RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1028388 - fsck.gfs2 segfaults on bad superblock fields
Summary: fsck.gfs2 segfaults on bad superblock fields
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: gfs2-utils
Version: 7.0
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: rc
: ---
Assignee: Andrew Price
QA Contact: Cluster QE
URL:
Whiteboard:
Depends On: 1019226
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-11-08 10:53 UTC by Andrew Price
Modified: 2014-06-18 00:15 UTC (History)
9 users (show)

Fixed In Version: gfs2-utils-3.1.6-9.el7
Doc Type: Bug Fix
Doc Text:
Clone Of: 1019226
Environment:
Last Closed: 2014-06-13 10:56:52 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Andrew Price 2013-11-08 10:53:06 UTC 
+++ This bug was initially created as a clone of Bug #1019226 +++

Description of problem:

fsck.gfs2 crashes with a segmentation fault when sb_bsize is corrupted in the on-disk superblock.

Version-Release number of selected component (if applicable):

Upstream git

How reproducible:

100%

Steps to Reproduce:

# truncate -s 10G tdev
# mkfs.gfs2 -Oplock_nolock tdev
# gfs2_edit -p sb field sb_bsize 0 ./tdev
# fsck.gfs2 tdev

Actual results:

# fsck.gfs2 tdev
Initializing fsck
Segmentation fault (core dumped)

Expected results:

fsck.gfs2 either fixes the superblock or prints a message saying that fsck.gfs2 could not fix it before exiting cleanly.

Additional info:

Program received signal SIGSEGV, Segmentation fault.
0x00000000004292ef in read_sb (sdp=0x7fffffffbe70) at super.c:97
97			sdp->sd_heightsize[x] = space;
Missing separate debuginfos, use: debuginfo-install glibc-2.17-33.el7.x86_64
(gdb) bt
#0  0x00000000004292ef in read_sb (sdp=0x7fffffffbe70) at super.c:97
#1  0x000000000040761e in fill_super_block (sdp=0x7fffffffbe70) at initialize.c:1276
#2  0x0000000000407f53 in initialize (sdp=0x7fffffffbe70, force_check=0, preen=0, all_clean=0x7fffffffbe6c)
    at initialize.c:1520
#3  0x000000000040ae49 in main (argc=2, argv=0x7fffffffe4a8) at main.c:283
(gdb) list
92			space = sdp->sd_heightsize[x - 1] * sdp->sd_inptrs;
93			/* FIXME: Do we really need this first check?? */
94			if (space / sdp->sd_inptrs != sdp->sd_heightsize[x - 1] ||
95			    space % sdp->sd_inptrs != 0)
96				break;
97			sdp->sd_heightsize[x] = space;
98		}
99		if (x > GFS2_MAX_META_HEIGHT){
100			errno = E2BIG;
101			return -1;

--- Additional comment from Andrew Price on 2013-11-08 10:50:37 GMT ---

https://lists.fedorahosted.org/pipermail/cluster-commits/2013-November/003555.html
Comment 1 Andrew Price 2013-11-08 19:28:04 UTC 
There was an issue with the original patch which was fixed in this upstream patch posted earlier:

https://www.redhat.com/archives/cluster-devel/2013-November/msg00040.html

QE: The patches also add build-time tests to cover this.
Comment 2 Andrew Price 2013-11-13 09:36:05 UTC 
Patches pushed to gfs2-utils.git/RHEL7. Besides the above two there's a third one which makes gfs2l build with -D_FILE_OFFSET_BITS=64 to fix the test suite on 32-bit architectures.
Comment 3 Andrew Price 2013-11-13 11:18:33 UTC 
https://brewweb.devel.redhat.com/buildinfo?buildID=309985
Comment 5 Justin Payne 2014-02-24 16:58:11 UTC 
Verified in gfs2-utils-3.1.6-12.el7:

[root@dash-01 ~]# rpm -q gfs2-utils
gfs2-utils-3.1.6-12.el7.x86_64
[root@dash-01 ~]# truncate -s 10G tdev; 
[root@dash-01 ~]# mkfs.gfs2 -Oplock_nolock tdev
This will destroy any data on tdev
Device:                    tdev
Block size:                4096
Device size:               10.00 GB (2621440 blocks)
Filesystem size:           10.00 GB (2621438 blocks)
Journals:                  1
Resource groups:           40
Locking protocol:          "lock_nolock"
Lock table:                ""
UUID:                      d18f3c8c-1627-985d-843e-73226024d1f8
[root@dash-01 ~]# gfs2_edit -p sb field sb_bsize 0 ./tdev
0
[root@dash-01 ~]# fsck.gfs2 tdev
Initializing fsck
Gathering information to repair the gfs2 superblock.  This may take some time.
Block size determined to be: 4096
Found system jindex file at: 0x18
Found system per_node directory at: 0x805b
From per_node's '..' I backtracked the master directory to: 0x17
Found system statfs file at: 0x805d
Found system inum file at: 0x815f
Found system rindex file at: 0x8161
Found system quota file at: 0x8163
Okay to fix the GFS2 superblock? (y/n)y
Validating Resource Group index.
Level 1 rgrp check: Checking if all rgrp and rindex values are good.
(level 1 passed)
Starting pass1
pass1 complete      
Starting pass1b
pass1b complete      
Starting pass1c
pass1c complete      
Starting pass2
pass2 complete      
Starting pass3
pass3 complete      
Starting pass4
pass4 complete      
Starting pass5
pass5 complete      
Starting check_statfs
check_statfs complete      
Writing changes to disk
Superblock was reset. Use tunegfs2 to manually set lock table before mounting.
gfs2_fsck complete
Comment 6 Ludek Smid 2014-06-13 10:56:52 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.
Note You need to log in before you can comment on or make changes to this bug.