Package: libvirt-bin Version: 0.9.12-11+deb7u1 Severity: normal Tags: patch
Hello, >From time to time I get a segfault in virUUIDParse, with the following stack trace: (gdb) bt #0 virUUIDParse (uuidstr=0x4 <Address 0x4 out of bounds>, uuid=uuid@entry=0x7fffc1ebe700 "g5\036\311\003\006\347\\\335\300\376M\327\373\311\343`") at /build/libvirt-FsA54o/libvirt-0.9.12/./src/util/uuid.c:139 #1 0x00007f0eaa281485 in xenStoreDomainGetUUID conn=conn@entry=0x12546f0, id=<optimized out>, uuid=uuid@entry=0x7fffc1ebe700 "g5\036\311\003\006\347\\\335\300\376M\327\373\311\343`") at /build/libvirt-FsA54o/libvirt-0.9.12/./src/xen/xs_internal.c:1114 #2 0x00007f0eaa2815cf in xenStoreDomainIntroduced (conn=0x12546f0, path=<optimized out>, token=<optimized out>, opaque=0x1254810) at /build/libvirt-FsA54o/libvirt-0.9.12/./src/xen/xs_internal.c:1360 #3 0x00007f0eaa27ffdb in xenStoreWatchEvent (watch=<optimized out>, fd=<optimized out>, events=<optimized out>, data=0x12546f0) at /build/libvirt-FsA54o/libvirt-0.9.12/./src/xen/xs_internal.c:1300 #4 0x00007f0eaa189e7e in virEventPollDispatchHandles (fds=<optimized out>, nfds=<optimized out>) at /build/libvirt-FsA54o/libvirt-0.9.12/./src/util/event_poll.c:490 #5 virEventPollRunOnce () at /build/libvirt-FsA54o/libvirt-0.9.12/./src/util/event_poll.c:637 #6 0x00007f0eaa1888b7 in virEventRunDefaultImpl () at /build/libvirt-FsA54o/libvirt-0.9.12/./src/util/event.c:247 #7 0x00007f0eaa25cd7d in virNetServerRun (srv=0xd9fa00) at /build/libvirt-FsA54o/libvirt-0.9.12/./src/rpc/virnetserver.c:712 #8 0x0000000000423ab1 in main (argc=<optimized out>, argv=<optimized out>) at /build/libvirt-FsA54o/libvirt-0.9.12/./daemon/libvirtd.c:1138 (gdb) f 1 #1 0x00007f0eaa281485 in xenStoreDomainGetUUID (conn=conn@entry=0x12546f0, id=<optimized out>, uuid=uuid@entry=0x7fffc1ebe700 "g5\036\311\003\006\347\\\335\300\376M\327\373\311\343`") at /build/libvirt-FsA54o/libvirt-0.9.12/./src/xen/xs_internal.c:1114 1114 ret = virUUIDParse(uuidstr + 4, uuid); (gdb) list 1109 /* This will return something like 1110 * /vm/00000000-0000-0000-0000-000000000000 */ 1111 uuidstr = xs_read(priv->xshandle, 0, prop, &len); 1112 1113 /* remove "/vm/" */ 1114 ret = virUUIDParse(uuidstr + 4, uuid); 1115 1116 VIR_FREE(uuidstr); 1117 1118 return ret; xs_read() returns NULL and the surrounding code fails to check for this. The bug happens maybe once a week on various hosts, and I'm not sure how to reproduce it. It might be triggered by our management tools using libvirt while another instace is being created/destroyed (i.e. some kind of race condition). For a quick glance to the latest code I think this might happend there too. Regardless of the cause, xs_read can return NULL so the code should check before using the resulting pointer: --- libvirt-0.9.12.orig/src/xen/xs_internal.c +++ libvirt-0.9.12/src/xen/xs_internal.c @@ -1109,6 +1109,8 @@ int xenStoreDomainGetUUID(virConnectPtr /* This will return something like * /vm/00000000-0000-0000-0000-000000000000 */ uuidstr = xs_read(priv->xshandle, 0, prop, &len); + if (uuidstr == NULL) + return -errno; /* remove "/vm/" */ ret = virUUIDParse(uuidstr + 4, uuid); What do you think? Thanks, Luca -- System Information: Debian Release: 7.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libvirt-bin depends on: ii adduser 3.113+nmu3 ii gettext-base 0.18.1.1-9 ii libavahi-client3 0.6.31-2 ii libavahi-common3 0.6.31-2 ii libblkid1 2.20.1-5.3 ii libc6 2.13-38 ii libcap-ng0 0.6.6-2 ii libdbus-1-3 1.6.8-1+deb7u1 ii libdevmapper1.02.1 2:1.02.74-7 ii libgcrypt11 1.5.0-5 ii libgnutls26 2.12.20-7 ii libnetcf1 0.1.9-2 ii libnl1 1.1-7 ii libnuma1 2.0.8~rc4-1 ii libparted0debian1 2.3-12 ii libpcap0.8 1.3.0-1 ii libpciaccess0 0.13.1-2 ii libreadline6 6.2+dfsg-0.1 ii libsasl2-2 2.1.25.dfsg1-6+deb7u1 ii libudev0 175-7.2 ii libvirt0 0.9.12-11+deb7u1 ii libxenstore3.0 4.1.4-3+deb7u1 ii libxml2 2.8.0+dfsg1-7+nmu1 ii libyajl2 2.0.4-2 ii logrotate 3.8.1-4 Versions of packages libvirt-bin recommends: ii bridge-utils 1.5-6 ii dmidecode 2.11-9 ii dnsmasq-base 2.62-3+deb7u1 ii ebtables 2.0.10.4-1 ii gawk 1:4.0.1+dfsg-2.1 ii iproute 20120521-3+b3 ii iptables 1.4.14-3.1 ii libxml2-utils 2.8.0+dfsg1-7+nmu1 ii netcat-openbsd 1.105-7 ii parted 2.3-12 ii qemu 1.1.2+dfsg-6a ii qemu-kvm 1.1.2+dfsg-6 Versions of packages libvirt-bin suggests: ii policykit-1 0.105-3 pn radvd <none> -- Configuration Files: /etc/default/libvirt-bin changed: ulimit -c unlimited start_libvirtd="yes" libvirtd_opts="-d" -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org