[Bug 193431] New: 512 byte inodes + inline_data + journal_data == segfaults/buserrors in userspace mmap

[Bug 193431] New: 512 byte inodes + inline_data + journal_data == segfaults/buserrors in userspace mmap

[bugzilla-daemon]

https://bugzilla.kernel.org/show_bug.cgi?id=193431

            Bug ID: 193431
           Summary: 512 byte inodes + inline_data + journal_data ==
                    segfaults/buserrors in userspace mmap
           Product: File System
           Version: 2.5
    Kernel Version: Multiple ( tested on 3.16, 4.1 and 4.9 )
          Hardware: All
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: high
          Priority: P1
         Component: ext4
          Assignee: fs_ext4@kernel-bugs.osdl.org
          Reporter: rabbit@rabbit.us
        Regression: No

Created attachment 253361
  --> https://bugzilla.kernel.org/attachment.cgi?id=253361&action=edit
Backtrace attempt

Steps to reproduce:


root@Ahasver:~# dd if=/dev/zero of=zeros.img bs=128M count=1
1+0 records in
1+0 records out
134217728 bytes (134 MB) copied, 1.61473 s, 83.1 MB/s


root@Ahasver:~# losetup -f zeros.img


root@Ahasver:~# mke2fs -t ext4 -I 512 -j -O inline_data /dev/loop0
mke2fs 1.43.3 (04-Sep-2016)
journal checksum features.
Discarding device blocks: done                            
Creating filesystem with 131072 1k blocks and 32768 inodes
Filesystem UUID: 675cf4a8-fb74-4a4a-9f28-f01b462b1933
Superblock backups stored on blocks: 
    8193, 24577, 40961, 57345, 73729

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done 



root@Ahasver:~# mount -o data=journal /dev/loop0 /mnt


root@Ahasver:~# rm -f /usr/lib/locale/locale-archive


root@Ahasver:~# ln -s /mnt/locale-archive /usr/lib/locale/locale-archive


root@Ahasver:~# localedef -i en_US -c -f ISO-8859-1 en_US
Segmentation fault



I am also attaching a gdb backtrace of the error as seen using the Debian
Stretch Installer RC1. The backtraced line 773 seems to be this one:
https://sources.debian.net/src/glibc/2.24-9/locale/programs/locarchive.c/#L773

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

[Bug 193431] 512 byte inodes + inline_data + journal_data == segfaults/buserrors in userspace mmap

[bugzilla-daemon]

https://bugzilla.kernel.org/show_bug.cgi?id=193431

Christian Kujau <lists@nerdbynature.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |lists@nerdbynature.de

--- Comment #1 from Christian Kujau <lists@nerdbynature.de> ---
I don't think this has anything to do with the underlying file system but
should be reported against the "libc-bin" package. The "ln" command above
creates a dead symlink and the same segfault happens when the symlink points to
/tmp/foo (tmpfs) or some other non-existant location. Running through strace
suggests some kind of programming logic error in localedef instead.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

[Bug 193431] 512 byte inodes + inline_data + journal_data == segfaults/buserrors in userspace mmap

[bugzilla-daemon]

https://bugzilla.kernel.org/show_bug.cgi?id=193431

Theodore Tso <tytso@mit.edu> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |tytso@mit.edu
         Resolution|---                         |INVALID

--- Comment #2 from Theodore Tso <tytso@mit.edu> ---
Using a stock ext4 file system ---- or an xfs file system --- results in the
same segfault in localdef.

So I think Christian is right.  This has nothing to do with ext4.

P.S.  I just tried with btrfs, and surprise!   localdef is also crashing with a
segfault.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

[Bug 193431] 512 byte inodes + inline_data + journal_data == segfaults/buserrors in userspace mmap

[bugzilla-daemon]

https://bugzilla.kernel.org/show_bug.cgi?id=193431

Peter Rabbitson <rabbit@rabbit.us> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |---

--- Comment #3 from Peter Rabbitson <rabbit@rabbit.us> ---
I assure you the problem is real. In my frustration/excitement I did not
properly trim down the testcase, and ignored the obvious change in behavior (
SIGUS -> SIGSEGV ).

Unfortunately I won't have time in the next couple days to properly trim this
down. All I currently have is the tarball of a minimalistic chroot left over
from a failed debian install ( 35MiB
SHA1:18917303621bd99ef8c319107ed0dcd2eb44abe0 ):
https://ipfs.io/ipfs/QmVbjsxH93Wy4Lnx1pThdd1iQ33TpeysoHuwzFb7awef5U/chroot_with_failing_locales_reconfig.tar.xz

The failure is as follows, showcasing a successful run and a failing run right
after ( the 512 inode size was a red herring: 256 fails as well ):


root@Ahasver:~# dd if=/dev/zero of=zeros.img bs=512M count=1
1+0 records in
1+0 records out
536870912 bytes (537 MB) copied, 11.8806 s, 45.2 MB/s


root@Ahasver:~# losetup -f zeros.img


root@Ahasver:~# mke2fs -t ext4 -j -O inline_data /dev/loop0
mke2fs 1.43.3 (04-Sep-2016)
Discarding device blocks: done                            
Creating filesystem with 131072 4k blocks and 32768 inodes
Filesystem UUID: 027504fd-e49d-42a3-bcd5-4ea3a05af5ed
Superblock backups stored on blocks: 
    32768, 98304

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done


root@Ahasver:~# mount /dev/loop0 /mnt


root@Ahasver:~# cd /mnt


root@Ahasver:/mnt# tar -Jxf ~/chroot_with_failing_locales_reconfig.tar.xz 


root@Ahasver:/mnt# cd chroot_with_failing_locales_reconfig/


root@Ahasver:/mnt/chroot_with_failing_locales_reconfig# ./chroot.bash 


root@Ahasver:/# dpkg-reconfigure -u locales
Generating locales (this might take a while)...
  en_US.ISO-8859-1... done
  en_US.UTF-8... done
Generation complete.


root@Ahasver:/# exit


root@Ahasver:/mnt/chroot_with_failing_locales_reconfig# cd


root@Ahasver:~# umount /mnt


root@Ahasver:~# mount -o data=journal /dev/loop0 /mnt


root@Ahasver:~# cd /mnt/chroot_with_failing_locales_reconfig/


root@Ahasver:/mnt/chroot_with_failing_locales_reconfig# ./chroot.bash 


root@Ahasver:/# dpkg-reconfigure -u locales
Generating locales (this might take a while)...
  en_US.ISO-8859-1...Bus error
 done
  en_US.UTF-8...Bus error
 done
Generation complete.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

[Bug 193431] inline_data + journal_data == segfaults/buserrors in userspace mmap

[bugzilla-daemon]

https://bugzilla.kernel.org/show_bug.cgi?id=193431

Peter Rabbitson <rabbit@rabbit.us> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|512 byte inodes +           |inline_data + journal_data
                   |inline_data + journal_data  |== segfaults/buserrors in
                   |== segfaults/buserrors in   |userspace mmap
                   |userspace mmap              |

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

[Bug 193431] inline_data + journal_data == segfaults/buserrors in userspace mmap

[bugzilla-daemon]

https://bugzilla.kernel.org/show_bug.cgi?id=193431

Theodore Tso <tytso@mit.edu> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|---                         |INVALID

--- Comment #4 from Theodore Tso <tytso@mit.edu> ---
It may be a real problem, but if it isn't ext4 specific, you're reporting it to
the wrong place and we won't be able to help you.

Userspace crashes tend to be caused by (surprise!) userspace bugs, and this the
kernel bugzilla.   If you can trim this down to something which makes it clear
that it is ext4 specific issue please feel free to update this bug with this
new information.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

[Bug 193431] inline_data + journal_data == segfaults/buserrors in userspace mmap

[bugzilla-daemon]

https://bugzilla.kernel.org/show_bug.cgi?id=193431

Peter Rabbitson <rabbit@rabbit.us> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|INVALID                     |INSUFFICIENT_DATA

--- Comment #5 from Peter Rabbitson <rabbit@rabbit.us> ---
But it *is* ext4 specific - in
https://bugzilla.kernel.org/show_bug.cgi?id=193431#c3 I repeatably demonstrate
different behavior of a chroot depending solely on whether a fs is mounted with
data=journal or without. That is with a userspace that is as new as it gets (
debian stretch-to-be ).

In the coming days I will try to distill this down further to a standalone
program, but the chance is high I will fail: my C-fu is virtually nonexistent.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.