** Patch added: "trusty-kilo_libvirt_1.2.12-0ubuntu14.4~cloud1.debdiff" https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1594936/+attachment/4688170/+files/trusty-kilo_libvirt_1.2.12-0ubuntu14.4~cloud1.debdiff
** Description changed: + [Impact] + + * Users from trusty-kilo cloud archive may experience crashes on + libvirtd. + + [Test Case] + + * Stress test libvirtd until a crash like this is seen: + + #0 0x00007f0d3777ae68 in virClassIsDerivedFrom + #1 0x00007f0d3777b196 in virObjectIsClass + #2 0x00007f0d3777b2b4 in virObjectUnlock + #3 0x00007f0d377a797f in virDomainObjListFindByUUIDInternal + #4 0x00007f0d377b1a42 in virDomainObjListFindByUUIDRef + #5 0x00007f0d25175fb9 in qemuDomainLookupByUUID (conn=0x7f0d0c0015f0, + #6 0x00007f0d378333b0 in virDomainLookupByUUID (conn=0x7f0d0c0015f0, + #7 0x00007f0d38e19361 in remoteDispatchDomainLookupByUUID (server=<optimized + #8 remoteDispatchDomainLookupByUUIDHelper (server=<optimized out>, + ... + + [Regression Potential] + + * Fix is based on upstream commit and says to resolve issue in the + exact same frame. + + [Other Info] + + ## Original description + It was brought to my attention that libvirt might face some crashes (dumps were sent to me). Following stack trace: #0 0x00007f0d3777ae68 in virClassIsDerivedFrom - 156 /** - 157 * virClassIsDerivedFrom: - 158 * @klass: the klass to check - 159 * @parent: the possible parent class - 160 * - 161 * Determine if @klass is derived from @parent - 162 * - 163 * Return true if @klass is derived from @parent, false otherwise - 164 */ - 165 bool virClassIsDerivedFrom(virClassPtr klass, - 166 virClassPtr parent) - 167 { - 168 while (klass) { - 169 if (klass->magic == parent->magic) *** HERE *** - 170 return true; - 171 klass = klass->parent; - 172 } - 173 return false; - 174 } + 156 /** + 157 * virClassIsDerivedFrom: + 158 * @klass: the klass to check + 159 * @parent: the possible parent class + 160 * + 161 * Determine if @klass is derived from @parent + 162 * + 163 * Return true if @klass is derived from @parent, false otherwise + 164 */ + 165 bool virClassIsDerivedFrom(virClassPtr klass, + 166 virClassPtr parent) + 167 { + 168 while (klass) { + 169 if (klass->magic == parent->magic) *** HERE *** + 170 return true; + 171 klass = klass->parent; + 172 } + 173 return false; + 174 } #1 0x00007f0d3777b196 in virObjectIsClass - 348 /** - 349 * virObjectIsClass: - 350 * @anyobj: any instance of virObjectPtr - 351 * @klass: the class to check - 352 * - 353 * Checks whether @anyobj is an instance of - 354 * @klass - 355 * - 356 * Returns true if @anyobj is an instance of @klass - 357 */ - 358 bool virObjectIsClass(void *anyobj, - 359 virClassPtr klass) - 360 { - 361 virObjectPtr obj = anyobj; - 362 if (!obj) - 363 return false; - 364 - 365 return virClassIsDerivedFrom(obj->klass, klass); *** HERE *** - 366 } + 348 /** + 349 * virObjectIsClass: + 350 * @anyobj: any instance of virObjectPtr + 351 * @klass: the class to check + 352 * + 353 * Checks whether @anyobj is an instance of + 354 * @klass + 355 * + 356 * Returns true if @anyobj is an instance of @klass + 357 */ + 358 bool virObjectIsClass(void *anyobj, + 359 virClassPtr klass) + 360 { + 361 virObjectPtr obj = anyobj; + 362 if (!obj) + 363 return false; + 364 + 365 return virClassIsDerivedFrom(obj->klass, klass); *** HERE *** + 366 } #2 0x00007f0d3777b2b4 in virObjectUnlock - 327 /** - 328 * virObjectUnlock: - 329 * @anyobj: any instance of virObjectLockablePtr - 330 * - 331 * Release a lock on @anyobj. The lock must have been - 332 * acquired by virObjectLock. - 333 */ - 334 void virObjectUnlock(void *anyobj) - 335 { - 336 virObjectLockablePtr obj = anyobj; - 337 - 338 if (!virObjectIsClass(obj, virObjectLockableClass)) { *** HERE *** - 339 VIR_WARN("Object %p (%s) is not a virObjectLockable instance", - 340 obj, obj ? obj->parent.klass->name : "(unknown)"); - 341 return; - 342 } - 343 - 344 virMutexUnlock(&obj->lock); - 345 } + 327 /** + 328 * virObjectUnlock: + 329 * @anyobj: any instance of virObjectLockablePtr + 330 * + 331 * Release a lock on @anyobj. The lock must have been + 332 * acquired by virObjectLock. + 333 */ + 334 void virObjectUnlock(void *anyobj) + 335 { + 336 virObjectLockablePtr obj = anyobj; + 337 + 338 if (!virObjectIsClass(obj, virObjectLockableClass)) { *** HERE *** + 339 VIR_WARN("Object %p (%s) is not a virObjectLockable instance", + 340 obj, obj ? obj->parent.klass->name : "(unknown)"); + 341 return; + 342 } + 343 + 344 virMutexUnlock(&obj->lock); + 345 } #3 0x00007f0d377a797f in virDomainObjListFindByUUIDInternal - 1052 static virDomainObjPtr - 1053 virDomainObjListFindByUUIDInternal(virDomainObjListPtr doms, - 1054 const unsigned char *uuid, - 1055 bool ref) - 1056 { - 1057 char uuidstr[VIR_UUID_STRING_BUFLEN]; - 1058 virDomainObjPtr obj; - 1059 - 1060 virObjectLock(doms); - 1061 virUUIDFormat(uuid, uuidstr); - 1062 - 1063 obj = virHashLookup(doms->objs, uuidstr); - 1064 if (ref) { - 1065 virObjectRef(obj); - 1066 virObjectUnlock(doms); - 1067 } - 1068 if (obj) { - 1069 virObjectLock(obj); - 1070 if (obj->removing) { - 1071 if (ref) - 1072 virObjectUnref(obj); - 1073 virObjectUnlock(obj); - 1074 obj = NULL; - 1075 } - 1076 } - 1077 if (!ref) - 1078 virObjectUnlock(doms); *** HERE *** - 1079 return obj; - 1080 } + 1052 static virDomainObjPtr + 1053 virDomainObjListFindByUUIDInternal(virDomainObjListPtr doms, + 1054 const unsigned char *uuid, + 1055 bool ref) + 1056 { + 1057 char uuidstr[VIR_UUID_STRING_BUFLEN]; + 1058 virDomainObjPtr obj; + 1059 + 1060 virObjectLock(doms); + 1061 virUUIDFormat(uuid, uuidstr); + 1062 + 1063 obj = virHashLookup(doms->objs, uuidstr); + 1064 if (ref) { + 1065 virObjectRef(obj); + 1066 virObjectUnlock(doms); + 1067 } + 1068 if (obj) { + 1069 virObjectLock(obj); + 1070 if (obj->removing) { + 1071 if (ref) + 1072 virObjectUnref(obj); + 1073 virObjectUnlock(obj); + 1074 obj = NULL; + 1075 } + 1076 } + 1077 if (!ref) + 1078 virObjectUnlock(doms); *** HERE *** + 1079 return obj; + 1080 } And the fix: https://www.redhat.com/archives/libvir-list/2015-March/msg00531.html Object is being unlocked after already cleaned. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1594936 Title: fix crash in virDomainObjListFindByUUIDInternal To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1594936/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs