Bug 842208

Summary: "Segmentation fault" when use virsh command with vdsm installed
Product: Red Hat Enterprise Linux 6 Reporter: EricLee <bili>
Component: libvirtAssignee: Martin Kletzander <mkletzan>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.4CC: acathrow, dallan, dyasny, dyuan, mzhan, rwu, whuang
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Fixed In Version: libvirt-0.10.0-0rc0.el6 Doc Type: Bug Fix
Doc Text:
Cause: The installation of vdsm reconfigured libvirt in a way, which caused it to search for non-existing option when used outside of vdsm in some scenarios. Consequence: When using virsh on such configured machine, it resulted in a crash. Fix: The code path that lead to the invalid option search was fixed. Result: Users can now use virsh on machines configured by vdsm.
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-21 07:19:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description EricLee 2012-07-23 05:46:20 UTC
Description of problem:
 "Segmentation fault" when use virsh list with vdsm

Version-Release number of selected component (if applicable):
# rpm -qa libvirt kernel qemu-kvm-rhev vdsm spice-server

How reproducible:

Steps to Reproduce:
1. prepare a host registering to rhevm
2. Install a vm use rhevm in the host
3. Set up a Certificate Authority (CA)

 1) # certtool --generate-privkey > cakey.pem

 2) self-sign cakey.pem by creating a file with the signature details called
ca.info containing:

cn =

 3) # certtool --generate-self-signed --load-privkey cakey.pem --template
ca.info --outfile cacert.pem

4. Create vdsm certificates

 1) certtool --generate-privkey > vdsmkey.pem

 2) sign that key with the CA's private key by first creating a template file
called vdsm.info

organization = Red Hat
cn =

 3) # certtool --generate-certificate --load-privkey vdsmkey.pem
--load-ca-certificate cacert.pem --load-ca-privkey cakey.pem --template
vdsm.info --outfile vdsmcert.pem

5. # cat /etc/libvirt/qemu.conf

dynamic_ownership=0 # by vdsm
spice_tls=1 # by vdsm
spice_tls_x509_cert_dir="/etc/pki/vdsm/libvirt-spice" # by vdsm

6. # cat /etc/sysconfig/libvirtd

LIBVIRTD_ARGS=--listen # by vdsm
DAEMON_COREFILE_LIMIT=unlimited # by vdsm

7.#cat /etc/libvirt/libvirtd.conf

listen_addr="" # by vdsm
unix_sock_group="kvm" # by vdsm
unix_sock_rw_perms="0770" # by vdsm
auth_unix_rw="sasl" # by vdsm
save_image_format="lzop" # by vdsm
log_outputs="1:file:/var/log/libvirtd.log" # by vdsm
log_filters="1:libvirt 3:event 3:json 1:util 1:qemu" # by vdsm
ca_file="/etc/pki/vdsm/certs/cacert.pem" # by vdsm
cert_file="/etc/pki/vdsm/certs/vdsmcert.pem" # by vdsm
key_file="/etc/pki/vdsm/keys/vdsmkey.pem" # by vdsm

(Note: make sure all the *.pem files should be existed in the corresponding dirs, refer to the setup steps to generate the pem file)

8. # initctl restart libvirtd

9. # echo redhat | saslpasswd2 -p -a libvirt test

10. # virsh list --all
or other virsh commands

Actual results:
Segmentation fault

Expect result:
Give "Please enter your authentication name:
Please enter your password: "
if input right name and password, virsh commands will work well.

additional :
libvirt-0.9.10-21.el6_3.3 works well, so should be set as regression.

and I cat the debug info in libvirtd.log like:
# cat /var/log/libvirtd.log
2012-07-23 05:28:22.891+0000: 23258: debug : virDomainInterfaceStats:7186 : dom=0x7fc4100c08d0, (VM: name=qe-com, uuid=f01d2507-c798-4b68-b9f7-466b09c9fe6c), path=vnet0, stats=0x7fc431e1db00, size=64
2012-07-23 05:28:22.892+0000: 23258: debug : virDomainFree:2261 : dom=0x7fc4100c08d0, (VM: name=qe-com, uuid=f01d2507-c798-4b68-b9f7-466b09c9fe6c)
2012-07-23 05:28:27.893+0000: 23256: debug : virDomainGetInfo:4181 : dom=0x7fc418000aa0, (VM: name=qe-com, uuid=f01d2507-c798-4b68-b9f7-466b09c9fe6c), info=0x7fc43321fb10
2012-07-23 05:28:27.893+0000: 23256: debug : qemudGetProcessInfo:1178 : Got status for 15631/0 user=1491 sys=1360 cpu=0 rss=122245
2012-07-23 05:28:27.893+0000: 23256: debug : virDomainFree:2261 : dom=0x7fc418000aa0, (VM: name=qe-com, uuid=f01d2507-c798-4b68-b9f7-466b09c9fe6c)
2012-07-23 05:28:27.894+0000: 23257: debug : virDomainInterfaceStats:7186 : dom=0x7fc41c0020a0, (VM: name=qe-com, uuid=f01d2507-c798-4b68-b9f7-466b09c9fe6c), path=vnet0, stats=0x7fc43281eb00, size=64
2012-07-23 05:28:27.894+0000: 23257: debug : virDomainFree:2261 : dom=0x7fc41c0020a0, (VM: name=qe-com, uuid=f01d2507-c798-4b68-b9f7-466b09c9fe6c)
2012-07-23 05:28:28.457+0000: 23251: error : virNetSocketReadWire:1003 : End of file while reading data: Input/output error
2012-07-23 05:28:28.457+0000: 23251: debug : virFileClose:70 : Closed fd 25

Comment 3 Dave Allan 2012-07-23 13:07:34 UTC
Not every new crash is a regression.  Removing the keyword.

Comment 4 Martin Kletzander 2012-07-23 18:58:18 UTC
Patches has been posted upstream:


Comment 6 Martin Kletzander 2012-07-25 09:08:45 UTC
Patches have been commited upstream, moving to POST:

commit 5eef74320b0bb9e604400168e0896c5ac527abef
Author: Martin Kletzander <mkletzan@redhat.com>
Date:   Tue Jul 24 16:08:46 2012 +0200

    fixed SegFault in virauth

Comment 8 EricLee 2012-08-07 03:07:04 UTC
Verified with libvirt-0.10.0-0rc0.el6:

As steps in Description:

# virsh list --all
Please enter your authentication name: test
Please enter your password: 
 Id    Name                           State
 1     install                        running

# virsh dumpxml install
Please enter your authentication name: test
Please enter your password: 
<domain type='kvm' id='1'>
  <memory unit='KiB'>524288</memory>
  <currentMemory unit='KiB'>524288</currentMemory>
  <vcpu placement='static'>1</vcpu>

virsh commands work well, no "Segmentation fault".

So setting to VERIFIED.

Comment 9 errata-xmlrpc 2013-02-21 07:19:25 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.