Bug#474343: More info

Sami Liedes Mon, 07 Apr 2008 11:02:28 -0700

I have the same problem and inspected it, here's a copy of the
relevant portion of my mail to #473209:


----- Forwarded message from Sami Liedes <[EMAIL PROTECTED]> -----

Date: Sat, 5 Apr 2008 16:39:22 +0300
From: Sami Liedes <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: More info

[...]

If I remove or comment out the (fd0) line in device.map, after that
update-grub silently fails (no error printed, but exit code is 139 -
the culprit is grub-probe *segfaulting*). Kernel logs show no oops, so
I guess it's a user space thing, not the kernel crashing. (This might
be another bug, but since I hit it when inspecting this one, I'll
describe it here.)

I rebuilt grub-common with debug syms and got a backtrace. The crash
occurs in the LVM code. Curiously the crash happens when calling
grub_lvm_scan_device("hd0,3"), not while probing for the floppy disk.

Also attached further below the information you requested previously
in this bug report (inspecting p at a breakpoint).

------------------------------------------------------------
# gdb --args grub-probe -t device fd0
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu"...
(gdb) r
Starting program: /usr/sbin/grub-probe -t device fd0

Program received signal SIGSEGV, Segmentation fault.
0x000000000040589d in grub_memmove (dest=0x7fff8774e2c0, src=0x6, n=37) at 
/home/sliedes/rec/grub2-1.96+20080228/kern/misc.c:43
43              *--d = *--s;
(gdb) bt
#0  0x000000000040589d in grub_memmove (dest=0x7fff8774e2c0, src=0x6, n=37) at 
/home/sliedes/rec/grub2-1.96+20080228/kern/misc.c:43
#1  0x000000000041f3d0 in grub_lvm_scan_device (name=0x6350c0 "hd0,3") at 
/home/sliedes/rec/grub2-1.96+20080228/disk/lvm.c:310
#2  0x00000000004044a1 in iterate_partition (disk=0x635010, 
partition=0x7fff8774e9d0) at 
/home/sliedes/rec/grub2-1.96+20080228/kern/device.c:132
#3  0x000000000041c551 in pc_partition_map_iterate (disk=0x635010, 
hook=0x7fff8774eb8f) at /home/sliedes/rec/grub2-1.96+20080228/partmap/pc.c:153
#4  0x000000000040808f in grub_partition_iterate (hook=0x7fff8774eb8f) at 
/home/sliedes/rec/grub2-1.96+20080228/kern/partition.c:126
#5  0x0000000000404535 in iterate_disk (disk_name=0x7fff8774eae0 "hd0") at 
/home/sliedes/rec/grub2-1.96+20080228/kern/device.c:101
#6  0x0000000000401e37 in call_hook (hook=0x7fff8774eb78, drive=128) at 
/home/sliedes/rec/grub2-1.96+20080228/util/biosdisk.c:131
#7  0x0000000000401e6c in grub_util_biosdisk_iterate (hook=0x7fff8774eb78) at 
/home/sliedes/rec/grub2-1.96+20080228/util/biosdisk.c:140
#8  0x0000000000404985 in grub_disk_dev_iterate (hook=0x7fff8774eb78) at 
/home/sliedes/rec/grub2-1.96+20080228/kern/disk.c:205
#9  0x00000000004043f4 in grub_device_iterate (hook=0x41f080 
<grub_lvm_scan_device>) at 
/home/sliedes/rec/grub2-1.96+20080228/kern/device.c:138
#10 0x000000000041faeb in grub_mod_init (mod=0x0) at 
/home/sliedes/rec/grub2-1.96+20080228/disk/lvm.c:511
#11 0x000000000041fad3 in grub_lvm_init () at 
/home/sliedes/rec/grub2-1.96+20080228/disk/lvm.c:509
#12 0x0000000000420ca0 in grub_init_all () at grub_probe_init.c:44
#13 0x0000000000401cc1 in main (argc=4, argv=0x7fff8774ed38) at 
/home/sliedes/rec/grub2-1.96+20080228/util/grub-probe.c:355
------------------------------------------------------------

There's something hairy going on with the metadata buffer, and at
least it seems the grub_strstr() return value should be checked:

------------------------------------------------------------
(gdb) up
#1  0x000000000041f3d0 in grub_lvm_scan_device (name=0x6350c0 "hd0,3") at 
/home/sliedes/rec/grub2-1.96+20080228/disk/lvm.c:310
310       grub_memcpy (vg_id, p, GRUB_LVM_ID_STRLEN);
(gdb) print p
$1 = 0x6 <Address 0x6 out of bounds>
(gdb) l
305
306       grub_memcpy (vgname, p, vgname_len);
307       vgname[vgname_len] = '\0';
308
309       p = grub_strstr (q, "id = \"") + sizeof ("id = \"") - 1;
310       grub_memcpy (vg_id, p, GRUB_LVM_ID_STRLEN);
311       vg_id[GRUB_LVM_ID_STRLEN] = '\0';
312
313       for (vg = vg_list; vg; vg = vg->next)
314         {
(gdb) print q
$2 = 0x66b5b4 " LVM2 x[5A%r0N*>\001"
(gdb) print metadatabuf
$3 = 0x66b5b0 "\033Ç5` LVM2 x[5A%r0N*>\001"
(gdb) info locals
err = GRUB_ERR_NONE
disk = (grub_disk_t) 0x6350e0
da_offset = 196608
da_size = 0
mda_offset = 4096
mda_size = 192512
buf = "LABELONE\001\000\000\000\000\000\000\000\226°ÐË \000\000\000LVM2 
001Tuf1htoXt6rUT4rRoUEhfsX0hI0vYetY\000\000öø\r\000\000\000\000\000\003", '\0' 
<repeats 30 times>, "\020\000\000\000\000\000\000\000ð\002", '\0' <repeats 396 
times>
vg_id = "[EMAIL PROTECTED]"
pv_id = "Tuf1ht-oXt6-rUT4-rRoU-Ehfs-X0hI-0vYetY"
metadatabuf = 0x66b5b0 "\033Ç5` LVM2 x[5A%r0N*>\001"
p = 0x6 <Address 0x6 out of bounds>
q = 0x66b5b4 " LVM2 x[5A%r0N*>\001"
vgname = 0x6387d0 "\033Ç5`"
lh = (struct grub_lvm_label_header *) 0x7fff8774e2f0
pvh = (struct grub_lvm_pv_header *) 0x7fff8774e310
dlocn = (struct grub_lvm_disk_locn *) 0x7fff8774e368
mdah = (struct grub_lvm_mda_header *) 0x66b5b0
rlocn = (struct grub_lvm_raw_locn *) 0x66b5d8
i = 32
j = 38
vgname_len = 4
vg = (struct grub_lvm_vg *) 0x0
pv = (struct grub_lvm_pv *) 0x2b62235e6d26
(gdb)
------------------------------------------------------------

hd0 is /dev/sda in devices.map, and this is what /dev/sda looks like:

------------------------------------------------------------
$ sudo fdisk -l /dev/sda

Disk /dev/sda: 80.0 GB, 80054059008 bytes
255 heads, 63 sectors/track, 9732 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x2514e14e

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1               1          20      160618+  83  Linux
/dev/sda2              21         212     1542240   8e  Linux LVM
/dev/sda3             213        7508    58605120   8e  Linux LVM
/dev/sda4   *        7509        9732    17864280    c  W95 FAT32 (LBA)
------------------------------------------------------------

The computer is an amd64 box with lvm2. /dev/sda1 is an ext2 /boot
partition, root is crypted and initramfs is used to set things up in
the boot.

------------------------------------------------------------
$ mount
/dev/mapper/root-decrypted on / type ext3 (rw,errors=remount-ro,commit=120)
tmpfs on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
proc on /proc type proc (rw,noexec,nosuid,nodev)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
procbususb on /proc/bus/usb type usbfs (rw)
udev on /dev type tmpfs (rw,mode=0755)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=620)
/dev/mapper/sda1 on /boot type ext2 (rw)
/home on /var/chroot/ia32/home type none (rw,bind)
/tmp on /var/chroot/ia32/tmp type none (rw,bind)
proc on /var/chroot/ia32/proc type proc (rw)
nfsd on /proc/fs/nfsd type nfsd (rw)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc 
(rw,noexec,nosuid,nodev)
rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
------------------------------------------------------------

        Sami

----- End forwarded message -----



And the breakpoint inspection:

------------------------------------------------------------
# gdb --args grub-probe -t device /
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu"...
(gdb) b main
Breakpoint 1 at 0x401a38: file 
/home/sliedes/rec/grub2-1.96+20080228/util/grub-probe.c, line 274.
(gdb) r
Starting program: /usr/sbin/grub-probe -t device /

Breakpoint 1, main (argc=4, argv=0x7fff55462a48) at 
/home/sliedes/rec/grub2-1.96+20080228/util/grub-probe.c:274
274       char *dev_map = 0;
(gdb) b disk/lvm.c:376
No source file named disk/lvm.c.
Make breakpoint pending on future shared library load? (y or [n]) n
(gdb) q
The program is running.  Exit anyway? (y or n) y
[EMAIL PROTECTED]:~/prog# gdb --args grub-probe -t device /
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu"...
(gdb) b lvm.c:376
Breakpoint 1 at 0x41f63f: file 
/home/sliedes/rec/grub2-1.96+20080228/disk/lvm.c, line 376.
(gdb) r
Starting program: /usr/sbin/grub-probe -t device /

Breakpoint 1, grub_lvm_scan_device (name=0x9b70a0 "hd0,2") at 
/home/sliedes/rec/grub2-1.96+20080228/disk/lvm.c:376
376           p += 18;
(gdb) print p
$1 = 0x7f3c761c254a "logical_volumes {\nmy_region {\nid = 
\"jcoVBz-tVex-IhM8-4zNy-2oeG-TABN-Sm2bqF\"\nstatus = [\"READ\", \"WRITE\", 
\"VISIBLE\"]\nsegment_count = 1\nsegment1 {\nstart_extent = 0\nextent_count = 
7968\ntype = \"striped\"\nstr"...
(gdb) call puts(p)
logical_volumes {
my_region {
id = "jcoVBz-tVex-IhM8-4zNy-2oeG-TABN-Sm2bqF"
status = ["READ", "WRITE", "VISIBLE"]
segment_count = 1
segment1 {
start_extent = 0
extent_count = 7968
type = "striped"
stripe_count = 1
stripes = [
"pv0",0
]
}
}
test-region {
id = "2T2His-IcPA-dUJW-8yhq-Rzpr-lQMr-bcIkEK"
status = ["READ", "WRITE", "VISIBLE"]
segment_count = 1
segment1 {
start_extent = 0
extent_count = 1533
type = "striped"
stripe_count = 1
stripes = [
"pv1",31
]
}
}
swap0-crypted {
id = "gbtUqR-s0vT-X5bK-jO6f-deo5-x4xl-iXYJh7"
status = ["READ", "WRITE", "VISIBLE"]
segment_count = 1
segment1 {
start_extent = 0
extent_count = 45
type = "striped"
stripe_count = 3
stripe_size = 128
stripes = [
"pv1",0,
"pv2",0,
"pv3",0
]
}
}
test-region2 {
id = "lUqjeF-uyWJ-TAqN-m74O-K6ve-I0iE-nWn0MU"
status = ["READ", "WRITE", "VISIBLE"]
segment_count = 1
segment1 {
start_extent = 0
extent_count = 4917
type = "striped"
stripe_count = 1
stripes = [
"pv4",0
]
}
}
}
}
# Generated by EVMS: Thu Dec 20 14:42:25 2007

contents = "Text Format Volume Group"
version = 1
description = ""
creation_host = "lh"    # Linux lh 2.6.23.8-sli #1 PREEMPT Thu Nov 22 00:04:33 
EET 2007 x86_64
creation_time = 1198154545      # Thu Dec 20 14:42:25 2007


$2 = 1216
(gdb)
------------------------------------------------------------

Hope this helps.

        Sami

signature.asc
Description: Digital signature

Bug#474343: More info

Reply via email to