1003829 – Python bindings segmentation fault with LXC enter namespace API

Bug 1003829 - Python bindings segmentation fault with LXC enter namespace API

Summary: Python bindings segmentation fault with LXC enter namespace API

Keywords:
Status:	CLOSED DUPLICATE of bug 1002558
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	libvirt
Sub Component:
Version:	7.0
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Daniel Berrangé
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-09-03 10:07 UTC by Alex Jia
Modified:	2013-09-20 12:05 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-09-20 12:05:51 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Alex Jia 2013-09-03 10:07:21 UTC

Description of problem:
Segmentation fault when LXC guest enter namespace, not sure the libvirt will fix this, it seems this is a python component bug not libvirt, so please move it to python component if needs.

Version-Release number of selected component (if applicable):
# rpm -q libvirt-python python libvirt-sandbox kernel
libvirt-python-1.1.1-3.el7.x86_64
python-2.7.5-7.el7.x86_64
libvirt-sandbox-0.5.0-3.el7.x86_64
kernel-3.10.0-0.rc7.64.el7.x86_64

How reproducible:
always

Steps to Reproduce:

[root@localhost ~]# virt-sandbox -c lxc:/// /bin/sh
sh-4.2# 

[root@localhost ~]# python
Python 2.7.5 (default, Aug 20 2013, 06:42:55) 
[GCC 4.8.1 20130814 (Red Hat 4.8.1-6)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import libvirt_lxc
>>> con = libvirt_lxc.libvirt.open('lxc:///')
>>> dom = con.lookupByName('sandbox')
>>> fd = libvirt_lxc.lxcOpenNamespace(dom, 0)
>>> fd


Actual results:

>>> import libvirt_lxc
>>> con = libvirt_lxc.libvirt.open('lxc:///')
>>> dom = con.lookupByName('sandbox')
>>> fd = libvirt_lxc.lxcOpenNamespace(dom, 0)
>>> fd
Segmentation fault (core dumped)

Expected results:
no segmentation fault.

Additional info:

valgrind defects memory error, it looks like a python component bug.

==20257== 1 errors in context 1 of 464:
==20257== Invalid read of size 8
==20257==    at 0x3EF4A73DAB: ??? (in /usr/lib64/libpython2.7.so.1.0)
==20257==    by 0x3EF4A8394E: ??? (in /usr/lib64/libpython2.7.so.1.0)
==20257==    by 0x3EF4A66CAA: PyFile_WriteObject (in /usr/lib64/libpython2.7.so.1.0)
==20257==    by 0x3EF4ADC48B: PyEval_EvalFrameEx (in /usr/lib64/libpython2.7.so.1.0)
==20257==    by 0x3EF4ADEC7C: PyEval_EvalCodeEx (in /usr/lib64/libpython2.7.so.1.0)
==20257==    by 0x3EF4ADED81: PyEval_EvalCode (in /usr/lib64/libpython2.7.so.1.0)
==20257==    by 0x3EF4AF78AE: ??? (in /usr/lib64/libpython2.7.so.1.0)
==20257==    by 0x3EF4AF89CD: PyRun_FileExFlags (in /usr/lib64/libpython2.7.so.1.0)
==20257==    by 0x3EF4AF9B38: PyRun_SimpleFileExFlags (in /usr/lib64/libpython2.7.so.1.0)
==20257==    by 0x3EF4B0A66E: Py_Main (in /usr/lib64/libpython2.7.so.1.0)
==20257==    by 0x3E4A821B74: (below main) (in /usr/lib64/libc-2.17.so)
==20257==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==20257==
==20257==
==20257== 1 errors in context 2 of 464:
==20257== Conditional jump or move depends on uninitialised value(s)
==20257==    at 0x3E4A41850B: index (in /usr/lib64/ld-2.17.so)
==20257==    by 0x3E4A4079B3: expand_dynamic_string_token (in /usr/lib64/ld-2.17.so)
==20257==    by 0x3E4A4084D7: _dl_map_object (in /usr/lib64/ld-2.17.so)
==20257==    by 0x3E4A40160D: map_doit (in /usr/lib64/ld-2.17.so)
==20257==    by 0x3E4A40F303: _dl_catch_error (in /usr/lib64/ld-2.17.so)
==20257==    by 0x3E4A400E8D: do_preload (in /usr/lib64/ld-2.17.so)
==20257==    by 0x3E4A404284: dl_main (in /usr/lib64/ld-2.17.so)
==20257==    by 0x3E4A4161F9: _dl_sysdep_start (in /usr/lib64/ld-2.17.so)
==20257==    by 0x3E4A404D93: _dl_start (in /usr/lib64/ld-2.17.so)
==20257==    by 0x3E4A401427: ??? (in /usr/lib64/ld-2.17.so)
==20257==    by 0x1: ???
==20257==    by 0x7FF00078E: ???
==20257==  Uninitialised value was created by a stack allocation
==20257==    at 0x3E4A404214: dl_main (in /usr/lib64/ld-2.17.so)
==20257==
==20257==
==20257== 1 errors in context 3 of 464:
==20257== Conditional jump or move depends on uninitialised value(s)
==20257==    at 0x3E4A418506: index (in /usr/lib64/ld-2.17.so)
==20257==    by 0x3E4A4079B3: expand_dynamic_string_token (in /usr/lib64/ld-2.17.so)
==20257==    by 0x3E4A4084D7: _dl_map_object (in /usr/lib64/ld-2.17.so)
==20257==    by 0x3E4A40160D: map_doit (in /usr/lib64/ld-2.17.so)
==20257==    by 0x3E4A40F303: _dl_catch_error (in /usr/lib64/ld-2.17.so)
==20257==    by 0x3E4A400E8D: do_preload (in /usr/lib64/ld-2.17.so)
==20257==    by 0x3E4A404284: dl_main (in /usr/lib64/ld-2.17.so)
==20257==    by 0x3E4A4161F9: _dl_sysdep_start (in /usr/lib64/ld-2.17.so)
==20257==    by 0x3E4A404D93: _dl_start (in /usr/lib64/ld-2.17.so)
==20257==    by 0x3E4A401427: ??? (in /usr/lib64/ld-2.17.so)
==20257==    by 0x1: ???
==20257==    by 0x7FF00078E: ???
==20257==  Uninitialised value was created by a stack allocation
==20257==    at 0x3E4A404214: dl_main (in /usr/lib64/ld-2.17.so)

Comment 2 Daniel Berrangé 2013-09-09 13:39:34 UTC

Fixed upstream by

commit c26181495f3c98870d0794052246718f5d3d8dd6
Author: Guan Qiang <hzguanqiang.com>
Date:   Thu Aug 29 19:02:25 2013 +0800

    python: Fix a PyList usage mistake

Comment 3 Daniel Berrangé 2013-09-20 12:05:51 UTC


*** This bug has been marked as a duplicate of bug 1002558 ***

Note You need to log in before you can comment on or make changes to this bug.