1202576 – libvirtd segfault on ncf_num_of_interfaces on null pointer

Bug 1202576 - libvirtd segfault on ncf_num_of_interfaces on null pointer

Summary: libvirtd segfault on ncf_num_of_interfaces on null pointer

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Virtualization Tools
Classification:	Community
Component:	libvirt
Sub Component:
Version:	unspecified
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Libvirt Maintainers
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-03-16 23:22 UTC by Pieter Hollants
Modified:	2016-04-10 20:43 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-04-10 20:43:48 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Pieter Hollants 2015-03-16 23:22:13 UTC

Out of a sudden libvirtd 1.2.13 keeps segfaulting whenever a connection is being established. gdb shows this is due to a null pointer:

e6400:/home/pief # libvirtd --version
libvirtd (libvirt) 1.2.13
e6400:/home/pief # gdb libvirtd
GNU gdb (GDB; openSUSE 13.2) 7.8
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-suse-linux".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://bugs.opensuse.org/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...

warning: /etc/gdbinit.d/gdb-heap.py: No such file or directory
Reading symbols from libvirtd...Reading symbols from /usr/lib/debug/usr/sbin/libvirtd.debug...done.
done.
(gdb) run
Starting program: /usr/sbin/libvirtd 
Got object file from memory but can't read symbols: File truncated.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x7fffef60e700 (LWP 4992)]
[New Thread 0x7fffeee0d700 (LWP 4993)]
[New Thread 0x7fffee60c700 (LWP 4994)]
[New Thread 0x7fffede0b700 (LWP 4995)]
[New Thread 0x7fffed60a700 (LWP 4996)]
[New Thread 0x7fffece09700 (LWP 4997)]
[New Thread 0x7fffec608700 (LWP 4998)]
[New Thread 0x7fffebe07700 (LWP 4999)]
[New Thread 0x7fffeb606700 (LWP 5000)]
[New Thread 0x7fffeae05700 (LWP 5001)]
[New Thread 0x7fffe686a700 (LWP 5002)]
[New Thread 0x7fffe6069700 (LWP 5003)]
[Thread 0x7fffe6069700 (LWP 5003) exited]
[Thread 0x7fffe686a700 (LWP 5002) exited]
[New Thread 0x7fffe686a700 (LWP 5004)]
Detaching after fork from child process 5005.
Detaching after fork from child process 5006.
Detaching after fork from child process 5007.
2015-03-16 23:17:27.086+0000: 5004: info : libvirt version: 1.2.13
2015-03-16 23:17:27.086+0000: 5004: warning : netcfStateInitialize:137 : Failed to initialize netcontrol.  Continuing with network interface management features disabled
Detaching after fork from child process 5008.
Detaching after fork from child process 5009.
Detaching after fork from child process 5010.
Detaching after fork from child process 5011.
Detaching after fork from child process 5012.
Detaching after fork from child process 5013.
Detaching after fork from child process 5014.
Detaching after fork from child process 5015.
Detaching after fork from child process 5016.
Detaching after fork from child process 5017.
[Thread 0x7fffe686a700 (LWP 5004) exited]
2015-03-16 23:17:32.913+0000: 4994: warning : virObjectLock:319 : Object (nil) ((unknown)) is not a virObjectLockable instance

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffee60c700 (LWP 4994)]
0x00007fffea1ce205 in netcfConnectListAllInterfaces (conn=0x7fffd00009a0, ifaces=0x7fffee60bb18, flags=2)
    at interface/interface_backend_netcf.c:601
601	    count = ncf_num_of_interfaces(driver->netcf, NETCF_IFACE_ACTIVE |
Missing separate debuginfos, use: zypper install VirtualBox-4.3-debuginfo-4.3.24_98716_openSUSE123-1.x86_64 cyrus-sasl-crammd5-debuginfo-2.1.26-7.2.1.x86_64 cyrus-sasl-debuginfo-2.1.26-7.2.1.x86_64 cyrus-sasl-digestmd5-debuginfo-2.1.26-7.2.1.x86_64 cyrus-sasl-gssapi-debuginfo-2.1.26-7.2.1.x86_64 cyrus-sasl-plain-debuginfo-2.1.26-7.2.1.x86_64 device-mapper-debuginfo-1.02.78-20.2.2.x86_64 gnome-keyring-debuginfo-3.14.0-1.1.x86_64 krb5-debuginfo-1.12.2-6.1.x86_64 libapparmor1-debuginfo-2.9.1-4.1.x86_64 libaudit1-debuginfo-2.4-1.3.x86_64 libavahi-client3-debuginfo-0.6.31-23.1.4.x86_64 libavahi-common3-debuginfo-0.6.31-23.1.4.x86_64 libblkid1-debuginfo-2.25.1-13.1.x86_64 libbz2-1-debuginfo-1.0.6-29.2.7.x86_64 libcom_err2-debuginfo-1.42.12-4.1.x86_64 libcurl4-debuginfo-7.40.0-4.1.x86_64 libdb-4_8-debuginfo-4.8.30-29.1.2.x86_64 libdbus-1-3-debuginfo-1.8.16-16.1.x86_64 libffi4-debuginfo-4.8.3+r212056-2.2.4.x86_64 libfuse2-debuginfo-2.9.3-4.1.2.x86_64 libgcc_s1-debuginfo-4.8.3+r212056-2.2.4.x86_64 libgcrypt20-debuginfo-1.6.1-8.3.1.x86_64 libgmp10-debuginfo-5.1.3-3.1.2.x86_64 libgnutls28-debuginfo-3.2.18-4.1.x86_64 libgpg-error0-debuginfo-1.15-1.2.x86_64 libhogweed2-debuginfo-2.7.1-6.1.2.x86_64 libidn11-debuginfo-1.28-3.1.2.x86_64 libkeyutils1-debuginfo-1.5.9-3.1.5.x86_64 libldap-2_4-2-debuginfo-2.4.39-8.3.1.x86_64 liblzma5-debuginfo-5.0.7-1.1.x86_64 libnettle4-debuginfo-2.7.1-6.1.2.x86_64 libnl3-200-debuginfo-3.2.25-2.1.2.x86_64 libnuma1-debuginfo-2.0.9-5.1.2.x86_64 libopenssl1_0_0-debuginfo-1.0.1k-2.16.2.x86_64 libp11-kit0-debuginfo-0.20.3-1.2.x86_64 libpcap1-debuginfo-1.6.2-1.2.x86_64 libpciaccess0-debuginfo-0.13.2-4.1.2.x86_64 libpcre1-debuginfo-8.35-3.2.3.x86_64 libsasl2-3-debuginfo-2.1.26-7.2.1.x86_64 libselinux1-debuginfo-2.3-2.2.5.x86_64 libssh2-1-debuginfo-1.4.3-9.1.2.x86_64 libstdc++6-debuginfo-4.8.3+r212056-2.2.4.x86_64 libtasn1-6-debuginfo-3.7-2.1.2.x86_64 libudev1-debuginfo-210-25.12.1.x86_64 libusb-1_0-0-debuginfo-1.0.19-2.1.2.x86_64 libuuid1-debuginfo-2.25.1-13.1.x86_64 libxml2-2-debuginfo-2.9.1-7.2.1.x86_64 libyajl2-debuginfo-2.0.1-16.1.3.x86_64 libz1-debuginfo-1.2.8-5.1.2.x86_64 p11-kit-debuginfo-0.20.3-1.2.x86_64 systemd-debuginfo-210-25.12.1.x86_64
(gdb) p driver
$1 = (virNetcfDriverStatePtr) 0x0
(gdb) bt
#0  0x00007fffea1ce205 in netcfConnectListAllInterfaces (conn=0x7fffd00009a0, ifaces=0x7fffee60bb18, flags=2)
    at interface/interface_backend_netcf.c:601
#1  0x00007ffff7597268 in virConnectListAllInterfaces (conn=0x7fffd00009a0, ifaces=0x7fffee60bb18, flags=2) at libvirt-interface.c:101
#2  0x0000555555575cdf in remoteDispatchConnectListAllInterfaces (server=<optimized out>, msg=<optimized out>, ret=0x7fffe0000bd0, 
    args=0x7fffe0000bb0, rerr=0x7fffee60bc10, client=0x555555876020) at remote.c:4814
#3  remoteDispatchConnectListAllInterfacesHelper (server=<optimized out>, client=0x555555876020, msg=<optimized out>, rerr=0x7fffee60bc10, 
    args=0x7fffe0000bb0, ret=0x7fffe0000bd0) at remote_dispatch.h:1094
#4  0x00007ffff75e8042 in virNetServerProgramDispatchCall (msg=0x5555558604d0, client=0x555555876020, server=0x55555585f160, 
    prog=0x555555869490) at rpc/virnetserverprogram.c:437
#5  virNetServerProgramDispatch (prog=0x555555869490, server=server@entry=0x55555585f160, client=0x555555876020, msg=0x5555558604d0)
    at rpc/virnetserverprogram.c:307
#6  0x000055555559c77d in virNetServerProcessMsg (msg=<optimized out>, prog=<optimized out>, client=<optimized out>, srv=0x55555585f160)
    at rpc/virnetserver.c:172
#7  virNetServerHandleJob (jobOpaque=<optimized out>, opaque=0x55555585f160) at rpc/virnetserver.c:193
#8  0x00007ffff74e0de5 in virThreadPoolWorker (opaque=opaque@entry=0x555555867730) at util/virthreadpool.c:144
#9  0x00007ffff74e0851 in virThreadHelper (data=<optimized out>) at util/virthread.c:197
#10 0x00007ffff720a0a4 in start_thread (arg=0x7fffee60c700) at pthread_create.c:309
#11 0x00007ffff6f4006d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
(gdb) 

This is triggered by running a simple

  virsh -c qemu:///system iface-list

from another console.

The netcfStateInitialize:137 log message suggests that the null pointer is there by intent ("networking disabled"...) but should have been caught somehow?

Comment 1 Cole Robinson 2016-04-10 20:43:48 UTC

This was fixed a while ago, I believe this was due to some libnl build incompatibility or something

Note You need to log in before you can comment on or make changes to this bug.