Bug 1672031
Summary: | qemu-kvm segfault when read a disconnected NBD virtio disk with rerror=stop or detach a disconnected nbd virtio disk | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux Advanced Virtualization | Reporter: | Han Han <hhan> |
Component: | qemu-kvm | Assignee: | Eric Blake <eblake> |
qemu-kvm sub component: | General | QA Contact: | Tingting Mao <timao> |
Status: | CLOSED DUPLICATE | Docs Contact: | |
Severity: | unspecified | ||
Priority: | unspecified | CC: | coli, jen, jinzhao, juzhang, michen, rbalakri, virt-maint |
Version: | 8.1 | ||
Target Milestone: | rc | ||
Target Release: | 8.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | 1672028 | Environment: | |
Last Closed: | 2019-05-13 06:22:19 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1672028 | ||
Bug Blocks: | 1672029 |
Description
Han Han
2019-02-03 10:11:11 UTC
More easy steps to reproduce this issue: Detach a disconnect virtio nbd disk: 1. Start a vm with nbd disk 2. Close the nbd server 3. Detach the disk Vesion: libvirt-4.5.0-16.virtcov.el7.x86_64 qemu-kvm-rhev-2.12.0-27.el7.x86_64 The backtrace: #0 0x000055ded99c77e4 in aio_co_schedule (ctx=0x55dedc6837c0, co=0x0) at util/async.c:444 _old = 0x0 scheduled = <optimized out> __func__ = "aio_co_schedule" #1 0x000055ded98f19a5 in bdrv_attach_aio_context (bs=0x55dedcb10000, new_context=new_context@entry=0x55dedc6837c0) at block.c:5000 ban = <optimized out> ban_tmp = <optimized out> child = 0x0 __PRETTY_FUNCTION__ = "bdrv_attach_aio_context" #2 0x000055ded98f1983 in bdrv_attach_aio_context (bs=bs@entry=0x55dedcb13400, new_context=new_context@entry=0x55dedc6837c0) at block.c:4997 ban = <optimized out> ban_tmp = <optimized out> child = 0x55dedcc60c80 __PRETTY_FUNCTION__ = "bdrv_attach_aio_context" #3 0x000055ded98f1a79 in bdrv_set_aio_context (bs=0x55dedcb13400, new_context=0x55dedc6837c0) at block.c:5033 ctx = 0x0 #4 0x000055ded9933c08 in blk_set_aio_context (blk=<optimized out>, new_context=<optimized out>) at block/block-backend.c:1936 bs = <optimized out> tgm = <optimized out> #5 0x000055ded96e31a8 in virtio_blk_data_plane_stop (vdev=<optimized out>) at /usr/src/debug/qemu-2.12.0/hw/block/dataplane/virtio-blk.c:286 vblk = 0x55dedde94170 __func__ = "virtio_blk_data_plane_stop" s = 0x55dedf507bc0 qbus = 0x55dedde940f8 k = 0x55dedc682500 i = <optimized out> nvqs = 1 #6 0x000055ded9888df5 in virtio_bus_stop_ioeventfd (bus=bus@entry=0x55dedde940f8) at hw/virtio/virtio-bus.c:246 vdev = 0x55dedde94170 vdc = <optimized out> __func__ = "virtio_bus_stop_ioeventfd" #7 0x000055ded9886161 in virtio_pci_common_write (proxy=0x55dedde8c000) at hw/virtio/virtio-pci.c:294 proxy = 0x55dedde8c000 vdev = 0x55dedde94170 __func__ = "virtio_pci_common_write" #8 0x000055ded9886161 in virtio_pci_common_write (opaque=0x55dedde8c000, addr=<optimized out>, val=0, size=<optimized out>) at hw/virtio/virtio-pci.c:1283 proxy = 0x55dedde8c000 vdev = 0x55dedde94170 __func__ = "virtio_pci_common_write" #9 0x000055ded96bf6e3 in memory_region_write_accessor (mr=<optimized out>, addr=<optimized out>, value=<optimized out>, size=<optimized out>, shift=<optimized out>, mask=<optimized out>, attrs=...) at /usr/src/debug/qemu-2.12.0/memory.c:530 tmp = <optimized out> #10 0x000055ded96bd3f9 in access_with_adjusted_size (addr=addr@entry=20, value=value@entry=0x7f81014846d8, size=size@entry=1, access_size_min=<optimized out>, access_size_max=<optimized out>, access_fn=access_fn@entry=0x55ded96bf6a0 <memory_region_write_accessor>, mr=mr@entry=0x55dedde8c9d0, attrs=attrs@entry=...) at /usr/src/debug/qemu-2.12.0/memory.c:597 access_mask = 255 access_size = 1 i = <optimized out> r = 0 #11 0x000055ded96c1495 in memory_region_dispatch_write (mr=mr@entry=0x55dedde8c9d0, addr=addr@entry=20, data=0, size=size@entry=1, attrs=attrs@entry=...) at /usr/src/debug/qemu-2.12.0/memory.c:1474 #12 0x000055ded9671ab3 in flatview_write_continue (fv=fv@entry=0x55dedcaa8d80, addr=addr@entry=4294967316, attrs=..., attrs@entry=..., buf=buf@entry=0x7f8126387028 <Address 0x7f8126387028 out of bounds>, len=len@entry=1, addr1=20, l=1, mr=0x55dedde8c9d0) at /usr/src/debug/qemu-2.12.0/exec.c:3140 ptr = <optimized out> val = <optimized out> result = 0 release_lock = true #13 0x000055ded9671bff in flatview_write (fv=0x55dedcaa8d80, addr=4294967316, attrs=..., buf=0x7f8126387028 <Address 0x7f8126387028 out of bounds>, len=1) at /usr/src/debug/qemu-2.12.0/exec.c:3184 l = 1 addr1 = 20 mr = <optimized out> result = 0 #14 0x000055ded9675eff in address_space_write (as=<optimized out>, addr=<optimized out>, attrs=..., buf=<optimized out>, len=<optimized out>) at /usr/src/debug/qemu-2.12.0/exec.c:3300 result = 0 fv = <optimized out> #15 0x000055ded9675fa5 in address_space_rw (as=<optimized out>, addr=<optimized out>, attrs=..., attrs@entry=..., buf=buf@entry=0x7f8126387028 <Address 0x7f8126387028 out of bounds>, len=<optimized out>, is_write=<optimized out>) at /usr/src/debug/qemu-2.12.0/exec.c:3311 #16 0x000055ded96d0008 in kvm_cpu_exec (cpu=cpu@entry=0x55dedc9c2000) at /usr/src/debug/qemu-2.12.0/accel/kvm/kvm-all.c:1996 attrs = {unspecified = 0, secure = 0, user = 0, requester_id = 0} run = <optimized out> ret = <optimized out> run_ret = 0 #17 0x000055ded96ad4c6 in qemu_kvm_cpu_thread_fn (arg=0x55dedc9c2000) at /usr/src/debug/qemu-2.12.0/cpus.c:1215 cpu = 0x55dedc9c2000 r = <optimized out> #18 0x00007f810ce94ea5 in start_thread (arg=0x7f8101487700) at pthread_create.c:307 __res = <optimized out> pd = 0x7f8101487700 now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140192049035008, -9178915296927424559, 0, 8392704, 0, 140192049035008, 9196336952062631889, 9196325123545096145}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> pagesize_m1 = <optimized out> sp = <optimized out> freesize = <optimized out> #19 0x00007f810cbbd8cd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Hi, From the gdb trace log, this bug should a dup of BZ #1478227.For bug 1478227 is reported earlier, I will close this bug. If there is any disagreement, comment or reopen it pls. Thanks, Tingting *** This bug has been marked as a duplicate of bug 1478227 *** |