RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 2059542 - df segfault if cannot resolve mount point of --direct argument [rhel-9]
Summary: df segfault if cannot resolve mount point of --direct argument [rhel-9]
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: coreutils
Version: 9.0
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: beta
: ---
Assignee: Kamil Dudka
QA Contact: Radka Brychtova
URL:
Whiteboard:
Depends On:
Blocks: 2058686
TreeView+ depends on / blocked
 
Reported: 2022-03-01 09:54 UTC by Kamil Dudka
Modified: 2022-11-15 13:15 UTC (History)
3 users (show)

Fixed In Version: coreutils-8.32-32.el9
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 2058686
Environment:
Last Closed: 2022-11-15 11:20:20 UTC
Type: Bug
Target Upstream Version:
Embargoed:
pm-rhel: mirror+

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-114104 0 None None None 2022-03-01 10:07:51 UTC
Red Hat Product Errata RHBA-2022:8354 0 None None None 2022-11-15 11:20:25 UTC

Description Kamil Dudka 2022-03-01 09:54:44 UTC 
+++ This bug was initially created as a clone of Bug #2058686 +++

Sample reproducer, as normal user run:

$ df --direct /root

Program received signal SIGSEGV, Segmentation fault.
0x00000000004092ea in quotearg_buffer_restyled (buffer=buffer@entry=0x618720 <slot0> "‘/root’", buffersize=buffersize@entry=256, arg=arg@entry=0x0, argsize=argsize@entry=18446744073709551615, quoting_style=locale_quoting_style, 
    flags=flags@entry=1, quote_these_too=quote_these_too@entry=0x6185a8 <quote_quoting_options+8>, left_quote=0x413a1e "‘", right_quote=0x413a13 "’") at lib/quotearg.c:343
343	  for (i = 0;  ! (argsize == SIZE_MAX ? arg[i] == '\0' : i == argsize);  i++)
(gdb) bt
#0  0x00000000004092ea in quotearg_buffer_restyled (buffer=buffer@entry=0x618720 <slot0> "‘/root’", buffersize=buffersize@entry=256, arg=arg@entry=0x0, argsize=argsize@entry=18446744073709551615, quoting_style=locale_quoting_style, 
    flags=flags@entry=1, quote_these_too=quote_these_too@entry=0x6185a8 <quote_quoting_options+8>, left_quote=0x413a1e "‘", right_quote=0x413a13 "’") at lib/quotearg.c:343
#1  0x0000000000409d0d in quotearg_n_options (n=n@entry=0, arg=arg@entry=0x0, argsize=argsize@entry=18446744073709551615, options=options@entry=0x6185a0 <quote_quoting_options>) at lib/quotearg.c:802
#2  0x000000000040a3fc in quote_n_mem (n=n@entry=0, arg=arg@entry=0x0, argsize=argsize@entry=18446744073709551615) at lib/quotearg.c:949
#3  0x000000000040a41c in quote_n (n=n@entry=0, arg=arg@entry=0x0) at lib/quotearg.c:961
#4  0x000000000040a42a in quote (arg=arg@entry=0x0) at lib/quotearg.c:967
#5  0x0000000000404845 in get_dev (disk=disk@entry=0x0, mount_point=mount_point@entry=0x0, file=file@entry=0x61de60 "/root", stat_file=stat_file@entry=0x0, fstype=fstype@entry=0x0, me_dummy=me_dummy@entry=false, 
    me_remote=me_remote@entry=false, force_fsu=force_fsu@entry=0x0, process_all=process_all@entry=false) at src/df.c:951
#6  0x0000000000403064 in get_entry (statp=0x61c380, name=0x7fffffffe4a5 "/root") at src/df.c:1370
#7  main (argc=3, argv=<optimized out>) at src/df.c:1747

  The problem is incorrect handling of the condition of not being able
to resolve the mount point of the file/path argument.

  This should be a minor issue, and has several way to fix it. Probably
the proper way is to use another approach in the find_mount_point
function, to not need to chdir to path components, and/or use something
like realpath to then get the stat of the directory of the --direct
argument.

  A simple fix would be to just not segfault and handle the NULL return
from find_mount_point as well as the other NULL values, due to --direct
usage.

--- Additional comment from Kamil Dudka on 2022-02-25 17:25:40 CET ---

Sounds like a bug in our downstream patch.  Thank you for reporting it!

--- Additional comment from Kamil Dudka on 2022-03-01 10:08:38 CET ---

The same command works on RHEL-6.  The bug seems to be introduced in this Fedora commit:

    https://src.fedoraproject.org/rpms/coreutils/c/bb33bc40ad58cce4bc59c119c4180fdea43e23a1

--- Additional comment from Kamil Dudka on 2022-03-01 10:35:16 CET ---

The behavior of `df --direct` has been incorrect since RHEL-7 also when the file argument was accessible.

el6 $ strace -e statfs df --direct /usr
statfs("/usr", {f_type="EXT2_SUPER_MAGIC", f_bsize=4096, f_blocks=4484716, f_bfree=2051743, f_bavail=1822265, f_files=1148304, f_ffree=908509, f_fsid={-169108419, 43772881}, f_namelen=255, f_frsize=4096}) = 0
Filesystem     1K-blocks    Used Available Use% File
-               17938864 9731892   7289060  58% /usr
+++ exited with 0 +++

el7 $ strace -e statfs df --direct /usr
statfs("/", {f_type=BTRFS_SUPER_MAGIC, f_bsize=4096, f_blocks=21330562, f_bfree=12613318, f_bavail=11678096, f_files=0, f_ffree=0, f_fsid={val=[2661982033, 1034311026]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_RELATIME}) = 0
Filesystem     1K-blocks     Used Available Use% File
-               85322248 34868976  46712384  43% /
+++ exited with 0 +++

el8 $ strace -e statfs df --direct /usr
statfs("/", {f_type=XFS_SB_MAGIC, f_bsize=4096, f_blocks=39055233, f_bfree=35459353, f_bavail=35459353, f_files=78118400, f_ffree=77818477, f_fsid={val=[0xfd02, 0]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_RELATIME}) = 0
Filesystem     1K-blocks     Used Available Use% File
-              156220932 14383520 141837412  10% /
+++ exited with 0 +++

--- Additional comment from Kamil Dudka on 2022-03-01 10:51:53 CET ---

Fedora commits:
https://src.fedoraproject.org/rpms/coreutils/c/c25beef1ca94b1a34b2fe5ffa91dfe39965e1f6a?branch=rawhide
https://src.fedoraproject.org/rpms/coreutils/c/c25beef1ca94b1a34b2fe5ffa91dfe39965e1f6a?branch=f36
https://src.fedoraproject.org/rpms/coreutils/c/85fa418a5a02242147e10f8561ffe9ff5357263c?branch=f35
https://src.fedoraproject.org/rpms/coreutils/c/964f7a01a59ce9038d7c7467f8f790b1d7c30ff7?branch=f34
Comment 2 Kamil Dudka 2022-05-30 07:41:17 UTC 
CentOS Stream merge request:
https://gitlab.com/redhat/centos-stream/rpms/coreutils/-/merge_requests/9
Comment 10 errata-xmlrpc 2022-11-15 11:20:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (coreutils bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:8354
Note You need to log in before you can comment on or make changes to this bug.