| Summary: | Anaconda segfaults if console= cmdline is incorrect | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Frank Hirtz <fhirtz> |
| Component: | anaconda | Assignee: | Anaconda Maintenance Team <anaconda-maint-list> |
| Status: | CLOSED WONTFIX | QA Contact: | Release Test Team <release-test-team> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.7 | CC: | cww |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-06-07 22:18:56 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Red Hat Enterprise Linux 6 transitioned to the Production 3 Phase on May 10, 2017. During the Production 3 Phase, Critical impact Security Advisories (RHSAs) and selected Urgent Priority Bug Fix Advisories (RHBAs) may be released as they become available. The official life cycle policy can be reviewed here: http://redhat.com/rhel/lifecycle This issue does not appear to meet the inclusion criteria for the Production Phase 3 and will be marked as CLOSED/WONTFIX. If this remains a critical requirement, please contact Red Hat Customer Support to request a re-evaluation of the issue, citing a clear business justification. Red Hat Customer Support can be contacted via the Red Hat Customer Portal at the following URL: https://access.redhat.com |
Description of problem: We're attempting to install RHEL6 / RHEL5 on IBM LS41 hardware; the installer kernel boots and gets to the point where it tries to start init[1]. That segfaults - and the installer kernel then crashes due to the failure to spawn init. Using RHEL5u8, the error is: init[1]: segfault at 0000000000000000 rip 000000000040063c rsp 00007fff661bf9b0 Using RHEL6u2, the error is: init[1]: segfault at 0 ip 0000000000401f9f sp 00007fffb02dec60 error 4 in init[400000+6000] Kernel panic - not syncing: Attempted to kill init! Pid: 1, comm: init Tainted: G I--------------- 2.6.32-279.el6.x86_64 #1 Call Trace: [<ffffffff814fd11a>] ? panic+0xa0/0x168 [<ffffffff81070bd2>] ? do_exit+0x862/0x870 [<ffffffff81070c38>] ? do_group_exit+0x58/0xd0 [<ffffffff81070cc7>] ? sys_exit_group+0x17/0x20 [<ffffffff8100b0f2>] ? system_call_fastpath+0x16/0x1b Now if I unpack the corresponding initrds and look at the init binary itself, one can find, thanks objdump: For the RHEL5u8 image (which crashes in 0x40063c): 40062f: 48 89 c6 mov %rax,%rsi 400632: bf b3 33 46 00 mov $0x4633b3,%edi 400637: b9 0a 00 00 00 mov $0xa,%ecx 40063c: f3 a6 repz cmpsb %es:(%rdi),%ds:(%rsi) 4633b0 7a65002f 6465762f 68766330 00544552 ze./dev/hvc0.TER For the RHEL6u2 image one finds: 401f92: bf b1 48 40 00 mov $0x4048b1,%edi 401f97: b9 0a 00 00 00 mov $0xa,%ecx 401f9c: 48 89 c6 mov %rax,%rsi 401f9f: f3 a6 repz cmpsb %es:(%rdi),%ds:(%rsi) 4048a8 2077696e 73697a65 002f6465 762f6876 winsize./dev/hv 4048b8 63300054 45524d3d 76743332 30005445 c0.TERM=vt320.TE This is the same code in init: <snip> 182 static int setupTerminal(int fd) { [ ... ] 200 if (!strcmp(ttyname(fd), "/dev/hvc0")) { 201 /* using an HMC on a POWER system, use vt320 */ 202 env[ENV_TERM] = "TERM=vt320"; 203 } else { [ ... ] </snip> and it crashes because ttyname(fd) returns NULL. That as such is perfectly legal. The request is to wrap that 'ttyname()' call so it does a NULL check before trying to do the comparison. Version-Release number of selected component (if applicable): How reproducible: Specify a non-existent console in 'console=' cmdline. Actual results: Boom. Expected results: No Boom.