Bug 1299411 – libvirtd crash when create external snapshot for empty cdrom on running guest

Bug 1299411 - libvirtd crash when create external snapshot for empty cdrom on running guest

Summary:	libvirtd crash when create external snapshot for empty cdrom on running guest

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	libvirt (Show other bugs)
Sub Component:
Version:	6.8
Hardware:	x86_64 Linux

Priority	low Severity low
Target Milestone:	rc
Target Release:	---
Assigned To:	Jiri Denemark
QA Contact:	Virtualization Bugs
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2016-01-18 05:24 EST by Han Han
Modified:	2016-05-10 15:25 EDT (History)
CC List:	5 users (show)

See Also:
Fixed In Version:	libvirt-0.10.2-56.el6
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2016-05-10 15:25:49 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
full backtrace of coredump (6.24 KB, text/plain) 2016-01-18 05:24 EST, Han Han	no flags	Details
Libvirtd log (109.91 KB, text/plain) 2016-01-18 05:26 EST, Han Han	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2016:0738	normal	SHIPPED_LIVE	libvirt bug fix update	2016-05-12 14:40:37 EDT

Groups: None (edit)

Description Han Han 2016-01-18 05:24:43 EST

Created attachment 1115796 [details]
full backtrace of coredump

Description of problem:
Prepare a guest with empty cdrom, create an external snapshot for the empty cdrom disk when guest is running, libvirtd will crash.

Version-Release number of selected component (if applicable):
libvirt-0.10.2-55.el6.x86_64
qemu-kvm-rhev-0.12.1.2-2.483.el6.x86_64
kernel-2.6.32-592.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Prepare an healthy guest with os image and an empty cdrom as following xml
...
    <disk type='file' device='disk'>
      <driver name='qemu' type='qcow2' cache='none'/>
      <source file='/var/lib/libvirt/images/c1.qcow2'/>
      <target dev='vda' bus='virtio'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
    </disk>
    <disk type='file' device='cdrom'>
      <driver name='qemu' type='raw'/>
      <target dev='hda' bus='ide'/>
      <readonly/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>
...

2. Start guest and create a external snapshot for hda only.
# virsh start c1
Domain c1 started
# virsh snapshot-create-as c1 keke --disk-only --diskspec vda,snapshot=no --diskspec hda,file=/tmp/keke
error: End of file while reading data: Input/output error
error: One or more references were leaked after disconnect from the hypervisor
error: Failed to reconnect to the hypervisor

The libvirtd crashes due to SIGSEGV.
The full backtrace is in backtrace attachment

3. Try to create inactive external snapshot:
# virsh snapshot-create-as c1 keke --disk-only --diskspec vda,snapshot=no --diskspec s\da,file=/tmp/keke
error: internal error Child process (/usr/bin/qemu-img create -f qcow2 -o 'backing_file=(null),backing_fmt=raw' /tmp/keke) unexpected exit status 1: 2016-01-18 10:09:57.466+0000: 15496: debug : virFileClose:72 : Closed fd 23
2016-01-18 10:09:57.466+0000: 15496: debug : virFileClose:72 : Closed fd 25
2016-01-18 10:09:57.466+0000: 15496: debug : virFileClose:72 : Closed fd 21
2016-01-18 10:09:57.466+0000: 15496: debug : virCommandHook:2148 : Hook is done 0
Could not open '(null)': No such file or directory

Actual results:
Step2 segment fault.

Expected results:
Step2 print as following, no crash:
error: internal error: unable to execute QEMU command 'transaction': Device 'drive-ide0-0-0' has no medium

Additional info:
I. In RHEl7.2 gets the expect result.
II. In step2, try it with scsi cdrom, bug reproduced. And when the cdrom has media, snapshot created successfully.

Comment 1 Han Han 2016-01-18 05:26 EST

Created attachment 1115797 [details]
Libvirtd log

Comment 5 Han Han 2016-01-27 21:27:23 EST

I can reproduce it on libvirt-0.10.2-55.el6.x86_64.
Verify it on libvirt-0.10.2-56.el6.x86_64:
1. Prepare a running guest with empty cdrom:
```
<disk type='file' device='disk'>
      <driver name='qemu' type='qcow2' cache='none'/>
      <source file='/var/lib/libvirt/images/n1.qcow2'/>
      <target dev='vda' bus='virtio'/>
      <alias name='virtio-disk0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
    </disk>
    <disk type='file' device='cdrom'>
      <driver name='qemu' type='raw'/>
      <target dev='hda' bus='ide'/>
      <readonly/>
      <alias name='ide0-0-0'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>
```
# virsh list 
 Id    Name                           State
----------------------------------------------------
 1     n1                             running

2. Try to do snapshot for the cdrom:
# virsh snapshot-create-as n1 keke --disk-only --diskspec vda,snapshot=no --diskspec hda,file=/tmp/keke
error: Requested operation is not valid: disk 'hda' has no source

# cat snap.xml 
<domainsnapshot>
<disks>
<disk name='vda' snapshot='external'>
<driver type='qcow2'/>
<source file='/var/lib/libvirt/images/n1.va'/>
</disk>
<disk name='hda' snapshot='external'>
<driver type='qcow2'/>
<source file='/tmp/cdrom'/>
</disk>
</disks>
</domainsnapshot> 
# virsh snapshot-create n1 snap.xml --disk-only                                                           
error: Requested operation is not valid: disk 'hda' has no source
# virsh snapshot-create-as n1 keke --disk-only --diskspec vda,file=/tmp/keke --diskspec hda,snapshot=no
Domain snapshot keke created

# virsh snapshot-list n1
 Name                 Creation Time             State
------------------------------------------------------------
 keke                 2016-01-28 10:25:30 +0800 disk-snapshot

Comment 7 errata-xmlrpc 2016-05-10 15:25:49 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0738.html

Note You need to log in before you can comment on or make changes to this bug.