Bug 994855
| Summary: | Segmentation fault when start guest with --paused. | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | zhe peng <zpeng> |
| Component: | libvirt | Assignee: | Alex Jia <ajia> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Virtualization Bugs <virt-bugs> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 7.0 | CC: | acathrow, ajia, dallan, dyuan, kraxel, mkletzan, mzhan |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | libvirt-1.1.1-3.el7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-06-13 10:56:41 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
It should be a double-free issue, I will try to commit a patch. (In reply to zhe peng from comment #0) > Description of problem: > Segmentation fault when start guest with --paused. This original issue is found by Wangpan from netease.com, he is using openstack nova folsom to create a VM then the python binding API dom.createWithFlags(0) is invoked and causes segfault error. Patch on upstream: https://www.redhat.com/archives/libvir-list/2013-August/msg00344.html In POST:
commit be7a89e8cabbc0e222b9e39c6266ece576295fe3
Author: Alex Jia <ajia>
Date: Thu Aug 8 16:44:57 2013 +0800
remote: Fix a segfault in remoteDomainCreateWithFlags
Valgrind defects memory error:
==16759== 1 errors in context 1 of 8:
==16759== Invalid free() / delete / delete[] / realloc()
==16759== at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==16759== by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so)
==16759== by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31)
==16759== by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58)
==16759== by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762)
==16759== by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so)
==16759== by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441)
==16759== by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499)
==16759== by 0x13127A: cmdStart (virsh-domain.c:3376)
==16759== by 0x12BF83: vshCommandRun (virsh.c:1751)
==16759== by 0x126FFB: main (virsh.c:3205)
==16759== Address 0xe1394a0 is not stack'd, malloc'd or (recently) free'd
==16759== 1 errors in context 2 of 8:
==16759== Conditional jump or move depends on uninitialised value(s)
==16759== at 0x4A07477: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==16759== by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so)
==16759== by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31)
==16759== by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58)
==16759== by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762)
==16759== by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so)
==16759== by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441)
==16759== by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499)
==16759== by 0x13127A: cmdStart (virsh-domain.c:3376)
==16759== by 0x12BF83: vshCommandRun (virsh.c:1751)
==16759== by 0x126FFB: main (virsh.c:3205)
==16759== Uninitialised value was created by a stack allocation
==16759== at 0x4D7F120: remoteDomainCreateWithFlags (remote_driver.c:2423)
*** Bug 996886 has been marked as a duplicate of this bug. *** IMO we need regression tests for starting a guest paused as part of the fix. verify with build: libvirt-1.1.1-3.el7.x86_64 qemu-kvm-1.5.2-4.el7.x86_64 kernel-3.10.0-9.el7.x86_64 step: # virsh start rhel7 --paused;echo $? Domain rhel7 started 0 # virsh list --all Id Name State ---------------------------------------------------- 2 rhel7 paused # virsh resume rhel7 Domain rhel7 resumed No segmentation fault occured. move to verified. This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |
Description of problem: Segmentation fault when start guest with --paused. Version-Release number of selected component (if applicable): libvirt-1.1.1-2.el7.x86_64 qemu-kvm-1.5.0-2.el7.x86_64 kernel-3.10.0-6.el7.x86_64 How reproducible: 100% Steps: # virsh start test --paused;echo $? Segmentation fault (core dumped) 139 error msg form /var/log/messages ..... Aug 8 14:34:58 intel-5205-32-1 kernel: [99213.221852] virsh[21616]: segfault at 53 ip 00007f5bed1f13b0 sp 00007fffd9153d30 error 6 in libc-2.17.so[7f5bed0c9000+1b5000] ..... libvirtd log: .... 2013-08-08 06:35:30.023+0000: 21427: error : virDBusCallMethod:1135 : The name org.freedesktop.machine1 was not provided by any .service files 2013-08-08 06:35:30.445+0000: 21422: error : virNetSocketReadWire:1377 : End of file while reading data: Input/output error .... gdb backtrace: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff45403b0 in xdr_string () from /lib64/libc.so.6 (gdb) bt #0 0x00007ffff45403b0 in xdr_string () from /lib64/libc.so.6 #1 0x00007ffff7a7cbde in xdr_remote_nonnull_string (xdrs=xdrs@entry=0x7fffffffde80, objp=objp@entry=0x7fffffffe0a0) at remote/remote_protocol.c:31 #2 0x00007ffff7a7cf11 in xdr_remote_nonnull_domain (xdrs=0x7fffffffde80, objp=0x7fffffffe0a0) at remote/remote_protocol.c:58 #3 0x00007ffff7a7f109 in xdr_remote_domain_create_with_flags_ret (xdrs=xdrs@entry=0x7fffffffde80, objp=objp@entry=0x7fffffffe0a0) at remote/remote_protocol.c:1762 #4 0x00007ffff7a91930 in virNetMessageDecodePayload (msg=msg@entry=0x555555870d30, filter=filter@entry=0x7ffff7a7f100 <xdr_remote_domain_create_with_flags_ret>, data=data@entry=0x7fffffffe0a0) at rpc/virnetmessage.c:404 #5 0x00007ffff7a8857c in virNetClientProgramCall (prog=prog@entry=0x555555871830, client=client@entry=0x5555558715b0, serial=serial@entry=5, proc=proc@entry=196, noutfds=noutfds@entry=0, outfds=outfds@entry=0x0, ninfds=ninfds@entry=0x0, infds=infds@entry=0x0, args_filter=args_filter@entry=0x7ffff7a7f0c0 <xdr_remote_domain_create_with_flags_args>, args=args@entry=0x7fffffffe070, ret_filter=ret_filter@entry=0x7ffff7a7f100 <xdr_remote_domain_create_with_flags_ret>, ret=ret@entry=0x7fffffffe0a0) at rpc/virnetclientprogram.c:377 #6 0x00007ffff7a643e2 in callFull (priv=priv@entry=0x555555870e80, flags=flags@entry=0, fdin=fdin@entry=0x0, fdinlen=fdinlen@entry=0, fdout=fdout@entry=0x0, fdoutlen=fdoutlen@entry=0x0, proc_nr=proc_nr@entry=196, args_filter=0x7ffff7a7f0c0 <xdr_remote_domain_create_with_flags_args>, args=args@entry=0x7fffffffe070 "\200\027\207UUU", ret_filter=ret_filter@entry=0x7ffff7a7f100 <xdr_remote_domain_create_with_flags_ret>, ret=ret@entry=0x7fffffffe0a0 "O", conn=<optimized out>) at remote/remote_driver.c:5651 #7 0x00007ffff7a68f04 in call (conn=<optimized out>, ret=0x7fffffffe0a0 "O", ret_filter=<optimized out>, args=0x7fffffffe070 "\200\027\207UUU", args_filter=<optimized out>, proc_nr=196, flags=0, priv=0x555555870e80) at remote/remote_driver.c:5673 #8 remoteDomainCreateWithFlags (dom=0x555555871060, flags=<optimized out>) at remote/remote_driver.c:2434 #9 0x00007ffff7a399f8 in virDomainCreateWithFlags (domain=domain@entry=0x555555871060, flags=flags@entry=1) at libvirt.c:9499 #10 0x000055555557d27b in cmdStart (ctl=0x7fffffffe3f0, cmd=0x55555581ece0) at virsh-domain.c:3376 #11 0x0000555555577f84 in vshCommandRun (ctl=0x7fffffffe3f0, cmd=0x55555581ece0) at virsh.c:1751 #12 0x0000555555572dea in main (argc=<optimized out>, argv=<optimized out>) at virsh.c:3233 Actual results: as steps Expected results: no core dumped