Bug#597563: grub-common: grub-probe segfaults scanning lvm devices

Matthew Gabeler-Lee cheetah at fastcat.org
Mon Sep 20 20:28:54 UTC 2010 

Package: grub-common
Version: 1.98+20100804-4
Severity: important

Any invocation of grub-probe that I try on my system, except --help,
segfaults.  From past experience, I know better than to try to reboot,
because this has almost certainly rendered my system unbootable ...

I built a debug version and get this backtrace for
grub-probe --target=device /

Program received signal SIGSEGV, Segmentation fault.
0x0000000000408c6e in grub_memmove (dest=0x733650, src=0x704050, n=144115205507638123)
    at ../../kern/misc.c:61
61              *--d = *--s;
(gdb) bt
#0  0x0000000000408c6e in grub_memmove (dest=0x733650, src=0x704050, n=144115205507638123)
    at ../../kern/misc.c:61
#1  0x00000000004348e8 in grub_lvm_scan_device (name=0x67b470 "hd0,msdos3") at ../../disk/lvm.c:355
#2  0x0000000000407525 in iterate_disk (disk_name=0x66f060 "hd0") at ../../kern/device.c:123
#3  0x000000000040301c in grub_util_biosdisk_iterate (hook=0x7fffffffe2d0) at ../../kern/emu/hostdisk.c:206
#4  0x0000000000407b2e in grub_disk_dev_iterate (hook=0x7fffffffe2d0) at ../../kern/disk.c:212
#5  0x00000000004075ee in grub_device_iterate (hook=0x4345dc <grub_lvm_scan_device>)
    at ../../kern/device.c:168
#6  0x000000000043546e in grub_mod_init (mod=0x0) at ../../disk/lvm.c:679
#7  0x0000000000435456 in grub_lvm_init () at ../../disk/lvm.c:677
#8  0x0000000000435563 in grub_init_all () at grub_probe_init.c:59
#9  0x0000000000402e60 in main (argc=3, argv=0x7fffffffe488) at ../../util/grub-probe.c:443

My that last argument to grub_memmove looks suspicious.  That ridiculous
value appears to be coming from:

(gdb) up
#1  0x00000000004348e8 in grub_lvm_scan_device (name=0x67b470 "hd0,msdos3")
# at ../../disk/lvm.c:355
355           grub_memcpy (metadatabuf + mda_size,
(gdb) list
350       rlocn = mdah->raw_locns;
351       if (grub_le_to_cpu64 (rlocn->offset) + grub_le_to_cpu64
(rlocn->size) >
352           grub_le_to_cpu64 (mdah->size))
353         {
354           /* Metadata is circular. Copy the wrap in place. */
355           grub_memcpy (metadatabuf + mda_size,
356                        metadatabuf + GRUB_LVM_MDA_HEADER_SIZE,
357                        grub_le_to_cpu64 (rlocn->offset) +
358                        grub_le_to_cpu64 (rlocn->size) -
359                        grub_le_to_cpu64 (mdah->size));
(gdb) print rlocn->offset
$9 = 144115188075908096

This looks basically identical to the crash I reported in debian bug 550682,
so I'm going to guess it's a regression of at least a similar underlying
issue.  The patch in that bug that theoretically fixed it, however, has been
applied to this version of grub and yet it still crashes, so that clearly
wasn't the problem.  Also, I tried using snapshot.debian.org to back up to
the version that I said worked for me in that bug, but it's not working now,
so I suspect this isn't quite the same bug.

Curiously, if I run this particular grub-probe invocation as a non-root
user, it works, presumably because it can't access the data that's making it
crash.  Many other grub-probe invocations need to be root in order to work,
so that's not a usable workaround to get things going again.

My disk layout is:
/dev/sd[abcd]: 750gb, all partitioned identically
/dev/sd[abcd]1: 2gb raid1, md0, entire array is the root partition
/dev/sd[abcd]2: 2gb raid1, md1, entire array is swap
/dev/sd[abcd]3: NNNgb raid5, md2, entire array is my one and only lvm pv

lvm pv has several LVs, including ones for /home, /tmp, /usr, and /var. 
/boot is on /, on the raid1.

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.34-1 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages grub-common depends on:
ii  base-files              5.9              Debian base system miscellaneous f
ii  dpkg                    1.15.8.4         Debian package management system
ii  gettext-base            0.18.1.1-2       GNU Internationalization utilities
ii  install-info            4.13a.dfsg.1-5   Manage installed documentation in 
ii  libc6                   2.11.2-5         Embedded GNU C Library: Shared lib
ii  libdevmapper1.02.1      2:1.02.48-3      The Linux Kernel Device Mapper use
ii  libfreetype6            2.4.2-1          FreeType 2 font engine, shared lib
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

Versions of packages grub-common recommends:
pn  os-prober                     <none>     (no description available)

Versions of packages grub-common suggests:
pn  grub-emu                    <none>       (no description available)
pn  multiboot-doc               <none>       (no description available)
ii  xorriso                     0.5.6.pl00-2 command line iso9660+RR manipulati

-- no debconf information

More information about the Pkg-grub-devel mailing list