Segmentation fault on ".conf" file in /etc/init

Confirmed this just now on the latest upstart in natty

Confirmed; interestingly this doesn't seem to cause a kernel panic if the file already exists on startup, just on first creation.

The attached patch adds test cases to check for this case, along with a simpler similar test case for a file missing the ".conf" extension (which is tested elsewhere, but always worth checking again).

This shows that the failure is an assertion:

test:job_class.c:153: Assertion failed in job_class_new: strlen (name) > 0

The backtrace in the inotify case is:

#2 0x0000000000421e92 in job_class_new (parent=0x0, name=0x6494d0 "")
    at job_class.c:153
#3 0x000000000042d029 in parse_job (parent=0x0, name=0x6494d0 "",
    file=0x647390 "exec echo\nd", len=10, pos=0x7fffffff6ad8,
    lineno=0x7fffffff6ad0) at parse_job.c:297
#4 0x0000000000433e2b in conf_reload_path (source=0x6470d0,
    path=0x647460 "/tmp/test_conf.c-test_source_reload_job_dir-1053-11500/.conf") at conf.c:747
#5 0x00000000004337d3 in conf_create_modify_handler (source=0x6470d0,
    watch=0x648800,
    path=0x647460 "/tmp/test_conf.c-test_source_reload_job_dir-1053-11500/.conf", statbuf=0x7fffffff6bb0) at conf.c:563

And likewise in the non-inotify case there is a similar backtrace:

#2 0x000000000042123a in job_class_new (parent=0x0, name=0x6466f0 "")
    at job_class.c:153
#3 0x000000000042c3d1 in parse_job (parent=0x0, name=0x6466f0 "",
    file=0x6476a0 "exec echo\nd", len=10, pos=0x7fffffff6ad8,
    lineno=0x7fffffff6ad0) at parse_job.c:297
#4 0x00000000004331d3 in conf_reload_path (source=0x6460d0,
    path=0x6473a0 "/tmp/test_conf.c-test_source_reload_job_dir-1585-11614/.conf") at conf.c:747
#5 0x0000000000432e90 in conf_file_visitor (source=0x6460d0,
    dirname=0x646180 "/tmp/test_conf.c-test_source_reload_job_dir-1585-11614",
    path=0x6473a0 "/tmp/test_conf.c-test_source_reload_job_dir-1585-11614/.conf", statbuf=0x7fffffff6ba0) at conf.c:647
#6 0x00007ffff7bd17b1 in ?? () from //lib/libnih.so.1
#7 0x00007ffff7bd1aef in nih_dir_walk () from //lib/libnih.so.1
#8 0x00000000004327d2 in conf_source_reload_dir (source=0x6460d0)
    at conf.c:439
#9 0x000000000043229c in conf_source_reload (source=0x6460d0) at conf.c:282

The reason it doesn't cause a panic on the reboot is because the file doesn't actually get to the filesystem! If it did, you wouldn't be able to boot again.

The best fix is in the filter, since it covers both.

As well as just checking that there is a ".conf" extension, make sure that the previous character isn't "/"

http://bazaar.launchpad.net/~upstart-devel/upstart/trunk/revision/1260

It must be a race between the metadata comitting to the fs and the segfault because the vm I tested this on is un-bootable without init=/bin/bash now.

On Feb 17, 2011, at 3:07 PM, Scott James Remnant <email address hidden> wrote:

> The reason it doesn't cause a panic on the reboot is because the file
> doesn't actually get to the filesystem! If it did, you wouldn't be able
> to boot again.
>
> --
> You received this bug notification because you are a direct subscriber
> of the bug.
> https://bugs.launchpad.net/bugs/720573
>
> Title:
> Segmentation fault on ".conf" file in /etc/init
>
> Status in Upstart:
> In Progress
> Status in “upstart” package in Ubuntu:
> Confirmed
>
> Bug description:
> Just create empty ".conf" file in /etc/init , and kernel panic occur
> "attempting to kill init"
>
> To unsubscribe from this bug, go to:
> https://bugs.launchpad.net/upstart/+bug/720573/+subscribe

Note that the fix for this bug in Upstart 1.3 protects against ".conf" and ".override".

Upstart 1.3 is in Ubuntu oneiric.