1776468 – virt-v2v segfaults when called with --key option

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1776468 - virt-v2v segfaults when called with --key option

Summary: virt-v2v segfaults when called with --key option

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	libguestfs
Sub Component:
Version:	7.7
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	urgent
Target Milestone:	rc
Target Release:	---
Assignee:	Richard W.M. Jones
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:	V2V
Depends On:
Blocks:	1779120 1781154
TreeView+	depends on / blocked

Reported:	2019-11-25 17:55 UTC by Fabien Dupont
Modified:	2020-03-31 19:55 UTC (History)
CC List:	10 users (show)
Fixed In Version:	libguestfs-1.40.2-9.el7
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1779120 1781154 (view as bug list)
Environment:
Last Closed:	2020-03-31 19:55:04 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2020:1082	0	None	None	None	2020-03-31 19:55:41 UTC

Description Fabien Dupont 2019-11-25 17:55:53 UTC

Description of problem:
When runnning virt-v2v with --key option to convert a virtual machine with LUKS encrypted devices, the process segfaults, with the following error message: *** Error in `/usr/bin/virt-v2v': realloc(): invalid next size: 0x000055ea09ac1bf0 ***.

Version-Release number of selected component (if applicable): 1.40.2-5.el7_7.1.x86_64

How reproducible: Always


Steps to Reproduce:
1. Run virt-v2v with --key option

Actual results: Process segfaults

Expected results: Process converts the virtual machine


Additional info:
The fix already exist: https://github.com/libguestfs/libguestfs-common/commit/8c42f772614b44a8cb974afa904ec9f518431ab2

Comment 2 Jaroslav Suchanek 2019-12-04 15:30:23 UTC

This bug will be addressed in next major release.

Comment 9 liuzi 2019-12-09 08:56:12 UTC

Try to reproduce the bug with builds:
virt-v2v-1.40.2-5.el7_7.1.x86_64
libguestfs-1.40.2-5.el7_7.1.x86_64
qemu-kvm-rhev-2.12.0-33.el7_7.4.x86_64

Steps:
1.Prepare a rhel7 guest with LUKS encrypted devices on ESXI6.7
# lsblk
NAME                                          MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
sda                                             8:0    0   16G  0 disk 
├─sda1                                          8:1    0    1G  0 part  /boot
└─sda2                                          8:2    0   15G  0 part 
  └─luks-383d1b33-687e-44ec-a405-51aee70ecedb 253:0    0   15G  0 crypt
    ├─rhel-root                               253:1    0 13.4G  0 lvm   /
    └─rhel-swap                               253:2    0  1.6G  0 lvm   [SWAP]
sr0                                            11:0    1 1024M  0 rom  

2.Use virt-v2v to convert the above guest with --key parameter
# virt-v2v -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 esx6.7-rhel7.5-encrypted  -o rhv -os 10.66.144.40:/home/nfs_export --password-file /home/passwd --key "/dev/sda2":key:12345678
[   0.0] Opening the source -i libvirt -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 esx6.7-rhel7.5-encrypted
[   1.9] Creating an overlay to protect the source from being modified
[   2.7] Opening the overlay
[  22.9] Inspecting the overlay
[ 162.6] Checking for sufficient free disk space in the guest
[ 162.6] Estimating space required on target for each disk
[ 162.6] Converting Red Hat Enterprise Linux Server 7.5 (Maipo) to run on KVM
virt-v2v: This guest has virtio drivers installed.
[1552.9] Mapping filesystem data to avoid copying unused and blank areas
virt-v2v: warning: fstrim on guest filesystem /dev/rhel/root failed.  
Usually you can ignore this message.  To find out more read "Trimming" in 
virt-v2v(1).

Original message: fstrim: fstrim: /sysroot/: the discard operation is not 
supported
[1554.6] Closing the overlay
[1554.7] Assigning disks to buses
[1554.7] Checking if the guest needs BIOS or UEFI to boot
[1554.7] Initializing the target -o rhv -os 10.66.144.40:/home/nfs_export
[1554.9] Copying disk 1/1 to /tmp/v2v.BxCoh4/5792ab14-7746-4340-a27d-845dc12b8db9/images/7cc902ee-290f-4cde-bab0-716feb76105c/67c59ff4-3717-4eba-b3df-4056efd7f367 (raw)
    (100.00/100%)
[2793.9] Creating output metadata
[2793.9] Finishing off


Hi Fabien
I try to reproduce this bug as above steps,but virt-v2v can convert the guest successfully without error info.
Could you help to check my steps?is there anything wrong for reproducing the bug?

Comment 10 Richard W.M. Jones 2019-12-09 08:59:51 UTC

zili, it only crashes when you use the --key option more than once.

There is a simpler reproducer (using guestfish) here:
https://github.com/libguestfs/libguestfs-common/commit/8c42f772614b44a8cb974afa904ec9f518431ab2.patch

Comment 12 liuzi 2019-12-10 03:57:38 UTC

Thanks for Richard's reply.

Try to reproduce the bug with builds:
virt-v2v-1.40.2-5.el7_7.1.x86_64
libguestfs-1.40.2-5.el7_7.1.x86_64
qemu-kvm-rhev-2.12.0-33.el7_7.4.x86_64

Steps:
1.Prepare a rhel7 guest with two LUKS encrypted devices on ESXI6.7
# lsblk
NAME          MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
sda             8:0    0    7G  0 disk  
├─sda1          8:1    0    1G  0 part  /boot
└─sda2          8:2    0    6G  0 part  
  ├─rhel-root 253:0    0  5.3G  0 lvm   /
  └─rhel-swap 253:1    0  716M  0 lvm   [SWAP]
sdb             8:16   0    4G  0 disk  
├─sdb1          8:17   0  762M  0 part  
│ └─luk-sdb1  253:2    0  760M  0 crypt /sdb1
├─sdb2          8:18   0  762M  0 part  
│ └─luk-sdb2  253:3    0  760M  0 crypt /sdb2
└─sdb3          8:19   0  571M  0 part  
sr0            11:0    1 1024M  0 rom   

2.Use virt-v2v to convert the above guest with --key parameter
#  virt-v2v -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1  esx6.7-rhel7.7-encrypted-luks  -o rhv -os 10.66.144.40:/home/nfs_export --password-file /home/passwd  --key "/dev/sdb1":key:E5l4l1  --key "/dev/sdb2":key:E5l4l1
[   0.0] Opening the source -i libvirt -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 esx6.7-rhel7.7-encrypted-luks
[   2.0] Creating an overlay to protect the source from being modified
[   2.8] Opening the overlay
[  22.2] Inspecting the overlay
virt-v2v: warning: mount: mount_stub: /dev/mapper/luk-sdb1: expecting a 
device name (ignored)
virt-v2v: warning: mount: mount_stub: /dev/mapper/luk-sdb2: expecting a 
device name (ignored)
[ 210.6] Checking for sufficient free disk space in the guest
[ 210.6] Estimating space required on target for each disk
[ 210.6] Converting Red Hat Enterprise Linux Server 7.7 Beta (Maipo) to run on KVM
virt-v2v: This guest has virtio drivers installed.
[1572.5] Mapping filesystem data to avoid copying unused and blank areas
[1576.2] Closing the overlay
*** Error in `virt-v2v': double free or corruption (out): 0x00005581a0ec4500 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x816b9)[0x7fedc3c496b9]
/lib64/libguestfs.so.0(+0xbf6d7)[0x7fedc52c76d7]
/lib64/libguestfs.so.0(+0xb9270)[0x7fedc52c1270]
/lib64/libguestfs.so.0(guestfs_shutdown+0x9b)[0x7fedc527306b]
virt-v2v(+0x23f60d)[0x55819fd1160d]
virt-v2v(+0x178da9)[0x55819fc4ada9]
virt-v2v(+0x122f93)[0x55819fbf4f93]
virt-v2v(+0x16e8d1)[0x55819fc408d1]
virt-v2v(+0x12755b)[0x55819fbf955b]
virt-v2v(+0x115999)[0x55819fbe7999]
virt-v2v(+0x26c764)[0x55819fd3e764]
virt-v2v(+0x26cb05)[0x55819fd3eb05]
virt-v2v(+0x26cb39)[0x55819fd3eb39]
virt-v2v(+0x1150fc)[0x55819fbe70fc]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7fedc3bea545]
virt-v2v(+0x115136)[0x55819fbe7136]
======= Memory map: ========
55819fad2000-55819fd9c000 r-xp 00000000 fd:00 602341                     /usr/bin/virt-v2v
55819ff9b000-55819ff9e000 r--p 002c9000 fd:00 602341                     /usr/bin/virt-v2v
55819ff9e000-5581a0110000 rw-p 002cc000 fd:00 602341                     /usr/bin/virt-v2v
[...]
7fedbc2f8000-7fedbc375000 r-xp 00000000 fd:00 33644781                   /usr/lib64/libgcrypt.so.11.8.2Aborted (core dumped)

Result:virt-v2v conversion crashed and print error info.


Verify the bug with builds:
virt-v2v-1.40.2-9.el7.x86_64
libguestfs-1.40.2-9.el7.x86_64


1.Prepare a rhel7 guest with two LUKS encrypted devices on ESXI6.7
# lsblk
NAME          MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
sda             8:0    0    7G  0 disk  
├─sda1          8:1    0    1G  0 part  /boot
└─sda2          8:2    0    6G  0 part  
  ├─rhel-root 253:0    0  5.3G  0 lvm   /
  └─rhel-swap 253:1    0  716M  0 lvm   [SWAP]
sdb             8:16   0    4G  0 disk  
├─sdb1          8:17   0  762M  0 part  
│ └─luk-sdb1  253:2    0  760M  0 crypt /sdb1
├─sdb2          8:18   0  762M  0 part  
│ └─luk-sdb2  253:3    0  760M  0 crypt /sdb2
└─sdb3          8:19   0  571M  0 part  
sr0            11:0    1 1024M  0 rom   

2.Use virt-v2v to convert the above guest with --key parameter
#  virt-v2v -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1  esx6.7-rhel7.7-encrypted-luks  -o rhv -os 10.66.144.40:/home/nfs_export --password-file /home/passwd  --key "/dev/sdb1":key:E5l4l1  --key "/dev/sdb2":key:E5l4l1
[   0.0] Opening the source -i libvirt -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 esx6.7-rhel7.7-encrypted-luks
[   2.1] Creating an overlay to protect the source from being modified
[   2.7] Opening the overlay
[  45.0] Inspecting the overlay
virt-v2v: warning: mount: mount_stub: /dev/mapper/luk-sdb1: expecting a 
device name (ignored)
virt-v2v: warning: mount: mount_stub: /dev/mapper/luk-sdb2: expecting a 
device name (ignored)
[ 246.5] Checking for sufficient free disk space in the guest
[ 246.5] Estimating space required on target for each disk
[ 246.5] Converting Red Hat Enterprise Linux Server 7.7 Beta (Maipo) to run on KVM
virt-v2v: This guest has virtio drivers installed.
[1688.2] Mapping filesystem data to avoid copying unused and blank areas
[1690.9] Closing the overlay
[1691.2] Assigning disks to buses
[1691.2] Checking if the guest needs BIOS or UEFI to boot
[1691.2] Initializing the target -o rhv -os 10.66.144.40:/home/nfs_export
[1691.4] Copying disk 1/1 to /tmp/v2v.6F043C/5792ab14-7746-4340-a27d-845dc12b8db9/images/63edfe18-3ff3-4b3f-9d24-92b6c984dc72/5b9bb257-dcb2-4cc9-9bed-4ae437144769 (raw)
    (100.00/100%)
[2184.3] Creating output metadata
[2184.4] Finishing off

3.virt-v2v can convert guest successfully,then log into rhv to check the new guest
3.1 The guest only has one disk,pls refer to attachment named "guest disk info"
3.2 Guest boots failed

Result:The issue of guest boot failed and removed the encrypted luks devices was tracked by Bug 1643455.

Hi,Richard
I have done above testing,is it enough to verify the bug?

Comment 13 Richard W.M. Jones 2019-12-10 08:33:27 UTC

Perfect thanks.

Comment 14 liuzi 2019-12-12 09:03:47 UTC

Rebuild a guest with LUKS encrypted devices which supported by virt-v2v to verify the bug.

Verify the bug with builds:
virt-v2v-1.40.2-9.el7.x86_64
libguestfs-1.40.2-9.el7.x86_64

1.Prepare a rhel7 guest,and created 2 luks encrypted device during installing.
# lsblk
NAME                                          MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
sda                                             8:0    0    7G  0 disk  
├─sda1                                          8:1    0    1G  0 part  /boot
└─sda2                                          8:2    0    6G  0 part  
  ├─rhel_bootp--73--75--198-root              253:0    0  5.4G  0 lvm   /
  └─rhel_bootp--73--75--198-swap              253:1    0  604M  0 lvm   [SWAP]
sdb                                             8:16   0    1G  0 disk  
└─sdb1                                          8:17   0 1023M  0 part  
  └─luks-37c6d85c-4e6b-48b1-9ae6-d86a4ad3fa33 253:2    0 1021M  0 crypt 
    └─rhel-home                               253:3    0 1016M  0 lvm   /home
sdc                                             8:32   0    1G  0 disk  
└─sdc1                                          8:33   0 1023M  0 part  
  └─luks-e3a90385-a244-4510-b844-396dbce9209e 253:4    0 1021M  0 crypt 
    └─rhel7-var                               253:5    0 1016M  0 lvm   /var
sr0                                            11:0    1 1024M  0 rom  

2.Use virt-v2v to convert the above guest with --key parameter
#  virt-v2v -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1  esx6.7-rhel7.7-syscrypt-2luks  -o rhv -os 10.66.144.40:/home/nfs_export --password-file /home/passwd  --key "/dev/sdb1":key:12345678  --key "/dev/sdc1":file:/home/lukspasswd
[   0.0] Opening the source -i libvirt -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 esx6.7-rhel7.7-syscrypt-2luks
[   4.2] Creating an overlay to protect the source from being modified
[   6.4] Opening the overlay
[  44.3] Inspecting the overlay
[ 224.5] Checking for sufficient free disk space in the guest
[ 224.5] Estimating space required on target for each disk
[ 224.5] Converting Red Hat Enterprise Linux Server 7.7 (Maipo) to run on KVM
virt-v2v: This guest has virtio drivers installed.
[1712.6] Mapping filesystem data to avoid copying unused and blank areas
virt-v2v: warning: fstrim on guest filesystem /dev/rhel7/var failed.  
Usually you can ignore this message.  To find out more read "Trimming" in 
virt-v2v(1).

Original message: fstrim: fstrim: /sysroot/: the discard operation is not 
supported
virt-v2v: warning: fstrim on guest filesystem /dev/rhel/home failed.  
Usually you can ignore this message.  To find out more read "Trimming" in 
virt-v2v(1).

Original message: fstrim: fstrim: /sysroot/: the discard operation is not 
supported
[1716.1] Closing the overlay
[1716.3] Assigning disks to buses
[1716.3] Checking if the guest needs BIOS or UEFI to boot
[1716.3] Initializing the target -o rhv -os 10.66.144.40:/home/nfs_export
[1716.9] Copying disk 1/3 to /tmp/v2v.luA3tj/5792ab14-7746-4340-a27d-845dc12b8db9/images/ba913a4c-4b69-4518-9fc5-694868df7281/ca9152da-4e20-45e2-854d-039e7c8e9821 (raw)
    (100.00/100%)
[2061.9] Copying disk 2/3 to /tmp/v2v.luA3tj/5792ab14-7746-4340-a27d-845dc12b8db9/images/87253f08-6bca-4d9f-823a-55ac058cdaeb/d97263d3-0eff-4377-9c1a-c879a6f7cc6f (raw)
    (100.00/100%)
[2129.1] Copying disk 3/3 to /tmp/v2v.luA3tj/5792ab14-7746-4340-a27d-845dc12b8db9/images/aec76226-aa11-43f5-905f-43d3f79f9986/4c16f202-3700-46c8-aecd-fafef982ae20 (raw)
    (100.00/100%)
[2196.5] Creating output metadata
[2196.6] Finishing off

3.virt-v2v can convert guest successfully,then log into rhv to check the new guest
3.1 The guest can use password to unlock the encrypted luks and boot normally 
3.2 The guest can pass all general checkpoints.

Result:When use parameter --key more than once in command,virt-v2v will not crash and finish the conversion successfully.So change the bug from ON_QA to VERIFIED.

Comment 16 errata-xmlrpc 2020-03-31 19:55:04 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:1082

Note You need to log in before you can comment on or make changes to this bug.