Description of problem: fsck.gfs2 crashes with a segmentation fault when sb_bsize is corrupted in the on-disk superblock. Version-Release number of selected component (if applicable): Upstream git How reproducible: 100% Steps to Reproduce: # truncate -s 10G tdev # mkfs.gfs2 -Oplock_nolock tdev # gfs2_edit -p sb field sb_bsize 0 ./tdev # fsck.gfs2 tdev Actual results: # fsck.gfs2 tdev Initializing fsck Segmentation fault (core dumped) Expected results: fsck.gfs2 either fixes the superblock or prints a message saying that fsck.gfs2 could not fix it before exiting cleanly. Additional info: Program received signal SIGSEGV, Segmentation fault. 0x00000000004292ef in read_sb (sdp=0x7fffffffbe70) at super.c:97 97 sdp->sd_heightsize[x] = space; Missing separate debuginfos, use: debuginfo-install glibc-2.17-33.el7.x86_64 (gdb) bt #0 0x00000000004292ef in read_sb (sdp=0x7fffffffbe70) at super.c:97 #1 0x000000000040761e in fill_super_block (sdp=0x7fffffffbe70) at initialize.c:1276 #2 0x0000000000407f53 in initialize (sdp=0x7fffffffbe70, force_check=0, preen=0, all_clean=0x7fffffffbe6c) at initialize.c:1520 #3 0x000000000040ae49 in main (argc=2, argv=0x7fffffffe4a8) at main.c:283 (gdb) list 92 space = sdp->sd_heightsize[x - 1] * sdp->sd_inptrs; 93 /* FIXME: Do we really need this first check?? */ 94 if (space / sdp->sd_inptrs != sdp->sd_heightsize[x - 1] || 95 space % sdp->sd_inptrs != 0) 96 break; 97 sdp->sd_heightsize[x] = space; 98 } 99 if (x > GFS2_MAX_META_HEIGHT){ 100 errno = E2BIG; 101 return -1;
https://lists.fedorahosted.org/pipermail/cluster-commits/2013-November/003555.html