Ubuntu
libvirt package

Memory overwritten in qemuProcessReadLog triggers SIGABRT to termiante libvirtd

Bug #1654542 reported by Gavin Guo
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libvirt (Ubuntu)
New
Undecided
Unassigned

Bug Description

The call trace can be observed by bt in the gdb with the coredump of libvirtd:
$ gdb /usr/sbin/libvirtd core.compute-0-1.domain.tld.1480020436.libvirtd.26138
(gdb) bt
#0 0x00007f856dddec37 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007f856dde2028 in __GI_abort () at abort.c:89
#2 0x00007f856de1b2a4 in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7f856df296b0 "*** Error in `%s': %s: 0x%s ***\n")
    at ../sysdeps/posix/libc_fatal.c:175
#3 0x00007f856de25ff7 in malloc_printerr (action=<optimized out>, str=0x7f856df25905 "realloc(): invalid next size", ptr=<optimized out>)
    at malloc.c:4996
#4 0x00007f856de29827 in _int_realloc (av=<optimized out>, oldp=0x7f8538032060, oldsize=<optimized out>, nb=<optimized out>) at malloc.c:4234
#5 0x00007f856de2aed9 in __GI___libc_realloc (oldmem=0x7f8538032070, bytes=2327) at malloc.c:3029
#6 0x00007f856e7f8350 in virReallocN (ptrptr=ptrptr@entry=0x7f8563ad7460, size=size@entry=1, count=count@entry=2327, report=report@entry=false,
    domcode=domcode@entry=0, filename=filename@entry=0x0, funcname=funcname@entry=0x0, linenr=linenr@entry=0) at ../../../src/util/viralloc.c:245
#7 0x00007f85580cdc56 in qemuProcessReadLog (msg=0x7f8563ad7458, logCtxt=0x7f8538032987) at ../../../src/qemu/qemu_process.c:1684
#8 qemuProcessReportLogError (logCtxt=logCtxt@entry=0x7f8538024700, msgprefix=0x7f8558159550 "process exited while connecting to monitor")
    at ../../../src/qemu/qemu_process.c:1696
#9 0x00007f85580cdfa8 in qemuProcessWaitForMonitor (driver=driver@entry=0x7f85501106d0, vm=vm@entry=0x7f853c023000, asyncJob=asyncJob@entry=6,
    qemuCaps=0x7f853801d890, logCtxt=logCtxt@entry=0x7f8538024700) at ../../../src/qemu/qemu_process.c:1957
#10 0x00007f85580d269b in qemuProcessLaunch (conn=conn@entry=0x7f8538000a30, driver=driver@entry=0x7f85501106d0, vm=vm@entry=0x7f853c023000,
    asyncJob=asyncJob@entry=QEMU_ASYNC_JOB_START, incoming=incoming@entry=0x0, snapshot=snapshot@entry=0x0,
    vmop=vmop@entry=VIR_NETDEV_VPORT_PROFILE_OP_CREATE, flags=flags@entry=3) at ../../../src/qemu/qemu_process.c:4955
#11 0x00007f85580d60a9 in qemuProcessStart (conn=conn@entry=0x7f8538000a30, driver=driver@entry=0x7f85501106d0, vm=vm@entry=0x7f853c023000,
    asyncJob=asyncJob@entry=QEMU_ASYNC_JOB_START, migrateFrom=migrateFrom@entry=0x0, migrateFd=migrateFd@entry=-1, migratePath=migratePath@entry=0x0,
    snapshot=snapshot@entry=0x0, vmop=vmop@entry=VIR_NETDEV_VPORT_PROFILE_OP_CREATE, flags=flags@entry=3) at ../../../src/qemu/qemu_process.c:5152
#12 0x00007f8558136518 in qemuDomainObjStart (conn=0x7f8538000a30, driver=driver@entry=0x7f85501106d0, vm=0x7f853c023000, flags=flags@entry=1,
    asyncJob=QEMU_ASYNC_JOB_START) at ../../../src/qemu/qemu_driver.c:7396
#13 0x00007f8558136c56 in qemuDomainCreateWithFlags (dom=0x7f8538006ed0, flags=1) at ../../../src/qemu/qemu_driver.c:7450
#14 0x00007f856e91f7cd in virDomainCreateWithFlags (domain=domain@entry=0x7f8538006ed0, flags=1) at ../../../src/libvirt-domain.c:6816
#15 0x0000559ab0a8b6be in remoteDispatchDomainCreateWithFlags (server=0x559ab225ee90, msg=0x559ab227c350, ret=0x7f8538014090, args=0x7f8538014440,
    rerr=0x7f8563ad7c30, client=<optimized out>) at ../../../daemon/remote_dispatch.h:3698
#16 remoteDispatchDomainCreateWithFlagsHelper (server=0x559ab225ee90, client=<optimized out>, msg=0x559ab227c350, rerr=0x7f8563ad7c30,
    args=0x7f8538014440, ret=0x7f8538014090) at ../../../daemon/remote_dispatch.h:3673
#17 0x00007f856e992872 in virNetServerProgramDispatchCall (msg=0x559ab227c350, client=0x559ab2279cf0, server=0x559ab225ee90, prog=0x559ab22763c0)
    at ../../../src/rpc/virnetserverprogram.c:437
#18 virNetServerProgramDispatch (prog=0x559ab22763c0, server=server@entry=0x559ab225ee90, client=0x559ab2279cf0, msg=0x559ab227c350)
    at ../../../src/rpc/virnetserverprogram.c:307
#19 0x00007f856e98cdcd in virNetServerProcessMsg (msg=<optimized out>, prog=<optimized out>, client=<optimized out>, srv=0x559ab225ee90)
    at ../../../src/rpc/virnetserver.c:135
#20 virNetServerHandleJob (jobOpaque=<optimized out>, opaque=0x559ab225ee90) at ../../../src/rpc/virnetserver.c:156
#21 0x00007f856e864745 in virThreadPoolWorker (opaque=opaque@entry=0x559ab2251490) at ../../../src/util/virthreadpool.c:145
#22 0x00007f856e8636d8 in virThreadHelper (data=<optimized out>) at ../../../src/util/virthread.c:206
#23 0x00007f856e175184 in start_thread (arg=0x7f8563ad8700) at pthread_create.c:312
#24 0x00007f856dea237d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Tags: sts
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.