Bug 1642281 - [abrt] e2fsprogs: e2p_is_null_uuid(): dumpe2fs killed by SIGSEGV
Summary: [abrt] e2fsprogs: e2p_is_null_uuid(): dumpe2fs killed by SIGSEGV
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: e2fsprogs
Version: 28
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lukáš Czerner
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:72c395fe5de2b2ca86db81f8953...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-10-24 06:31 UTC by gobbledegeek
Modified: 2019-04-18 22:19 UTC (History)
6 users (show)

Fixed In Version: e2fsprogs-1.44.6-1.fc29
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-04-18 22:19:30 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
File: backtrace (5.12 KB, text/plain)
2018-10-24 06:31 UTC, gobbledegeek 		no flags Details
File: cgroup (305 bytes, text/plain)
2018-10-24 06:31 UTC, gobbledegeek 		no flags Details
File: core_backtrace (1.47 KB, text/plain)
2018-10-24 06:31 UTC, gobbledegeek 		no flags Details
File: cpuinfo (1.44 KB, text/plain)
2018-10-24 06:31 UTC, gobbledegeek 		no flags Details
File: dso_list (1.88 KB, text/plain)
2018-10-24 06:31 UTC, gobbledegeek 		no flags Details
File: environ (198 bytes, text/plain)
2018-10-24 06:31 UTC, gobbledegeek 		no flags Details
File: exploitable (82 bytes, text/plain)
2018-10-24 06:31 UTC, gobbledegeek 		no flags Details
File: limits (1.29 KB, text/plain)
2018-10-24 06:31 UTC, gobbledegeek 		no flags Details
File: maps (5.11 KB, text/plain)
2018-10-24 06:31 UTC, gobbledegeek 		no flags Details
File: mountinfo (4.34 KB, text/plain)
2018-10-24 06:31 UTC, gobbledegeek 		no flags Details
File: open_fds (181 bytes, text/plain)
2018-10-24 06:31 UTC, gobbledegeek 		no flags Details
File: proc_pid_status (1.22 KB, text/plain)
2018-10-24 06:31 UTC, gobbledegeek 		no flags Details
View All

Description gobbledegeek 2018-10-24 06:31:14 UTC 
Description of problem:
Happens at boot time. Also reported in bugzilla id=1642071

Version-Release number of selected component:
e2fsprogs-1.43.8-2.fc28

Additional info:
reporter:       libreport-2.9.5
backtrace_rating: 4
cmdline:        dumpe2fs -h /dev/sdb5
crash_function: e2p_is_null_uuid
executable:     /usr/sbin/dumpe2fs
journald_cursor: s=333235b510ab49eaba1ef6236d3c1a20;i=23c7;b=940197441a8547339d2098169e54b38f;m=33788b4e;t=578d45dcca7e2;x=da0e908b5ce4bb59
kernel:         4.16.3-301.fc28.x86_64
rootdir:        /
runlevel:       N 5
type:           CCpp
uid:            0

Truncated backtrace:
Thread no. 1 (4 frames)
 #0 e2p_is_null_uuid at uuid.c:32
 #1 e2p_uuid2str at uuid.c:80
 #2 e2p_list_journal_super at ljs.c:105
 #3 print_inline_journal_information at dumpe2fs.c:395

Potential duplicate: bug 1565797
Comment 1 gobbledegeek 2018-10-24 06:31:21 UTC 
Created attachment 1496896 [details]
File: backtrace
Comment 2 gobbledegeek 2018-10-24 06:31:23 UTC 
Created attachment 1496897 [details]
File: cgroup
Comment 3 gobbledegeek 2018-10-24 06:31:24 UTC 
Created attachment 1496898 [details]
File: core_backtrace
Comment 4 gobbledegeek 2018-10-24 06:31:26 UTC 
Created attachment 1496899 [details]
File: cpuinfo
Comment 5 gobbledegeek 2018-10-24 06:31:27 UTC 
Created attachment 1496900 [details]
File: dso_list
Comment 6 gobbledegeek 2018-10-24 06:31:29 UTC 
Created attachment 1496901 [details]
File: environ
Comment 7 gobbledegeek 2018-10-24 06:31:31 UTC 
Created attachment 1496902 [details]
File: exploitable
Comment 8 gobbledegeek 2018-10-24 06:31:32 UTC 
Created attachment 1496903 [details]
File: limits
Comment 9 gobbledegeek 2018-10-24 06:31:34 UTC 
Created attachment 1496904 [details]
File: maps
Comment 10 gobbledegeek 2018-10-24 06:31:36 UTC 
Created attachment 1496905 [details]
File: mountinfo
Comment 11 gobbledegeek 2018-10-24 06:31:37 UTC 
Created attachment 1496906 [details]
File: open_fds
Comment 12 gobbledegeek 2018-10-24 06:31:39 UTC 
Created attachment 1496907 [details]
File: proc_pid_status
Comment 13 Lukáš Czerner 2018-10-24 08:03:33 UTC 
Thanks for the report. This should be fixed with upstream commit

commit b0ec76d623f737a32abc5ab8bb7198bf1d9939a4
Author: Lukas Czerner <lczerner>
Date:   Tue Aug 14 16:37:53 2018 +0200

    libe2p: avoid segfault when s_nr_users is too high
    
    Currently in e2fsprogs tools it's possible to access out of bounds
    memory when reading list of ids sharing a journal log
    (journal_superblock_t->s_users[]) in case where s_nr_users is too high.
    
    This is because we never check whether the s_nr_users fits into the
    restriction of JFS_USERS_MAX. Fix it by checking that nr_users is not
    bigger than JFS_USERS_MAX and error out when possiblem.
    
    Also add test for dumpe2fs. The rest would require involving external
    journal which is not possible to test with e2fsprogs test suite at the
    moment.
    
    Signed-off-by: Lukas Czerner <lczerner>
    Signed-off-by: Theodore Ts'o <tytso>

Will be updating e2fsprogs once a new version is released.

Thanks!
-Lukas
Comment 14 Fedora Update System 2019-04-04 05:43:27 UTC 
e2fsprogs-1.44.6-1.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-b4207428d3
Comment 15 Fedora Update System 2019-04-05 03:25:51 UTC 
e2fsprogs-1.44.6-1.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-b4207428d3
Comment 16 Fedora Update System 2019-04-18 22:19:30 UTC 
e2fsprogs-1.44.6-1.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.