920496 – Occasionally umount segfaults

Bug 920496 - Occasionally umount segfaults

Summary: Occasionally umount segfaults

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	util-linux
Sub Component:
Version:	19
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Karel Zak
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-03-12 09:14 UTC by Richard W.M. Jones
Modified:	2013-04-09 20:26 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2013-04-09 20:26:16 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
root.log (198.96 KB, text/plain) 2013-03-12 09:14 UTC, Richard W.M. Jones	no flags	Details
build.log (compressed) (670.40 KB, application/gzip) 2013-03-12 09:16 UTC, Richard W.M. Jones	no flags	Details
View All

Description Richard W.M. Jones 2013-03-12 09:14:40 UTC

Created attachment 708833 [details]
root.log

Description of problem:

I don't have a good understanding of this bug, but I've seen
it happening several times.

umount segfaults, very very rarely and randomly, in libselinux
(apparently, although the stack trace seems to make little sense).

I've never been able to get the bug to occur except in the
libguestfs appliance, so I cannot use gdb.  However I have
installed the libSigFault.so LD_PRELOAD handler, and here is
what it says:

umount /sysroot
*** Error in `umount': free(): invalid next size (fast): 0x00007f36d8cac250 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7cfa8)[0x7f36d70c3fa8]
/lib64/libselinux.so.1(selinuxfs_exists+0x8d)[0x7f36d765693d]
/lib64/libselinux.so.1(+0x6438)[0x7f36d7651438]
/lib64/ld-linux-x86-64.so.2(+0xf4f3)[0x7f36d80f34f3]
/lib64/ld-linux-x86-64.so.2(+0x145a)[0x7f36d80e545a]
======= Memory map: ========
7f36d67ad000-7f36d67c2000 r-xp 00000000 08:40 16265                      /usr/lib64/libgcc_s-4.8.0-20130307.so.1
7f36d67c2000-7f36d69c1000 ---p 00015000 08:40 16265                      /usr/lib64/libgcc_s-4.8.0-20130307.so.1
7f36d69c1000-7f36d69c2000 r--p 00014000 08:40 16265                      /usr/lib64/libgcc_s-4.8.0-20130307.so.1
7f36d69c2000-7f36d69c3000 rw-p 00015000 08:40 16265                      /usr/lib64/libgcc_s-4.8.0-20130307.so.1
7f36d69c3000-7f36d69d9000 r-xp 00000000 08:40 16312                      /usr/lib64/libpthread-2.17.so
7f36d69d9000-7f36d6bd9000 ---p 00016000 08:40 16312                      /usr/lib64/libpthread-2.17.so
7f36d6bd9000-7f36d6bda000 r--p 00016000 08:40 16312                      /usr/lib64/libpthread-2.17.so
7f36d6bda000-7f36d6bdb000 rw-p 00017000 08:40 16312                      /usr/lib64/libpthread-2.17.so
7f36d6bdb000-7f36d6bdf000 rw-p 00000000 00:00 0 
7f36d6bdf000-7f36d6c42000 r-xp 00000000 08:40 17571                      /usr/lib64/libpcre.so.1.2.0
7f36d6c42000-7f36d6e41000 ---p 00063000 08:40 17571                      /usr/lib64/libpcre.so.1.2.0
7f36d6e41000-7f36d6e42000 r--p 00062000 08:40 17571                      /usr/lib64/libpcre.so.1.2.0
7f36d6e42000-7f36d6e43000 rw-p 00063000 08:40 17571                      /usr/lib64/libpcre.so.1.2.0
7f36d6e43000-7f36d6e46000 r-xp 00000000 08:40 16263                      /usr/lib64/libdl-2.17.so
7f36d6e46000-7f36d7045000 ---p 00003000 08:40 16263                      /usr/lib64/libdl-2.17.so
7f36d7045000-7f36d7046000 r--p 00002000 08:40 16263                      /usr/lib64/libdl-2.17.so
7f36d7046000-7f36d7047000 rw-p 00003000 08:40 16263                      /usr/lib64/libdl-2.17.so
7f36d7047000-7f36d71fd000 r-xp 00000000 08:40 16251                      /usr/lib64/libc-2.17.so
7f36d71fd000-7f36d73fc000 ---p 001b6000 08:40 16251                      /usr/lib64/libc-2.17.so
7f36d73fc000-7f36d7400000 r--p 001b5000 08:40 16251                      /usr/lib64/libc-2.17.so
7f36d7400000-7f36d7402000 rw-p 001b9000 08:40 16251                      /usr/lib64/libc-2.17.so
7f36d7402000-7f36d7407000 rw-p 00000000 00:00 0 
7f36d7407000-7f36d744a000 r-xp 00000000 08:40 16322                      /usr/lib64/libsepol.so.1
7f36d744a000-7f36d7649000 ---p 00043000 08:40 16322                      /usr/lib64/libsepol.so.1
7f36d7649000-7f36d764a000 r--p 00042000 08:40 16322                      /usr/lib64/libsepol.so.1
7f36d764a000-7f36d764b000 rw-p 00043000 08:40 16322                      /usr/lib64/libsepol.so.1
7f36d764b000-7f36d766b000 r-xp 00000000 08:40 17594                      /usr/lib64/libselinux.so.1
7f36d766b000-7f36d786a000 ---p 00020000 08:40 17594                      /usr/lib64/libselinux.so.1
7f36d786a000-7f36d786b000 r--p 0001f000 08:40 17594                      /usr/lib64/libselinux.so.1
7f36d786b000-7f36d786c000 rw-p 00020000 08:40 17594                      /usr/lib64/libselinux.so.1
7f36d786c000-7f36d786e000 rw-p 00000000 00:00 0 
7f36d786e000-7f36d7872000 r-xp 00000000 08:40 17637                      /usr/lib64/libuuid.so.1.3.0
7f36d7872000-7f36d7a71000 ---p 00004000 08:40 17637                      /usr/lib64/libuuid.so.1.3.0
7f36d7a71000-7f36d7a72000 r--p 00003000 08:40 17637                      /usr/lib64/libuuid.so.1.3.0
7f36d7a72000-7f36d7a73000 rw-p 00004000 08:40 17637                      /usr/lib64/libuuid.so.1.3.0
7f36d7a73000-7f36d7aa3000 r-xp 00000000 08:40 17398                      /usr/lib64/libblkid.so.1.1.0
7f36d7aa3000-7f36d7ca2000 ---p 00030000 08:40 17398                      /usr/lib64/libblkid.so.1.1.0
7f36d7ca2000-7f36d7ca5000 r--p 0002f000 08:40 17398                      /usr/lib64/libblkid.so.1.1.0
7f36d7ca5000-7f36d7ca6000 rw-p 00032000 08:40 17398                      /usr/lib64/libblkid.so.1.1.0
7f36d7ca6000-7f36d7ca7000 rw-p 00000000 00:00 0 
7f36d7ca7000-7f36d7cdd000 r-xp 00000000 08:40 17545                      /usr/lib64/libmount.so.1.1.0
7f36d7cdd000-7f36d7edc000 ---p 00036000 08:40 17545                      /usr/lib64/libmount.so.1.1.0
7f36d7edc000-7f36d7edd000 r--p 00035000 08:40 17545                      /usr/lib64/libmount.so.1.1.0
7f36d7edd000-7f36d7ede000 rw-p 00036000 08:40 17545                      /usr/lib64/libmount.so.1.1.0
7f36d7ede000-7f36d7edf000 rw-p 00000000 00:00 0 
7f36d7edf000-7f36d7ee3000 r-xp 00000000 08:40 16241                      /usr/lib64/libSegFault.so
7f36d7ee3000-7f36d80e2000 ---p 00004000 08:40 16241                      /usr/lib64/libSegFault.so
7f36d80e2000-7f36d80e3000 r--p 00003000 08:40 16241                      /usr/lib64/libSegFault.so
7f36d80e3000-7f36d80e4000 rw-p 00004000 08:40 16241                      /usr/lib64/libSegFault.so
7f36d80e4000-7f36d8105000 r-xp 00000000 08:40 16237                      /usr/lib64/ld-2.17.so
7f36d82fb000-7f36d8304000 rw-p 00000000 00:00 0 
7f36d8304000-7f36d8305000 r--p 00020000 08:40 16237                      /usr/lib64/ld-2.17.so
7f36d8305000-7f36d8306000 rw-p 00021000 08:40 16237                      /usr/lib64/ld-2.17.so
7f36d8306000-7f36d8307000 rw-p 00000000 00:00 0 
7f36d8307000-7f36d830c000 r-xp 00000000 08:40 16894                      /usr/bin/umount
7f36d850c000-7f36d850d000 r--p 00005000 08:40 16894                      /usr/bin/umount
7f36d850d000-7f36d850e000 rw-p 00006000 08:40 16894                      /usr/bin/umount
7f36d8cac000-7f36d8ccd000 rw-p 00000000 00:00 0                          [heap]
7fff69150000-7fff69171000 rw-p 00000000 00:00 0                          [stack]
7fff691fe000-7fff69200000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]

Version-Release number of selected component (if applicable):

libselinux 2.1.13-9.fc19

and other packages from Rawhide.  See attached root.log for
precise versions.

How reproducible:

Very rare.

Steps to Reproduce:
1. Unknown.

Comment 1 Richard W.M. Jones 2013-03-12 09:16:36 UTC

Created attachment 708834 [details]
build.log (compressed)

Comment 2 Richard W.M. Jones 2013-03-12 10:57:17 UTC

addr2line is broken somehow, so I'm making guesses here ...

/lib64/libc.so.6(+0x7cfa8)[0x7f36d70c3fa8]

int selinuxfs_exists(void)
{
        int exists = 0;
        FILE *fp = NULL;
        char *buf = NULL;
        size_t len;
        ssize_t num;

        fp = fopen("/proc/filesystems", "r");
        if (!fp)
                return 1; /* Fail as if it exists */
        __fsetlocking(fp, FSETLOCKING_BYCALLER);

        num = getline(&buf, &len, fp);
        while (num != -1) {
                if (strstr(buf, SELINUXFS)) {
                        exists = 1;
                        break;
                }
                num = getline(&buf, &len, fp);
        }

        free(buf);   <--- here

/lib64/libselinux.so.1(selinuxfs_exists+0x8d)[0x7f36d765693d]

Appears to be 'init_selinuxmnt':
/lib64/libselinux.so.1(+0x6438)[0x7f36d7651438]

Called by constructor on library load:
/lib64/ld-linux-x86-64.so.2(+0xf4f3)[0x7f36d80f34f3]
/lib64/ld-linux-x86-64.so.2(+0x145a)[0x7f36d80e545a]

Comment 3 Daniel Walsh 2013-03-13 21:24:43 UTC

These lines are called millions of times, so I am not sure this is a bug in libselinux or in your package which is corrupting memory some how?

Have you run it through valgrind?

Comment 4 Richard W.M. Jones 2013-03-13 21:26:45 UTC

The "package" here is umount, ie. util-linux.  The suggestion
to valgrind it is a good one, and I'll do that later.  I agree
this bug is an extremely strange one.

Comment 5 Richard W.M. Jones 2013-03-14 16:36:56 UTC

Just to provide an update here, valgrind doesn't complain
about anything in umount.

Comment 6 Richard W.M. Jones 2013-03-31 14:16:13 UTC

I'm reassigning this to util-linux, but I *don't* think it's really
a bug in umount.  I think it's more likely to be a bug in qemu (TCG
emulation).  However I don't understand why it is mainly umount
which is affected.

Another example:

umount /sysroot/mp110
*** Segmentation fault
Register dump:

 RAX: 000000000000002f   RBX: 0000000000000075   RCX: 00007f9c138f909d
 RDX: fffffffffffffe40   RSI: 00007f9c13267080   RDI: 0000000000000030
 RBP: 00007fff0a87b1a0   R8 : 00007f9c13012a40   R9 : 0000000000000000
 R10: 00007fff0a87b170   R11: 00007f9c12f15b50   R12: 0000000000000001
 R13: 0000000000000002   R14: 00007fff0a87b1b0   R15: 00007f9c138f909e
 RSP: 00007fff0a87aec0

 RIP: 00007f9c12f0479f   EFLAGS: 00000202

 CS: 0033   FS: 0000   GS: 0000

 Trap: 0000000e   Error: 00000004   OldMask: 00000000   CR2: 0000002f

 FPUCW: 0000037f   FPUSW: 00000000   TAG: 00000000
 RIP: 00000000   RDP: 00000000

 ST(0) 0000 0000000000000000   ST(1) 0000 0000000000000000
 ST(2) 0000 0000000000000000   ST(3) 0000 0000000000000000
 ST(4) 0000 0000000000000000   ST(5) 0000 0000000000000000
 ST(6) 0000 0000000000000000   ST(7) 0000 0000000000000000
 mxcsr: 1f80
 XMM0:  000000000000000000000000ffff0000 XMM1:  000000000000000000000000ffff0000
 XMM2:  000000000000000000000000ffff0000 XMM3:  000000000000000000000000ffff0000
 XMM4:  000000000000000000000000ffff0000 XMM5:  000000000000000000000000ffff0000
 XMM6:  000000000000000000000000ffff0000 XMM7:  000000000000000000000000ffff0000
 XMM8:  000000000000000000000000ffff0000 XMM9:  000000000000000000000000ffff0000
 XMM10: 000000000000000000000000ffff0000 XMM11: 000000000000000000000000ffff0000
 XMM12: 000000000000000000000000ffff0000 XMM13: 000000000000000000000000ffff0000
 XMM14: 000000000000000000000000ffff0000 XMM15: 000000000000000000000000ffff0000

Backtrace:
/lib64/libc.so.6(_IO_vfscanf+0x58f)[0x7f9c12f0479f]
/lib64/libc.so.6(vsscanf+0x67)[0x7f9c12f1b767]
/lib64/libc.so.6(_IO_sscanf+0x87)[0x7f9c12f15bd7]
/lib64/libmount.so.1(+0x1b308)[0x7f9c138e6308]
/lib64/libmount.so.1(mnt_table_parse_stream+0xbd)[0x7f9c138e6f7d]
/lib64/libmount.so.1(mnt_table_parse_file+0x39)[0x7f9c138e74a9]
/lib64/libmount.so.1(mnt_table_parse_mtab+0x46)[0x7f9c138e7986]
/lib64/libmount.so.1(mnt_context_get_mtab+0xed)[0x7f9c138d683d]
/lib64/libmount.so.1(mnt_context_find_umount_fs+0x73)[0x7f9c138dc913]
/lib64/libmount.so.1(mnt_context_prepare_umount+0xd7)[0x7f9c138dcf67]
/lib64/libmount.so.1(mnt_context_umount+0x48)[0x7f9c138de3f8]
umount(+0x3c57)[0x7f9c13f30c57]
umount(+0x3251)[0x7f9c13f30251]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7f9c12eceb75]
umount(+0x34b5)[0x7f9c13f304b5]

Memory map:

7f9c12613000-7f9c12628000 r-xp 00000000 87:f0 16218                      /usr/lib64/libgcc_s-4.8.0-20130322.so.1
7f9c12628000-7f9c12827000 ---p 00015000 87:f0 16218                      /usr/lib64/libgcc_s-4.8.0-20130322.so.1
7f9c12827000-7f9c12828000 r--p 00014000 87:f0 16218                      /usr/lib64/libgcc_s-4.8.0-20130322.so.1
7f9c12828000-7f9c12829000 rw-p 00015000 87:f0 16218                      /usr/lib64/libgcc_s-4.8.0-20130322.so.1
7f9c12829000-7f9c1283f000 r-xp 00000000 87:f0 16259                      /usr/lib64/libpthread-2.17.so
7f9c1283f000-7f9c12a3f000 ---p 00016000 87:f0 16259                      /usr/lib64/libpthread-2.17.so
7f9c12a3f000-7f9c12a40000 r--p 00016000 87:f0 16259                      /usr/lib64/libpthread-2.17.so
7f9c12a40000-7f9c12a41000 rw-p 00017000 87:f0 16259                      /usr/lib64/libpthread-2.17.so
7f9c12a41000-7f9c12a45000 rw-p 00000000 00:00 0 
7f9c12a45000-7f9c12aa8000 r-xp 00000000 87:f0 17474                      /usr/lib64/libpcre.so.1.2.0
7f9c12aa8000-7f9c12ca7000 ---p 00063000 87:f0 17474                      /usr/lib64/libpcre.so.1.2.0
7f9c12ca7000-7f9c12ca8000 r--p 00062000 87:f0 17474                      /usr/lib64/libpcre.so.1.2.0
7f9c12ca8000-7f9c12ca9000 rw-p 00063000 87:f0 17474                      /usr/lib64/libpcre.so.1.2.0
7f9c12ca9000-7f9c12cac000 r-xp 00000000 87:f0 16216                      /usr/lib64/libdl-2.17.so
7f9c12cac000-7f9c12eab000 ---p 00003000 87:f0 16216                      /usr/lib64/libdl-2.17.so
7f9c12eab000-7f9c12eac000 r--p 00002000 87:f0 16216                      /usr/lib64/libdl-2.17.so
7f9c12eac000-7f9c12ead000 rw-p 00003000 87:f0 16216                      /usr/lib64/libdl-2.17.so
7f9c12ead000-7f9c13062000 r-xp 00000000 87:f0 16204                      /usr/lib64/libc-2.17.so
7f9c13062000-7f9c13262000 ---p 001b5000 87:f0 16204                      /usr/lib64/libc-2.17.so
7f9c13262000-7f9c13266000 r--p 001b5000 87:f0 16204                      /usr/lib64/libc-2.17.so
7f9c13266000-7f9c13268000 rw-p 001b9000 87:f0 16204                      /usr/lib64/libc-2.17.so
7f9c13268000-7f9c1326d000 rw-p 00000000 00:00 0 
7f9c1326d000-7f9c1328d000 r-xp 00000000 87:f0 17497                      /usr/lib64/libselinux.so.1
7f9c1328d000-7f9c1348c000 ---p 00020000 87:f0 17497                      /usr/lib64/libselinux.so.1
7f9c1348c000-7f9c1348d000 r--p 0001f000 87:f0 17497                      /usr/lib64/libselinux.so.1
7f9c1348d000-7f9c1348e000 rw-p 00020000 87:f0 17497                      /usr/lib64/libselinux.so.1
7f9c1348e000-7f9c13490000 rw-p 00000000 00:00 0 
7f9c13490000-7f9c13494000 r-xp 00000000 87:f0 17545                      /usr/lib64/libuuid.so.1.3.0
7f9c13494000-7f9c13693000 ---p 00004000 87:f0 17545                      /usr/lib64/libuuid.so.1.3.0
7f9c13693000-7f9c13694000 r--p 00003000 87:f0 17545                      /usr/lib64/libuuid.so.1.3.0
7f9c13694000-7f9c13695000 rw-p 00004000 87:f0 17545                      /usr/lib64/libuuid.so.1.3.0
7f9c13695000-7f9c136c6000 r-xp 00000000 87:f0 17291                      /usr/lib64/libblkid.so.1.1.0
7f9c136c6000-7f9c138c6000 ---p 00031000 87:f0 17291                      /usr/lib64/libblkid.so.1.1.0
7f9c138c6000-7f9c138c9000 r--p 00031000 87:f0 17291                      /usr/lib64/libblkid.so.1.1.0
7f9c138c9000-7f9c138ca000 rw-p 00034000 87:f0 17291                      /usr/lib64/libblkid.so.1.1.0
7f9c138ca000-7f9c138cb000 rw-p 00000000 00:00 0 
7f9c138cb000-7f9c13903000 r-xp 00000000 87:f0 17438                      /usr/lib64/libmount.so.1.1.0
7f9c13903000-7f9c13b02000 ---p 00038000 87:f0 17438                      /usr/lib64/libmount.so.1.1.0
7f9c13b02000-7f9c13b03000 r--p 00037000 87:f0 17438                      /usr/lib64/libmount.so.1.1.0
7f9c13b03000-7f9c13b04000 rw-p 00038000 87:f0 17438                      /usr/lib64/libmount.so.1.1.0
7f9c13b04000-7f9c13b05000 rw-p 00000000 00:00 0 
7f9c13b05000-7f9c13b09000 r-xp 00000000 87:f0 16194                      /usr/lib64/libSegFault.so
7f9c13b09000-7f9c13d08000 ---p 00004000 87:f0 16194                      /usr/lib64/libSegFault.so
7f9c13d08000-7f9c13d09000 r--p 00003000 87:f0 16194                      /usr/lib64/libSegFault.so
7f9c13d09000-7f9c13d0a000 rw-p 00004000 87:f0 16194                      /usr/lib64/libSegFault.so
7f9c13d0a000-7f9c13d2b000 r-xp 00000000 87:f0 16190                      /usr/lib64/ld-2.17.so
7f9c13f22000-7f9c13f2a000 rw-p 00000000 00:00 0 
7f9c13f2a000-7f9c13f2b000 r--p 00020000 87:f0 16190                      /usr/lib64/ld-2.17.so
7f9c13f2b000-7f9c13f2c000 rw-p 00021000 87:f0 16190                      /usr/lib64/ld-2.17.so
7f9c13f2c000-7f9c13f2d000 rw-p 00000000 00:00 0 
7f9c13f2d000-7f9c13f33000 r-xp 00000000 87:f0 16756                      /usr/bin/umount
7f9c14133000-7f9c14134000 r--p 00006000 87:f0 16756                      /usr/bin/umount
7f9c14134000-7f9c14135000 rw-p 00007000 87:f0 16756                      /usr/bin/umount
7f9c15367000-7f9c15388000 rw-p 00000000 00:00 0                          [heap]
7fff0a85d000-7fff0a87e000 rw-p 00000000 00:00 0                          [stack]
7fff0a8f8000-7fff0a8fa000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
guestfsd: error: umount: /sysroot/mp110: *** Segmentation fault
Register dump:

 RAX: 000000000000002f   RBX: 0000000000000075   RCX: 00007f9c138f909d
 RDX: fffffffffffffe40   RSI: 00007f9c13267080   RDI: 0000000000000030
 RBP: 00007fff0a87b1a0   R8 : 00007f9c13012a40   R9 : 0000000000000000
 R10: 00007fff0a87b170   R11: 00007f9c12f15b50   R12: 0000000000000001
 R13: 0000000000000002   R14: 00007fff0a87b1b0   R15: 00007f9c138f909e
 RSP: 00007fff0a87aec0

 RIP: 00007f9c12f0479f   EFLAGS: 00000202

 CS: 0033   FS: 0000   GS: 0000

 Trap: 0000000e   Error: 00000004   OldMask: 00000000   CR2: 0000002f

 FPUCW: 0000037f   FPUSW: 00000000   TAG: 00000000
 RIP: 00000000   RDP: 00000000

 ST(0) 0000 0000000000000000   ST(1) 0000 0000000000000000
 ST(2) 0000 0000000000000000   ST(3) 0000 0000000000000000
 ST(4) 0000 0000000000000000   ST(5) 0000 0000000000000000
 ST(6) 0000 0000000000000000   ST(7) 0000 0000000000000000
 mxcsr: 1f80
 XMM0:  000000000000000000000000ffff0000 XMM1:  000000000000000000000000ffff0000
 XMM2:  000000000000000000000000ffff0000 XMM3:  000000000000000000000000ffff0000
 XMM4:  000000000000000000000000ffff0000 XMM5:  000000000000000000000000ffff0000
 XMM6:  000000000000000000000000ffff0000 XMM7:  000000000000000000000000ffff0000
 XMM8:  000000000000000000000000ffff0000 XMM9:  000000000000000000000000ffff0000
 XMM10: 000000000000000000000000ffff0000 XMM11: 000000000000000000000000ffff0000
 XMM12: 000000000000000000000000ffff0000 XMM13: 000000000000000000000000ffff0000
 XMM14: 000000000000000000000000ffff0000 XMM15: 000000000000000000000000ffff0000

Backtrace:
/lib64/libc.so.6(_IO_vfscanf+0x58f)[0x7f9c12f0479f]
/lib64/libc.so.6(vsscanf+0x67)[0x7f9c12f1b767]
/lib64/libc.so.6(_IO_sscanf+0x87)[0x7f9c12f15bd7]
/lib64/libmount.so.1(+0x1b308)[0x7f9c138e6308]
/lib64/libmount.so.1(mnt_table_parse_stream+0xbd)[0x7f9c138e6f7d]
/lib64/libmount.so.1(mnt_table_parse_file+0x39)[0x7f9c138e74a9]
/lib64/libmount.so.1(mnt_table_parse_mtab+0x46)[0x7f9c138e7986]
/lib64/libmount.so.1(mnt_context_get_mtab+0xed)[0x7f9c138d683d]
/lib64/libmount.so.1(mnt_context_find_umount_fs+0x73)[0x7f9c138dc913]
/lib64/libmount.so.1(mnt_context_prepare_umount+0xd7)[0x7f9c138dcf67]
/lib64/libmount.so.1(mnt_context_umount+0x48)[0x7f9c138de3f8]
umount(+0x3c57)[0x7f9c13f30c57]
umount(+0x3251)[0x7f9c13f30251]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7f9c12eceb75]
umount(+0x34b5)[0x7f9c13f304b5]

Memory map:

7f9c12613000-7f9c12628000 r-xp 00000000 87:f0 16218                      /usr/lib64/libgcc_s-4.8.0-20130322.so.1
7f9c12628000-7f9c12827000 ---p 00015000 87:f0 16218                      /usr/lib64/libgcc_s-4.8.0-20130322.so.1
7f9c12827000-7f9c12828000 r--p 00014000 87:f0 16218                      /usr/lib64/libgcc_s-4.8.0-20130322.so.1
7f9c12828000-7f9c12829000 rw-p 00015000 87:f0 16218                      /usr/lib64/libgcc_s-4.8.0-20130322.so.1
7f9c12829000-7f9c1283f000 r-xp 00000000 87:f0 16259                      /usr/lib64/libpthread-2.17.so
7f9c1283f000-7f9c12a3f000 ---p 00016000 87:f0 16259                      /usr/lib64/libpthread-2.17.so
7f9c12a3f000-7f9c12a40000 r--p 00016000 87:f0 16259                      /usr/lib64/libpthread-2.17.so
7f9c12a40000-7f9c12a41000 rw-p 00017000 87:f0 16259                      /usr/lib64/libpthread-2.17.so
7f9c12a41000-7f9c12a45000 rw-p 00000000 00:00 0 
7f9c12a45000-7f9c12aa8000 r-xp 00000000 87:f0 17474                      /usr/lib64/libpcre.so.1.2.0
7f9c12aa8000-7f9c12ca7000 ---p 00063000 87:f0 17474                      /usr/lib64/libpcre.so.1.2.0
7f9c12ca7000-7f9c12ca8000 r--p 00062000 87:f0 17474                      /usr/lib64/libpcre.so.1.2.0
7f9c12ca8000-7f9c12ca9000 rw-p 00063000 87:f0 17474                      /usr/lib64/libpcre.so.1.2.0
7f9c12ca9000-7f9c12cac000 r-xp 00000000 87:f0 16216                      /usr/lib64/libdl-2.17.so
7f9c12cac000-7f9c12eab000 ---p 00003000 87:f0 16216                      /usr/lib64/libdl-2.17.so
7f9c12eab000-7f9c12eac000 r--p 00002000 87:f0 16216                      /usr/lib64/libdl-2.17.so
7f9c12eac000-7f9c12ead000 rw-p 00003000 87:f0 16216                      /usr/lib64/libdl-2.17.so
7f9c12ead000-7f9c13062000 r-xp 00000000 87:f0 16204                      /usr/lib64/libc-2.17.so
7f9c13062000-7f9c13262000 ---p 001b5000 87:f0 16204                      /usr/lib64/libc-2.17.so
7f9c13262000-7f9c13266000 r--p 001b5000 87:f0 16204                      /usr/lib64/libc-2.17.so
7f9c13266000-7f9c13268000 rw-p 001b9000 87:f0 16204                      /usr/lib64/libc-2.17.so
7f9c13268000-7f9c1326d000 rw-p 00000000 00:00 0 
7f9c1326d000-7f9c1328d000 r-xp 00000000 87:f0 17497                      /usr/lib64/libselinux.so.1
7f9c1328d000-7f9c1348c000 ---p 00020000 87:f0 17497                      /usr/lib64/libselinux.so.1
7f9c1348c000-7f9c1348d000 r--p 0001f000 87:f0 17497                      /usr/lib64/libselinux.so.1
7f9c1348d000-7f9c1348e000 rw-p 00020000 87:f0 17497                      /usr/lib64/libselinux.so.1
7f9c1348e000-7f9c13490000 rw-p 00000000 00:00 0 
7f9c13490000-7f9c13494000 r-xp 00000000 87:f0 17545                      /usr/lib64/libuuid.so.1.3.0
7f9c13494000-7f9c13693000 ---p 00004000 87:f0 17545                      /usr/lib64/libuuid.so.1.3.0
7f9c13693000-7f9c13694000 r--p 00003000 87:f0 17545                      /usr/lib64/libuuid.so.1.3.0
7f9c13694000-7f9c13695000 rw-p 00004000 87:f0 17545                      /usr/lib64/libuuid.so.1.3.0
7f9c13695000-7f9c136c6000 r-xp 00000000 87:f0 17291                      /usr/lib64/libblkid.so.1.1.0
7f9c136c6000-7f9c138c6000 ---p 00031000 87:f0 17291                      /usr/lib64/libblkid.so.1.1.0
7f9c138c6000-7f9c138c9000 r--p 00031000 87:f0 17291                      /usr/lib64/libblkid.so.1.1.0
7f9c138c9000-7f9c138ca000 rw-p 00034000 87:f0 17291                      /usr/lib64/libblkid.so.1.1.0
7f9c138ca000-7f9c138cb000 rw-p 00000000 00:00 0 
7f9c138cb000-7f9c13903000 r-xp 00000000 87:f0 17438                      /usr/lib64/libmount.so.1.1.0
7f9c13903000-7f9c13b02000 ---p 00038000 87:f0 17438                      /usr/lib64/libmount.so.1.1.0
7f9c13b02000-7f9c13b03000 r--p 00037000 87:f0 17438                      /usr/lib64/libmount.so.1.1.0
7f9c13b03000-7f9c13b04000 rw-p 00038000 87:f0 17438                      /usr/lib64/libmount.so.1.1.0
7f9c13b04000-7f9c13b05000 rw-p 00000000 00:00 0 
7f9c13b05000-7f9c13b09000 r-xp 00000000 87:f0 16194                      /usr/lib64/libSegFault.so
7f9c13b09000-7f9c13d08000 ---p 00004000 87:f0 16194                      /usr/lib64/libSegFault.so
7f9c13d08000-7f9c13d09000 r--p 00003000 87:f0 16194                      /usr/lib64/libSegFault.so
7f9c13d09000-7f9c13d0a000 rw-p 00004000 87:f0 16194                      /usr/lib64/libSegFault.so
7f9c13d0a000-7f9c13d2b000 r-xp 00000000 87:f0 16190                      /usr/lib64/ld-2.17.so
7f9c13f22000-7f9c13f2a000 rw-p 00000000 00:00 0 
7f9c13f2a000-7f9c13f2b000 r--p 00020000 87:f0 16190                      /usr/lib64/ld-2.17.so
7f9c13f2b000-7f9c13f2c000 rw-p 00021000 87:f0 16190                      /usr/lib64/ld-2.17.so
7f9c13f2c000-7f9c13f2d000 rw-p 00000000 00:00 0 
7f9c13f2d000-7f9c13f33000 r-xp 00000000 87:f0 16756                      /usr/bin/umount
7f9c14133000-7f9c14134000 r--p 00006000 87:f0 16756                      /usr/bin/umount
7f9c14134000-7f9c14135000 rw-p 00007000 87:f0 16756                      /usr/bin/umount
7f9c15367000-7f9c15388000 rw-p 00000000 00:00 0                          [heap]
7fff0a85d000-7fff0a87e000 rw-p 00000000 00:00 0                          [stack]
7fff0a8f8000-7fff0a8fa000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
libguestfs: trace: internal_autosync = -1 (error)
libguestfs: trace: shutdown = -1 (error)
internal_autosync: umount: /sysroot/mp110: *** Segmentation fault
Register dump:
 RAX: 000000000000002f   RBX: 0000000000000075   RCX: 00007f9c138f909d
 RDX: fffffffffffffe40   RSI: 00007f9c13267080   RDI: 0000000000000030
 RBP: 00007fff0a87b1a0   R8 : 00007f9c13012a40   R9 : 0000000000000000
 R10: 00007fff0a87b170   R11: 00007f9c12f15b50   R12: 0000000000000001
 R13: 0000000000000002   R14: 00007fff0a87b1b0   R15: 00007f9c138f909e
 RSP: 00007fff0a87aec0
 RIP: 00007f9c12f0479f   EFLAGS: 00000202
 CS: 0033   FS: 0000   GS: 0000
 Trap: 0000000e   Error: 00000004   OldMask: 00000000   CR2: 0000002f
 FPUCW: 0000037f   FPUSW: 00000000   TAG: 00000000
 RIP: 00000000   RDP: 00000000
 ST(0) 0000 0000000000000000   ST(1) 0000 0000000000000000
 ST(2) 0000 0000000000000000   ST(3) 0000 0000000000000000
 ST(4) 0000 0000000000000000   ST(5) 0000 0000000000000000
 ST(6) 0000 0000000000000000   ST(7) 0000 0000000000000000
 mxcsr: 1f80
 XMM0:  000000000000000000000000ffff0000 XMM1:  000000000000000000000000ffff0000
 XMM2:  000000000000000000000000ffff0000 XMM3:  000000000000000000000000ffff0000
 XMM4:  000000000000000000000000ffff0000 XMM5:  000000000000000000000000ffff0000
 XMM6:  000000000000000000000000ffff0000 XMM7:  000000000000000000000000ffff0000
 XMM8:  000000000000000000000000ffff0000 XMM9:  000000000000000000000000ffff0000
 XMM10: 000000000000000000000000ffff0000 XMM11: 000000000000000000000000ffff0000
 XMM12: 000000000000000000000000ffff0000 XMM13: 000000000000000000000000ffff0000
 XMM14: 000000000000000000000000ffff0000 XMM15: 000000000000000000000000ffff0000
Backtrace:
/lib64/libc.so.6(_IO_vfscanf+0x58f)[0x7f9c12f0479f]
/lib64/libc.so.6(vsscanf+0x67)[0x7f9c12f1b767]
/lib64/libc.so.6(_IO_sscanf+0x87)[0x7f9c12f15bd7]
/lib64/libmount.so.1(+0x1b308)[0x7f9c138e6308]
/lib64/libmount.so.1(mnt_table_parse_stream+0xbd)[0x7f9c138e6f7d]
/lib64/libmount.so.1(mnt_table_parse_file+0x39)[0x7f9c138e74a9]
/lib64/libmount.so.1(mnt_table_parse_mtab+0x46)[0x7f9c138e7986]
/lib64/libmount.so.1(mnt_context_get_mtab+0xed)[0x7f9c138d683d]
/lib64/libmount.so.1(mnt_context_find_umount_fs+0x73)[0x7f9c138dc913]
/lib64/libmount.so.1(mnt_context_prepare_umount+0xd7)[0x7f9c138dcf67]
/lib64/libmount.so.1(mnt_context_umount+0x48)[0x7f9c138de3f8]
umount(+0x3c57)[0x7f9c13f30c57]
umount(+0x3251)[0x7f9c13f30251]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7f9c12eceb75]
umount(+0x34b5)[0x7f9c13f304b5]
Memory map:
7f9c12613000-7f9c12628000 r-xp 00000000 87:f0 16218                      /usr/lib64/libgcc_s-4.8.0-20130322.so.1
7f9c12628000-7f9c12827000 ---p 00015000 87:f0 16218                      /usr/lib64/libgcc_s-4.8.0-20130322.so.1
7f9c12827000-7f9c12828000 r--p 00014000 87:f0 16218                      /usr/lib64/libgcc_s-4.8.0-20130322.so.1
7f9c12828000-7f9c12829000 rw-p 00015000 87:f0 16218                      /usr/lib64/libgcc_s-4.8.0-20130322.so.1
7f9c12829000-7f9c1283f000 r-xp 00000000 87:f0 16259                      /usr/lib64/libpthread-2.17.so
7f9c1283f000-7f9c12a3f000 ---p 00016000 87:f0 16259                      /usr/lib64/libpthread-2.17.so
7f9c12a3f000-7f9c12a40000 r--p 00016000 87:f0 16259                      /usr/lib64/libpthread-2.17.so
7f9c12a40000-7f9c12a41000 rw-p 00017000 87:f0 16259                      /usr/lib64/libpthread-2.17.so
7f9c12a41000-7f9c12a45000 rw-p 00000000 00:00 0 
7f9c12a45000-7f9c12aa8000 r-xp 00000000 87:f0 17474                      /usr/lib64/libpcre.so.1.2.0
7f9c12aa8000-7f9c12ca7000 ---p 00063000 87:f0 17474                      /usr/lib64/libpcre.so.1.2.0
7f9c12ca7000-7f9c12ca8000 r--p 00062000 87:f0 17474                      /usr/lib64/libpcre.so.1.2.0
7f9c12ca8000-7f9c12ca9000 rw-p 00063000 87:f0 17474                      /usr/lib64/libpcre.so.1.2.0
7f9c12ca9000-7f9c12cac000 r-xp 00000000 87:f0 16216                      /usr/lib64/libdl-2.17.so
7f9c12cac000-7f9c12eab000 ---p 00003000 87:f0 16216                      /usr/lib64/libdl-2.17.so
7f9c12eab000-7f9c12eac000 r--p 00002000 87:f0 16216                      /usr/lib64/libdl-2.17.so
7f9c12eac000-7f9c12ead000 rw-p 00003000 87:f0 16216                      /usr/lib64/libdl-2.17.so
7f9c12ead000-7f9c13062000 r-xp 00000000 87:f0 16204                      /usr/lib64/libc-2.17.so
7f9c13062000-7f9c13262000 ---p 001b5000 87:f0 16204                      /usr/lib64/libc-2.17.so
7f9c13262000-7f9c13266000 r--p 001b5000 87:f0 16204                      /usr/lib64/libc-2.17.so
7f9c13266000-7f9c13268000 rw-p 001b9000 87:f0 16204                      /usr/lib64/libc-2.17.so
7f9c13268000-7f9c1326d000 rw-p 00000000 00:00 0 
7f9c1326d000-7f9c1328d000 r-xp 00000000 87:f0 17497                      /usr/lib64/libselinux.so.1
7f9c1328d000-7f9c1348c000 ---p 00020000 87:f0 17497                      /usr/lib64/libselinux.so.1
7f9c1348c000-7f9c1348d000 r--p 0001f000 87:f0 17497                      /usr/lib64/libselinux.so.1
7f9c1348d000-7f9c1348e000 rw-p 00020000 87:f0 17497                      /usr/lib64/libselinux.so.1
7f9c1348e000-7f9c13490000 rw-p 00000000 00:00 0 
7f9c13490000-7f9c13494000 r-xp 00000000 87:f0 17545                      /usr/lib64/libuuid.so.1.3.0
7f9c13494000-7f9c13693000 ---p 00004000 87:f0 17545                      /usr/lib64/libuuid.so.1.3.0
7f9c13693000-7f9c13694000 r--p 00003000 87:f0 17545                      /usr/lib64/libuuid.so.1.3.0
7f9c13694000-7f9c13695000 rw-p 00004000 87:f0 17545                      /usr/lib64/libuuid.so.1.3.0
7f9c13695000-7f9c136c6000 r-xp 00000000 87:f0 17291                      /usr/lib64/libblkid.so.1.1.0
7f9c136c6000-7f9c138c6000 ---p 00031000 87:f0 17291                      /usr/lib64/libblkid.so.1.1.0
7f9c138c6000-7f9c138c9000 r--p 00031000 87:f0 17291                      /usr/lib64/libblkid.so.1.1.0
7f9c138c9000-7f9c138ca000 rw-p 00034000 87:f0 17291                      /usr/lib64/libblkid.so.1.1.0
7f9c138ca000-7f9c138cb000 rw-p 00000000 00:00 0 
7f9c138cb000-7f9c13903000 r-xp 00000000 87:f0 17438                      /usr/lib64/libmount.so.1.1.0
7f9c13903000-7f9c13b02000 ---p 00038000 87:f0 17438                      /usr/lib64/libmount.so.1.1.0
7f9c13b02000-7f9c13b03000 r--p 00037000 87:f0 17438                      /usr/lib64/libmount.so.1.1.0
7f9c13b03000-7f9c13b04000 rw-p 00038000 87:f0 17438                      /usr/lib64/libmount.so.1.1.0
7f9c13b04000-7f9c13b05000 rw-p 00000000 00:00 0 
7f9c13b05000-7f9c13b09000 r-xp 00000000 87:f0 16194                      /usr/lib64/libSegFault.so
7f9c13b09000-7f9c13d08000 ---p 00004000 87:f0 16194                      /usr/lib64/libSegFault.so
7f9c13d08000-7f9c13d09000 r--p 00003000 87:f0 16194                      /usr/lib64/libSegFault.so
7f9c13d09000-7f9c13d0a000 rw-p 00004000 87:f0 16194                      /usr/lib64/libSegFault.so
7f9c13d0a000-7f9c13d2b000 r-xp 00000000 87:f0 16190                      /usr/lib64/ld-2.17.so
7f9c13f22000-7f9c13f2a000 rw-p 00000000 00:00 0 
7f9c13f2a000-7f9c13f2b000 r--p 00020000 87:f0 16190                      /usr/lib64/ld-2.17.so
7f9c13f2b000-7f9c13f2c000 rw-p 00021000 87:f0 16190                      /usr/lib64/ld-2.17.so
7f9c13f2c000-7f9c13f2d000 rw-p 00000000 00:00 0 
7f9c13f2d000-7f9c13f33000 r-xp 00000000 87:f0 16756                      /usr/bin/umount
7f9c14133000-7f9c14134000 r--p 00006000 87:f0 16756                      /usr/bin/umount
7f9c14134000-7f9c14135000 rw-p 00007000 87:f0 16756                      /usr/bin/umount
7f9c15367000-7f9c15388000 rw-p 00000000 00:00 0                          [heap]
7fff0a85d000-7fff0a87e000 rw-p 00000000 00:00 0                          [stack]
7fff0a8f8000-7fff0a8fa000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall] at /builddir/build/BUILD/libguestfs-1.21.25/tests/disks/test-max-disks.pl line 143.
libguestfs: trace: close
libguestfs: closing guestfs handle 0x8e4e30 (state 0)
libguestfs: command: run: rm
libguestfs: command: run: \ -rf /builddir/build/BUILD/libguestfs-1.21.25/tmp/libguestfsvAEmUf
max_disks is 255
/builddir/build/BUILD/libguestfs-1.21.25/run: command failed with exit code 2
FAIL: test-max-disks.pl

Comment 7 Richard W.M. Jones 2013-03-31 20:07:53 UTC

I just committed a fix for https://bugs.launchpad.net/qemu/+bug/1127369
to qemu in Rawhide.  Hopefully it will fix this issue ...

Comment 8 Karel Zak 2013-04-02 20:14:08 UTC

I'm not sure, but it seems like already fixed bug in libmount 2.23-rc1, fixed upstream and in f19:
https://github.com/karelzak/util-linux/commit/52a285bf4e8d3a78d7211694977f5894a748bdac

(I'm going to wait for -rc2 for rawhide.)

It would be nice to have output from

   LIBMOUNT_DEBUG=0xffff umount /sysroot/mp110

Comment 9 Fedora End Of Life 2013-04-03 15:50:21 UTC

This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle.
Changing version to '19'.

(As we did not run this process for some time, it could affect also pre-Fedora 19 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19

Comment 10 Richard W.M. Jones 2013-04-09 20:26:16 UTC

I'm going to close this on the basis that we've not seen
it since various fixes for qemu were pushed upstream, so
it was likely to have been a TCG problem rather than a real
bug in anything.

Note You need to log in before you can comment on or make changes to this bug.