Bug 1326990
| Summary: | Libvirtd received SIGSEGV if destroy/start vm after removing video | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Yang Yang <yanyang> |
| Component: | libvirt | Assignee: | Libvirt Maintainers <libvirt-maint> |
| Status: | CLOSED DUPLICATE | QA Contact: | Virtualization Bugs <virt-bugs> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.3 | CC: | dyuan, fjin, jdenemar, mxie, mzhan, rbalakri |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-04-14 06:49:08 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This is most likely a result of a double free causing memory corruption. *** This bug has been marked as a duplicate of bug 1324757 *** |
Description of problem: Libvirtd received SIGSEGV if destroy/start vm after removing video field from domain xml. It can be reproduced with cirrus, qxl and vga type video Version-Release number of selected component (if applicable): libvirt-1.3.3-1.el7.x86_64 qemu-kvm-rhev-2.5.0-4.el7.x86_64 How reproducible: 100% Steps to Reproduce: 1. start a guest with cirrus video # virsh dumpxml vm1 | grep video -a6 <video> <model type='cirrus' vram='16384' heads='1' primary='yes'/> <alias name='video0'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/> </video> # virsh start vm1 Domain vm1 started # virsh list 19 vm1 running # ps -ef|grep qemu | grep vm1 qemu 2561 1 12 10:56 ? 00:00:11 /usr/libexec/qemu-kvm -name vm1,debug-threads=on -S -machine pc-i440fx-rhel7.2.0,accel=kvm,usb=off -m 1024 -realtime mlock=off -smp 4,sockets=1,cores=2,threads=2 -uuid 35b33718-d952-4168-b6c2-96374f05e3e0 -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-19-vm1/monitor.sock,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=discard -no-hpet -no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=0 -boot strict=on -device pci-bridge,chassis_nr=1,id=pci.1,bus=pci.0,addr=0x6 -device pci-bridge,chassis_nr=2,id=pci.2,bus=pci.0,addr=0x8 -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x7 -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x5 -drive file=/var/lib/libvirt/images/RHEL-7.2-20151008.0.qcow2,format=qcow2,if=none,id=drive-virtio-disk0 -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x9,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -chardev spicevmc,id=charchannel0,name=vdagent -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0 -spice port=5901,addr=127.0.0.1,disable-ticketing,seamless-migration=on -device cirrus-vga,id=video0,bus=pci.0,addr=0x2 -device intel-hda,id=sound0,bus=pci.0,addr=0x3 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -chardev spicevmc,id=charredir0,name=usbredir -device usb-redir,chardev=charredir0,id=redir0 -chardev spicevmc,id=charredir1,name=usbredir -device usb-redir,chardev=charredir1,id=redir1 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x4 -sandbox on -msg timestamp=on 2. edit guest xml, remove video field from xml # virsh edit vm1 Domain vm1 XML configuration edited. # virsh dumpxml vm1 --inactive | grep video -a6 <video> <model type='cirrus' vram='16384' heads='1'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/> </video> 3. destroy/start guest # virsh destroy vm1; virsh start vm1 Domain vm1 destroyed error: Failed to start domain vm1 error: unsupported configuration: non-primary video device must be type of 'qxl' Actual results: Libvirtd received SIGSEGV Expected results: Additional info: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f4355049700 (LWP 3459)] 0x00007f4361982aad in malloc_consolidate () from /lib64/libc.so.6 (gdb) bt #0 0x00007f4361982aad in malloc_consolidate () from /lib64/libc.so.6 #1 0x00007f4361984ea5 in _int_malloc () from /lib64/libc.so.6 #2 0x00007f43619868dc in malloc () from /lib64/libc.so.6 #3 0x00007f4364606dc0 in virReallocN () from /lib64/libvirt.so.0 #4 0x00007f43646273d6 in saferead_lim () from /lib64/libvirt.so.0 #5 0x00007f4364627810 in virFileReadLimFD () from /lib64/libvirt.so.0 #6 0x00007f43646278bb in virFileReadAll () from /lib64/libvirt.so.0 #7 0x00007f43646f7751 in nodeGetCPUCount () from /lib64/libvirt.so.0 #8 0x00007f43646f7996 in nodeGetPresentCPUBitmap () from /lib64/libvirt.so.0 #9 0x00007f43646f90dd in linuxNodeInfoCPUPopulate () from /lib64/libvirt.so.0 #10 0x00007f43646f967d in nodeGetInfo () from /lib64/libvirt.so.0 #11 0x00007f4364722103 in virNodeGetInfo () from /lib64/libvirt.so.0 #12 0x00007f436536aa93 in remoteDispatchNodeGetInfoHelper () #13 0x00007f436477a2e2 in virNetServerProgramDispatch () from /lib64/libvirt.so.0 #14 0x00007f436477549d in virNetServerHandleJob () from /lib64/libvirt.so.0 #15 0x00007f436466c1c5 in virThreadPoolWorker () from /lib64/libvirt.so.0 #16 0x00007f436466b6e8 in virThreadHelper () from /lib64/libvirt.so.0 #17 0x00007f4361ccfdc5 in start_thread () from /lib64/libpthread.so.0 #18 0x00007f43619fd28d in clone () from /lib64/libc.so.6 (gdb)