Bug 785668

Summary: aug-defnode: daemon crash
Product: Red Hat Enterprise Linux 6 Reporter: Jinxin Zheng <jzheng>
Component: libguestfsAssignee: Richard W.M. Jones <rjones>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.3CC: leiwang, moli, qguan, qwan
Target Milestone: betaKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libguestfs-1.16.2-1.el6 Doc Type: Bug Fix
Doc Text:
No Documentation needed.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-20 07:00:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 719879    
Bug Blocks:    
Attachments:
Description Flags
crash debug log
none
verify log (libguestfs-1.16.2-1) none

Description Jinxin Zheng 2012-01-30 09:25:02 UTC 
Created attachment 558294 [details]
crash debug log

Description of problem:
Daemon crashes when executing aug-defnode.

Version-Release number of selected component (if applicable):
libguestfs-1.16.1-1.el6

How reproducible:
100%

Steps to Reproduce:
$ guestfish -a rhel.img <<EOF                      
run
mount /dev/sda1 /
aug-init / 0
aug-defnode node /file/etc/passwd/root 0
EOF

Actual results:
Daemon crashes.

Expected results:
No crash.
Comment 2 Richard W.M. Jones 2012-01-30 10:30:35 UTC 
Simple reproducer:

guestfish --ro -i -a linux.img -v <<EOF
aug-init / 0
aug-defnode node /file/etc/passwd/root 0
EOF

With debugging enabled (-v) it seems to be a segfault
in the daemon:

><fs> aug-defnode node /file/etc/passwd/root 0
libguestfs: send_to_daemon: 88 bytes: 00 00 00 54 | 20 00 f5 f5 | 00 00 00 04 | 00 00 00 12 | 00 00 00 00 | ...
guestfsd: main_loop: proc 16 (aug_init) took 3.76 seconds
guestfsd: main_loop: new request, len 0x54
[   12.422138] guestfsd[107]: segfault at 100000019 ip 0000003a2467cf41 sp 00007fff45462900 error 4 in libc-2.14.90.so[3a24600000+1ab000]
/init: line 147:   107 Segmentation fault      $vg guestfsd
Rebooting.

I enabled valgrind in the daemon and it says:

==106== Invalid free() / delete / delete[]
==106==    at 0x505962E: free (vg_replace_malloc.c:366)
==106==    by 0x41AA66: aug_defnode_stub (stubs.c:552)
==106==    by 0x42C72E: dispatch_incoming_message (stubs.c:9920)
==106==    by 0x417ED3: main_loop (proto.c:193)
==106==    by 0x403DC6: main (guestfsd.c:286)
==106==  Address 0x651f40 is 0 bytes inside data symbol "r.14855"
Comment 3 Richard W.M. Jones 2012-01-30 10:49:16 UTC 
Patch posted upstream:

https://www.redhat.com/archives/libguestfs/2012-January/msg00291.html
Comment 4 Richard W.M. Jones 2012-01-30 11:15:34 UTC 
Patch pushed.  I'll make sure this goes into
libguestfs 1.16.2 and from there into RHEL 6.3
via the rebase.
Comment 10 Richard W.M. Jones 2012-01-31 14:32:35 UTC 
Fix included in 1.16.2.
Comment 12 Qixiang Wan 2012-02-01 06:21:31 UTC 
Created attachment 558756 [details]
verify log (libguestfs-1.16.2-1)

Verified with libguestfs-1.16.2-1.el6. Log is attached.
Comment 13 Richard W.M. Jones 2012-04-26 13:35:45 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No Documentation needed.
Comment 15 errata-xmlrpc 2012-06-20 07:00:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0774.html