[Pkg-libvirt-maintainers] Bug#769600: libvirt-daemon - null pointer deref in libvirt_lxc

Bastian Blank waldi at debian.org
Fri Nov 14 21:58:54 UTC 2014 

Package: libvirt-daemon
Version: 1.2.9-4
Severity: serious

libvirt_lxc dies with null pointer access almost immediately.

Kernel log shows:
| libvirt_lxc[5030]: segfault at 0 ip 00007fe434292fb6 sp 00007fe43851ddf8 error 4 in libc-2.19.so[7fe43416e000+19f000]

strace shows:
| access("/sbin/init", F_OK)              = 0
| --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0} ---
| +++ killed by SIGSEGV (core dumped) +++

The core file shows:
| #0  0x00007fabd5168fb6 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
| #1  0x00007fabd87cabd9 in lxcContainerGetNetDef (vmDef=<optimized out>, vmDef=<optimized out>, devName=<optimized out>)
|     at ../../../src/lxc/lxc_container.c:476
| #2  lxcContainerRenameAndEnableInterfaces (veths=<optimized out>, nveths=<optimized out>, vmDef=<optimized out>)
|     at ../../../src/lxc/lxc_container.c:506
| #3  lxcContainerChild (data=0x7fabda1212b0) at ../../../src/lxc/lxc_container.c:2127
| #4  0x00007fabd5129ccd in clone () from /lib/x86_64-linux-gnu/libc.so.6

| (gdb) f 1
| #1  0x00007fabd87cabd9 in lxcContainerGetNetDef (vmDef=<optimized out>, vmDef=<optimized out>, devName=<optimized out>)
|     at ../../../src/lxc/lxc_container.c:476
| 476     ../../../src/lxc/lxc_container.c: No such file or directory.
| (gdb) info locals
| i = 0
| netDef = 0x7fabda13bde0
| (gdb) p netDef
| $1 = (virDomainNetDefPtr) 0x7fabda13bde0
| (gdb) p *netDef.ifname_guest_actual
| Cannot access memory at address 0x0

Relevant vm config:

| <domain type='lxc'>
|   <name>example</name>
|   <uuid>e315c3e7-e257-4635-a9a0-75e4cd909fa0</uuid>
|   <memory unit='KiB'>500000</memory>
|   <currentMemory unit='KiB'>500000</currentMemory>
|   <vcpu placement='static'>1</vcpu>
|   <resource>
|     <partition>/machine</partition>
|   </resource>
|   <os>
|     <type arch='x86_64'>exe</type>
|     <init>/sbin/init</init>
|   </os>
|   <clock offset='utc'/>
|   <on_poweroff>destroy</on_poweroff>
|   <on_reboot>restart</on_reboot>
|   <on_crash>destroy</on_crash>
|   <devices>
|     <emulator>/usr/lib/libvirt/libvirt_lxc</emulator>
|     <filesystem type='mount' accessmode='passthrough'>
|       <source dir='/vm'/>
|       <target dir='/'/>
|     </filesystem>
|     <interface type='direct'>
|       <mac address='52:54:00:f3:21:f9'/>
|       <source dev='eth0' mode='private'/>
|     </interface>
|     <console type='pty'>
|       <target type='lxc' port='0'/>
|     </console>
|   </devices>
| </domain>

Bastian

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

More information about the Pkg-libvirt-maintainers mailing list