Bug 1481945

Summary:	core dumped if quit qemu when install win2016 guest with iscsi backend
Product:	Red Hat Enterprise Linux 7	Reporter:	Longxiang Lyu <lolyu>
Component:	qemu-kvm-rhev	Assignee:	Virtualization Maintenance <virt-maint>
Status:	CLOSED DUPLICATE	QA Contact:	Suqin Huang <shuang>
Severity:	high	Docs Contact:
Priority:	high
Version:	7.4	CC:	aliang, chayang, coli, dgilbert, juzhang, lijin, michen, qzhang, shuang, virt-maint, yhong
Target Milestone:	rc
Target Release:	---
Hardware:	x86_64
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2017-08-16 08:52:12 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Longxiang Lyu 2017-08-16 06:25:26 UTC

Description of problem:
core dumped if quit qemu when install win2016 guest with iscsi backend

Version-Release number of selected component (if applicable):
Kernel: 3.10.0-698.el7.x86_64
Qemu-kvm: 2.9.0-16.el7_4.4.x86_64
Guest: win2016
Iscsi backend: iscsi://10.73.199.233:3260/iqn.2017-04.com.example:t1/0

How reproducible:
50%

Steps to Reproduce:
1. Create image
# qemu-img create -f qcow2 iscsi://10.73.199.233:3260/iqn.2017-04.com.example:t1/0 30G

2. Install win2016 guest with command
#!/bin/bash
/usr/libexec/qemu-kvm \
-machine pc-i440fx-rhel7.4.0,accel=kvm,usb=off,vmport=off,dump-guest-core=off \
-cpu SandyBridge \
-m 4G \
-smp 4,sockets=4,cores=1,threads=1 \
-boot strict=on \
-device virtio-scsi-pci,bus=pci.0,addr=0x5,id=scsi1 \
-drive file=iscsi://10.73.199.233:3260/iqn.2017-04.com.example:t1/0,if=none,format=raw,cache=none,id=img0,aio=native \
-device scsi-hd,bus=scsi1.0,drive=img0,scsi-id=0,lun=0,id=scsi-disk0,bootindex=1 \
-object secret,id=key0,file=/home/test/iscsi/iscsi-password \
-drive media=cdrom,file=/home/iso/ISO/Win2016/en_windows_server_2016_x64_dvd_9718492.iso,format=raw,if=none,id=iso0,readonly=on \
-device ide-cd,bus=ide.0,drive=iso0,id=ide-cd.0,bootindex=2 \
-drive media=cdrom,file=/home/iso/windows/virtio-win-1.9.3-1.el7.iso,format=raw,if=none,id=iso1 \
-device ide-cd,bus=ide.0,drive=iso1,id=ide-cd.1 \
-netdev tap,id=hostnet0,vhost=on \
-device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:22:b3:20:61,bus=pci.0,addr=0x3 \
-device qxl-vga \
-usbdevice tablet \
-vnc :2 \
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x8 \
-monitor stdio \
-qmp tcp:0:4444,server,nowait \

3. Quit qemu during Windows “Loading File”

Actual results:
# ./cml-win2016.sh 
QEMU 2.9.0 monitor - type 'help' for more information
(qemu) quit
./cml-win2016.sh: line 24: 13936 Segmentation fault      (core dumped) /usr/libexec/qemu-kvm -machine pc-i440fx-rhel7.4.0,accel=kvm,usb=off,vmport=off,dump-guest-core=off -cpu SandyBridge -m 4G -smp 4,sockets=4,cores=1,threads=1 -boot strict=on -device virtio-scsi-pci,bus=pci.0,addr=0x5,id=scsi1 -drive file=iscsi://10.73.199.233:3260/iqn.2017-04.com.example:t1/0,if=none,format=raw,cache=none,id=img0,aio=native -device scsi-hd,bus=scsi1.0,drive=img0,scsi-id=0,lun=0,id=scsi-disk0,bootindex=1 -object secret,id=key0,file=/home/test/iscsi/iscsi-password -drive media=cdrom,file=/home/iso/ISO/Win2016/en_windows_server_2016_x64_dvd_9718492.iso,format=raw,if=none,id=iso0,readonly=on -device ide-cd,bus=ide.0,drive=iso0,id=ide-cd.0,bootindex=2 -drive media=cdrom,file=/home/iso/windows/virtio-win-1.9.3-1.el7.iso,format=raw,if=none,id=iso1 -device ide-cd,bus=ide.0,drive=iso1,id=ide-cd.1 -netdev tap,id=hostnet0,vhost=on -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:22:b3:20:61,bus=pci.0,addr=0x3 -device qxl-vga -usbdevice tablet -vnc :2 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x8 -monitor stdio -qmp tcp:0:4444,server,nowait

# gdb -c core.31241 -q
[New LWP 31253]
[New LWP 31255]
[New LWP 31254]
[New LWP 31304]
[New LWP 31256]
[New LWP 31326]
[New LWP 31242]
[New LWP 31312]
[New LWP 31241]
Missing separate debuginfo for the main executable file
Try: yum --enablerepo='*debug*' install /usr/lib/debug/.build-id/f4/4ad9c1136df64b98e5f0af97d898a0a19634c9
Core was generated by `/usr/libexec/qemu-kvm -machine pc-i440fx-rhel7.4.0,accel=kvm,usb=off,vmport=off'.
Program terminated with signal 11, Segmentation fault.
#0  0x00005617020d0790 in ?? ()
(gdb) bt
#0  0x00005617020d0790 in ?? ()
#1  0x00005617020c5627 in ?? ()
#2  0x0000000000095e78 in ?? ()
#3  0x00005617020c4da0 in ?? ()
#4  0x0000000000001000 in ?? ()
#5  0x0000561706806ac0 in ?? ()
#6  0x0000561705ed6a68 in ?? ()
#7  0x0000561706806ae0 in ?? ()
#8  0x0000000000000800 in ?? ()
#9  0x0000561705ed6a68 in ?? ()
#10 0x0000000000095e78 in ?? ()
#11 0x00005617020c56a5 in ?? ()
#12 0x0000561701fcf490 in ?? ()
#13 0x0000561706806ac0 in ?? ()
#14 0x0000561706806ac0 in ?? ()
#15 0x0000561701fd241d in ?? ()
#16 0x00007f07af30e6b0 in ?? ()
#17 0x0000561705ed6a68 in ?? ()
#18 0x0000561705ed6d60 in ?? ()
#19 0x0000000000000050 in ?? ()
#20 0x0000561701fd4810 in ?? ()
#21 0x0000000000000000 in ?? ()

Expected results:
Qemu quits with no segmentation fault.

Comment 2 Longxiang Lyu 2017-08-16 07:00:11 UTC

Correct the core info in description:
# gdb -c core.22986 -q
[New LWP 22996]
[New LWP 23065]
[New LWP 23016]
[New LWP 22998]
[New LWP 22997]
[New LWP 23031]
[New LWP 22999]
[New LWP 22987]
[New LWP 22986]
Reading symbols from /usr/libexec/qemu-kvm...Reading symbols from /usr/lib/debug/usr/libexec/qemu-kvm.debug...done.
done.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/usr/libexec/qemu-kvm -machine pc-i440fx-rhel7.4.0,accel=kvm,usb=off,vmport=off'.
Program terminated with signal 11, Segmentation fault.
#0  bdrv_inc_in_flight (bs=bs@entry=0x0) at block/io.c:508
508	    atomic_inc(&bs->in_flight);
Missing separate debuginfos, use: debuginfo-install boost-system-1.53.0-27.el7.x86_64 boost-thread-1.53.0-27.el7.x86_64 bzip2-libs-1.0.6-13.el7.x86_64 celt051-0.5.1.3-8.el7.x86_64 cyrus-sasl-gssapi-2.1.26-21.el7.x86_64 cyrus-sasl-lib-2.1.26-21.el7.x86_64 cyrus-sasl-md5-2.1.26-21.el7.x86_64 cyrus-sasl-plain-2.1.26-21.el7.x86_64 cyrus-sasl-scram-2.1.26-21.el7.x86_64 elfutils-libelf-0.168-8.el7.x86_64 elfutils-libs-0.168-8.el7.x86_64 glib2-2.50.3-3.el7.x86_64 glibc-2.17-196.el7.x86_64 glusterfs-api-3.8.4-18.4.el7.x86_64 glusterfs-libs-3.8.4-18.4.el7.x86_64 gmp-6.0.0-15.el7.x86_64 gnutls-3.3.26-9.el7.x86_64 gperftools-libs-2.4-8.el7.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.15.1-8.el7.x86_64 libacl-2.2.51-12.el7.x86_64 libaio-0.3.109-13.el7.x86_64 libattr-2.4.46-12.el7.x86_64 libblkid-2.23.2-43.el7.x86_64 libcacard-2.5.2-2.el7.x86_64 libcap-2.22-9.el7.x86_64 libcom_err-1.42.9-10.el7.x86_64 libcurl-7.29.0-42.el7.x86_64 libdb-5.3.21-20.el7.x86_64 libffi-3.0.13-18.el7.x86_64 libgcc-4.8.5-16.el7.x86_64 libgcrypt-1.5.3-14.el7.x86_64 libgpg-error-1.12-3.el7.x86_64 libibverbs-13-7.el7.x86_64 libidn-1.28-4.el7.x86_64 libiscsi-1.9.0-7.el7.x86_64 libjpeg-turbo-1.2.90-5.el7.x86_64 libmount-2.23.2-43.el7.x86_64 libnl3-3.2.28-4.el7.x86_64 libpng-1.5.13-7.el7_2.x86_64 librados2-0.94.5-2.el7.x86_64 librbd1-0.94.5-2.el7.x86_64 librdmacm-13-7.el7.x86_64 libseccomp-2.3.1-3.el7.x86_64 libselinux-2.5-11.el7.x86_64 libssh2-1.4.3-10.el7_2.1.x86_64 libstdc++-4.8.5-16.el7.x86_64 libtasn1-4.10-1.el7.x86_64 libunwind-1.2-2.el7.x86_64 libusbx-1.0.20-1.el7.x86_64 libuuid-2.23.2-43.el7.x86_64 lzo-2.06-8.el7.x86_64 nettle-2.7.1-8.el7.x86_64 nspr-4.13.1-1.0.el7_3.x86_64 nss-3.28.4-8.el7.x86_64 nss-softokn-freebl-3.28.3-6.el7.x86_64 nss-util-3.28.4-3.el7.x86_64 numactl-libs-2.0.9-6.el7_2.x86_64 openldap-2.4.44-5.el7.x86_64 openssl-libs-1.0.2k-8.el7.x86_64 p11-kit-0.23.5-3.el7.x86_64 pcre-8.32-17.el7.x86_64 pixman-0.34.0-1.el7.x86_64 snappy-1.1.0-3.el7.x86_64 spice-server-0.12.8-3.el7.x86_64 systemd-libs-219-42.el7.x86_64 usbredir-0.7.1-2.el7.x86_64 xz-libs-5.2.2-1.el7.x86_64 zlib-1.2.7-17.el7.x86_64
(gdb) bt
#0  bdrv_inc_in_flight (bs=bs@entry=0x0) at block/io.c:508
#1  0x000055bce1f6bd07 in blk_aio_prwv (blk=0x55bce4b241e0, offset=offset@entry=203360256, bytes=2048, 
    qiov=qiov@entry=0x55bce6c6f020, co_entry=co_entry@entry=0x55bce1f6b480 <blk_aio_read_entry>, 
    flags=flags@entry=0, cb=cb@entry=0x55bce1e75b90 <ide_buffered_readv_cb>, 
    opaque=opaque@entry=0x55bce6c6f000) at block/block-backend.c:1145
#2  0x000055bce1f6bd85 in blk_aio_preadv (blk=<optimized out>, offset=offset@entry=203360256, 
    qiov=qiov@entry=0x55bce6c6f020, flags=flags@entry=0, 
    cb=cb@entry=0x55bce1e75b90 <ide_buffered_readv_cb>, opaque=opaque@entry=0x55bce6c6f000)
    at block/block-backend.c:1250
#3  0x000055bce1e78b1d in ide_buffered_readv (s=s@entry=0x55bce633aa68, sector_num=397188, 
    iov=iov@entry=0x55bce633ad60, nb_sectors=nb_sectors@entry=4, 
    cb=cb@entry=0x55bce1e7c020 <cd_read_sector_cb>, opaque=opaque@entry=0x55bce633aa68)
    at hw/ide/core.c:637
#4  0x000055bce1e7b041 in cd_read_sector (s=0x55bce633aa68) at hw/ide/atapi.c:198
#5  ide_atapi_cmd_reply_end (s=0x55bce633aa68) at hw/ide/atapi.c:272
#6  0x000055bce1e76494 in ide_data_readw (opaque=<optimized out>, addr=<optimized out>)
    at hw/ide/core.c:2262
#7  0x000055bce1d23020 in portio_read (opaque=0x55bce4ade1c0, addr=0, size=2)
    at /usr/src/debug/qemu-2.9.0/ioport.c:180
#8  0x000055bce1d2db2c in memory_region_read_accessor (mr=0x55bce4ade1c0, addr=0, value=0x7ff7ad5f7860, 
    size=2, shift=0, mask=65535, attrs=...) at /usr/src/debug/qemu-2.9.0/memory.c:435
#9  0x000055bce1d2b4b9 in access_with_adjusted_size (addr=addr@entry=0, 
    value=value@entry=0x7ff7ad5f7860, size=size@entry=2, access_size_min=<optimized out>, 
    access_size_max=<optimized out>, access=access@entry=0x55bce1d2db00 <memory_region_read_accessor>, 
    mr=mr@entry=0x55bce4ade1c0, attrs=attrs@entry=...) at /usr/src/debug/qemu-2.9.0/memory.c:592
#10 0x000055bce1d2e8c6 in memory_region_dispatch_read1 (attrs=..., size=2, pval=0x7ff7ad5f7860, addr=0, 
    mr=0x55bce4ade1c0) at /usr/src/debug/qemu-2.9.0/memory.c:1238
#11 memory_region_dispatch_read (mr=mr@entry=0x55bce4ade1c0, addr=addr@entry=0, 
    pval=pval@entry=0x7ff7ad5f7860, size=size@entry=2, attrs=attrs@entry=...)
    at /usr/src/debug/qemu-2.9.0/memory.c:1269
#12 0x000055bce1ce1a02 in address_space_read_continue (as=as@entry=0x55bce25b58e0 <address_space_io>, 
    addr=addr@entry=496, attrs=..., attrs@entry=..., 
    buf=buf@entry=0x7ff7bf0053fe <Address 0x7ff7bf0053fe out of bounds>, len=len@entry=2, addr1=0, l=2, 
    mr=0x55bce4ade1c0) at /usr/src/debug/qemu-2.9.0/exec.c:2844
#13 0x000055bce1ce1ab7 in address_space_read_full (as=0x55bce25b58e0 <address_space_io>, addr=496, 
    addr@entry=0, attrs=..., buf=buf@entry=0x7ff7bf0053fe <Address 0x7ff7bf0053fe out of bounds>, 
    len=len@entry=2) at /usr/src/debug/qemu-2.9.0/exec.c:2895
#14 0x000055bce1ce1c1e in address_space_read (len=2, 
    buf=0x7ff7bf0053fe <Address 0x7ff7bf0053fe out of bounds>, attrs=..., addr=0, as=<optimized out>)
    at /usr/src/debug/qemu-2.9.0/include/exec/memory.h:1718
#15 address_space_rw (as=<optimized out>, addr=addr@entry=496, attrs=..., attrs@entry=..., 
    buf=buf@entry=0x7ff7bf0053fe <Address 0x7ff7bf0053fe out of bounds>, len=len@entry=2, 
    is_write=is_write@entry=false) at /usr/src/debug/qemu-2.9.0/exec.c:2909
#16 0x000055bce1d2a5ba in kvm_handle_io (count=512, size=2, direction=<optimized out>, 
    data=<optimized out>, attrs=..., port=496) at /usr/src/debug/qemu-2.9.0/kvm-all.c:1828
#17 kvm_cpu_exec (cpu=cpu@entry=0x55bce4dd2000) at /usr/src/debug/qemu-2.9.0/kvm-all.c:2057
#18 0x000055bce1d177d2 in qemu_kvm_cpu_thread_fn (arg=0x55bce4dd2000)
    at /usr/src/debug/qemu-2.9.0/cpus.c:1118
#19 0x00007ff7b4dc4e25 in start_thread () from /lib64/libpthread.so.0
---Type <return> to continue, or q <return> to quit---

Comment 5 Dr. David Alan Gilbert 2017-08-16 08:52:12 UTC

Yep that's the same as 1451015

*** This bug has been marked as a duplicate of bug 1451015 ***