Nice catch
But Li Jinlin has also found this problem, and sent a patch:
"[PATCH] tune2fs: exit directly when fs freed in ext2fs_run_ext3_journal"
On 2022/9/23 21:27, Lubomir Rintel wrote:
> Got a crash:
>
> Starting program: e2fsprogs-1.46.5/misc/tune2fs -O ^has_journal -ff /dev/sdh2
> tune2fs 1.46.5 (30-Dec-2021)
> Recovering journal.
> tune2fs: Unknown code ____ 251 while recovering journal.
> Please run e2fsck -fy /dev/sdh2.
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007ffff7f8565a in ext2fs_mmp_stop (fs=0x0) at ../mmp.c:405
> 405 if (!ext2fs_has_feature_mmp(fs->super) ||
> (gdb) bt
> #0 0x00007ffff7f8565a in ext2fs_mmp_stop (fs=0x0) at ../mmp.c:405
> #1 0x000055555555acd8 in main (argc=<optimized out>, argv=<optimized out>) at /home/lkundrak/fedora/e2fsprogs/e2fsprogs-1.46.5/misc/tune2fs.c:3441
> (gdb)
>
> Turns out, ext2fs_run_ext3_journal() can close fs and then fail. If that
> happened, we shall not jump to closefs:, quit right away instead.
>
> Signed-off-by: Lubomir Rintel <lkundrak@xxxxx>
> ---
> misc/tune2fs.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/misc/tune2fs.c b/misc/tune2fs.c
> index 088f87e5..96cfd001 100644
> --- a/misc/tune2fs.c
> +++ b/misc/tune2fs.c
> @@ -3345,7 +3345,10 @@ _("Warning: The journal is dirty. You may wish to replay the journal like:\n\n"
> "while recovering journal.\n");
> printf(_("Please run e2fsck -fy %s.\n"), argv[1]);
> rc = 1;
> - goto closefs;
> + if (fs)
> + goto closefs;
> + else
> + return 1;
> }
> sb = fs->super;
> }
>
