Bug 1576598 - Segfault in qemu-io and qemu-img with -U --image-opts force-share=off
Summary: Segfault in qemu-io and qemu-img with -U --image-opts force-share=off
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: qemu-kvm-rhev
Version: 7.6
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Hanna Reitz
QA Contact: Tingting Mao
Depends On:
TreeView+ depends on / blocked
Reported: 2018-05-09 22:09 UTC by Hanna Reitz
Modified: 2018-11-01 11:09 UTC (History)
9 users (show)

Fixed In Version: qemu-kvm-rhev-2.12.0-5.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2018-11-01 11:09:52 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Hanna Reitz 2018-05-09 22:09:32 UTC
Description of problem:

qemu-io and qemu-img segfault (NULL dereference) when using -U together with --image-opts force-share=[anything].

Version-Release number of selected component (if applicable):

$ git describe

Steps to Reproduce:


$ ./qemu-io -r -U --image-opts \
[1]    19058 segmentation fault (core dumped)  ./qemu-io -r -U --image-opts driver=file,filename=/dev/null,force-share=off


$ ./qemu-img info -U --image-opts \
[1]    19681 segmentation fault (core dumped)  ./qemu-img info -U --image-opts driver=file,filename=/dev/null,force-share=of

Expected results:

First, neither should crash.  Secondly, when using -U together with force-share=off, we may want to report an error (because -U sets force-share=on).

Additional info:

Upstream patches are queued.

Comment 3 Miroslav Rezanina 2018-06-25 14:17:10 UTC
Fix included in qemu-kvm-rhev-2.12.0-5.el7

Comment 5 Ping Li 2018-06-27 02:52:31 UTC
Verified the bug with below packages an test steps.

Packages tested:

Test steps:
1. Option '-U' and 'force-share=off' can't be used at the same time.
1.1 for a file
# qemu-io -r -U --image-opts driver=file,filename=/dev/null,force-share=off
-U conflicts with image options
# qemu-img info -U --image-opts driver=file,filename=/dev/null,force-share=off
qemu-img: --force-share/-U conflicts with image options
1.2 for a qcow2 image
# qemu-io -r -U --image-opts driver=qcow2,file.driver=file,file.filename=base.qcow2,force-share=off
-U conflicts with image options
# qemu-img info -U --image-opts driver=qcow2,file.driver=file,file.filename=base.qcow2,force-share=off
qemu-img: --force-share/-U conflicts with image options

2. Option '-U' and 'force-share=on' can be used at the same time.
2.1 for a file
# qemu-io -r -U --image-opts driver=file,filename=/dev/null,force-share=on
# qemu-img info -U --image-opts driver=file,filename=/dev/null,force-share=on
image: /dev/null
file format: file
virtual size: 0 (0 bytes)
disk size: 0
2.2 for a qcow2 image
# qemu-io -r -U --image-opts driver=qcow2,file.driver=file,file.filename=base.qcow2,force-share=on
# qemu-img info -U --image-opts driver=qcow2,file.driver=file,file.filename=base.qcow2,force-share=on
image: base.qcow2
file format: qcow2
virtual size: 100M (104857600 bytes)
disk size: 1.3M
cluster_size: 65536
Format specific information:
    compat: 1.1
    lazy refcounts: false
    refcount bits: 16
    corrupt: false

3. Run case 153 in qemu-iotests
# rpm -ivhf qemu-kvm-rhev-2.12.0-5.el7.src.rpm
# rpmbuild -bp /root/rpmbuild/SPECS/qemu-kvm.spec --nodeps
# cd /root/rpmbuild/BUILD/qemu-2.12.0/
# ./configure
# export QEMU_PROG=/usr/libexec/qemu-kvm
# export QEMU_IMG_PROG=/usr/bin/qemu-img
# export QEMU_IO_PROG=/usr/bin/qemu-io
# export QEMU_NBD_PROG=/usr/bin/qemu-nbd
# cd tests/qemu-iotests
# ./check -qcow2 153
QEMU          -- "/usr/libexec/qemu-kvm" -nodefaults -machine accel=qtest
QEMU_IMG      -- "/usr/bin/qemu-img" 
QEMU_IO       -- "/usr/bin/qemu-io"  --cache writeback -f qcow2
QEMU_NBD      -- "/usr/bin/qemu-nbd" 
IMGFMT        -- qcow2 (compat=1.1)
IMGPROTO      -- file
PLATFORM      -- Linux/x86_64 hp-dl385g7-09 3.10.0-915.el7.x86_64
TEST_DIR      -- /root/rpmbuild/BUILD/qemu-2.12.0/tests/qemu-iotests/scratch

Passed all 1 tests

Comment 7 errata-xmlrpc 2018-11-01 11:09:52 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.