lockfile-create hangs inside lxc containers (potential buffer overflow?)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
liblockfile (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned | ||
Quantal |
Won't Fix
|
Undecided
|
Unassigned | ||
Raring |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
I've hit this problem while testing juju charms that use ntp (specifically hbase - bug 800708).
The first instance in the first LXC container start OK; however subsequent instances in other LXC containers fail as ntp is installed:
root 1157 416 0 14:48 ? 00:00:00 /usr/bin/dpkg --status-fd 49 --configure resolvconf:all openjdk-
root 1313 1 0 14:48 ? 00:00:00 /usr/sbin/libvirtd -d
root 1398 1157 0 14:48 ? 00:00:00 /bin/sh /var/lib/
root 1437 1398 0 14:48 ? 00:00:00 /bin/sh /usr/sbin/
root 1453 1437 0 14:48 ? 00:00:00 /bin/sh /etc/init.d/ntp start
root 1458 1453 0 14:48 ? 00:00:00 lockfile-create /var/lock/ntpdate
Running lockfile-create by hand after killing the hanging lockfile-create:
ubuntu@
*** glibc detected *** lockfile-create: malloc(): memory corruption (fast): 0x000000000105b0e0 ***
[Test Case]
Set a hostname of 64 characters (HOST_NAME_MAX is 64) and create a lock file:
$ lock=/var/
$ lockfile-remove $lock
$ sudo hostname hostna012345678
$ lockfile-create $lock
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: lxc 0.7.5-3ubuntu30
ProcVersionSign
Uname: Linux 3.2.0-17-generic x86_64
NonfreeKernelMo
ApportVersion: 1.93-0ubuntu2
Architecture: amd64
Date: Mon Feb 27 14:49:30 2012
SourcePackage: lxc
UpgradeStatus: No upgrade log present (probably fresh install)
[Regression Potential]
Minimum. We've applied a patch to the same version of liblockfile in 13.04 and that has since been merged to debian with no reports of regressions.
Related branches
- Martin Pitt: Approve
-
Diff: 141 lines (+123/-0)3 files modifieddebian/changelog (+9/-0)
debian/patches/fix-buffer-overflows.patch (+113/-0)
debian/patches/series (+1/-0)
- James Page: Approve
- Ubuntu branches: Pending requested
-
Diff: 790 lines (+686/-10)6 files modified.pc/applied-patches (+1/-0)
.pc/fix-buffer-overflows.patch/lockfile.c (+542/-0)
debian/changelog (+9/-0)
debian/patches/fix-buffer-overflows.patch (+113/-0)
debian/patches/series (+1/-0)
lockfile.c (+20/-10)
Changed in lxc (Ubuntu): | |
importance: | Undecided → High |
tags: | added: rls-mgr-p-tracking |
Changed in lxc (Ubuntu): | |
status: | Expired → Confirmed |
no longer affects: | lockfile-progs (Ubuntu) |
no longer affects: | ntp (Ubuntu) |
Changed in liblockfile (Ubuntu): | |
status: | In Progress → Confirmed |
assignee: | Tyler Hicks (tyhicks) → nobody |
Changed in liblockfile (Ubuntu): | |
importance: | Medium → High |
tags: | added: canonistack |
tags: | added: canonical-webops-juju |
Changed in liblockfile (Ubuntu Raring): | |
status: | New → Fix Released |
tags: | added: verification-done-precise |
Thanks for submitting this bug, James.
I tried to reproduce it by simply installing ntp in two containers, but failed.
However, my hunch is that it is due to bug 925024.
The fix for that bug had been queued in the precise kernel source, but is not yet (I think) in the archive.
Could you disable the apparmor profile using
sudo apparmor_parser -R /etc/apparmor. d/usr.bin. lxc-start
and see if you can still reproduce this?