Bug 1432743

Summary: SEGV in poll_with_variant() due to dereferenced NULL object.
Product: [Fedora] Fedora Reporter: Stef Walter <stefw>
Component: storagedAssignee: Vojtech Trefny <vtrefny>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 25CC: mpitt, phatina, puiterwijk, stefw, tsmetana, vpodzime, vtrefny
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: storaged-2.6.2-3.fc25 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-03-22 19:21:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Stef Walter 2017-03-16 05:28:22 UTC 
Description of problem:

storaged (ie: udisksd) crashes in poll_with_variant() due to dereferenced NULL object. This happens intermittently.

Version-Release number of selected component (if applicable):

storaged-2.6.2-2.fc25.x86_64

How reproducible:

Intermittently. Happens during Cockpit integration tests.

Actual results:

storaged segfaults.

Expected results:

No segfault.

Additional info:
Comment 1 Stef Walter 2017-03-16 05:29:39 UTC 
(gdb) bt
#0  poll_with_variant (pid=2128, info=0x0, error=0x55d314772f10, user_data=0x0)
    at udiskslinuxvolumegroupobject.c:633
#1  0x00007f6a4bdf0baf in variant_reader_watch_child (pid=2128, 
    pid@entry=<error reading variable: value has been optimized out>, 
    status=<error reading variable: value has been optimized out>, 
    user_data=0x55d31488de40, 
    user_data@entry=<error reading variable: value has been optimized out>)
    at udiskslvm2daemonutil.c:285
#2  0x00007f6a5e3178a4 in g_child_watch_dispatch (source=<optimized out>, 
    callback=<optimized out>, user_data=<optimized out>) at gmain.c:5323
#3  0x00007f6a5e31ae52 in g_main_dispatch (context=0x55d314683240)
    at gmain.c:3203
#4  g_main_context_dispatch (context=context@entry=0x55d314683240)
    at gmain.c:3856
#5  0x00007f6a5e31b1d0 in g_main_context_iterate (context=0x55d314683240, 
    block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>)
    at gmain.c:3929
#6  0x00007f6a5e31b4f2 in g_main_loop_run (loop=0x55d314683770) at gmain.c:4125
#7  0x000055d313648a33 in main (argc=<optimized out>, argv=<optimized out>)
    at main.c:180
(gdb) l
628	  UDisksLinuxVolumeGroupObject *object = user_data;
629	  UDisksDaemon *daemon;
630	  GVariantIter *iter;
631	  gboolean needs_polling;
632	
633	  if (pid != object->poll_pid)
634	    {
635	      g_object_unref (object);
636	      return;
637	    }
(gdb) p object
$1 = (UDisksLinuxVolumeGroupObject *) 0x0
Comment 2 Stef Walter 2017-03-16 05:31:38 UTC 
Full logs available here:

https://fedorapeople.org/groups/cockpit/logs/pull-6066-0f20e976-verify-fedora-25/TestStorage-testLvm-10.111.116.95-FAIL.log

Core dump available here:

https://fedorapeople.org/groups/cockpit/logs/pull-6066-0f20e976-verify-fedora-25/TestStorage-testLvm-10.111.116.95-FAIL.core/

Fedora 25 image matching core dump available (for a couple weeks) here:

https://fedorapeople.org/groups/cockpit/images/fedora-25-a26b41703650051000d84559a675e5ac7508208f.qcow2.xz
Comment 3 Stef Walter 2017-03-16 05:32:51 UTC 
Cases of this are being tracked by the Cockpit integration tests here: 

https://github.com/cockpit-project/cockpit/issues/6119
Comment 5 Martin Pitt 2017-03-20 08:56:30 UTC 
For the record: This has allegedly been fixed in https://github.com/storaged-project/udisks/pull/109 already, thus the fix is in 2.6.3. But Fedora 25 only has storaged 2.6.2, hence the Cockpit tests still see it there.
Comment 6 Vratislav Podzimek 2017-03-21 07:24:56 UTC 
(In reply to Martin Pitt from comment #5)
> For the record: This has allegedly been fixed in
> https://github.com/storaged-project/udisks/pull/109 already, thus the fix is
> in 2.6.3. But Fedora 25 only has storaged 2.6.2, hence the Cockpit tests
> still see it there.

Vojto, could you please release new storaged for F25 with fixes from PR #109 as downstream patches?
Comment 7 Fedora Update System 2017-03-21 10:19:11 UTC 
storaged-2.6.2-3.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-46ed2e05c9
Comment 8 Fedora Update System 2017-03-21 17:55:14 UTC 
storaged-2.6.2-3.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-46ed2e05c9
Comment 9 Fedora Update System 2017-03-22 19:21:58 UTC 
storaged-2.6.2-3.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.