblist+0x1d)[0x7f33971b790d]
20:33:10,679 INFO program: e2fsck(e2fsck_reset_context+0x104)[0x40db54]
20:33:10,679 INFO program: e2fsck(e2fsck_free_context+0x26)[0x40dde6]
20:33:10,679 INFO program: e2fsck(main+0x1a7a)[0x40aeca]
20:33:10,680 INFO program: /lib64/libc.so.6(__libc_start_main+0xf0)[0x7f33965acfe0]
20:33:10,680 INFO program: e2fsck[0x40bc8c]
20:33:10,680 DEBUG program: Return code: 8


Expected results:
No crash.

Additional info:
Comment 1 Eric Sandeen 2014-11-14 20:48:15 UTC 
Hm, any chance to get an e2image (-r or -q) of /dev/sda1, to see if it's anything unique to the geometry of the fs?

-Eric
Comment 2 David Lehman 2014-11-14 21:13:39 UTC 
Pretty sure it's not. It also happens for the root and home lvs on this system.

Here's a qcow image, just in case:

    https://dlehman.fedorapeople.org/sda1.e2img
Comment 3 Eric Sandeen 2014-11-14 22:59:28 UTC 
Thanks, I thought perhaps if it was only triggerable by blivet it was something unique... I'll take a look.
Comment 4 Eric Sandeen 2014-11-14 23:17:51 UTC 
Ok, probably the same as:

==38125== Invalid read of size 8
==38125==    at 0x411A73: e2fsck_reset_context (e2fsck.c:87)
==38125==    by 0x411CED: e2fsck_free_context (e2fsck.c:177)
==38125==    by 0x4111C7: main (unix.c:1779)
==38125==  Address 0x4c2b220 is 144 bytes inside a block of size 296 free'd
==38125==    at 0x4A063F0: free (vg_replace_malloc.c:446)
==38125==    by 0x435713: ext2fs_close2 (closefs.c:492)
==38125==    by 0x4357BD: ext2fs_close_free (closefs.c:445)
==38125==    by 0x4111B3: main (unix.c:1776)

Looks like possibly:

commit a82d88ea99d3c5c21bf538b886da0482bf143fd5
Author: Darrick J. Wong <darrick.wong>
Date:   Thu Jul 24 21:03:54 2014 -0400

    e2fsck: free ctx->fs, not fs, at the end of fsck
    
    When we call ext2fs_close_free at the end of main(), we need to supply
    the address of ctx->fs, because the subsequent e2fsck_free_context
    call will try to access ctx->fs (which is now set to a freed block) to
    see if it should free the directory block list.  This is clearly not
    desirable, so fix the problem.
    
    Signed-off-by: Darrick J. Wong <darrick.wong>
    Signed-off-by: Theodore Ts'o <tytso>
Comment 5 Fedora Update System 2014-11-14 23:59:10 UTC 
e2fsprogs-1.42.11-4.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/e2fsprogs-1.42.11-4.fc21
Comment 6 Fedora Update System 2014-11-16 14:44:36 UTC 
Package e2fsprogs-1.42.11-4.fc21:
* should fix your issue,
* was pushed to the Fedora 21 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing e2fsprogs-1.42.11-4.fc21'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-15197/e2fsprogs-1.42.11-4.fc21
then log in and leave karma (feedback).
Comment 7 Fedora Update System 2014-11-18 12:31:39 UTC 
e2fsprogs-1.42.11-4.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.