[Filesystems-devel] Bug#955549: [f2fs-dev] Bug#955549: f2fs-tools: fsck.f2fs segfaults

Wed Apr 15 04:28:46 BST 2020

On 2020/4/10 7:32, Adam Borowski wrote:
> On Tue, Apr 07, 2020 at 06:22:19PM +0800, Chao Yu wrote:
>> I figured out two patches to fix segfault issues, could you please have
>> a try:
>>
>> 	fsck.f2fs: fix to check validation of i_xattr_nid
>> 	fsck.f2fs: fix to check validation of block address
>>
>> In addition, I found that fsck main flow failed because it can not load root
>> inode based on wrong block address in nat, so I wrote another patch to enable
>> fsck to lookup root inode by traversing all nodes in f2fs main area, and relink
>> nat to root inode correctly.
>>
>> 	fsck.f2fs: lookup and relink root inode
> 
> I still get a segfault:

Oops..

> 
> Program received signal SIGSEGV, Segmentation fault.
> 0x0000555555564444 in print_inode_info (sbi=0x555555584ca0 <gfsck>, node=0x55555558f170, name=<optimized out>) at mount.c:240
> 240			block_t blkaddr = le32_to_cpu(inode->i_addr[i + ofs]);
> (gdb) bt
> #0  0x0000555555564444 in print_inode_info (sbi=0x555555584ca0 <gfsck>, node=0x55555558f170, name=<optimized out>) at mount.c:240
> #1  0x0000555555564c4e in print_node_info (sbi=<optimized out>, node_block=<optimized out>, verbose=<optimized out>) at mount.c:278
> #2  0x000055555556317f in dump_node (sbi=sbi at entry=0x555555584ca0 <gfsck>, nid=nid at entry=2861, force=force at entry=1) at dump.c:511
> #3  0x0000555555561060 in fsck_verify (sbi=0x555555584ca0 <gfsck>) at fsck.c:3259
> #4  0x000055555555799a in do_fsck (sbi=0x555555584ca0 <gfsck>) at main.c:698
> #5  main (argc=<optimized out>, argv=<optimized out>) at main.c:864

Fixed with

[PATCH] fsck.f2fs: fix to avoid overflow during print_inode_info()

Thanks,

> 
>> With this patch, image can be fixed and mounted later, although, most of files
>> were deleted due to seriously damaged f2fs metadata....
> 
> Yeah, I've later tested the hardware -- writes to it are borked, so no
> complaint against the filesystem failing.  I got backups. :)
> 
>> The patches were made on top of dev-test branch of Jaegeuk's tree:
>> https://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs-tools.git/log/?h=dev-test
> 
>>>>>> #0  0x00005555555593ec in memcpy (__len=18446744073323892736, __src=0x55555560760c, __dest=0x7fffffffe000) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34
>>>
>>> At a glance, immediate reason of this issue is we didn't check inode.i_namelen's
>>> validation.
>>>
>>>>>> #1  convert_encrypted_name (name=name at entry=0x55555560760c " ", len=-385658880, new=new at entry=0x7fffffffe000 " ", enc_name=<optimized out>) at fsck.c:1132
>>>>>> #2  0x0000555555562286 in print_inode_info (sbi=0x55555557db20 <gfsck>, node=0x5555556075b0, name=1) at mount.c:183
>>>>>> #3  0x0000555555562a46 in print_node_info (sbi=<optimized out>, node_block=<optimized out>, verbose=<optimized out>) at mount.c:277
>>>>>> #4  0x0000555555560d3f in dump_node (sbi=sbi at entry=0x55555557db20 <gfsck>, nid=nid at entry=24274, force=force at entry=1) at dump.c:520
>>>>>> #5  0x000055555555e94c in fsck_verify (sbi=0x55555557db20 <gfsck>) at fsck.c:2568
>>>>>> #6  0x000055555555699b in do_fsck (sbi=0x55555557db20 <gfsck>) at main.c:569
> 
> 
> Meow!
> 