Hide Forgot
+++ This bug was initially created as a clone of Bug #1000121 +++ Description of problem: This bug was found by Olaf Hering. Issuing the 'sh' command before mounting any filesystem will cause the daemon to segfault. Version-Release number of selected component (if applicable): libguestfs 1.20.10 libguestfs 1.22.5 libguestfs 1.23.18 How reproducible: 100% Steps to Reproduce: guestfish --ro -v -a /dev/null run : sh "foo" : ls / Actual results: You will see in the debug output that guestfsd has segfaulted. The output will look similar to: guestfsd: error: do_command: you must call 'mount' first to mount the root filesystem *** Error in `guestfsd': free(): invalid pointer: 0x00007fffc1c8d560 *** libguestfs: error: sh: do_command: you must call 'mount' first to mount the root filesystem /init: line 167: 145 Aborted $vg guestfsd Rebooting. (The precise message will differ between versions of libguestfs but it should be obvious that guestfsd has segfaulted) Expected results: guestfsd should return an error and not segfault. Additional info:
https://github.com/libguestfs/libguestfs/commit/fc2947b1125aa34b5f04efd2d39cb82b2ebba586
Reproduce: Version-Release number of selected component: libguestfs-1.20.10-3.el6 [host]#guestfish --ro -v -a /dev/null run : sh "foo" : ls / ....... libguestfs: send_to_daemon: 52 bytes: 00 00 00 30 | 20 00 f5 f5 | 00 00 00 04 | 00 00 00 6f | 00 00 00 00 | ... guestfsd: main_loop: new request, len 0x30 guestfsd: error: do_command: you must call 'mount' first to mount the root filesystem libguestfs: recv_from_daemon: 116 bytes: 20 00 f5 f5 | 00 00 00 04 | 00 00 00 6f | 00 00 00 01 | 00 12 34 00 | ... libguestfs: trace: sh = NULL (error) libguestfs: error: sh: do_command: you must call 'mount' first to mount the root filesystem libguestfs: trace: close libguestfs: closing guestfs handle 0x2034450 (state 2) libguestfs: trace: internal_autosync libguestfs: send_to_daemon: 44 bytes: 00 00 00 28 | 20 00 f5 f5 | 00 00 00 04 | 00 00 01 1a | 00 00 00 00 | ... [ 3.817698] guestfsd[305]: segfault at fffffffffffffff9 ip 0000003f5347b81c sp 00007fff401c3338 error 4 in libc-2.12.so[3f53400000+18b000] /init: line 157: 305 Segmentation fault $vg guestfsd [ 3.860254] sd 2:0:1:0: [sdb] Synchronizing SCSI cache [ 3.961356] Restarting system. There is a segfault message. Verified: Version-Release number of selected component: libguestfs-1.20.11-1.el6 guestfish --ro -v -a /dev/null run : sh "foo" : ls / ...... libguestfs: trace: sh "foo" libguestfs: send_to_daemon: 52 bytes: 00 00 00 30 | 20 00 f5 f5 | 00 00 00 04 | 00 00 00 6f | 00 00 00 00 | ... guestfsd: main_loop: new request, len 0x30 guestfsd: error: do_command: you must call 'mount' first to mount the root filesystem guestfsd: main_loop: proc 111 (sh) libguestfs: recv_from_daemon: 116 bytes: 20 00 f5 f5 | 00 00 00 04 | 00 00 00 6f | 00 00 00 01 | 00 12 34 00 | ... libguestfs: trace: sh = NULL (error) libguestfs: error: sh: do_command: you must call 'mount' first to mount the root filesystem libguestfs: trace: close libguestfs: closing guestfs handle 0x2441450 (state 2) libguestfs: trace: internal_autosync libguestfs: send_to_daemon: 44 bytes: 00 00 00 28 | 20 00 f5 f5 | 00 00 00 04 | 00 00 01 1a | 00 00 00 00 | ... took 0.00 seconds guestfsd: main_loop: new request, len 0x28 fsync /dev/sda guestfsd: main_loop: proc 282 (internal_autosync) took 0.00 seconds libguestfs: recv_from_daemon: 40 bytes: 20 00 f5 f5 | 00 00 00 04 | 00 00 01 1a | 00 00 00 01 | 00 12 34 01 | ... libguestfs: trace: internal_autosync = 0 libguestfs: sending SIGTERM to process 7640 libguestfs: command: run: rm libguestfs: command: run: \ -rf /tmp/libguestfsF1M0mR There is no segfault message.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-1536.html