Bug#473209: More info

Sami Liedes sliedes at cc.hut.fi
Sat Apr 5 13:39:22 UTC 2008 

I initially had the same problem with "Cannot get the real path of
/dev/hda".

My device.map was from 2006, so I recreated it with

   rm /boot/grub/device.map && grub --device-map

and got the device paths corrected to /dev/sd?.

However now update-grub hangs pretty much forever, and I get messages
like this on my kernel log:

------------------------------------------------------------
[4520359.961987] end_request: I/O error, dev fd0, sector 0
[4520372.128819] end_request: I/O error, dev fd0, sector 0
[4520384.295621] end_request: I/O error, dev fd0, sector 0
[4520384.295633] Buffer I/O error on device fd0, logical block 0
[4520396.461384] end_request: I/O error, dev fd0, sector 0
[4520396.461396] Buffer I/O error on device fd0, logical block 0
[4520408.628195] end_request: I/O error, dev fd0, sector 0
[4520420.797716] end_request: I/O error, dev fd0, sector 0
[4520420.797722] Buffer I/O error on device fd0, logical block 0
[4520432.972089] end_request: I/O error, dev fd0, sector 0
[4520432.972102] Buffer I/O error on device fd0, logical block 0
[4520467.706750] end_request: I/O error, dev fd0, sector 0
[4520479.878390] end_request: I/O error, dev fd0, sector 0
[4520492.048230] end_request: I/O error, dev fd0, sector 0
[4520492.048236] Buffer I/O error on device fd0, logical block 0
...
------------------------------------------------------------

I rmmod'd the floppy module and recreated device.map. /dev/fd0 is
still added to the map, and after that update-grub fails with 

   grub-probe: error: Cannot get the real path of `/dev/fd0'

.

If I remove or comment out the (fd0) line in device.map, after that
update-grub silently fails (no error printed, but exit code is 139 -
the culprit is grub-probe *segfaulting*). Kernel logs show no oops, so
I guess it's a user space thing, not the kernel crashing. (This might
be another bug, but since I hit it when inspecting this one, I'll
describe it here.)

I rebuilt grub-common with debug syms and got a backtrace. The crash
occurs in the LVM code. Curiously the crash happens when calling
grub_lvm_scan_device("hd0,3"), not while probing for the floppy disk.

------------------------------------------------------------
# gdb --args grub-probe -t device fd0
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu"...
(gdb) r
Starting program: /usr/sbin/grub-probe -t device fd0

Program received signal SIGSEGV, Segmentation fault.
0x000000000040589d in grub_memmove (dest=0x7fff8774e2c0, src=0x6, n=37) at /home/sliedes/rec/grub2-1.96+20080228/kern/misc.c:43
43              *--d = *--s;
(gdb) bt
#0  0x000000000040589d in grub_memmove (dest=0x7fff8774e2c0, src=0x6, n=37) at /home/sliedes/rec/grub2-1.96+20080228/kern/misc.c:43
#1  0x000000000041f3d0 in grub_lvm_scan_device (name=0x6350c0 "hd0,3") at /home/sliedes/rec/grub2-1.96+20080228/disk/lvm.c:310
#2  0x00000000004044a1 in iterate_partition (disk=0x635010, partition=0x7fff8774e9d0) at /home/sliedes/rec/grub2-1.96+20080228/kern/device.c:132
#3  0x000000000041c551 in pc_partition_map_iterate (disk=0x635010, hook=0x7fff8774eb8f) at /home/sliedes/rec/grub2-1.96+20080228/partmap/pc.c:153
#4  0x000000000040808f in grub_partition_iterate (hook=0x7fff8774eb8f) at /home/sliedes/rec/grub2-1.96+20080228/kern/partition.c:126
#5  0x0000000000404535 in iterate_disk (disk_name=0x7fff8774eae0 "hd0") at /home/sliedes/rec/grub2-1.96+20080228/kern/device.c:101
#6  0x0000000000401e37 in call_hook (hook=0x7fff8774eb78, drive=128) at /home/sliedes/rec/grub2-1.96+20080228/util/biosdisk.c:131
#7  0x0000000000401e6c in grub_util_biosdisk_iterate (hook=0x7fff8774eb78) at /home/sliedes/rec/grub2-1.96+20080228/util/biosdisk.c:140
#8  0x0000000000404985 in grub_disk_dev_iterate (hook=0x7fff8774eb78) at /home/sliedes/rec/grub2-1.96+20080228/kern/disk.c:205
#9  0x00000000004043f4 in grub_device_iterate (hook=0x41f080 <grub_lvm_scan_device>) at /home/sliedes/rec/grub2-1.96+20080228/kern/device.c:138
#10 0x000000000041faeb in grub_mod_init (mod=0x0) at /home/sliedes/rec/grub2-1.96+20080228/disk/lvm.c:511
#11 0x000000000041fad3 in grub_lvm_init () at /home/sliedes/rec/grub2-1.96+20080228/disk/lvm.c:509
#12 0x0000000000420ca0 in grub_init_all () at grub_probe_init.c:44
#13 0x0000000000401cc1 in main (argc=4, argv=0x7fff8774ed38) at /home/sliedes/rec/grub2-1.96+20080228/util/grub-probe.c:355
------------------------------------------------------------

There's something hairy going on with the metadata buffer, and at
least it seems the grub_strstr() return value should be checked:

------------------------------------------------------------
(gdb) up
#1  0x000000000041f3d0 in grub_lvm_scan_device (name=0x6350c0 "hd0,3") at /home/sliedes/rec/grub2-1.96+20080228/disk/lvm.c:310
310       grub_memcpy (vg_id, p, GRUB_LVM_ID_STRLEN);
(gdb) print p
$1 = 0x6 <Address 0x6 out of bounds>
(gdb) l
305
306       grub_memcpy (vgname, p, vgname_len);
307       vgname[vgname_len] = '\0';
308
309       p = grub_strstr (q, "id = \"") + sizeof ("id = \"") - 1;
310       grub_memcpy (vg_id, p, GRUB_LVM_ID_STRLEN);
311       vg_id[GRUB_LVM_ID_STRLEN] = '\0';
312
313       for (vg = vg_list; vg; vg = vg->next)
314         {
(gdb) print q
$2 = 0x66b5b4 " LVM2 x[5A%r0N*>\001"
(gdb) print metadatabuf
$3 = 0x66b5b0 "\033Ç5` LVM2 x[5A%r0N*>\001"
(gdb) info locals
err = GRUB_ERR_NONE
disk = (grub_disk_t) 0x6350e0
da_offset = 196608
da_size = 0
mda_offset = 4096
mda_size = 192512
buf = "LABELONE\001\000\000\000\000\000\000\000\226°ÐË \000\000\000LVM2 001Tuf1htoXt6rUT4rRoUEhfsX0hI0vYetY\000\000öø\r\000\000\000\000\000\003", '\0' <repeats 30 times>, "\020\000\000\000\000\000\000\000ð\002", '\0' <repeats 396 times>
vg_id = "\214f@\000\000\000\000\000°ãt\207ÿ\177\000\000°ãt\207ÿ\177\000\000y1-FszJ-0ãt\207ÿ\177"
pv_id = "Tuf1ht-oXt6-rUT4-rRoU-Ehfs-X0hI-0vYetY"
metadatabuf = 0x66b5b0 "\033Ç5` LVM2 x[5A%r0N*>\001"
p = 0x6 <Address 0x6 out of bounds>
q = 0x66b5b4 " LVM2 x[5A%r0N*>\001"
vgname = 0x6387d0 "\033Ç5`"
lh = (struct grub_lvm_label_header *) 0x7fff8774e2f0
pvh = (struct grub_lvm_pv_header *) 0x7fff8774e310
dlocn = (struct grub_lvm_disk_locn *) 0x7fff8774e368
mdah = (struct grub_lvm_mda_header *) 0x66b5b0
rlocn = (struct grub_lvm_raw_locn *) 0x66b5d8
i = 32
j = 38
vgname_len = 4
vg = (struct grub_lvm_vg *) 0x0
pv = (struct grub_lvm_pv *) 0x2b62235e6d26
(gdb)
------------------------------------------------------------

hd0 is /dev/sda in devices.map, and this is what /dev/sda looks like:

------------------------------------------------------------
$ sudo fdisk -l /dev/sda

Disk /dev/sda: 80.0 GB, 80054059008 bytes
255 heads, 63 sectors/track, 9732 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x2514e14e

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1               1          20      160618+  83  Linux
/dev/sda2              21         212     1542240   8e  Linux LVM
/dev/sda3             213        7508    58605120   8e  Linux LVM
/dev/sda4   *        7509        9732    17864280    c  W95 FAT32 (LBA)
------------------------------------------------------------

The computer is an amd64 box with lvm2. /dev/sda1 is an ext2 /boot
partition, root is crypted and initramfs is used to set things up in
the boot.

------------------------------------------------------------
$ mount
/dev/mapper/root-decrypted on / type ext3 (rw,errors=remount-ro,commit=120)
tmpfs on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
proc on /proc type proc (rw,noexec,nosuid,nodev)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
procbususb on /proc/bus/usb type usbfs (rw)
udev on /dev type tmpfs (rw,mode=0755)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=620)
/dev/mapper/sda1 on /boot type ext2 (rw)
/home on /var/chroot/ia32/home type none (rw,bind)
/tmp on /var/chroot/ia32/tmp type none (rw,bind)
proc on /var/chroot/ia32/proc type proc (rw)
nfsd on /proc/fs/nfsd type nfsd (rw)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,noexec,nosuid,nodev)
rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
------------------------------------------------------------

Relevant packages:

------------------------------------------------------------
ii  grub             0.97-35            GRand Unified Bootloader (Legacy version)
ii  grub-common      1.96+20080228-1    GRand Unified Bootloader, version 2 (common files)
ii  grub-doc         0.97-35            Documentation for GRand Unified Bootloader (dummy package)
un  grub-efi         <none>             (no description available)
un  grub-ieee1275    <none>             (no description available)
ii  grub-legacy-doc  0.97-35            Documentation for GRUB Legacy
un  grub-linuxbios   <none>             (no description available)
un  grub-pc          <none>             (no description available)
un  grub2            <none>             (no description available)
------------------------------------------------------------

	Sami
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-grub-devel/attachments/20080405/1ffad164/attachment.pgp

More information about the Pkg-grub-devel mailing list