Bug 1642281

Summary: [abrt] e2fsprogs: e2p_is_null_uuid(): dumpe2fs killed by SIGSEGV
Product: [Fedora] Fedora Reporter: gobbledegeek <gobbledegeek>
Component: e2fsprogsAssignee: Lukáš Czerner <lczerner>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 28CC: esandeen, josef, kasal, kzak, lczerner, oliver
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/932b5ad80fdf781adcbb4b7162fc093664b5bfc7
Whiteboard: abrt_hash:72c395fe5de2b2ca86db81f8953140dd538c5342;VARIANT_ID=workstation;
Fixed In Version: e2fsprogs-1.44.6-1.fc29 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-04-18 22:19:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: cpuinfo
none
File: dso_list
none
File: environ
none
File: exploitable
none
File: limits
none
File: maps
none
File: mountinfo
none
File: open_fds
none
File: proc_pid_status none

Description gobbledegeek 2018-10-24 06:31:14 UTC 
Description of problem:
Happens at boot time. Also reported in bugzilla id=1642071

Version-Release number of selected component:
e2fsprogs-1.43.8-2.fc28

Additional info:
reporter:       libreport-2.9.5
backtrace_rating: 4
cmdline:        dumpe2fs -h /dev/sdb5
crash_function: e2p_is_null_uuid
executable:     /usr/sbin/dumpe2fs
journald_cursor: s=333235b510ab49eaba1ef6236d3c1a20;i=23c7;b=940197441a8547339d2098169e54b38f;m=33788b4e;t=578d45dcca7e2;x=da0e908b5ce4bb59
kernel:         4.16.3-301.fc28.x86_64
rootdir:        /
runlevel:       N 5
type:           CCpp
uid:            0

Truncated backtrace:
Thread no. 1 (4 frames)
 #0 e2p_is_null_uuid at uuid.c:32
 #1 e2p_uuid2str at uuid.c:80
 #2 e2p_list_journal_super at ljs.c:105
 #3 print_inline_journal_information at dumpe2fs.c:395

Potential duplicate: bug 1565797
Comment 1 gobbledegeek 2018-10-24 06:31:21 UTC 
Created attachment 1496896 [details]
File: backtrace
Comment 2 gobbledegeek 2018-10-24 06:31:23 UTC 
Created attachment 1496897 [details]
File: cgroup
Comment 3 gobbledegeek 2018-10-24 06:31:24 UTC 
Created attachment 1496898 [details]
File: core_backtrace
Comment 4 gobbledegeek 2018-10-24 06:31:26 UTC 
Created attachment 1496899 [details]
File: cpuinfo
Comment 5 gobbledegeek 2018-10-24 06:31:27 UTC 
Created attachment 1496900 [details]
File: dso_list
Comment 6 gobbledegeek 2018-10-24 06:31:29 UTC 
Created attachment 1496901 [details]
File: environ
Comment 7 gobbledegeek 2018-10-24 06:31:31 UTC 
Created attachment 1496902 [details]
File: exploitable
Comment 8 gobbledegeek 2018-10-24 06:31:32 UTC 
Created attachment 1496903 [details]
File: limits
Comment 9 gobbledegeek 2018-10-24 06:31:34 UTC 
Created attachment 1496904 [details]
File: maps
Comment 10 gobbledegeek 2018-10-24 06:31:36 UTC 
Created attachment 1496905 [details]
File: mountinfo
Comment 11 gobbledegeek 2018-10-24 06:31:37 UTC 
Created attachment 1496906 [details]
File: open_fds
Comment 12 gobbledegeek 2018-10-24 06:31:39 UTC 
Created attachment 1496907 [details]
File: proc_pid_status
Comment 13 Lukáš Czerner 2018-10-24 08:03:33 UTC 
Thanks for the report. This should be fixed with upstream commit

commit b0ec76d623f737a32abc5ab8bb7198bf1d9939a4
Author: Lukas Czerner <lczerner>
Date:   Tue Aug 14 16:37:53 2018 +0200

    libe2p: avoid segfault when s_nr_users is too high
    
    Currently in e2fsprogs tools it's possible to access out of bounds
    memory when reading list of ids sharing a journal log
    (journal_superblock_t->s_users[]) in case where s_nr_users is too high.
    
    This is because we never check whether the s_nr_users fits into the
    restriction of JFS_USERS_MAX. Fix it by checking that nr_users is not
    bigger than JFS_USERS_MAX and error out when possiblem.
    
    Also add test for dumpe2fs. The rest would require involving external
    journal which is not possible to test with e2fsprogs test suite at the
    moment.
    
    Signed-off-by: Lukas Czerner <lczerner>
    Signed-off-by: Theodore Ts'o <tytso>

Will be updating e2fsprogs once a new version is released.

Thanks!
-Lukas
Comment 14 Fedora Update System 2019-04-04 05:43:27 UTC 
e2fsprogs-1.44.6-1.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-b4207428d3
Comment 15 Fedora Update System 2019-04-05 03:25:51 UTC 
e2fsprogs-1.44.6-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-b4207428d3
Comment 16 Fedora Update System 2019-04-18 22:19:30 UTC 
e2fsprogs-1.44.6-1.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.