1131872 – Libvirt crash after defining/editing macvtap network pool with <address> elements

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1131872 - Libvirt crash after defining/editing macvtap network pool with <address> elements

Summary: Libvirt crash after defining/editing macvtap network pool with <address> elem...

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	libvirt
Sub Component:
Version:	6.6
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Peter Krempa
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1132347
TreeView+	depends on / blocked

Reported:	2014-08-20 08:08 UTC by Hu Jianwei
Modified:	2015-01-20 10:37 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	1132347 (view as bug list)
Environment:
Last Closed:	2015-01-20 10:37:44 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Hu Jianwei 2014-08-20 08:08:50 UTC

Description of problem:
Libvirt crash after defining/editing macvtap network pool with unsupported <address> elements

Version-Release number of selected component (if applicable):
libvirt-0.10.2-44.el6.x86_64
qemu-kvm-rhev-0.12.1.2-2.428.el6.x86_64
kernel-2.6.32-468.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
[root@sriov2 jiahu]# cat pci.xml
<network>
<name>passthrough_001</name>
<forward mode='passthrough'>
<address type='pci' domain='0' bus='0x11' slot='0x10' function='0x1'/>
</forward>
</network>

[root@sriov2 jiahu]# virsh net-define pci.xml
error: Failed to define network from pci.xml
error: End of file while reading data: Input/output error
error: One or more references were leaked after disconnect from the hypervisor
error: Failed to reconnect to the hypervisor

Or added below line to an existing network tiwice.
  <address type='pci' domain='0' bus='0x11' slot='0x10' function='0x1'/>

[root@sriov2 jiahu]# virsh net-edit passthrough
error: End of file while reading data: Input/output error
Failed. Try again? [y,n,f,?]:
error: internal error client socket is closed
error: One or more references were leaked after disconnect from the hypervisor
error: Failed to reconnect to the hypervisor


Actual results:
As shown above steps, libvirtd crashed. Also can reproduce it on libvirt-0.10.2-43.el6.x86_64


Expected results:
No crash

Additional info:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f5853611700 (LWP 11177)]
__strlen_sse42 () at ../sysdeps/x86_64/multiarch/strlen-sse4.S:32
32                pcmpeqb        (%rdi), %xmm1
(gdb) t a a bt

Thread 11 (Thread 0x7f5855e15700 (LWP 11173)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:183
#1  0x00007f585bf475d6 in virCondWait (c=<value optimized out>, m=<value optimized out>) at util/threads-pthread.c:117
#2  0x00007f585bf47ba3 in virThreadPoolWorker (opaque=<value optimized out>) at util/threadpool.c:103
#3  0x00007f585bf473f9 in virThreadHelper (data=<value optimized out>) at util/threads-pthread.c:161
#4  0x0000003d04a079d1 in start_thread (arg=0x7f5855e15700) at pthread_create.c:301
#5  0x0000003d042e8b7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 10 (Thread 0x7f5855414700 (LWP 11174)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:183
#1  0x00007f585bf475d6 in virCondWait (c=<value optimized out>, m=<value optimized out>) at util/threads-pthread.c:117
#2  0x00007f585bf47ba3 in virThreadPoolWorker (opaque=<value optimized out>) at util/threadpool.c:103
#3  0x00007f585bf473f9 in virThreadHelper (data=<value optimized out>) at util/threads-pthread.c:161
#4  0x0000003d04a079d1 in start_thread (arg=0x7f5855414700) at pthread_create.c:301
#5  0x0000003d042e8b7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 9 (Thread 0x7f5854a13700 (LWP 11175)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:183
#1  0x00007f585bf475d6 in virCondWait (c=<value optimized out>, m=<value optimized out>) at util/threads-pthread.c:117
#2  0x00007f585bf47ba3 in virThreadPoolWorker (opaque=<value optimized out>) at util/threadpool.c:103
#3  0x00007f585bf473f9 in virThreadHelper (data=<value optimized out>) at util/threads-pthread.c:161
#4  0x0000003d04a079d1 in start_thread (arg=0x7f5854a13700) at pthread_create.c:301
#5  0x0000003d042e8b7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 8 (Thread 0x7f5854012700 (LWP 11176)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:183
#1  0x00007f585bf475d6 in virCondWait (c=<value optimized out>, m=<value optimized out>) at util/threads-pthread.c:117
#2  0x00007f585bf47ba3 in virThreadPoolWorker (opaque=<value optimized out>) at util/threadpool.c:103
#3  0x00007f585bf473f9 in virThreadHelper (data=<value optimized out>) at util/threads-pthread.c:161
#4  0x0000003d04a079d1 in start_thread (arg=0x7f5854012700) at pthread_create.c:301
#5  0x0000003d042e8b7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 7 (Thread 0x7f5853611700 (LWP 11177)):
#0  __strlen_sse42 () at ../sysdeps/x86_64/multiarch/strlen-sse4.S:32
#1  0x00007f585bf2ad11 in virBufferEscapeString (buf=0x7f58536109d0, format=0x7f585c0a7ecf "<interface dev='%s'", str=0x1100000000 <Address 0x1100000000 out of bounds>)
    at util/buf.c:379
#2  0x00007f585bf96139 in virNetworkDefFormatBuf (buf=0x7f58536109d0, def=0x7f583c001050, flags=<value optimized out>) at conf/network_conf.c:2132
#3  0x00007f585bf96f1a in virNetworkDefFormat (def=<value optimized out>, flags=<value optimized out>) at conf/network_conf.c:2216
#4  0x00007f585bf97001 in virNetworkSaveConfig (configDir=0x7f5848000a20 "/etc/libvirt/qemu/networks", def=0x7f583c001050) at conf/network_conf.c:2281
#5  0x00000000004f3962 in networkDefine (conn=0x7f58440009c0, xml=<value optimized out>) at network/bridge_driver.c:2988
---Type <return> to continue, or q <return> to quit---
#6  0x00007f585bfd1096 in virNetworkDefineXML (conn=0x7f58440009c0,
    xml=0x7f583c0009a0 "<network>\n<name>passthrough_001</name>\n<forward mode='passthrough'>\n<address type='pci' domain='0' bus='0x11' slot='0x10' function='0x1'/>\n</forward>\n</network>\n") at libvirt.c:10510
#7  0x000000000043df2e in remoteDispatchNetworkDefineXML (server=<value optimized out>, client=0x26da650, msg=<value optimized out>, rerr=0x7f5853610b80, args=0x7f583c0008c0,
    ret=0x7f583c0008e0) at remote_dispatch.h:8769
#8  remoteDispatchNetworkDefineXMLHelper (server=<value optimized out>, client=0x26da650, msg=<value optimized out>, rerr=0x7f5853610b80, args=0x7f583c0008c0, ret=0x7f583c0008e0)
    at remote_dispatch.h:8749
#9  0x00007f585c0284f2 in virNetServerProgramDispatchCall (prog=0x26da300, server=0x26d0bf0, client=0x26da650, msg=0x26dad10) at rpc/virnetserverprogram.c:431
#10 virNetServerProgramDispatch (prog=0x26da300, server=0x26d0bf0, client=0x26da650, msg=0x26dad10) at rpc/virnetserverprogram.c:304
#11 0x00007f585c026d3e in virNetServerProcessMsg (srv=<value optimized out>, client=0x26da650, prog=<value optimized out>, msg=0x26dad10) at rpc/virnetserver.c:170
#12 0x00007f585c0273dc in virNetServerHandleJob (jobOpaque=<value optimized out>, opaque=0x26d0bf0) at rpc/virnetserver.c:191
#13 0x00007f585bf47b0c in virThreadPoolWorker (opaque=<value optimized out>) at util/threadpool.c:144
#14 0x00007f585bf473f9 in virThreadHelper (data=<value optimized out>) at util/threads-pthread.c:161
#15 0x0000003d04a079d1 in start_thread (arg=0x7f5853611700) at pthread_create.c:301
#16 0x0000003d042e8b7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 6 (Thread 0x7f5852c10700 (LWP 11178)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:183
#1  0x00007f585bf475d6 in virCondWait (c=<value optimized out>, m=<value optimized out>) at util/threads-pthread.c:117
#2  0x00007f585bf47ba3 in virThreadPoolWorker (opaque=<value optimized out>) at util/threadpool.c:103
#3  0x00007f585bf473f9 in virThreadHelper (data=<value optimized out>) at util/threads-pthread.c:161
#4  0x0000003d04a079d1 in start_thread (arg=0x7f5852c10700) at pthread_create.c:301
#5  0x0000003d042e8b7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 5 (Thread 0x7f585220f700 (LWP 11179)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:183
#1  0x00007f585bf475d6 in virCondWait (c=<value optimized out>, m=<value optimized out>) at util/threads-pthread.c:117
#2  0x00007f585bf47ba3 in virThreadPoolWorker (opaque=<value optimized out>) at util/threadpool.c:103
#3  0x00007f585bf473f9 in virThreadHelper (data=<value optimized out>) at util/threads-pthread.c:161
#4  0x0000003d04a079d1 in start_thread (arg=0x7f585220f700) at pthread_create.c:301
#5  0x0000003d042e8b7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 4 (Thread 0x7f585180e700 (LWP 11180)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:183
#1  0x00007f585bf475d6 in virCondWait (c=<value optimized out>, m=<value optimized out>) at util/threads-pthread.c:117
#2  0x00007f585bf47ba3 in virThreadPoolWorker (opaque=<value optimized out>) at util/threadpool.c:103
#3  0x00007f585bf473f9 in virThreadHelper (data=<value optimized out>) at util/threads-pthread.c:161
#4  0x0000003d04a079d1 in start_thread (arg=0x7f585180e700) at pthread_create.c:301
#5  0x0000003d042e8b7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 3 (Thread 0x7f5850e0d700 (LWP 11181)):
---Type <return> to continue, or q <return> to quit---
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:183
#1  0x00007f585bf475d6 in virCondWait (c=<value optimized out>, m=<value optimized out>) at util/threads-pthread.c:117
#2  0x00007f585bf47ba3 in virThreadPoolWorker (opaque=<value optimized out>) at util/threadpool.c:103
#3  0x00007f585bf473f9 in virThreadHelper (data=<value optimized out>) at util/threads-pthread.c:161
#4  0x0000003d04a079d1 in start_thread (arg=0x7f5850e0d700) at pthread_create.c:301
#5  0x0000003d042e8b7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 2 (Thread 0x7f585040c700 (LWP 11182)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:183
#1  0x00007f585bf475d6 in virCondWait (c=<value optimized out>, m=<value optimized out>) at util/threads-pthread.c:117
#2  0x00007f585bf47ba3 in virThreadPoolWorker (opaque=<value optimized out>) at util/threadpool.c:103
#3  0x00007f585bf473f9 in virThreadHelper (data=<value optimized out>) at util/threads-pthread.c:161
#4  0x0000003d04a079d1 in start_thread (arg=0x7f585040c700) at pthread_create.c:301
#5  0x0000003d042e8b7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Thread 1 (Thread 0x7f585bec6860 (LWP 11172)):
#0  0x0000003d042df353 in __poll (fds=<value optimized out>, nfds=<value optimized out>, timeout=<value optimized out>) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x00007f585bf34f3c in virEventPollRunOnce () at util/event_poll.c:615
#2  0x00007f585bf34177 in virEventRunDefaultImpl () at util/event.c:247
#3  0x00007f585c02657d in virNetServerRun (srv=0x26d0bf0) at rpc/virnetserver.c:748
#4  0x00000000004242f7 in main (argc=<value optimized out>, argv=<value optimized out>) at libvirtd.c:1229
(gdb)
(gdb)

Comment 1 Hu Jianwei 2014-08-21 08:17:31 UTC

The bug was reproduced in rhel7, cloned it.

Bug 1132347 - Libvirt crash after defining/editing macvtap network pool with <address> elements

Note You need to log in before you can comment on or make changes to this bug.