Craig Rodrigues wrote:

> On Tue, Jun 10, 2014 at 1:54 PM, Craig Rodrigues <rodr...@freebsd.org> wrote:
> > On Tue, Jun 10, 2014 at 12:25 PM, Craig Rodrigues <rodr...@freebsd.org> 
> > wrote:
> > lldb /usr/local/sbin/libvirtd libvirtd.core
> >
> > (lldb) bt
> > * thread #1: tid = 0, 0x0000000801aa8513
> > libvirt.so.1002`virNetDevTapCreateInBridgePort(brname=0x000000080a4211c8,
> > ifname=0x000000080a88d1e0, macaddr=0x000000080a88d144,
> > vmuuid=0x000000080a81b808, tapfd=0x0000000000000000, tapfdSize=1,
> > virtPortProfile=0x0000000000000000, virtVlan=0x0000000000000000,
> > flags=9) + 547 at virnetdevtap.c:583, name = 'libvirtd', stop reason =
> > signal SIGSEGV
> >   * frame #0: 0x0000000801aa8513
> > libvirt.so.1002`virNetDevTapCreateInBridgePort(brname=0x000000080a4211c8,
> > ifname=0x000000080a88d1e0, macaddr=0x000000080a88d144,
> > vmuuid=0x000000080a81b808, tapfd=0x0000000000000000, tapfdSize=1,
> > virtPortProfile=0x0000000000000000, virtVlan=0x0000000000000000,
> > flags=9) + 547 at virnetdevtap.c:583
> >     frame #1: 0x0000000809e20569
> > libvirt_driver_bhyve.so`bhyveBuildNetArgStr(def=0x000000080a81b800,
> > cmd=0x000000080a4db200, dryRun=false) + 841 at bhyve_command.c:82
> >     frame #2: 0x0000000809e20196
> > libvirt_driver_bhyve.so`virBhyveProcessBuildBhyveCmd(driver=0x000000080a48a040,
> > def=0x000000080a81b800, dryRun=false) + 310 at bhyve_command.c:248
> >     frame #3: 0x0000000809e24d6a
> > libvirt_driver_bhyve.so`virBhyveProcessStart(conn=0x000000080a4db100,
> > driver=0x000000080a48a040, vm=0x000000080a48b0f0,
> > reason=VIR_DOMAIN_RUNNING_BOOTED, flags=0) + 746 at
> > bhyve_process.c:134
> >     frame #4: 0x0000000809e2334a
> > libvirt_driver_bhyve.so`bhyveDomainCreateWithFlags(dom=0x000000080a48a280,
> > flags=0) + 490 at bhyve_driver.c:847
> >     frame #5: 0x0000000809e2315a
> > libvirt_driver_bhyve.so`bhyveDomainCreate(dom=0x000000080a48a280) + 26
> > at bhyve_driver.c:867
> >     frame #6: 0x0000000801b96aad
> > libvirt.so.1002`virDomainCreate(domain=0x000000080a48a280) + 637 at
> > libvirt.c:8968
> >     frame #7: 0x0000000001075427
> > libvirtd`remoteDispatchDomainCreate(server=0x000000080781c400,
> > client=0x00000008078df480, msg=0x00000008078791d0,
> > rerr=0x00007fffff9fcc30, args=0x0000000807934340) + 231 at
> > remote_dispatch.h:3048
> >     frame #8: 0x000000000103b84e
> > libvirtd`remoteDispatchDomainCreateHelper(server=0x000000080781c400,
> > client=0x00000008078df480, msg=0x00000008078791d0,
> > rerr=0x00007fffff9fcc30, args=0x0000000807934340,
> > ret=0x000000080a421058) + 254 at remote_dispatch.h:3026
> >     frame #9: 0x0000000801c26b20
> > libvirt.so.1002`virNetServerProgramDispatchCall(prog=0x000000080790f400,
> > server=0x000000080781c400, client=0x00000008078df480,
> > msg=0x00000008078791d0) + 784 at virnetserverprogram.c:437
> >     frame #10: 0x0000000801c26641
> > libvirt.so.1002`virNetServerProgramDispatch(prog=0x000000080790f400,
> > server=0x000000080781c400, client=0x00000008078df480,
> > msg=0x00000008078791d0) + 705 at virnetserverprogram.c:307
> >     frame #11: 0x000000000108f97c
> > libvirtd`virNetServerProcessMsg(srv=0x000000080781c400,
> > client=0x00000008078df480, prog=0x000000080790f400,
> > msg=0x00000008078791d0) + 332 at virnetserver.c:172
> >     frame #12: 0x000000000108cd9c
> > libvirtd`virNetServerHandleJob(jobOpaque=0x0000000807934360,
> > opaque=0x000000080781c400) + 204 at virnetserver.c:193
> >     frame #13: 0x0000000801ac84b8
> > libvirt.so.1002`virThreadPoolWorker(opaque=0x0000000807901d60) + 680
> > at virthreadpool.c:145
> >     frame #14: 0x0000000801ac7b9b
> > libvirt.so.1002`virThreadHelper(data=0x000000080781b520) + 75 at
> > virthread.c:197
> >     frame #15: 0x0000000803c614f5 libthr.so.3`??? + 277
> >
> > --
> > Craig
> 
> 
> 
> OK, I think I found the problem.
> 
> In this file: 
> http://libvirt.org/git/?p=libvirt.git;a=blob_plain;f=src/bhyve/bhyve_command.c;hb=HEAD
> 
> We have:
> 
> static int
> bhyveBuildNetArgStr(const virDomainDef *def, virCommandPtr cmd, bool dryRun)
> {
>     virDomainNetDefPtr net = NULL;
>     char *brname = NULL;
>     char *realifname = NULL;
>     int *tapfd = NULL;
> 
> 
> tapfd is never initialized after this.
> 
> 
> In the same function, we have this:
> 
>         if (!dryRun)
>             if (virNetDevTapCreateInBridgePort(brname, &net->ifname, 
> &net->mac,
>                                                def->uuid, tapfd, 1,
> 
> virDomainNetGetActualVirtPortProfile(net),
>                                                virDomainNetGetActualVlan(net),
> 
> VIR_NETDEV_TAP_CREATE_IFUP | VIR_NETDEV_TAP_CREATE_PERSIST) < 0) {
>                 VIR_FREE(net->ifname);
>                 VIR_FREE(brname);
>                 return -1;
>             }
> 
> 
> 
> virNetDevTapCreateinBridgePort() is being passed a NULL tapfd, but the
> next parameter is 1 instead of 0.
> 
> 
> 
> Then further along in this file:
> http://libvirt.org/git/?p=libvirt.git;a=blob_plain;f=src/util/virnetdevtap.c;hb=HEAD
> we have:
> 
>  error:
>     for (i = 0; i < tapfdSize && tapfd[i] >= 0; i++)
>         VIR_FORCE_CLOSE(tapfd[i]);
> 
> 
> tapfd is NULL, but tapfdSize is 1, so the coredump happens here.
> 
> What is the best way to fix this?

Thanks for the analysis! I'll think what would be a proper fix for that
problem.

Also, while thinking how to reproduce it, I did 'kldunload if_bridge'
and started to see the same problem. So, as a temporary fix, could you
check if you have bridge support available (in kernel or via module)?

Bridges are needed to get networking anyway.

Thanks,

Roman Bogorodskiy

Attachment: pgptL5WguNh6w.pgp
Description: PGP signature

Reply via email to