RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1576598 - Segfault in qemu-io and qemu-img with -U --image-opts force-share=off
Summary: Segfault in qemu-io and qemu-img with -U --image-opts force-share=off
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: qemu-kvm-rhev
Version: 7.6
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Hanna Czenczek
QA Contact: Tingting Mao
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-05-09 22:09 UTC by Hanna Czenczek
Modified: 2018-11-01 11:09 UTC (History)
9 users (show)

Fixed In Version: qemu-kvm-rhev-2.12.0-5.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-11-01 11:09:52 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Hanna Czenczek 2018-05-09 22:09:32 UTC 
Description of problem:

qemu-io and qemu-img segfault (NULL dereference) when using -U together with --image-opts force-share=[anything].


Version-Release number of selected component (if applicable):

$ git describe
qemu-kvm-rhev-2.12.0-1.el7


Steps to Reproduce:

qemu-io:

$ ./qemu-io -r -U --image-opts \
    driver=file,filename=/dev/null,force-share=off
[1]    19058 segmentation fault (core dumped)  ./qemu-io -r -U --image-opts driver=file,filename=/dev/null,force-share=off

qemu-img:

$ ./qemu-img info -U --image-opts \
    driver=file,filename=/dev/null,force-share=off
[1]    19681 segmentation fault (core dumped)  ./qemu-img info -U --image-opts driver=file,filename=/dev/null,force-share=of


Expected results:

First, neither should crash.  Secondly, when using -U together with force-share=off, we may want to report an error (because -U sets force-share=on).


Additional info:

Upstream patches are queued.
Comment 3 Miroslav Rezanina 2018-06-25 14:17:10 UTC 
Fix included in qemu-kvm-rhev-2.12.0-5.el7
Comment 5 Ping Li 2018-06-27 02:52:31 UTC 
Verified the bug with below packages an test steps.

Packages tested:
kernel-3.10.0-915.el7
qemu-kvm-rhev-2.12.0-5.el7

Test steps:
1. Option '-U' and 'force-share=off' can't be used at the same time.
1.1 for a file
# qemu-io -r -U --image-opts driver=file,filename=/dev/null,force-share=off
-U conflicts with image options
# qemu-img info -U --image-opts driver=file,filename=/dev/null,force-share=off
qemu-img: --force-share/-U conflicts with image options
1.2 for a qcow2 image
# qemu-io -r -U --image-opts driver=qcow2,file.driver=file,file.filename=base.qcow2,force-share=off
-U conflicts with image options
# qemu-img info -U --image-opts driver=qcow2,file.driver=file,file.filename=base.qcow2,force-share=off
qemu-img: --force-share/-U conflicts with image options

2. Option '-U' and 'force-share=on' can be used at the same time.
2.1 for a file
# qemu-io -r -U --image-opts driver=file,filename=/dev/null,force-share=on
qemu-io> 
# qemu-img info -U --image-opts driver=file,filename=/dev/null,force-share=on
image: /dev/null
file format: file
virtual size: 0 (0 bytes)
disk size: 0
2.2 for a qcow2 image
# qemu-io -r -U --image-opts driver=qcow2,file.driver=file,file.filename=base.qcow2,force-share=on
qemu-io> 
# qemu-img info -U --image-opts driver=qcow2,file.driver=file,file.filename=base.qcow2,force-share=on
image: base.qcow2
file format: qcow2
virtual size: 100M (104857600 bytes)
disk size: 1.3M
cluster_size: 65536
Format specific information:
    compat: 1.1
    lazy refcounts: false
    refcount bits: 16
    corrupt: false

3. Run case 153 in qemu-iotests
# rpm -ivhf qemu-kvm-rhev-2.12.0-5.el7.src.rpm
# rpmbuild -bp /root/rpmbuild/SPECS/qemu-kvm.spec --nodeps
# cd /root/rpmbuild/BUILD/qemu-2.12.0/
# ./configure
# export QEMU_PROG=/usr/libexec/qemu-kvm
# export QEMU_IMG_PROG=/usr/bin/qemu-img
# export QEMU_IO_PROG=/usr/bin/qemu-io
# export QEMU_NBD_PROG=/usr/bin/qemu-nbd
# cd tests/qemu-iotests
# ./check -qcow2 153
QEMU          -- "/usr/libexec/qemu-kvm" -nodefaults -machine accel=qtest
QEMU_IMG      -- "/usr/bin/qemu-img" 
QEMU_IO       -- "/usr/bin/qemu-io"  --cache writeback -f qcow2
QEMU_NBD      -- "/usr/bin/qemu-nbd" 
IMGFMT        -- qcow2 (compat=1.1)
IMGPROTO      -- file
PLATFORM      -- Linux/x86_64 hp-dl385g7-09 3.10.0-915.el7.x86_64
TEST_DIR      -- /root/rpmbuild/BUILD/qemu-2.12.0/tests/qemu-iotests/scratch
SOCKET_SCM_HELPER -- 

153        
Passed all 1 tests
Comment 7 errata-xmlrpc 2018-11-01 11:09:52 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3443
Note You need to log in before you can comment on or make changes to this bug.