Bug 2247754 - 9.9.0 regression: libvirtd crash in qemuSaveImageDecompressionStart() when reverting to a snapshot
Summary: 9.9.0 regression: libvirtd crash in qemuSaveImageDecompressionStart() when re...
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: libvirt
Version: rawhide
Hardware: Unspecified
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Pavel Hrdina
QA Contact: Fedora Extras Quality Assurance
URL: https://artifacts.dev.testing-farm.io...
Whiteboard: CockpitTest
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-11-03 06:14 UTC by Martin Pitt
Modified: 2023-11-06 15:18 UTC (History)
8 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2023-11-06 15:18:35 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Martin Pitt 2023-11-03 06:14:46 UTC 
Yesterday's libvirtd 9.9.0 rawhide update in https://bodhi.fedoraproject.org/updates/FEDORA-2023-906b87f7db regresses snapshot reverting. This was spotted by cockpit-machine's TestMachinesSnapshots.testSnapshotRevert test.

Reproducible: Always

Steps to Reproduce:
Cockpit's tests do more or less this:

# 1. preparation: start VM
virsh net-start default
qemu-img create -f qcow2 /var/lib/libvirt/images/test1.qcow2 1M
virt-install --name test1 --os-variant cirros0.4.0 --memory 128 --import --disk /var/lib/libvirt/images/test1.qcow2 --graphics none --noautoconsole

# 2. create two snapshots
virsh snapshot-create-as --domain test1 --name snapshotA
virsh snapshot-create-as --domain test1 --name snapshotB
virsh snapshot-current --domain test1 --snapshotname snapshotA

# 3. revert to second snapshot: crashes
virsh snapshot-revert test1 --snapshotname snapshotB



However, it's not even necessary to juggle around with two: the simplest way already causes the crash:

# 2. create single snapshot
virsh snapshot-create-as --domain test1 --name snapshotA

# 3. revert to that snapshot
virsh snapshot-revert test1 --snapshotname snapshotA
Actual Results:  
snapshot-revert fails with:

error: Disconnected from qemu:///system due to end of file
error: Failed to revert snapshot snapshotB
error: End of file while reading data: Input/output error

Journal shows:

Process 6877 (virtqemud) of user 0 dumped core.
#0  0x00007f95d37542d4 qemuSaveImageDecompressionStart (libvirt_driver_qemu.so + 0x1552d4)
#1  0x00007f95d3752fcc qemuProcessStartWithMemoryState (libvirt_driver_qemu.so + 0x153fcc)
#2  0x00007f95d375f1e8 qemuSnapshotRevert (libvirt_driver_qemu.so + 0x1601e8)
#3  0x00007f95d36e3ee5 qemuDomainRevertToSnapshot.lto_priv.0 (libvirt_driver_qemu.so + 0xe4ee5)
#4  0x00007f95da95953c virDomainRevertToSnapshot (libvirt.so.0 + 0x35953c)
#5  0x000055ecce0b1743 remoteDispatchDomainRevertToSnapshotHelper.lto_priv.0 (virtqemud + 0x44743)
#6  0x00007f95da828445 virNetServerProgramDispatch (libvirt.so.0 + 0x228445)
#7  0x00007f95da82eea3 virNetServerProcessMsg (libvirt.so.0 + 0x22eea3)
#8  0x00007f95da82efb6 virNetServerHandleJob (libvirt.so.0 + 0x22efb6)
#9  0x00007f95da766f25 virThreadPoolWorker (libvirt.so.0 + 0x166f25)
#10 0x00007f95da7660e0 virThreadHelper (libvirt.so.0 + 0x1660e0)
#11 0x00007f95da281e07 start_thread (libc.so.6 + 0x8ee07)
#12 0x00007f95da3090ec __clone3 (libc.so.6 + 0x1160ec)

Process 922 (virtqemud) crashed in qemuSaveImageDecompressionStart()



Expected Results:  
snapshot revert works, as in 9.8.0 and earlier

Cleaning up is a bit involved ("cannot delete inactive domain with 2 snapshots"), so this is how to do it, for easier iteration:

virsh snapshot-delete --domain test1 --snapshotname snapshotA; virsh snapshot-delete --domain test1 --snapshotname snapshotB; virsh undefine test1; virsh destroy test1; rm -f /var/lib/libvirt/images/test1.qcow2
Comment 1 Martin Pitt 2023-11-03 06:16:31 UTC 
libvirt-daemon-common-9.9.0-1.fc40.x86_64
qemu-common-8.1.2-1.fc40.x86_64
Comment 2 Pavel Hrdina 2023-11-03 13:18:47 UTC 
Upstream commit:

commit 4f4a8dce944e05311565b690a84f6bb1ef67c086
Author: Pavel Hrdina <phrdina>
Date:   Fri Nov 3 14:03:55 2023 +0100

    qemu_process: fix crash in qemuSaveImageDecompressionStart
Comment 3 Cole Robinson 2023-11-06 15:18:35 UTC 
Fixed in libvirt-9.9.0-2.fc40
Note You need to log in before you can comment on or make changes to this bug.