Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

podman dumps core when a docker save'd image does not have config #15265

Closed
adelton opened this issue Aug 10, 2022 · 1 comment · Fixed by containers/common#1118
Closed

podman dumps core when a docker save'd image does not have config #15265

adelton opened this issue Aug 10, 2022 · 1 comment · Fixed by containers/common#1118
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@adelton
Copy link
Contributor

adelton commented Aug 10, 2022

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

Per https://github.com/moby/moby/blob/master/image/spec/v1.2.md, config can be null. However, when such saved image is loaded by podman, creating container out of it aborts because of nil pointer dereference.

Steps to reproduce the issue:

  1. Create test image dump:
# cat > image.json <<EOF
{
  "created": "2022-08-10T10:44:35.964594319Z",
  "architecture": "amd64",
  "os": "linux",
  "rootfs": {
    "type": "layers",
    "diff_ids": []
  },
  "history": [
    {
      "created": "2022-08-10T10:44:35.964655849Z",
      "created_by": "/bin/sh -c #(nop) LABEL test 2",
      "empty_layer": true
    }
  ]
}
EOF
# CSUM=$( sha256sum image.json )
# CSUM=${CSUM%% *}
# mv image.json $CSUM.json
# cat <<EOF > manifest.json
[
  {
    "Config": "$CSUM.json",
    "Layers": []
}
]
EOF
# tar -cz --owner=root:0 --group=root:0 -f empty.tar.gz $CSUM.json manifest.json
  1. Load the image: podman load -i empty.tar.gz
  2. Tag it: podman tag $CSUM localhost/empty:latest
  3. Create a container (with no intention of running it, we only use this container for volumes):
podman create --name empty localhost/empty noop

Describe the results you received:

# podman create --name empty localhost/empty noop
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x78 pc=0x5642289c379a]

goroutine 1 [running]:
panic({0x5642292b1980, 0x564229f71e40})
	/usr/lib/golang/src/runtime/panic.go:1147 +0x3a8 fp=0xc000786148 sp=0xc000786088 pc=0x564228003f48
runtime.panicmem(...)
	/usr/lib/golang/src/runtime/panic.go:221
runtime.sigpanic()
	/usr/lib/golang/src/runtime/signal_unix.go:735 +0x327 fp=0xc000786198 sp=0xc000786148 pc=0x56422801a9a7
github.com/containers/podman/vendor/github.com/containers/common/libimage.(*Image).Inspect(0xc000599800, {0x5642294cc5e8, 0xc000569d40}, 0x0)
	/builddir/build/BUILD/containers-podman-fa692a6/_build/src/github.com/containers/podman/vendor/github.com/containers/common/libimage/inspect.go:194 +0x95a fp=0xc0007862e0 sp=0xc000786198 pc=0x5642289c379a
github.com/containers/podman/pkg/specgen/generate.getImageFromSpec({0x5642294cc5e8, 0xc000569d40}, 0x56422a070038, 0xc0005a3800)
	/builddir/build/BUILD/containers-podman-fa692a6/_build/src/github.com/containers/podman/pkg/specgen/generate/container.go:45 +0x16a fp=0xc000786340 sp=0xc0007862e0 pc=0x564228cc9dca
github.com/containers/podman/pkg/specgen/generate.CompleteSpec({0x5642294cc5e8, 0xc000569d40}, 0xc0006c61a0, 0xc0005a3800)
	/builddir/build/BUILD/containers-podman-fa692a6/_build/src/github.com/containers/podman/pkg/specgen/generate/container.go:56 +0x4e fp=0xc000786590 sp=0xc000786340 pc=0x564228cc9eae
github.com/containers/podman/pkg/domain/infra/abi.(*ContainerEngine).ContainerCreate(0xc000128f40, {0x5642294cc5e8, 0xc000569d40}, 0x2)
	/builddir/build/BUILD/containers-podman-fa692a6/_build/src/github.com/containers/podman/pkg/domain/infra/abi/containers.go:691 +0x54 fp=0xc000786628 sp=0xc000786590 pc=0x564228d0e674
github.com/containers/podman/cmd/podman/containers.create(0x564229f88720, {0xc0004b2a40, 0x2, 0x4})
	/builddir/build/BUILD/containers-podman-fa692a6/_build/src/github.com/containers/podman/cmd/podman/containers/create.go:156 +0x43a fp=0xc000787d70 sp=0xc000786628 pc=0x564228db5efa
github.com/containers/podman/vendor/github.com/spf13/cobra.(*Command).execute(0x564229f88720, {0xc00012a140, 0x4, 0x4})
	/builddir/build/BUILD/containers-podman-fa692a6/_build/src/github.com/containers/podman/vendor/github.com/spf13/cobra/command.go:856 +0x60e fp=0xc000787e30 sp=0xc000787d70 pc=0x56422861406e
github.com/containers/podman/vendor/github.com/spf13/cobra.(*Command).ExecuteC(0x564229fa55a0)
	/builddir/build/BUILD/containers-podman-fa692a6/_build/src/github.com/containers/podman/vendor/github.com/spf13/cobra/command.go:974 +0x3bc fp=0xc000787ee8 sp=0xc000787e30 pc=0x56422861475c
github.com/containers/podman/vendor/github.com/spf13/cobra.(*Command).Execute(...)
	/builddir/build/BUILD/containers-podman-fa692a6/_build/src/github.com/containers/podman/vendor/github.com/spf13/cobra/command.go:902
github.com/containers/podman/vendor/github.com/spf13/cobra.(*Command).ExecuteContext(...)
	/builddir/build/BUILD/containers-podman-fa692a6/_build/src/github.com/containers/podman/vendor/github.com/spf13/cobra/command.go:895
main.Execute()
	/builddir/build/BUILD/containers-podman-fa692a6/_build/src/github.com/containers/podman/cmd/podman/root.go:100 +0xbe fp=0xc000787f50 sp=0xc000787ee8 pc=0x564228ecc9de
main.main()
	/builddir/build/BUILD/containers-podman-fa692a6/_build/src/github.com/containers/podman/cmd/podman/main.go:40 +0x7c fp=0xc000787f80 sp=0xc000787f50 pc=0x564228ecbffc
runtime.main()
	/usr/lib/golang/src/runtime/proc.go:255 +0x227 fp=0xc000787fe0 sp=0xc000787f80 pc=0x564228006aa7
runtime.goexit()
	/usr/lib/golang/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc000787fe8 sp=0xc000787fe0 pc=0x564228038301

goroutine 2 [force gc (idle)]:
runtime.gopark(0x0, 0x0, 0x0, 0x0, 0x0)
	/usr/lib/golang/src/runtime/proc.go:366 +0xd6 fp=0xc000066fb0 sp=0xc000066f90 pc=0x564228006e76
runtime.goparkunlock(...)
	/usr/lib/golang/src/runtime/proc.go:372
runtime.forcegchelper()
	/usr/lib/golang/src/runtime/proc.go:306 +0xad fp=0xc000066fe0 sp=0xc000066fb0 pc=0x564228006d0d
runtime.goexit()
	/usr/lib/golang/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc000066fe8 sp=0xc000066fe0 pc=0x564228038301
created by runtime.init.8
	/usr/lib/golang/src/runtime/proc.go:294 +0x25

goroutine 3 [GC sweep wait]:
runtime.gopark(0x1, 0x0, 0x0, 0x0, 0x0)
	/usr/lib/golang/src/runtime/proc.go:366 +0xd6 fp=0xc0000677b0 sp=0xc000067790 pc=0x564228006e76
runtime.goparkunlock(...)
	/usr/lib/golang/src/runtime/proc.go:372
runtime.bgsweep()
	/usr/lib/golang/src/runtime/mgcsweep.go:182 +0xd8 fp=0xc0000677e0 sp=0xc0000677b0 pc=0x564227ff1558
runtime.goexit()
	/usr/lib/golang/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc0000677e8 sp=0xc0000677e0 pc=0x564228038301
created by runtime.gcenable
	/usr/lib/golang/src/runtime/mgc.go:181 +0x55

goroutine 4 [GC scavenge wait]:
runtime.gopark(0xc000067fb8, 0x0, 0x0, 0x0, 0x0)
	/usr/lib/golang/src/runtime/proc.go:366 +0xd6 fp=0xc000067f80 sp=0xc000067f60 pc=0x564228006e76
runtime.goparkunlock(...)
	/usr/lib/golang/src/runtime/proc.go:372
runtime.bgscavenge()
	/usr/lib/golang/src/runtime/mgcscavenge.go:314 +0x288 fp=0xc000067fe0 sp=0xc000067f80 pc=0x564227fef7c8
runtime.goexit()
	/usr/lib/golang/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc000067fe8 sp=0xc000067fe0 pc=0x564228038301
created by runtime.gcenable
	/usr/lib/golang/src/runtime/mgc.go:182 +0x65

goroutine 18 [finalizer wait]:
runtime.gopark(0x56422a03c700, 0xc000066770, 0x51, 0x3d, 0x564229fc2260)
	/usr/lib/golang/src/runtime/proc.go:366 +0xd6 fp=0xc000066630 sp=0xc000066610 pc=0x564228006e76
runtime.goparkunlock(...)
	/usr/lib/golang/src/runtime/proc.go:372
runtime.runfinq()
	/usr/lib/golang/src/runtime/mfinal.go:177 +0xb3 fp=0xc0000667e0 sp=0xc000066630 pc=0x564227fe7053
runtime.goexit()
	/usr/lib/golang/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc0000667e8 sp=0xc0000667e0 pc=0x564228038301
created by runtime.createfing
	/usr/lib/golang/src/runtime/mfinal.go:157 +0x45

goroutine 19 [GC worker (idle)]:
runtime.gopark(0x3f51de4e6899, 0x0, 0x0, 0x0, 0x0)
	/usr/lib/golang/src/runtime/proc.go:366 +0xd6 fp=0xc000062760 sp=0xc000062740 pc=0x564228006e76
runtime.gcBgMarkWorker()
	/usr/lib/golang/src/runtime/mgc.go:1200 +0xe5 fp=0xc0000627e0 sp=0xc000062760 pc=0x564227fe9a85
runtime.goexit()
	/usr/lib/golang/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc0000627e8 sp=0xc0000627e0 pc=0x564228038301
created by runtime.gcBgMarkStartWorkers
	/usr/lib/golang/src/runtime/mgc.go:1124 +0x25

goroutine 5 [GC worker (idle)]:
runtime.gopark(0x3f51de0c5c3e, 0x0, 0x0, 0x0, 0x0)
	/usr/lib/golang/src/runtime/proc.go:366 +0xd6 fp=0xc000068760 sp=0xc000068740 pc=0x564228006e76
runtime.gcBgMarkWorker()
	/usr/lib/golang/src/runtime/mgc.go:1200 +0xe5 fp=0xc0000687e0 sp=0xc000068760 pc=0x564227fe9a85
runtime.goexit()
	/usr/lib/golang/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc0000687e8 sp=0xc0000687e0 pc=0x564228038301
created by runtime.gcBgMarkStartWorkers
	/usr/lib/golang/src/runtime/mgc.go:1124 +0x25

goroutine 8 [select, locked to thread]:
runtime.gopark(0xc000068fa8, 0x2, 0x90, 0x8e, 0xc000068fa4)
	/usr/lib/golang/src/runtime/proc.go:366 +0xd6 fp=0xc000068e10 sp=0xc000068df0 pc=0x564228006e76
runtime.selectgo(0xc000068fa8, 0xc000068fa0, 0x0, 0x0, 0x18, 0x1)
	/usr/lib/golang/src/runtime/select.go:327 +0x772 fp=0xc000068f58 sp=0xc000068e10 pc=0x564228016c72
runtime.ensureSigM.func1()
	/usr/lib/golang/src/runtime/signal_unix.go:890 +0x1c5 fp=0xc000068fe0 sp=0xc000068f58 pc=0x564228030b45
runtime.goexit()
	/usr/lib/golang/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc000068fe8 sp=0xc000068fe0 pc=0x564228038301
created by runtime.ensureSigM
	/usr/lib/golang/src/runtime/signal_unix.go:873 +0xbf

goroutine 9 [syscall]:
runtime.notetsleepg(0x0, 0x0)
	/usr/lib/golang/src/runtime/lock_futex.go:236 +0x34 fp=0xc0000637a0 sp=0xc000063768 pc=0x564227fda4b4
os/signal.signal_recv()
	/usr/lib/golang/src/runtime/sigqueue.go:169 +0x98 fp=0xc0000637c0 sp=0xc0000637a0 pc=0x564228034818
os/signal.loop()
	/usr/lib/golang/src/os/signal/signal_unix.go:24 +0x19 fp=0xc0000637e0 sp=0xc0000637c0 pc=0x56422832d639
runtime.goexit()
	/usr/lib/golang/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc0000637e8 sp=0xc0000637e0 pc=0x564228038301
created by os/signal.Notify.func1.1
	/usr/lib/golang/src/os/signal/signal.go:151 +0x2c

goroutine 20 [select]:
runtime.gopark(0xc000904fb0, 0x2, 0x0, 0x0, 0xc000904ea4)
	/usr/lib/golang/src/runtime/proc.go:366 +0xd6 fp=0xc000077d08 sp=0xc000077ce8 pc=0x564228006e76
runtime.selectgo(0xc000077fb0, 0xc000904ea0, 0x0, 0x0, 0x0, 0x1)
	/usr/lib/golang/src/runtime/select.go:327 +0x772 fp=0xc000077e50 sp=0xc000077d08 pc=0x564228016c72
github.com/containers/podman/libpod/shutdown.Start.func1()
	/builddir/build/BUILD/containers-podman-fa692a6/_build/src/github.com/containers/podman/libpod/shutdown/handler.go:47 +0x99 fp=0xc000077fe0 sp=0xc000077e50 pc=0x564228bae5d9
runtime.goexit()
	/usr/lib/golang/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc000077fe8 sp=0xc000077fe0 pc=0x564228038301
created by github.com/containers/podman/libpod/shutdown.Start
	/builddir/build/BUILD/containers-podman-fa692a6/_build/src/github.com/containers/podman/libpod/shutdown/handler.go:46 +0xea

goroutine 10 [sleep]:
runtime.gopark(0x3f51de832dc2, 0xc000905650, 0xc5, 0x53, 0x5642280341bd)
	/usr/lib/golang/src/runtime/proc.go:366 +0xd6 fp=0xc000905620 sp=0xc000905600 pc=0x564228006e76
time.Sleep(0x5f5e100)
	/usr/lib/golang/src/runtime/time.go:193 +0x12e fp=0xc000905660 sp=0xc000905620 pc=0x5642280350ee
github.com/containers/podman/libpod.(*Runtime).libimageEvents.func2()
	/builddir/build/BUILD/containers-podman-fa692a6/_build/src/github.com/containers/podman/libpod/runtime.go:798 +0x59 fp=0xc0009057e0 sp=0xc000905660 pc=0x564228c961f9
runtime.goexit()
	/usr/lib/golang/src/runtime/asm_amd64.s:1581 +0x1 fp=0xc0009057e8 sp=0xc0009057e0 pc=0x564228038301
created by github.com/containers/podman/libpod.(*Runtime).libimageEvents
	/builddir/build/BUILD/containers-podman-fa692a6/_build/src/github.com/containers/podman/libpod/runtime.go:775 +0x109
Aborted (core dumped)

Describe the results you expected:
No traceback, container created.

Additional information you deem important (e.g. issue happens only occasionally):
Deterministic.

Output of podman version:

Client:       Podman Engine
Version:      4.1.1
API Version:  4.1.1
Go Version:   go1.17.12
Built:        Wed Jul 27 16:26:10 2022
OS/Arch:      linux/amd64

Output of podman info:

host:
  arch: amd64
  buildahVersion: 1.26.2
  cgroupControllers:
  - cpuset
  - cpu
  - io
  - memory
  - hugetlb
  - pids
  - rdma
  - misc
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.2-2.el9_0.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.2, commit: 1ed53517f446a779f9d0edafe090ce821a41e255'
  cpuUtilization:
    idlePercent: 99.95
    systemPercent: 0.01
    userPercent: 0.03
  cpus: 2
  distribution:
    distribution: '"rhel"'
    version: "9.0"
  eventLogger: journald
  hostname: machine.example.com
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 5.14.0-70.17.1.el9_0.x86_64
  linkmode: dynamic
  logDriver: journald
  memFree: 536539136
  memTotal: 2750017536
  networkBackend: netavark
  ociRuntime:
    name: crun
    package: crun-1.4.5-2.el9_0.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.4.5
      commit: c381048530aa750495cf502ddb7181f2ded5b400
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  remoteSocket:
    path: /run/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_NET_RAW,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.2.0-2.el9_0.x86_64
    version: |-
      slirp4netns version 1.2.0
      commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.2
  swapFree: 3179278336
  swapTotal: 3179278336
  uptime: 19h 27m 54.88s (Approximately 0.79 days)
plugins:
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  volume:
  - local
registries:
  search:
  - registry.access.redhat.com
  - registry.redhat.io
  - docker.io
store:
  configFile: /etc/containers/storage.conf
  containerStore:
    number: 1
    paused: 0
    running: 0
    stopped: 1
  graphDriverName: overlay
  graphOptions:
    overlay.mountopt: nodev,metacopy=on
  graphRoot: /var/lib/containers/storage
  graphRootAllocated: 38044725248
  graphRootUsed: 2945224704
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "true"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 4
  runRoot: /run/containers/storage
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 4.1.1
  Built: 1658931970
  BuiltTime: Wed Jul 27 16:26:10 2022
  GitCommit: ""
  GoVersion: go1.17.12
  Os: linux
  OsArch: linux/amd64
  Version: 4.1.1

Package info (e.g. output of rpm -q podman or apt list podman):

podman-4.1.1-1.el9_0.x86_64

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)

No

Additional environment details (AWS, VirtualBox, physical, etc.):
@openshift-ci openshift-ci bot added the kind/bug Categorizes issue or PR as related to a bug. label Aug 10, 2022
@adelton
Copy link
Contributor Author

adelton commented Aug 10, 2022

I believe this is caused by not checking that dockerManifest.Config is not nil in https://github.com/containers/common/pull/822/files#diff-fc461513b322becd13becb226b44b4164a4913c732302e079863d85571686b1eR194

rhatdan added a commit to rhatdan/common that referenced this issue Aug 10, 2022
@rhatdan
Eliminate segfault when image does not have config
713c3bf 
[NO NEW TEST NEEDED]

Fixes: containers/podman#15265

Signed-off-by: Daniel J Walsh <[email protected]>
@rhatdan rhatdan mentioned this issue Aug 10, 2022
Merged
adelton added a commit to adelton/freeipa-container that referenced this issue Aug 13, 2022
@adelton
Workaround containers/podman#15265.
a3733aa
rhatdan added a commit to rhatdan/common that referenced this issue Aug 15, 2022
@rhatdan
Eliminate segfault when image does not have config
92b3ecc 
[NO NEW TEST NEEDED]

Fixes: containers/podman#15265

Signed-off-by: Daniel J Walsh <[email protected]>
rhatdan added a commit to rhatdan/common that referenced this issue Aug 15, 2022
@rhatdan
Eliminate segfault when image does not have config
5c66a30 
[NO NEW TEST NEEDED]

Fixes: containers/podman#15265

Signed-off-by: Daniel J Walsh <[email protected]>
rhatdan added a commit to rhatdan/common that referenced this issue Aug 16, 2022
@rhatdan
Eliminate segfault when image does not have config
47ed247 
[NO NEW TEST NEEDED]

Fixes: containers/podman#15265

Signed-off-by: Daniel J Walsh <[email protected]>
rhatdan added a commit to rhatdan/common that referenced this issue Aug 16, 2022
@rhatdan
Eliminate segfault when image does not have config
74c3f66 
[NO NEW TEST NEEDED]

Fixes: containers/podman#15265

Signed-off-by: Daniel J Walsh <[email protected]>
rhatdan added a commit to rhatdan/common that referenced this issue Aug 17, 2022
@rhatdan
Eliminate segfault when image does not have config
20abd32 
[NO NEW TEST NEEDED]

Fixes: containers/podman#15265

Signed-off-by: Daniel J Walsh <[email protected]>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 19, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 19, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Eliminate segfault when image does not have config rhatdan/common
1 participant
@adelton