Bug 1181408

Created attachment 979480 [details]
The libvirtd crash coredump info

can Also hit this issue by hotplug the spicevmc without target type for many times
# cat spice.xml 
    <channel type='spicevmc'>
      <alias name='channel0'/>
      <address type='virtio-serial' controller='0' bus='0' port='2'/>
    </channel>

# virsh attach-device rhel7f spice.xml 
error: Failed to attach device from spice.xml
error: invalid argument: device not present in domain configuration

[root@zhwangrhel71 ~]# virsh attach-device rhel7f spice.xml 
error: Failed to attach device from spice.xml
error: End of file while reading data: Input/output error
error: Failed to reconnect to the hypervisor

Thread 1 (Thread 0x7faef0238700 (LWP 2454)):
#0  0x00007faefcb37d3c in __strncmp_sse42 () from /lib64/libc.so.6
#1  0x00007faee89bdd0c in qemuDomainDeviceAliasIndex (prefix=prefix@entry=0x7faee8a5e5e8 "channel", info=<optimized out>) at qemu/qemu_command.c:591
#2  0x00007faee89c0897 in qemuGetNextChrDevIndex (chr=0x7faed4000c60, prefix=0x7faee8a5e5e8 "channel", def=0x1) at qemu/qemu_command.c:924
#3  qemuAssignDeviceChrAlias (def=def@entry=0x7faee01f9930, chr=chr@entry=0x7faed4000c60, idx=idx@entry=-1) at qemu/qemu_command.c:967
#4  0x00007faee89e5a1f in qemuDomainAttachChrDevice (driver=driver@entry=0x7faee00efa30, vm=vm@entry=0x7faee020bcf0, chr=0x7faed4000c60) at qemu/qemu_hotplug.c:1468
#5  0x00007faee8a49e5e in qemuDomainAttachDeviceLive (dom=0x7faed4000a90, dev=0x7faed4000b90, vm=0x7faee020bcf0) at qemu/qemu_driver.c:7011
#6  qemuDomainAttachDeviceFlags (dom=0x7faed4000a90, xml=<optimized out>, flags=<optimized out>) at qemu/qemu_driver.c:7563
#7  0x00007faeff9e1a86 in virDomainAttachDevice (domain=domain@entry=0x7faed4000a90, 
    xml=0x7faed40011a0 "    <channel type='spicevmc'>\n      <alias name='channel0'/>\n      <address type='virtio-serial' controller='0' bus='0' port='2'/>\n    </channel>\n") at libvirt.c:10385
#8  0x00007faf00473a90 in remoteDispatchDomainAttachDevice (server=<optimized out>, msg=<optimized out>, args=0x7faed4000bb0, rerr=0x7faef0237c80, client=<optimized out>) at remote_dispatch.h:2485
#9  remoteDispatchDomainAttachDeviceHelper (server=<optimized out>, client=<optimized out>, msg=<optimized out>, rerr=0x7faef0237c80, args=0x7faed4000bb0, ret=<optimized out>) at remote_dispatch.h:2463
#10 0x00007faeffa40032 in virNetServerProgramDispatchCall (msg=0x7faf01689090, client=0x7faf01689650, server=0x7faf0167a7e0, prog=0x7faf01685b00) at rpc/virnetserverprogram.c:437
#11 virNetServerProgramDispatch (prog=0x7faf01685b00, server=server@entry=0x7faf0167a7e0, client=0x7faf01689650, msg=0x7faf01689090) at rpc/virnetserverprogram.c:307
#12 0x00007faf004813ed in virNetServerProcessMsg (msg=<optimized out>, prog=<optimized out>, client=<optimized out>, srv=0x7faf0167a7e0) at rpc/virnetserver.c:172
#13 virNetServerHandleJob (jobOpaque=<optimized out>, opaque=0x7faf0167a7e0) at rpc/virnetserver.c:193
#14 0x00007faeff943cb5 in virThreadPoolWorker (opaque=opaque@entry=0x7faf0166ec50) at util/virthreadpool.c:145
#15 0x00007faeff94364e in virThreadHelper (data=<optimized out>) at util/virthread.c:197
#16 0x00007faefd1d4df5 in start_thread () from /lib64/libpthread.so.0
#17 0x00007faefcafb1ad in clone () from /lib64/libc.so.6
(gdb)

Fixed upstream by:
commit fba7173f7236c705344aa84bf9715074abdc6ea7
Author:     Luyao Huang <lhuang>
AuthorDate: 2015-01-13 16:41:05 +0800
Commit:     Ján Tomko <jtomko>
CommitDate: 2015-01-13 09:56:56 +0100

    conf: fix crash when hotplug a channel chr device with no target
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1181408
    
    When we try to hotplug a channel chr device with no target, we
    will get success (which should fail) in virDomainChrDefParseXML,
    because we use goto cleanup this place and return an incomplete
    definition (with no target). In qemuDomainAttachChrDevice,
    we add it to the domain definition, but fail to remove it from
    there when chardev-add fails, because virDomainChrRemove
    matches chardevices according to the target name.
    The device definition is then freed in qemuDomainAttachDeviceFlags,
    leaving a stale pointer in the domain definition.
    
    Signed-off-by: Luyao Huang <lhuang>
    Signed-off-by: Ján Tomko <jtomko>

git describe: v1.2.11-144-gfba7173

Verify this bug with libvirt-1.2.8-13.el7
steps
1.Prepare a shutoff guest
# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel7f                        shut off

2.Prepare a xml like following
#cat agent.xml
<channel type='unix'>
      <source mode='bind' path='/var/lib/libvirt/qemu/channel/target/rhel7f.org.qemu.guest_agent.0'/>
      <address type='virtio-serial' controller='0' bus='0' port='7'/>
    </channel>

3.Attach the guest agent to the guest, will attach fail to attach the
agent to guest and get the expect error
# virsh attach-device rhel7f agent.xml --current
error: Failed to attach device from agent.xml
error: XML error: target type must be specified for channel device

# virsh attach-device rhel7f agent.xml --config
error: Failed to attach device from agent.xml
error: XML error: target type must be specified for channel device

4.Start the guest, after the guest start comepletly, re-attach the guest agent
to the guest, will also fail to attach the agent to guest and get the expect error, also the libvirtd didn't crash
# virsh attach-device rhel7f agent.xml 
error: Failed to attach device from agent.xml
error: XML error: target type must be specified for channel device

# virsh attach-device rhel7f agent.xml --config
error: Failed to attach device from agent.xml
error: XML error: target type must be specified for channel device

# virsh attach-device rhel7f agent.xml --current
error: Failed to attach device from agent.xml
error: XML error: target type must be specified for channel device

5.Prepare a normal guest agent xml
#cat agent.xml
    <channel type='unix'>
      <source mode='bind' path='/var/lib/libvirt/qemu/channel/target/rhel7f.org.qemu.guest_agent.0'/>
      <target type='virtio' name='org.qemu.guest_agent.0'/>
      <address type='virtio-serial' controller='0' bus='0' port='2'/>
    </channel>

6.The guest agent could be attached successfully, install the guest agent service inside the guest, the guest agent service works as expectly after restart libvirtd service, there was an exsiting bug 1168530 trace this known issue

# virsh attach-device rhel7f agent.xml 
Device attached successfully

7.Detach the guest agent with the invalid guest agent xml, could get the expect error
#cat agent.xml
<channel type='unix'>
      <source mode='bind' path='/var/lib/libvirt/qemu/channel/target/rhel7f.org.qemu.guest_agent.0'/>
      <address type='virtio-serial' controller='0' bus='0' port='7'/>
    </channel>

# virsh detach-device rhel7f agent.xml 
error: Failed to detach device from agent.xml
error: XML error: target type must be specified for channel device

According to the upper steps ,mark this bug verifed

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0323.html