e2fsprogs.git dumpe2fs / mke2fs sigserv on sparc64

e2fsprogs.git dumpe2fs / mke2fs sigserv on sparc64

[Anatoly Pugachev]

Hello!

Getting current git e2fsprogs of dumpe2fs/mke2fs (and probably others)
segfaults (via make check) with the following backtrace:

e2fsprogs.git/tests$ dd if=/dev/zero of=/tmp/image bs=1k count=8k
8192+0 records in
8192+0 records out
8388608 bytes (8.4 MB, 8.0 MiB) copied, 0.0601931 s, 139 MB/s

e2fsprogs.git/tests$ ../misc/mke2fs -j -F -N 256 /tmp/image
mke2fs 1.46-WIP (09-Oct-2019)
Discarding device blocks: done
Creating filesystem with 8192 1k blocks and 256 inodes

Allocating group tables: done
Writing inode tables: done
Creating journal (1024 blocks): done
Writing superblocks and filesystem accounting information: done

e2fsprogs.git/tests$ file -s /tmp/image
/tmp/image: Linux rev 1.0 ext3 filesystem data,
UUID=6df2cbee-b72a-495c-b604-26a4f740ee9e (large files)

e2fsprogs.git/tests$ ../misc/dumpe2fs /tmp/image
dumpe2fs 1.46-WIP (09-Oct-2019)
Segmentation fault (core dumped)

e2fsprogs.git/tests$ file ../misc/dumpe2fs
../misc/dumpe2fs: ELF 64-bit MSB pie executable, SPARC V9, relaxed
memory ordering, version 1 (SYSV), dynamically linked, interpreter
/lib64/ld-linux.so.2,
BuildID[sha1]=6aa77fa7d29a8a4a94a2a505cb04ebc655fc01e7, for GNU/Linux
3.2.0, with debug_info, not stripped

e2fsprogs.git/tests$ gdb ../misc/dumpe2fs
GNU gdb (Debian 8.3.1-1) 8.3.1
...
Reading symbols from ../misc/dumpe2fs...
(gdb) set args /tmp/image
(gdb) run
Starting program: e2fsprogs.git/misc/dumpe2fs /tmp/image
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/sparc64-linux-gnu/libthread_db.so.1".
dumpe2fs 1.46-WIP (09-Oct-2019)

Program received signal SIGSEGV, Segmentation fault.
ext2fs_swap_group_desc2 (fs=0x10000149440, gdp=0x0) at swapfs.c:145
145 gdp->bg_block_bitmap = ext2fs_swab32(gdp->bg_block_bitmap);
(gdb) bt
#0 ext2fs_swap_group_desc2 (fs=0x10000149440, gdp=0x0) at swapfs.c:145
#1 0x00000100000133b4 in ext2fs_open2 (name=<optimized out>,
io_options=<optimized out>, flags=<optimized out>, superblock=1,
block_size=<optimized out>,
manager=<optimized out>, ret_fs=0x7fefffff0d0) at openfs.c:438
#2 0x0000010000013874 in ext2fs_open2 (ret_fs=0x7fefffff0d0,
manager=0x10000147138 <struct_unix_manager>, block_size=0,
superblock=0, flags=167936, io_options=0x0,
name=0x7fefffff742 "/tmp/image") at openfs.c:138
#3 ext2fs_open (name=0x7fefffff742 "/tmp/image", flags=<optimized
out>, superblock=<optimized out>, block_size=<optimized out>,
manager=0x10000147138 <struct_unix_manager>, ret_fs=0x7fefffff0d0) at
openfs.c:92
#4 0x0000010000004968 in main (argc=<optimized out>, argv=<optimized
out>) at dumpe2fs.c:684
(gdb) q


another one (same source at swapfs.c:145 ):

e2fsprogs.git/tests$ ../misc/mke2fs -j -F /tmp/image
mke2fs 1.46-WIP (09-Oct-2019)
Discarding device blocks: done
Creating filesystem with 8192 1k blocks and 2048 inodes

Allocating group tables: done
Writing inode tables: done
Creating journal (1024 blocks): done
Writing superblocks and filesystem accounting information: done

(same command on already existing fs):

e2fsprogs.git/tests$ ../misc/mke2fs -j -F /tmp/image
mke2fs 1.46-WIP (09-Oct-2019)
/tmp/image contains a ext3 file system
Segmentation fault (core dumped)

e2fsprogs.git/tests$ gdb -q ../misc/mke2fs
Reading symbols from ../misc/mke2fs...
(gdb) set args -j -F /tmp/image
(gdb) run
Starting program: e2fsprogs.git/misc/mke2fs -j -F /tmp/image
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/sparc64-linux-gnu/libthread_db.so.1".
mke2fs 1.46-WIP (09-Oct-2019)
/tmp/image contains a ext3 file system

Program received signal SIGSEGV, Segmentation fault.
ext2fs_swap_group_desc2 (fs=0x10000166580, gdp=0x0) at swapfs.c:145
145             gdp->bg_block_bitmap = ext2fs_swab32(gdp->bg_block_bitmap);
(gdb) bt
#0  ext2fs_swap_group_desc2 (fs=0x10000166580, gdp=0x0) at swapfs.c:145
#1  0x000001000002ba50 in ext2fs_open2 (name=<optimized out>,
io_options=<optimized out>, flags=<optimized out>, superblock=1,
block_size=<optimized out>,
    manager=<optimized out>, ret_fs=0x7feffffec20) at openfs.c:438
#2  0x000001000003b168 in print_ext2_info (device=0x7fefffff744
"/tmp/image") at plausible.c:255
#3  check_plausibility (device=0x7fefffff744 "/tmp/image",
flags=<optimized out>, ret_is_dev=0x7feffffee54) at plausible.c:255
#4  0x000001000000ae08 in PRS (argc=<optimized out>,
argv=0x7fefffff488) at mke2fs.c:1966
#5  0x0000010000005df4 in main (argc=<optimized out>,
argv=0x7fefffff488) at mke2fs.c:2935
(gdb)


e2fsprogs.git$ git desc
v1.45.4-57-g523219f2

e2fsprogs.git/tests$ uname -a
Linux ttip.nvglabs.local 5.5.0-rc2 #1325 SMP Mon Dec 16 12:20:39 MSK
2019 sparc64 GNU/Linux

e2fsprogs.git/tests$ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/sparc64-linux-gnu/9/lto-wrapper
Target: sparc64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian
9.2.1-21' --with-bugurl=file:///usr/share/doc/gcc-9/README.Bugs
--enable-languages=c,ada,c++,go,d,fortran,objc,obj-c++,gm2
--prefix=/usr --with-gcc-major-version-only --program-suffix=-9
--program-prefix=sparc64-linux-gnu- --enable-shared
--enable-linker-build-id --libexecdir=/usr/lib
--without-included-gettext --enable-threads=posix --libdir=/usr/lib
--enable-nls --enable-bootstrap --enable-clocale=gnu
--enable-libstdcxx-debug --enable-libstdcxx-time=yes
--with-default-libstdcxx-abi=new --enable-gnu-unique-object
--disable-libquadmath --disable-libquadmath-support --enable-plugin
--enable-default-pie --with-system-zlib --disable-libphobos
--enable-objc-gc=auto --enable-multiarch --disable-werror
--with-cpu-32=ultrasparc --enable-targets=all --with-long-double-128
--enable-multilib --enable-checking=release --build=sparc64-linux-gnu
--host=sparc64-linux-gnu --target=sparc64-linux-gnu
Thread model: posix
gcc version 9.2.1 20191130 (Debian 9.2.1-21)

e2fsprogs.git/tests$ dpkg -l binutils libc6
||/ Name Version Architecture Description
+++-==============-============-============-==========================================
ii binutils 2.33.1-6 sparc64 GNU assembler, linker and binary utilities
ii libc6:sparc64 2.29-1 sparc64 GNU C Library: Shared libraries

Debian sid / unstable.

if you have access to 'gcc compile farm' you can test it yourself with
gcc202 machine.

Thanks.

Re: e2fsprogs.git dumpe2fs / mke2fs sigserv on sparc64

[Anatoly Pugachev]

On Tue, Dec 17, 2019 at 9:01 PM Anatoly Pugachev <matorola@gmail.com> wrote:
>
> Hello!
>
> Getting current git e2fsprogs of dumpe2fs/mke2fs (and probably others)
> segfaults (via make check) with the following backtrace:

JFYI

checkout of commit db41ae2c3e4716ceffe212a742d3c963e400fa1e makes
dumpe2fs to work correctly (i.e. not to segfault).
Tried to bisect (not sure it was fully correct, since i don't used
make clean between bisect steps),
marking head as bad and db41ae2c as good, leads to this commit :

e2fsprogs.git$ git bisect good
e6069a05daeb8d18289ad7772d7800b09b418bca is the first bad commit
commit e6069a05daeb8d18289ad7772d7800b09b418bca
Author: Theodore Ts'o <tytso@mit.edu>
Date:   Tue Oct 22 18:42:25 2019 -0400

    Teach ext2fs_open2() to honor the EXT2_FLAG_SUPER_ONLY flag

    Opening the file system with EXT2_FLAG_SUPER_ONLY will leave
    fs->group_desc to be NULL and modify "dumpe2fs -h" and tune2fs when it
    is emulating e2label to use this flag.  This speeds up "dumpe2fs -h"
    and "e2label" when operating on very large file systems.

    To allow other libext2fs functions to work without too many surprises,
    ext2fs_group_desc() will read in the block group descriptors on
    demand.  This allows "dumpe2fs -h" to be able to read the journal
    inode, for example.

    Signed-off-by: Theodore Ts'o <tytso@mit.edu>
    Cray-bug-id: LUS-5777

 lib/ext2fs/blknum.c | 39 ++++++++++++++++++++++++++++++++++++---
 lib/ext2fs/openfs.c |  4 +++-
 misc/dumpe2fs.c     |  2 ++
 misc/tune2fs.c      |  2 +-
 4 files changed, 42 insertions(+), 5 deletions(-)


So, if you need BE machine to test on, please use 'gcc compile farm'
BE machines (gcc202 debian sparc64, gcc110 centos-7 ppc64 - and git
master segfaults on gcc110 as well)

Re: e2fsprogs.git dumpe2fs / mke2fs sigserv on sparc64

[Theodore Y. Ts'o]

On Wed, Dec 18, 2019 at 03:01:03AM +0300, Anatoly Pugachev wrote:
> On Tue, Dec 17, 2019 at 9:01 PM Anatoly Pugachev <matorola@gmail.com> wrote:
> >
> > Getting current git e2fsprogs of dumpe2fs/mke2fs (and probably others)
> > segfaults (via make check) with the following backtrace...

Hi,

Thanks for reporting this bug.  It should be fixed with this commit:

commit c9a8c53b17ccc4543509d55ff3b343ddbfe805e5
Author: Theodore Ts'o <tytso@mit.edu>
Date:   Thu Dec 26 23:19:54 2019 -0500

    libext2fs: fix crash in ext2fs_open2() on Big Endian systems
    
    Commit e6069a05: ("Teach ext2fs_open2() to honor the
    EXT2_FLAG_SUPER_ONLY flag") changed how the function
    ext2fs_group_desc() handled a request for a gdp pointer for a group
    larger than the number of groups in the file system; it now returns
    NULL, instead of returning a pointer beyond the end of the array.
    
    Previously, the ext2fs_open2() function would swap all of the block
    group descriptors in a block, even if they are beyond the end of the
    file system.  This was OK, since we were not overrunning the allocated
    memory, since it was rounded to a block boundary.  But now that
    ext2fs_group_desc() would return NULL for those gdp, it would cause
    ext2fs_open2(), when it was byte swapping the block group descriptors
    on Big Endian systems, to dereference a null pointer and crash.
    
    This commit adds a NULL pointer check to avoid byte swapping those
    block group descriptors in a bg descriptor block, but which are beyond
    the end of the file system, to address this crash.
    
    Signed-off-by: Theodore Ts'o <tytso@mit.edu>
    Reported-by: Anatoly Pugachev <matorola@gmail.com>

diff --git a/lib/ext2fs/openfs.c b/lib/ext2fs/openfs.c
index ec2d6cb4..3331452d 100644
--- a/lib/ext2fs/openfs.c
+++ b/lib/ext2fs/openfs.c
@@ -435,7 +435,8 @@ errcode_t ext2fs_open2(const char *name, const char *io_options,
 		gdp = (struct ext2_group_desc *) dest;
 		for (j=0; j < groups_per_block*first_meta_bg; j++) {
 			gdp = ext2fs_group_desc(fs, fs->group_desc, j);
-			ext2fs_swap_group_desc2(fs, gdp);
+			if (gdp)
+				ext2fs_swap_group_desc2(fs, gdp);
 		}
 #endif
 		dest += fs->blocksize*first_meta_bg;
@@ -455,7 +456,8 @@ errcode_t ext2fs_open2(const char *name, const char *io_options,
 		for (j=0; j < groups_per_block; j++) {
 			gdp = ext2fs_group_desc(fs, fs->group_desc,
 						i * groups_per_block + j);
-			ext2fs_swap_group_desc2(fs, gdp);
+			if (gdp)
+				ext2fs_swap_group_desc2(fs, gdp);
 		}
 #endif
 		dest += fs->blocksize;

Re: e2fsprogs.git dumpe2fs / mke2fs sigserv on sparc64

[Anatoly Pugachev]

On Fri, Dec 27, 2019 at 7:49 AM Theodore Y. Ts'o <tytso@mit.edu> wrote:
>
> On Wed, Dec 18, 2019 at 03:01:03AM +0300, Anatoly Pugachev wrote:
> > On Tue, Dec 17, 2019 at 9:01 PM Anatoly Pugachev <matorola@gmail.com> wrote:
> > >
> > > Getting current git e2fsprogs of dumpe2fs/mke2fs (and probably others)
> > > segfaults (via make check) with the following backtrace...
>
> Hi,
>
> Thanks for reporting this bug.  It should be fixed with this commit:
>
> commit c9a8c53b17ccc4543509d55ff3b343ddbfe805e5

Theodore, thanks.
This patch fixes issue with all e2fsprogs test suite.

PS: there's another one which is failed:
366 tests succeeded     1 tests failed

i_bitmaps: e2image bitmap read/write test: failed


e2fsprogs.git$ git desc
v1.45.4-57-g523219f2

$ cd e2fsprogs.git/tests/i_bitmaps

e2fsprogs.git/tests/i_bitmaps$ ulimit -c unlimited

e2fsprogs.git/tests/i_bitmaps$ ../../misc/e2image /tmp/image  /tmp/image.e2i
e2image 1.46-WIP (09-Oct-2019)
Segmentation fault (core dumped)

e2fsprogs.git/tests/i_bitmaps$ gdb -q ../../misc/e2image
Reading symbols from ../../misc/e2image...
(gdb) set args /tmp/image /tmp/image.e2i
(gdb) run
Starting program: e2fsprogs.git/misc/e2image /tmp/image /tmp/image.e2i
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/sparc64-linux-gnu/libthread_db.so.1".
e2image 1.46-WIP (09-Oct-2019)

Program received signal SIGSEGV, Segmentation fault.
ext2fs_swap_group_desc2 (fs=0x10000148a90, gdp=0x0) at swapfs.c:145
145             gdp->bg_block_bitmap = ext2fs_swab32(gdp->bg_block_bitmap);
(gdb) br
Breakpoint 1 at 0x1000001bb10: file swapfs.c, line 145.
(gdb) p gdp
$1 = (struct ext2_group_desc *) 0x0
(gdb)

Re: e2fsprogs.git dumpe2fs / mke2fs sigserv on sparc64

[Anatoly Pugachev]

On Sat, Dec 28, 2019 at 8:17 PM Anatoly Pugachev <matorola@gmail.com> wrote:
>
> On Fri, Dec 27, 2019 at 7:49 AM Theodore Y. Ts'o <tytso@mit.edu> wrote:
> >
> > On Wed, Dec 18, 2019 at 03:01:03AM +0300, Anatoly Pugachev wrote:
> > > On Tue, Dec 17, 2019 at 9:01 PM Anatoly Pugachev <matorola@gmail.com> wrote:
> > > >
> > > > Getting current git e2fsprogs of dumpe2fs/mke2fs (and probably others)
> > > > segfaults (via make check) with the following backtrace...
> >
> > Hi,
> >
> > Thanks for reporting this bug.  It should be fixed with this commit:
> >
> > commit c9a8c53b17ccc4543509d55ff3b343ddbfe805e5
>
> Theodore, thanks.
> This patch fixes issue with all e2fsprogs test suite.
>
> PS: there's another one which is failed:
> 366 tests succeeded     1 tests failed
>
> i_bitmaps: e2image bitmap read/write test: failed
>
>
> e2fsprogs.git$ git desc
> v1.45.4-57-g523219f2
>
> $ cd e2fsprogs.git/tests/i_bitmaps
>
> e2fsprogs.git/tests/i_bitmaps$ ulimit -c unlimited
>
> e2fsprogs.git/tests/i_bitmaps$ ../../misc/e2image /tmp/image  /tmp/image.e2i
> e2image 1.46-WIP (09-Oct-2019)
> Segmentation fault (core dumped)
>
> e2fsprogs.git/tests/i_bitmaps$ gdb -q ../../misc/e2image
> Reading symbols from ../../misc/e2image...
> (gdb) set args /tmp/image /tmp/image.e2i
> (gdb) run
> Starting program: e2fsprogs.git/misc/e2image /tmp/image /tmp/image.e2i
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/sparc64-linux-gnu/libthread_db.so.1".
> e2image 1.46-WIP (09-Oct-2019)
>
> Program received signal SIGSEGV, Segmentation fault.
> ext2fs_swap_group_desc2 (fs=0x10000148a90, gdp=0x0) at swapfs.c:145
> 145             gdp->bg_block_bitmap = ext2fs_swab32(gdp->bg_block_bitmap);
> (gdb) br
> Breakpoint 1 at 0x1000001bb10: file swapfs.c, line 145.

this was meant to be bt (backtrace), not br (brakepoint):

Program received signal SIGSEGV, Segmentation fault.
ext2fs_swap_group_desc2 (fs=0x10000148a90, gdp=0x0) at swapfs.c:145
145             gdp->bg_block_bitmap = ext2fs_swab32(gdp->bg_block_bitmap);
(gdb) bt
#0  ext2fs_swap_group_desc2 (fs=0x10000148a90, gdp=0x0) at swapfs.c:145
#1  0x00000100000080fc in ext2fs_image_super_write (fs=0x10000148a90,
fd=<optimized out>, flags=<optimized out>) at imager.c:248
#2  0x0000010000004cc8 in write_image_file (fd=<optimized out>,
fs=<optimized out>) at e2image.c:245
#3  main (argc=<optimized out>, argv=<optimized out>) at e2image.c:1717
(gdb)