qemu:override device props crashes libvirtd
Software environment
- Operating system: Debian unstable
- Architecture: amd64
- kernel version: linux-image-5.17.0-3-amd64 5.17.11-1
- libvirt version: qemu 8.4.0-1
- Hypervisor and version:1:7.0+dfsg-7
Description of problem
It looks like even basic qemu:override section without any props crashes libvirtd:
<qemu:override>
<qemu:device alias="ua-mdev"/>
</qemu:override>
(gdb) bt
#0 __strcmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:115
#1 0x00007f5e5c360498 in qemuBuildDeviceCommandlineHandleOverrides (nsdef=0x7f5e1c0937f0, props=0x7f5e48060300) at ../../src/qemu/qemu_command.c:247
#2 qemuBuildDeviceCommandlineFromJSON (cmd=0x7f5e48042dc0, props=0x7f5e48060300, qemuCaps=0x7f5e1c09a790, def=<optimized out>, def=<optimized out>) at ../../src/qemu/qemu_command.c:274
#3 0x00007f5e5c3707b0 in qemuBuildPanicCommandLine (qemuCaps=<optimized out>, def=<optimized out>, cmd=<optimized out>) at ../../src/qemu/qemu_command.c:10014
#4 qemuBuildCommandLine (vm=0x7f5e1c02f430, vm@entry=0x2300000000, migrateURI=migrateURI@entry=0x0, snapshot=0x0, snapshot@entry=0x7f5e1c016190, vmop=vmop@entry=17, nnicindexes=nnicindexes@entry=0x7f5e5effc440, nicindexes=nicindexes@entry=0x7f5e5effc448)
at ../../src/qemu/qemu_command.c:10697
#5 0x00007f5e5c41886b in qemuProcessLaunch (conn=0x0, driver=0x7f5e1c051fa0, vm=0x2300000000, asyncJob=VIR_ASYNC_JOB_NONE, incoming=0x0, snapshot=0x7f5e1c016190, vmop=VIR_NETDEV_VPORT_PROFILE_OP_CREATE, flags=17) at ../../src/qemu/qemu_process.c:7381
#6 0x00007f5e5c41df99 in qemuProcessStart (conn=conn@entry=0x7f5e1c016190, driver=driver@entry=0x7f5e1c051fa0, vm=vm@entry=0x7f5e1c02f430, updatedCPU=updatedCPU@entry=0x0, asyncJob=asyncJob@entry=VIR_ASYNC_JOB_START, migrateFrom=migrateFrom@entry=0x0,
migrateFd=-1, migratePath=0x0, snapshot=0x0, vmop=VIR_NETDEV_VPORT_PROFILE_OP_CREATE, flags=<optimized out>) at ../../src/qemu/qemu_process.c:7798
#7 0x00007f5e5c3bece0 in qemuDomainObjStart (conn=0x7f5e1c016190, driver=0x7f5e1c051fa0, vm=0x7f5e1c02f430, flags=<optimized out>, asyncJob=VIR_ASYNC_JOB_START) at ../../src/qemu/qemu_driver.c:6488
#8 0x00007f5e5c3bf314 in qemuDomainCreateWithFlags (dom=0x7f5e48004860, flags=0) at ../../src/qemu/qemu_driver.c:6538
#9 0x00007f5e698a4f86 in virDomainCreate (domain=domain@entry=0x7f5e48004860) at ../../src/libvirt-domain.c:7014
#10 0x0000558153b0506d in remoteDispatchDomainCreate (server=0x55815448a880, msg=0x5581544aec80, args=0x7f5e4800ba60, rerr=0x7f5e5effc9a0, client=<optimized out>) at src/remote/remote_daemon_dispatch_stubs.h:4947
#11 remoteDispatchDomainCreateHelper (server=0x55815448a880, client=<optimized out>, msg=0x5581544aec80, rerr=0x7f5e5effc9a0, args=0x7f5e4800ba60, ret=0x0) at src/remote/remote_daemon_dispatch_stubs.h:4926
#12 0x00007f5e6978a836 in virNetServerProgramDispatchCall (msg=0x5581544aec80, client=0x5581544ac070, server=0x55815448a880, prog=0x55815449e810) at ../../src/rpc/virnetserverprogram.c:428
#13 virNetServerProgramDispatch (prog=0x55815449e810, server=server@entry=0x55815448a880, client=0x5581544ac070, msg=0x5581544aec80) at ../../src/rpc/virnetserverprogram.c:302
#14 0x00007f5e69790654 in virNetServerProcessMsg (msg=<optimized out>, prog=<optimized out>, client=<optimized out>, srv=0x55815448a880) at ../../src/rpc/virnetserver.c:136
#15 virNetServerHandleJob (jobOpaque=0x55815448c0d0, opaque=0x55815448a880) at ../../src/rpc/virnetserver.c:156
#16 0x00007f5e696cb53f in virThreadPoolWorker (opaque=<optimized out>) at ../../src/util/virthreadpool.c:164
#17 0x00007f5e696cab85 in virThreadHelper (data=<optimized out>) at ../../src/util/virthread.c:256
#18 0x00007f5e6888ad80 in start_thread (arg=0x7f5e5effd640) at pthread_create.c:481
#19 0x00007f5e690e776f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Followed patch seems to fix issue for me:
--- libvirt-8.4.0.orig/src/qemu/qemu_command.c
+++ libvirt-8.4.0/src/qemu/qemu_command.c
@@ -244,7 +244,7 @@ qemuBuildDeviceCommandlineHandleOverride
qemuDomainXmlNsDeviceOverride *dev = nsdef->deviceOverride + i;
size_t j;
- if (STRNEQ(alias, dev->alias))
+ if (!alias || !dev->alias || STRNEQ(alias, dev->alias))
continue;
for (j = 0; j < dev->nfrontend; j++) {