Bug 1363636 – Libvirtd crashes when using vol-create-from to create a raw vol and using a qcow2 vol as source

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1363636 - Libvirtd crashes when using vol-create-from to create a raw vol and using a qcow2 vol as source

Summary:	Libvirtd crashes when using vol-create-from to create a raw vol and using a q...

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	libvirt (Show other bugs)
Sub Component:
Version:	7.3
Hardware:	Unspecified Unspecified

Priority	unspecified Severity unspecified
Target Milestone:	rc
Target Release:	---
Assigned To:	Erik Skultety
QA Contact:	Virtualization Bugs
Docs Contact:

URL:
Whiteboard:
Keywords:	Regression

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2016-08-03 05:10 EDT by yangyang
Modified:	2016-11-03 14:51 EDT (History)
CC List:	5 users (show)

See Also:
Fixed In Version:	libvirt-2.0.0-5.el7
Doc Type:	If docs needed, set a value
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2016-11-03 14:51:26 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2016:2577	normal	SHIPPED_LIVE	Moderate: libvirt security, bug fix, and enhancement update	2016-11-03 08:07:06 EDT

Groups: None (edit)

Description yangyang 2016-08-03 05:10:42 EDT

Description of problem:
Libvirtd crashes when using vol-create-from to create a raw vol and using
a qcow2 vol as source. It does not happen when using libvirt-1.2.17-13.el7.x86_64

Version-Release number of selected component (if applicable):
libvirt-2.0.0-4.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. create a dir pool
# /bin/virsh pool-create-as --name virt-dir-pool --type dir --target /tmp/dir-pool
Pool virt-dir-pool created

2. create a qcow2 vol in dir pool
# virsh vol-create-as --pool virt-dir-pool src_vol --capacity 4194304 --format qcow2
Vol src_vol created

# virsh vol-list virt-dir-pool --details
 Name     Path                   Type  Capacity  Allocation
------------------------------------------------------------
 src_vol  /tmp/dir-pool/src_vol  file  4.00 MiB  196.00 KiB

3. create a raw vol from the qcow2 vol
# cat vol.xml
<volume>  
<name>dest_vol</name>
 <capacity unit='bytes'>4194304</capacity>  
<target>    
<format type='raw'/>  
</target>
</volume>

# virsh vol-create-from --pool virt-dir-pool --file vol.xml --vol src_vol --inputpool virt-dir-pool
error: Disconnected from qemu:///system due to I/O error
error: Failed to create vol from vol.xml
error: End of file while reading data: Input/output error

Actual results:
Libvirtd crashes when using vol-create-from to create a raw vol and using
a qcow2 vol as source

Expected results:
Libvirtd does not crash

Additional info:

Comment 1 yangyang 2016-08-03 05:24:31 EDT

Add gdb info

(gdb) c
Continuing.
Detaching after fork from child process 14957.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7eff7fa47700 (LWP 14872)]
virStorageBackendCreateQemuImg (conn=0x7eff5c000c50, pool=0x7eff1c0f0540, 
    vol=0x7eff78000b80, inputvol=0x7eff1c0f4210, flags=0)
    at storage/storage_backend.c:1461
1461	    if (vol->target.format == VIR_STORAGE_FILE_RAW &&
(gdb) c
Continuing.
[Thread 0x7eff7fa47700 (LWP 14872) exited]
[Thread 0x7eff7e244700 (LWP 14875) exited]
[Thread 0x7eff7da43700 (LWP 14876) exited]
[Thread 0x7eff7d242700 (LWP 14877) exited]
[Thread 0x7eff7ca41700 (LWP 14878) exited]
[Thread 0x7eff777fe700 (LWP 14880) exited]
[Thread 0x7eff52565700 (LWP 14881) exited]
[Thread 0x7eff51563700 (LWP 14883) exited]
[Thread 0x7eff50d62700 (LWP 14884) exited]
[Thread 0x7eff900fc880 (LWP 14870) exited]
[Thread 0x7eff7ea45700 (LWP 14874) exited]
[Thread 0x7eff80248700 (LWP 14871) exited]
[Thread 0x7eff7f246700 (LWP 14873) exited]
[Thread 0x7eff51d64700 (LWP 14882) exited]
[Thread 0x7eff38f3a700 (LWP 14885) exited]

Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.

Comment 4 Erik Skultety 2016-08-05 03:41:51 EDT

Fixed upstream by:

commit 5a3558c6201dc3aaef86166edce6b5edfe6800ad
Author:     Erik Skultety <eskultet@redhat.com>
AuthorDate: Wed Aug 3 12:08:41 2016 +0200
Commit:     Erik Skultety <eskultet@redhat.com>
CommitDate: Fri Aug 5 09:07:00 2016 +0200

    storage: Fix a NULL ptr dereference in virStorageBackendCreateQemuImg
    
    There was a missing check for vol->target.encryption being NULL
    at one particular place (modified by commit a48c71411) which caused a crash
    when user attempted to create a raw volume using a non-raw file volume as
    source.
    
    Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1363636
    
    Signed-off-by: Erik Skultety <eskultet@redhat.com>

Comment 7 yisun 2016-08-11 02:48:59 EDT

Verified on libvirt-2.0.0-5.el7.x86_64
PASSED


# /bin/virsh pool-create-as --name virt-dir-pool --type dir --target /tmp/dir-pool
Pool virt-dir-pool created


# virsh vol-create-as --pool virt-dir-pool src_vol --capacity 4194304 --format qcow2
Vol src_vol created

# virsh vol-list virt-dir-pool --details
 Name     Path                   Type  Capacity  Allocation
------------------------------------------------------------
 src_vol  /tmp/dir-pool/src_vol  file  4.00 MiB  196.00 KiB

# vim vol.xml
<volume>  
<name>dest_vol</name>
 <capacity unit='bytes'>4194304</capacity>  
<target>    
<format type='raw'/>  
</target>
</volume>


# virsh vol-create-from --pool virt-dir-pool --file vol.xml --vol src_vol --inputpool virt-dir-pool
Vol dest_vol created from input vol src_vol


In another terminal, gdb doesn't report crash
...
(gdb) c
Continuing.
Detaching after fork from child process 4263.
Detaching after fork from child process 4264.
...

Check the newly created vol:
# virsh vol-list virt-dir-pool --details
 Name      Path                    Type  Capacity  Allocation
--------------------------------------------------------------
 dest_vol  /tmp/dir-pool/dest_vol  file  4.00 MiB      0.00 B
 src_vol   /tmp/dir-pool/src_vol   file  4.00 MiB  196.00 KiB


# qemu-img info /tmp/dir-pool/dest_vol
image: /tmp/dir-pool/dest_vol
file format: raw
virtual size: 4.0M (4194304 bytes)
disk size: 0

Comment 9 errata-xmlrpc 2016-11-03 14:51:26 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2577.html

Note You need to log in before you can comment on or make changes to this bug.