736942 – qcow2:Segment fault when rebase snapshot on iscsi disk but do no create the qcow2 file on it

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 736942 - qcow2:Segment fault when rebase snapshot on iscsi disk but do no create the qcow2 file on it

Summary: qcow2:Segment fault when rebase snapshot on iscsi disk but do no create the q...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	6.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Kevin Wolf
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-09-09 06:47 UTC by Qunfang Zhang
Modified:	2013-01-10 00:18 UTC (History)
CC List:	10 users (show)
Fixed In Version:	qemu-kvm-0.12.1.2-2.222.el6
Doc Type:	Rebase: Bug Fixes and Enhancements
Doc Text:	Cause: The cleanup code of qemu-img rebase lacks NULL pointer checks for the old and the new backing file. Consequence: After printing an error message, qemu-img rebase runs into a segmentation fault when it is used in safe mode with an image whose (old or new) backing file cannot be opened. Fix: The cleanup code of qemu-img gets additional NULL pointer checks. Result: qemu-img fails gracefully if either the new or the old backing file cannot be opened.
Clone Of:
Environment:
Last Closed:	2012-06-20 11:34:11 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2012:0746	0	normal	SHIPPED_LIVE	qemu-kvm bug fix and enhancement update	2012-06-19 19:31:48 UTC

Description Qunfang Zhang 2011-09-09 06:47:27 UTC

Description of problem:
qemu-img got segment fault when do rebase on iscsi disk but do not create the qcow2 file on it. Please refer to the steps for more clear description.
It is not critical issue but better fix the segment fault.

Version-Release number of selected component (if applicable):
kernel-2.6.32-195.el6.x86_64
qemu-kvm-0.12.1.2-2.185.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1.Install a rhel6.2 guest on the iscsi disk
#lvcreate -n lvtest -L 15G vgtest-h
#qemu-img create -f qcow2 /dev/vgtest-h/lvtest 15G
#/usr/libexec/qemu-kvm -drive file=/dev/vgtest-h/lvtest,if=none,id=virtio-drive-0,format=qcow2,cache=none,werror=stop,rerror=stop -device virtio-blk-pci,bus=pci.0,drive=virtio-drive-0,id=virtio0 ......

2.After finish installation, create snapshots for the base image.
#lvcreate -n lvtest-sn1 -L 15G lvtest-h
#lvcreate -n lvtest-sn2 -L 15g lvtest-h
#qemu-img create -f qcow2 -F qcow2 -b /dev/vgtest-h/lvtest /dev/vgtest-h/lvtest-sn1

***(Please note: Did not create lvtest-sn1 -> lvtest-sn2 snapshot chain.)***

3. Rebase sn2 to base image.
#qemu-img rebase -p -b /dev/vgtest-h/lvtest /dev/vgtest-h/lvtest-sn2
  
Actual results:

(gdb) r rebase -p -b /dev/vgtest-h/lvtest /dev/vgtest-h/lvtest-sn2
Starting program: /usr/bin/qemu-img rebase -p -b /dev/vgtest-h/lvtest /dev/vgtest-h/lvtest-sn2
[Thread debugging using libthread_db enabled]
qemu-img: Could not open old backing file ''

Program received signal SIGSEGV, Segmentation fault.
bdrv_delete (bs=0x0) at block.c:682
682         assert(!bs->peer);
Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.38.el6.x86_64 libaio-0.3.107-10.el6.x86_64 zlib-1.2.3-27.el6.x86_64
(gdb)
(gdb) bt
#0  bdrv_delete (bs=0x0) at block.c:682
#1  0x0000000000403d52 in img_rebase (argc=<value optimized out>, argv=<value optimized out>)
    at qemu-img.c:1444
#2  0x000000354661ecdd in __libc_start_main () from /lib64/libc.so.6
#3  0x0000000000402e79 in _start ()

Expected results:
Should not get segment fault, just give error prompt.

Additional info:
Do the same steps on local file disk, do not hit the issue.

Comment 4 Sibiao Luo 2012-02-14 11:57:22 UTC

I have reproduced this issue on qemu-kvm-0.12.1.2-2.221.el6.x86_64 and verified this issue on qemu-kvm-0.12.1.2-2.227.el6.x86_64 with the same steps as # Description.

The result of reproduce is that the qemu-img got segmentation fault (core dumped), and the details as following:
# qemu-img rebase -p -b /dev/sluo/lvtest /dev/sluo/lvtest-sn2
qemu-img: Could not open old backing file ''

Segmentation fault (core dumped)

(gdb) r rebase -p -b /dev/sluo/lvtest /dev/sluo/lvtest-sn2
Starting program: /usr/bin/qemu-img rebase -p -b /dev/sluo/lvtest /dev/sluo/lvtest-sn2
[Thread debugging using libthread_db enabled]
qemu-img: Could not open old backing file ''

Program received signal SIGSEGV, Segmentation fault.
bdrv_delete (bs=0x0) at block.c:689
689	    assert(!bs->dev);
Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.47.el6_2.5.x86_64 libaio-0.3.107-10.el6.x86_64 zlib-1.2.3-27.el6.x86_64
(gdb) bt
#0  bdrv_delete (bs=0x0) at block.c:689
#1  0x00007ffff7fbde34 in img_rebase (argc=<value optimized out>, argv=<value optimized out>) at qemu-img.c:1501
#2  0x00007ffff71d6cdd in __libc_start_main () from /lib64/libc.so.6
#3  0x00007ffff7fbce99 in _start ()
(gdb) q


The result of verify is that qemu-img didn't get segmentation fault, and gave a error prompt, this was just the expected results. And the details as following:
# qemu-img rebase -p -b /dev/sluo/lvtest /dev/sluo/lvtest-sn2
qemu-img: Could not open old backing file ''

(gdb) r rebase -p -b /dev/sluo/lvtest /dev/sluo/lvtest-sn2
Starting program: /usr/bin/qemu-img rebase -p -b /dev/sluo/lvtest /dev/sluo/lvtest-sn2
[Thread debugging using libthread_db enabled]
qemu-img: Could not open old backing file ''

Program exited with code 01.
Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.47.el6_2.5.x86_64 libaio-0.3.107-10.el6.x86_64 zlib-1.2.3-27.el6.x86_64
(gdb) bt
No stack.

Above all, the this issue has been fixed.

Comment 6 Michal Novotny 2012-05-03 17:32:32 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause:
Install a guest on iSCSI disk but do not create a qcow2 file on it.

Consequence:
Qemu-kvm fails with segmentation fault.

Fix:
[NEEDINFO: Kevin, could you please add information? Thanks]

Result:
Qemu-kvm keeps running.

Comment 7 Kevin Wolf 2012-05-07 08:05:10 UTC

    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1,11 +1,11 @@
 Cause:
-Install a guest on iSCSI disk but do not create a qcow2 file on it.
+The cleanup code of qemu-img rebase lacks NULL pointer checks for the old and the new backing file.
 
 Consequence:
-Qemu-kvm fails with segmentation fault.
+After printing an error message, qemu-img rebase runs into a segmentation fault when it is used in safe mode with an image whose (old or new) backing file cannot be opened.
 
 Fix:
-[NEEDINFO: Kevin, could you please add information? Thanks]
+The cleanup code of qemu-img gets additional NULL pointer checks.
 
 Result:
-Qemu-kvm keeps running.+qemu-img fails gracefully if either the new or the old backing file cannot be opened.

Comment 8 errata-xmlrpc 2012-06-20 11:34:11 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0746.html

Note You need to log in before you can comment on or make changes to this bug.