Bug 1363636

Summary: Libvirtd crashes when using vol-create-from to create a raw vol and using a qcow2 vol as source
Product: Red Hat Enterprise Linux 7 Reporter: Yang Yang <yanyang>
Component: libvirtAssignee: Erik Skultety <eskultet>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.3CC: dyuan, eskultet, rbalakri, ydu, yisun
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libvirt-2.0.0-5.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-03 18:51:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Yang Yang 2016-08-03 09:10:42 UTC 
Description of problem:
Libvirtd crashes when using vol-create-from to create a raw vol and using
a qcow2 vol as source. It does not happen when using libvirt-1.2.17-13.el7.x86_64

Version-Release number of selected component (if applicable):
libvirt-2.0.0-4.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. create a dir pool
# /bin/virsh pool-create-as --name virt-dir-pool --type dir --target /tmp/dir-pool
Pool virt-dir-pool created

2. create a qcow2 vol in dir pool
# virsh vol-create-as --pool virt-dir-pool src_vol --capacity 4194304 --format qcow2
Vol src_vol created

# virsh vol-list virt-dir-pool --details
 Name     Path                   Type  Capacity  Allocation
------------------------------------------------------------
 src_vol  /tmp/dir-pool/src_vol  file  4.00 MiB  196.00 KiB

3. create a raw vol from the qcow2 vol
# cat vol.xml
<volume>  
<name>dest_vol</name>
 <capacity unit='bytes'>4194304</capacity>  
<target>    
<format type='raw'/>  
</target>
</volume>

# virsh vol-create-from --pool virt-dir-pool --file vol.xml --vol src_vol --inputpool virt-dir-pool
error: Disconnected from qemu:///system due to I/O error
error: Failed to create vol from vol.xml
error: End of file while reading data: Input/output error

Actual results:
Libvirtd crashes when using vol-create-from to create a raw vol and using
a qcow2 vol as source

Expected results:
Libvirtd does not crash

Additional info:
Comment 1 Yang Yang 2016-08-03 09:24:31 UTC 
Add gdb info

(gdb) c
Continuing.
Detaching after fork from child process 14957.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7eff7fa47700 (LWP 14872)]
virStorageBackendCreateQemuImg (conn=0x7eff5c000c50, pool=0x7eff1c0f0540, 
    vol=0x7eff78000b80, inputvol=0x7eff1c0f4210, flags=0)
    at storage/storage_backend.c:1461
1461	    if (vol->target.format == VIR_STORAGE_FILE_RAW &&
(gdb) c
Continuing.
[Thread 0x7eff7fa47700 (LWP 14872) exited]
[Thread 0x7eff7e244700 (LWP 14875) exited]
[Thread 0x7eff7da43700 (LWP 14876) exited]
[Thread 0x7eff7d242700 (LWP 14877) exited]
[Thread 0x7eff7ca41700 (LWP 14878) exited]
[Thread 0x7eff777fe700 (LWP 14880) exited]
[Thread 0x7eff52565700 (LWP 14881) exited]
[Thread 0x7eff51563700 (LWP 14883) exited]
[Thread 0x7eff50d62700 (LWP 14884) exited]
[Thread 0x7eff900fc880 (LWP 14870) exited]
[Thread 0x7eff7ea45700 (LWP 14874) exited]
[Thread 0x7eff80248700 (LWP 14871) exited]
[Thread 0x7eff7f246700 (LWP 14873) exited]
[Thread 0x7eff51d64700 (LWP 14882) exited]
[Thread 0x7eff38f3a700 (LWP 14885) exited]

Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
Comment 4 Erik Skultety 2016-08-05 07:41:51 UTC 
Fixed upstream by:

commit 5a3558c6201dc3aaef86166edce6b5edfe6800ad
Author:     Erik Skultety <eskultet>
AuthorDate: Wed Aug 3 12:08:41 2016 +0200
Commit:     Erik Skultety <eskultet>
CommitDate: Fri Aug 5 09:07:00 2016 +0200

    storage: Fix a NULL ptr dereference in virStorageBackendCreateQemuImg
    
    There was a missing check for vol->target.encryption being NULL
    at one particular place (modified by commit a48c71411) which caused a crash
    when user attempted to create a raw volume using a non-raw file volume as
    source.
    
    Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1363636
    
    Signed-off-by: Erik Skultety <eskultet>
Comment 7 yisun 2016-08-11 06:48:59 UTC 
Verified on libvirt-2.0.0-5.el7.x86_64
PASSED


# /bin/virsh pool-create-as --name virt-dir-pool --type dir --target /tmp/dir-pool
Pool virt-dir-pool created


# virsh vol-create-as --pool virt-dir-pool src_vol --capacity 4194304 --format qcow2
Vol src_vol created

# virsh vol-list virt-dir-pool --details
 Name     Path                   Type  Capacity  Allocation
------------------------------------------------------------
 src_vol  /tmp/dir-pool/src_vol  file  4.00 MiB  196.00 KiB

# vim vol.xml
<volume>  
<name>dest_vol</name>
 <capacity unit='bytes'>4194304</capacity>  
<target>    
<format type='raw'/>  
</target>
</volume>


# virsh vol-create-from --pool virt-dir-pool --file vol.xml --vol src_vol --inputpool virt-dir-pool
Vol dest_vol created from input vol src_vol


In another terminal, gdb doesn't report crash
...
(gdb) c
Continuing.
Detaching after fork from child process 4263.
Detaching after fork from child process 4264.
...

Check the newly created vol:
# virsh vol-list virt-dir-pool --details
 Name      Path                    Type  Capacity  Allocation
--------------------------------------------------------------
 dest_vol  /tmp/dir-pool/dest_vol  file  4.00 MiB      0.00 B
 src_vol   /tmp/dir-pool/src_vol   file  4.00 MiB  196.00 KiB


# qemu-img info /tmp/dir-pool/dest_vol
image: /tmp/dir-pool/dest_vol
file format: raw
virtual size: 4.0M (4194304 bytes)
disk size: 0
Comment 9 errata-xmlrpc 2016-11-03 18:51:26 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2577.html