libxl: xl create segfaults - Christoph Egger

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Christoph Egger <Christoph.Egger@amd.com>
To: xen-devel@lists.xensource.com
Subject: libxl: xl create  segfaults
Date: Thu, 23 Sep 2010 12:27:29 +0200	[thread overview]
Message-ID: <201009231227.29730.Christoph.Egger@amd.com> (raw)


Hi!

'xl create' crashes due to stack corruption.

This is a backtrace where everything seems to be fine. Have
a look at the 'fmt' and 'dir' arguments.

(gdb) bt
#0  0x00007f7ffc03f4e2 in vsnprintf () from /usr/lib/libc.so.12
#1  0x00007f7ffd416ab5 in libxl__sprintf (gc=0x7f7fffffd220,
    fmt=0x7f7ffd41c467 "%s/%s") at libxl_internal.c:112
#2  0x00007f7ffd415258 in libxl__xs_writev (gc=0x7f7fffffd220, t=9, 
    dir=0x7f7ffdb010e0 "/vm/46ac5197-ecc6-df11-bcf6-00e081806fbe", 
    kvs=0x7f7ffdb1f0b0) at libxl_xshelp.c:82
#3  0x00007f7ffd40f477 in libxl_create_device_model (ctx=0x6179a0,
    info=0x7f7fffffd470, disks=0x7f7ffdb014d0, num_disks=1, 
vifs=0x7f7ffdb16070,
    num_vifs=1, starting_r=0x7f7fffffd440) at libxl.c:1723
#4  0x000000000040f6c1 in create_domain (dom_info=0x7f7fffffd6f0)
    at xl_cmdimpl.c:1458
#5  0x00000000004104b3 in main_create (argc=2, argv=0x7f7fffffdbc8)
    at xl_cmdimpl.c:3214
#6  0x0000000000404ad2 in main (argc=3, argv=0x7f7fffffdbc8) at xl.c:79

This is a backtrace where the stack corruption happened. Have
a look at the 'fmt' and 'dir' arguments.

(gdb) cont
Continuing.
Watchpoint 3: fmt

Old value = 0x7f7ffd41c467 "%s/%s"
New value = 0x7f7fffffce30 "\020"
(gdb) bt
#0  0x00007f7ffc03f553 in vsnprintf () from /usr/lib/libc.so.12
#1  0x00007f7ffd416ab5 in libxl__sprintf (gc=0x7f7fffffd220,
    fmt=0x7f7fffffce30 "\020") at libxl_internal.c:112
#2  0x00007f7ffd415258 in libxl__xs_writev (gc=0x7f7fffffd220, t=9,
    dir=0x7f7ffdb010e0 "/vm/46ac5197-ecc6-df11-bcf6-00e081806fbe",
    kvs=0x7f7ffdb1f0b0) at libxl_xshelp.c:82
#3  0x00007f7ffd40f477 in libxl_create_device_model (ctx=0x6179a0, 
    info=0x7f7fffffd470, disks=0x7f7ffdb014d0, num_disks=1, 
vifs=0x7f7ffdb16070,
    num_vifs=1, starting_r=0x7f7fffffd440) at libxl.c:1723
#4  0x000000000040f6c1 in create_domain (dom_info=0x7f7fffffd6f0)
    at xl_cmdimpl.c:1458
#5  0x00000000004104b3 in main_create (argc=2, argv=0x7f7fffffdbc8)
    at xl_cmdimpl.c:3214
#6  0x0000000000404ad2 in main (argc=3, argv=0x7f7fffffdbc8) at xl.c:79

This is a backtrace where the stack corruption caused a segfault. Have
a look at the 'fmt' and 'dir' arguments.

(gdb) bt
#0  0x00007f7ffc0cac0e in __vfprintf_unlocked () from /usr/lib/libc.so.12
#1  0x00007f7ffc03f55b in vsnprintf () from /usr/lib/libc.so.12
#2  0x00007f7ffd416ab5 in libxl__sprintf (gc=0x7f7fffffd220,
    fmt=0x7265776f705f6e6f <Address 0x7265776f705f6e6f out of bounds>)
    at libxl_internal.c:112
#3  0x00007f7ffd415258 in libxl__xs_writev (gc=0x7f7fffffd220, t=13,
    dir=0x7f7ffdb010e0 "/vm/46ac5197-ecc6-df11-bcf6-00e081806fbe",
    kvs=0x7f7ffdb1f0b0) at libxl_xshelp.c:82
#4  0x00007f7ffd40f477 in libxl_create_device_model (ctx=0x6179a0,
    info=0x7f7fffffd470, disks=0x7f7ffdb014d0, num_disks=1, 
vifs=0x7f7ffdb16070,
    num_vifs=1, starting_r=0x7f7fffffd440) at libxl.c:1723
#5  0x000000000040f6c1 in create_domain (dom_info=0x7f7fffffd6f0)
    at xl_cmdimpl.c:1458
#6  0x00000000004104b3 in main_create (argc=2, argv=0x7f7fffffdbc8)
    at xl_cmdimpl.c:3214
#7  0x0000000000404ad2 in main (argc=3, argv=0x7f7fffffdbc8) at xl.c:79

The crash is reproducable. The 'dir' argument always contains the uuid string
when the stack corruption happens. And it seems that the 'dir' string
is the longest when it contains the uuid string.



-- 
---to satisfy European Law for business letters:
Advanced Micro Devices GmbH
Einsteinring 24, 85609 Dornach b. Muenchen
Geschaeftsfuehrer: Alberto Bozzo, Andrew Bowd
Sitz: Dornach, Gemeinde Aschheim, Landkreis Muenchen
Registergericht Muenchen, HRB Nr. 43632

next             reply	other threads:[~2010-09-23 10:27 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-09-23 10:27 Christoph Egger [this message]
2010-09-23 15:55 ` libxl: xl create segfaults Gianni Tedesco
2010-09-23 16:18   ` Christoph Egger
2010-09-23 17:06     ` Gianni Tedesco
2010-09-28 13:27       ` Christoph Egger
2010-10-01 17:41         ` Stefano Stabellini

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=201009231227.29730.Christoph.Egger@amd.com \
    --to=christoph.egger@amd.com \
    --cc=xen-devel@lists.xensource.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.