I'm still investigating, but posting this trace now in case someone else
spots the bug. I created a chain three deep (base.img <- mid.img <-
top.img), then ran blockcopy --finish, blockcommit --active --shallow
--pivot, and another blockcommit --active --shallow --pivot. The last
attempt to pivot exposed the bad memory use:
==25612== Invalid read of size 4
==25612== at 0x50E7C90: virStorageSourceGetActualType
(virstoragefile.c:1948)
==25612== by 0x209C0B18: qemuDomainDetermineDiskChain
(qemu_domain.c:2473)
==25612== by 0x209D7F6A: qemuProcessHandleBlockJob (qemu_process.c:1087)
==25612== by 0x209F40C9: qemuMonitorEmitBlockJob (qemu_monitor.c:1357)
==25612== by 0x20A06B7F: qemuMonitorJSONHandleBlockJobImpl
(qemu_monitor_json.c:922)
==25612== by 0x20A06D18: qemuMonitorJSONHandleBlockJobCompleted
(qemu_monitor_json.c:969)
==25612== by 0x20A048CD: qemuMonitorJSONIOProcessEvent
(qemu_monitor_json.c:166)
==25612== by 0x20A04A73: qemuMonitorJSONIOProcessLine
(qemu_monitor_json.c:195)
==25612== by 0x20A04CDB: qemuMonitorJSONIOProcess
(qemu_monitor_json.c:237)
==25612== by 0x209F1047: qemuMonitorIOProcess (qemu_monitor.c:402)
==25612== by 0x209F1AB1: qemuMonitorIO (qemu_monitor.c:651)
==25612== by 0x50A73C0: virEventPollDispatchHandles (vireventpoll.c:510)
==25612== Address 0xe4b5610 is 0 bytes inside a block of size 200 free'd
==25612== at 0x4A07577: free (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==25612== by 0x50839E9: virFree (viralloc.c:582)
==25612== by 0x50E7E51: virStorageSourceFree (virstoragefile.c:2015)
==25612== by 0x209D7EFF: qemuProcessHandleBlockJob (qemu_process.c:1073)
==25612== by 0x209F40C9: qemuMonitorEmitBlockJob (qemu_monitor.c:1357)
==25612== by 0x20A06B7F: qemuMonitorJSONHandleBlockJobImpl
(qemu_monitor_json.c:922)
==25612== by 0x20A06D18: qemuMonitorJSONHandleBlockJobCompleted
(qemu_monitor_json.c:969)
==25612== by 0x20A048CD: qemuMonitorJSONIOProcessEvent
(qemu_monitor_json.c:166)
==25612== by 0x20A04A73: qemuMonitorJSONIOProcessLine
(qemu_monitor_json.c:195)
==25612== by 0x20A04CDB: qemuMonitorJSONIOProcess
(qemu_monitor_json.c:237)
==25612== by 0x209F1047: qemuMonitorIOProcess (qemu_monitor.c:402)
==25612== by 0x209F1AB1: qemuMonitorIO (qemu_monitor.c:651)
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library
http://libvirt.org