Bug 1032855

Summary: qemu-kvm core dump when do S4 inside guest after drive-mirror got BLOCK_JOB_READY status(from libiscsi storage to libiscsi storage))
Product: Red Hat Enterprise Linux 7 Reporter: Jun Li <juli>
Component: qemu-kvm-rhevAssignee: Jeff Cody <jcody>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: coli, hhuang, juli, juzhang, knoel, michen, mrezanin, qiguo, rbalakri, shu, snagar, tlavigne, virt-bugs, virt-maint, xfu
Target Milestone: rcKeywords: TestOnly
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-05 09:43:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 923626    

Description Jun Li 2013-11-21 03:09:06 UTC 
Description of problem:
Do drive-mirror from libiscsi storage to libiscsi storage. After drive-mirror got BLOCK_JOB_READY status, do S4 inside RHEL-6.5-32 guest, qemu-kvm will core dump.

Version-Release number of selected component (if applicable):
libiscsi-1.9.0-3.el7.x86_64
qemu-kvm-rhev-1.5.3-19.el7.x86_64
Guest kernel:
2.6.32-430.el6.i686
Host kernel:
3.10.0-48.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1.Boot guest with cli as followings:
# gdb --args /usr/libexec/qemu-kvm -S -M pc-i440fx-rhel7.0.0 -cpu SandyBridge -enable-kvm -m 4G -smp 4,sockets=2,cores=2,threads=1 -name juli -uuid 355a2475-4e03-4cdd-bf7b-5d6a59edaa68 -rtc base=localtime,clock=host,driftfix=slew \
-device virtio-scsi-pci,bus=pci.0,addr=0x5,id=scsi0 -drive file=iscsi://10.66.6.82:3260/iqn.2013-11.com.example:storage.disk1.juli.xyz/1,if=none,id=drive-scsi0-0-0,media=disk,cache=none,format=qcow2,werror=stop,rerror=stop,aio=native  -device scsi-hd,drive=drive-scsi0-0-0,bus=scsi0.0,scsi-id=0,lun=0,id=juli,bootindex=4 \
-drive file=/home/ISO/RHEL6.3-20120613.2-Server-i386-DVD1.iso,if=none,media=cdrom,format=raw,aio=native,id=drive-ide1-0-0 -device ide-drive,drive=drive-ide1-0-0,id=ide1-0-0,bus=ide.0,unit=0 \
-device virtio-balloon-pci,id=ballooning \
-global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 \
-net none -k en-us -boot menu=on,reboot-timeout=-1,strict=on -qmp tcp:0:4477,server,nowait -serial unix:/tmp/ttyS0,server,nowait -vnc :3 -spice port=5939,disable-ticketing  -vga qxl -global qxl-vga.revision=3 -monitor stdio -monitor tcp:0:7777,server,nowait -monitor unix:/tmp/monitor1,server,nowait -netdev tap,id=tap1,vhost=on,queues=4,script=/etc/qemu-ifup,downscript=/etc/qemu-ifdown,ifname=tap-juli \
-device virtio-net-pci,netdev=tap1,id=nic1,mq=on,vectors=17,mac=1a:59:0a:4b:aa:94,bootindex=0
2.execute drive-mirror via qmp(do drive-mirror from libiscsi storage to libiscsi storage).
$ telnet 10.66.106.4 4477
{"execute":"qmp_capabilities"}
{ "execute": "drive-mirror", "arguments": { "device": "drive-scsi0-0-0", "target": "iscsi://10.66.6.82:3260/iqn.2013-11.com.example:storage.disk1.juli.xyz/4", "format": "qcow2", "mode": "absolute-paths", "sync": "full", "speed": 1000000000, "on-source-error": "stop", "on-target-error": "stop" } }
3.After drive-mirror got BLOCK_JOB_READY status, do S4 inside guest.
{"timestamp": {"seconds": 1385002190, "microseconds": 35017}, "event": "BLOCK_JOB_READY", "data": {"device": "drive-scsi0-0-0", "len": 32212254720, "offset": 32212254720, "speed": 1099511627776000, "type": "mirror"}}
{ "execute" : "query-block-jobs", "arguments" : {} }
# pm-hibernate

Actual results:
After step 3, qemu-kvm will core dump.
(gdb) bt
#0  0x00007ffff30db979 in raise () from /lib64/libc.so.6
#1  0x00007ffff30dd088 in abort () from /lib64/libc.so.6
#2  0x00007ffff30d48e6 in __assert_fail_base () from /lib64/libc.so.6
#3  0x00007ffff30d4992 in __assert_fail () from /lib64/libc.so.6
#4  0x0000555555624928 in mirror_iteration (s=0x55555674f000)
    at block/mirror.c:188
#5  mirror_run (opaque=0x55555674f000) at block/mirror.c:385
#6  0x00005555556507aa in coroutine_trampoline (i0=<optimized out>, 
    i1=<optimized out>) at coroutine-ucontext.c:118
#7  0x00007ffff30ed4f0 in ?? () from /lib64/libc.so.6
#8  0x00007fffffffcfc0 in ?? ()
#9  0x0000000000000000 in ?? ()


Expected results:
After step 3, qemu-kvm will works well.

Additional info:
Comment 3 Jeff Cody 2014-11-25 20:06:52 UTC 
I've been unable to reproduce this bug - are you able to still reproduce this issue?
Comment 4 juzhang 2014-11-26 02:47:23 UTC 
Hi Juli,

Could you handle this issue?

Best Regards,
Junyi
Comment 5 Jun Li 2014-11-26 07:51:26 UTC 
(In reply to Jeff Cody from comment #3)
> I've been unable to reproduce this bug - are you able to still reproduce
> this issue?

Retest:

Version of components:
qemu-kvm-rhev-2.1.2-8.el7.x86_64

steps and command line the same as comment 0. Don't hit this issue any more.

After step 3, qemu-kvm, guest and host are all work well.
Comment 9 Jun Li 2015-01-23 05:08:04 UTC 
Verify:

Version of components:
qemu-kvm-rhev-2.1.2-20.el7.x86_64
3.10.0-222.el7.x86_64

steps and command line the same as comment 0. After step 3, qemu-kvm, guest and host are all work well.
Comment 12 errata-xmlrpc 2015-03-05 09:43:09 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0624.html