RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 994855 - Segmentation fault when start guest with --paused.
Summary: Segmentation fault when start guest with --paused.
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libvirt
Version: 7.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: Alex Jia
QA Contact: Virtualization Bugs
URL:
Whiteboard:
: 996886 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-08-08 06:50 UTC by zhe peng
Modified: 2014-06-18 00:53 UTC (History)
7 users (show)

Fixed In Version: libvirt-1.1.1-3.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-06-13 10:56:41 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description zhe peng 2013-08-08 06:50:22 UTC 
Description of problem:
Segmentation fault when start guest with --paused.

Version-Release number of selected component (if applicable):
libvirt-1.1.1-2.el7.x86_64
qemu-kvm-1.5.0-2.el7.x86_64
kernel-3.10.0-6.el7.x86_64

How reproducible:
100%

Steps:
# virsh start test --paused;echo $?
Segmentation fault (core dumped)
139

error msg form /var/log/messages
.....
Aug  8 14:34:58 intel-5205-32-1 kernel: [99213.221852] virsh[21616]: segfault at 53 ip 00007f5bed1f13b0 sp 00007fffd9153d30 error 6 in libc-2.17.so[7f5bed0c9000+1b5000]
.....

libvirtd log:
....
2013-08-08 06:35:30.023+0000: 21427: error : virDBusCallMethod:1135 : The name org.freedesktop.machine1 was not provided by any .service files
2013-08-08 06:35:30.445+0000: 21422: error : virNetSocketReadWire:1377 : End of file while reading data: Input/output error
....

gdb backtrace:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff45403b0 in xdr_string () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ffff45403b0 in xdr_string () from /lib64/libc.so.6
#1  0x00007ffff7a7cbde in xdr_remote_nonnull_string (xdrs=xdrs@entry=0x7fffffffde80, objp=objp@entry=0x7fffffffe0a0) at remote/remote_protocol.c:31
#2  0x00007ffff7a7cf11 in xdr_remote_nonnull_domain (xdrs=0x7fffffffde80, objp=0x7fffffffe0a0) at remote/remote_protocol.c:58
#3  0x00007ffff7a7f109 in xdr_remote_domain_create_with_flags_ret (xdrs=xdrs@entry=0x7fffffffde80, objp=objp@entry=0x7fffffffe0a0) at remote/remote_protocol.c:1762
#4  0x00007ffff7a91930 in virNetMessageDecodePayload (msg=msg@entry=0x555555870d30, filter=filter@entry=0x7ffff7a7f100 <xdr_remote_domain_create_with_flags_ret>, 
    data=data@entry=0x7fffffffe0a0) at rpc/virnetmessage.c:404
#5  0x00007ffff7a8857c in virNetClientProgramCall (prog=prog@entry=0x555555871830, client=client@entry=0x5555558715b0, serial=serial@entry=5, proc=proc@entry=196, noutfds=noutfds@entry=0, 
    outfds=outfds@entry=0x0, ninfds=ninfds@entry=0x0, infds=infds@entry=0x0, args_filter=args_filter@entry=0x7ffff7a7f0c0 <xdr_remote_domain_create_with_flags_args>, 
    args=args@entry=0x7fffffffe070, ret_filter=ret_filter@entry=0x7ffff7a7f100 <xdr_remote_domain_create_with_flags_ret>, ret=ret@entry=0x7fffffffe0a0) at rpc/virnetclientprogram.c:377
#6  0x00007ffff7a643e2 in callFull (priv=priv@entry=0x555555870e80, flags=flags@entry=0, fdin=fdin@entry=0x0, fdinlen=fdinlen@entry=0, fdout=fdout@entry=0x0, fdoutlen=fdoutlen@entry=0x0, 
    proc_nr=proc_nr@entry=196, args_filter=0x7ffff7a7f0c0 <xdr_remote_domain_create_with_flags_args>, args=args@entry=0x7fffffffe070 "\200\027\207UUU", 
    ret_filter=ret_filter@entry=0x7ffff7a7f100 <xdr_remote_domain_create_with_flags_ret>, ret=ret@entry=0x7fffffffe0a0 "O", conn=<optimized out>) at remote/remote_driver.c:5651
#7  0x00007ffff7a68f04 in call (conn=<optimized out>, ret=0x7fffffffe0a0 "O", ret_filter=<optimized out>, args=0x7fffffffe070 "\200\027\207UUU", args_filter=<optimized out>, proc_nr=196, 
    flags=0, priv=0x555555870e80) at remote/remote_driver.c:5673
#8  remoteDomainCreateWithFlags (dom=0x555555871060, flags=<optimized out>) at remote/remote_driver.c:2434
#9  0x00007ffff7a399f8 in virDomainCreateWithFlags (domain=domain@entry=0x555555871060, flags=flags@entry=1) at libvirt.c:9499
#10 0x000055555557d27b in cmdStart (ctl=0x7fffffffe3f0, cmd=0x55555581ece0) at virsh-domain.c:3376
#11 0x0000555555577f84 in vshCommandRun (ctl=0x7fffffffe3f0, cmd=0x55555581ece0) at virsh.c:1751
#12 0x0000555555572dea in main (argc=<optimized out>, argv=<optimized out>) at virsh.c:3233



Actual results:
as steps

Expected results:
no core dumped
Comment 2 Alex Jia 2013-08-08 07:01:44 UTC 
It should be a double-free issue, I will try to commit a patch.
Comment 3 Alex Jia 2013-08-08 08:57:12 UTC 
(In reply to zhe peng from comment #0)
> Description of problem:
> Segmentation fault when start guest with --paused.

This original issue is found by Wangpan from netease.com, he is using openstack nova folsom to create a VM then the python binding API dom.createWithFlags(0) is invoked and causes segfault error.
Comment 4 Alex Jia 2013-08-08 09:10:29 UTC 
Patch on upstream:
https://www.redhat.com/archives/libvir-list/2013-August/msg00344.html
Comment 5 Alex Jia 2013-08-09 03:07:08 UTC 
In POST:


commit be7a89e8cabbc0e222b9e39c6266ece576295fe3
Author: Alex Jia <ajia>
Date:   Thu Aug 8 16:44:57 2013 +0800

    remote: Fix a segfault in remoteDomainCreateWithFlags
    
    Valgrind defects memory error:
    
    ==16759== 1 errors in context 1 of 8:
    ==16759== Invalid free() / delete / delete[] / realloc()
    ==16759==    at 0x4A074C4: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==16759==    by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so)
    ==16759==    by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31)
    ==16759==    by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58)
    ==16759==    by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762)
    ==16759==    by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so)
    ==16759==    by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441)
    ==16759==    by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499)
    ==16759==    by 0x13127A: cmdStart (virsh-domain.c:3376)
    ==16759==    by 0x12BF83: vshCommandRun (virsh.c:1751)
    ==16759==    by 0x126FFB: main (virsh.c:3205)
    ==16759==  Address 0xe1394a0 is not stack'd, malloc'd or (recently) free'd
    
    ==16759== 1 errors in context 2 of 8:
    ==16759== Conditional jump or move depends on uninitialised value(s)
    ==16759==    at 0x4A07477: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
    ==16759==    by 0x83CD329: xdr_string (in /usr/lib64/libc-2.17.so)
    ==16759==    by 0x4D93E4D: xdr_remote_nonnull_string (remote_protocol.c:31)
    ==16759==    by 0x4D94350: xdr_remote_nonnull_domain (remote_protocol.c:58)
    ==16759==    by 0x4D976C8: xdr_remote_domain_create_with_flags_ret (remote_protocol.c:1762)
    ==16759==    by 0x83CC734: xdr_free (in /usr/lib64/libc-2.17.so)
    ==16759==    by 0x4D7F1E0: remoteDomainCreateWithFlags (remote_driver.c:2441)
    ==16759==    by 0x4D4BF17: virDomainCreateWithFlags (libvirt.c:9499)
    ==16759==    by 0x13127A: cmdStart (virsh-domain.c:3376)
    ==16759==    by 0x12BF83: vshCommandRun (virsh.c:1751)
    ==16759==    by 0x126FFB: main (virsh.c:3205)
    ==16759==  Uninitialised value was created by a stack allocation
    ==16759==    at 0x4D7F120: remoteDomainCreateWithFlags (remote_driver.c:2423)
Comment 6 Martin Kletzander 2013-08-14 11:56:59 UTC 
*** Bug 996886 has been marked as a duplicate of this bug. ***
Comment 8 Dave Allan 2013-08-14 13:49:29 UTC 
IMO we need regression tests for starting a guest paused as part of the fix.
Comment 9 zhe peng 2013-09-02 06:02:44 UTC 
verify with build:
libvirt-1.1.1-3.el7.x86_64
qemu-kvm-1.5.2-4.el7.x86_64
kernel-3.10.0-9.el7.x86_64

step:
# virsh start rhel7 --paused;echo $?
Domain rhel7 started

0

# virsh list --all
 Id    Name                           State
----------------------------------------------------
 2     rhel7                          paused

# virsh resume rhel7
Domain rhel7 resumed

No segmentation fault occured. move to verified.
Comment 10 Ludek Smid 2014-06-13 10:56:41 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.
Note You need to log in before you can comment on or make changes to this bug.