Bug 1000123

Summary: 'sh' command before mount causes daemon to segfault
Product: Red Hat Enterprise Linux 7 Reporter: Richard W.M. Jones <rjones>
Component: libguestfsAssignee: Richard W.M. Jones <rjones>
Status: CLOSED CURRENTRELEASE QA Contact: Virtualization Bugs <virt-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: acathrow, bfan, leiwang, lkong, mbooth, wshi
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libguestfs-1.22.6-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1000121 Environment:
Last Closed: 2014-06-13 12:29:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1000121    
Bug Blocks:    

Description Richard W.M. Jones 2013-08-22 18:33:52 UTC 
+++ This bug was initially created as a clone of Bug #1000121 +++

Description of problem:

This bug was found by Olaf Hering.

Issuing the 'sh' command before mounting any filesystem will
cause the daemon to segfault.

Version-Release number of selected component (if applicable):

libguestfs 1.20.10
libguestfs 1.22.5
libguestfs 1.23.18

How reproducible:

100%

Steps to Reproduce:

guestfish --ro -v -a /dev/null run : sh "foo" : ls /

Actual results:

You will see in the debug output that guestfsd has segfaulted.
The output will look similar to:

guestfsd: error: do_command: you must call 'mount' first to mount the root filesystem
*** Error in `guestfsd': free(): invalid pointer: 0x00007fffc1c8d560 ***
libguestfs: error: sh: do_command: you must call 'mount' first to mount the root filesystem
/init: line 167:   145 Aborted                 $vg guestfsd
Rebooting.

(The precise message will differ between versions of libguestfs
but it should be obvious that guestfsd has segfaulted)

Expected results:

guestfsd should return an error and not segfault.

Additional info:
Comment 2 Richard W.M. Jones 2013-08-22 18:41:42 UTC 
https://github.com/libguestfs/libguestfs/commit/fc2947b1125aa34b5f04efd2d39cb82b2ebba586
Comment 4 Lingfei Kong 2013-11-01 09:15:11 UTC 
Reproduce:

Version-Release number of selected component: libguestfs-1.22.5-3.el7

Steps:
guestfish --ro -v -a /dev/null run : sh "foo" : ls /

Result: 
guestfsd: error: do_command: you must call 'mount' first to mount the root filesystem
*** Segmentation fault
Register dump:
libguestfs: error: sh: do_command: you must call 'mount' first to mount the root filesystem
libguestfs: closing guestfs handle 0x7fac5c3dacf0 (state 2)
....
/init: line 170:   115 Segmentation fault      $vg guestfsd
Rebooting.

guestfsd segfault.
Comment 5 Lingfei Kong 2013-12-06 08:34:55 UTC 
Verified with libguestfs-1.22.6-15.el7

Step:
#guestfish --ro -v -a /dev/null run : sh "foo" : ls /

.......
udevadm settle
libguestfs: recv_from_daemon: received GUESTFS_LAUNCH_FLAG
libguestfs: [05328ms] appliance is up
guestfsd: main_loop: new request, len 0x30
guestfsd: error: do_command: you must call 'mount' first to mount the root filesystem
guestfsd: main_loop: prlibguestfs: error: sh: do_command: you must call 'mount' first to mount the root filesystem
libguestfs: closing guestfs handle 0x7fa7e8b266b0 (state 2)
oc 111 (sh) took 0.00 seconds
guestfsd: main_loop: new request, len 0x28
fsync /dev/sda
guestfsd: main_loop: proc 282 (internal_autosync) took 0.01 seconds
libguestfs: command: run: rm
libguestfs: command: run: \ -rf /tmp/libguestfsCA3EGv



Also I can not find some words like 'segfault' in the output, so but is fixed.
Comment 6 Ludek Smid 2014-06-13 12:29:03 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.