Bug 1686253
| Summary: | Bitmap merge: Segment fault when merge with a not existed src_name in transaction mode | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | aihua liang <aliang> | |
| Component: | qemu-kvm | Assignee: | John Snow <jsnow> | |
| Status: | CLOSED ERRATA | QA Contact: | aihua liang <aliang> | |
| Severity: | high | Docs Contact: | ||
| Priority: | high | |||
| Version: | 7.7 | CC: | chayang, coli, juzhang, ngu, qzhang, virt-maint | |
| Target Milestone: | rc | Keywords: | TestOnly | |
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1686262 (view as bug list) | Environment: | ||
| Last Closed: | 2019-08-06 12:41:48 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1686262 | |||
Accidentally fixed by 360d4e4e9a501d92fb8866ac307d33a25f70c6d1 blockdev: n-ary bitmap merge The patch will be backported as part of the API stabilization BZ downstream #1668956 (In reply to John Snow from comment #2) > Accidentally fixed by 360d4e4e9a501d92fb8866ac307d33a25f70c6d1 blockdev: > n-ary bitmap merge > > The patch will be backported as part of the API stabilization BZ downstream > #1668956 bug 1668956 is ON_QA, so changing this one as well. Test on qemu-kvm-rhev-2.12.0-27.el7.x86_64, the bug has been fixed, so set its status to "Verified".
Test steps:
1.Start guest with qemu cmds:
/usr/libexec/qemu-kvm \
-S \
-name 'avocado-vt-vm1' \
-machine pc \
-nodefaults \
-device VGA,bus=pci.0,addr=0x2 \
-chardev socket,id=qmp_id_qmpmonitor1,path=/var/tmp/monitor-qmpmonitor1-20190123-032240-rOoB4cgD,server,nowait \
-mon chardev=qmp_id_qmpmonitor1,mode=control \
-chardev socket,id=qmp_id_catch_monitor,path=/var/tmp/monitor-catch_monitor-20190123-032240-rOoB4cgD,server,nowait \
-mon chardev=qmp_id_catch_monitor,mode=control \
-device pvpanic,ioport=0x505,id=id8Ec4Bn \
-chardev socket,id=serial_id_serial0,path=/var/tmp/serial-serial0-20190123-032240-rOoB4cgD,server,nowait \
-device isa-serial,chardev=serial_id_serial0 \
-chardev socket,id=seabioslog_id_20190123-032240-rOoB4cgD,path=/var/tmp/seabios-20190123-032240-rOoB4cgD,server,nowait \
-device isa-debugcon,chardev=seabioslog_id_20190123-032240-rOoB4cgD,iobase=0x402 \
-device ich9-usb-ehci1,id=usb1,addr=0x1d.7,multifunction=on,bus=pci.0 \
-device ich9-usb-uhci1,id=usb1.0,multifunction=on,masterbus=usb1.0,addr=0x1d.0,firstport=0,bus=pci.0 \
-device ich9-usb-uhci2,id=usb1.1,multifunction=on,masterbus=usb1.0,addr=0x1d.2,firstport=2,bus=pci.0 \
-device ich9-usb-uhci3,id=usb1.2,multifunction=on,masterbus=usb1.0,addr=0x1d.4,firstport=4,bus=pci.0 \
-drive id=drive_image1,if=none,snapshot=off,aio=threads,cache=none,format=qcow2,file=/home/kvm_autotest_root/images/rhel77-64-virtio.qcow2 \
-device virtio-blk-pci,id=image1,drive=drive_image1,bus=pci.0 \
-device virtio-net-pci,mac=9a:39:3a:3b:3c:3d,id=id1JNQsL,vectors=4,netdev=idVpZZ6A,bus=pci.0 \
-netdev tap,id=idVpZZ6A,vhost=on \
-m 4096 \
-smp 2,maxcpus=2,cores=1,threads=1,sockets=2 \
-cpu host,+kvm_pv_unhalt \
-device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1 \
-vnc :0 \
-rtc base=utc,clock=host,driftfix=slew \
-boot order=cdn,once=c,menu=off,strict=off \
-enable-kvm \
-monitor stdio \
-qmp tcp:0:3000,server,nowait \
2. Add a bitmap "bitmap0"
{ "execute": "block-dirty-bitmap-add", "arguments": {"node": "drive_image1", "name": "bitmap0"}}
3. Merge from a non-existed bitmap.
{ "execute": "transaction", "arguments": { "actions": [ {"type": "block-dirty-bitmap-merge", "data": { "node": "drive_image1", "bitmaps":["bitmap1"],"target":"bitmap0"}}]}}
{"error": {"class": "GenericError", "desc": "Dirty bitmap 'bitmap1' not found"}}
4. Merge to a non-existed bitmap.
{ "execute": "transaction", "arguments": { "actions": [ {"type": "block-dirty-bitmap-merge", "data": { "node": "drive_image1", "bitmaps":["bitmap0"],"target":"bitmap1"}}]}}
{"error": {"class": "GenericError", "desc": "Dirty bitmap 'bitmap1' not found"}}
Test also with -blockdev, it works ok.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:2078 |
Description of problem: Bitmap merge: segment fault when merge with src_name not existed in transaction mode Version-Release number of selected component (if applicable): kernel version: 3.10.0-993.el7.x86_64 qemu-kvm-rhev version: qemu-kvm-rhev-2.12.0-24.el7.x86_64 How reproducible: 100% Steps to Reproduce: 1.Start guest with qemu cmds /usr/libexec/qemu-kvm \ -S \ -name 'avocado-vt-vm1' \ -machine pc \ -nodefaults \ -device VGA,bus=pci.0,addr=0x2 \ -chardev socket,id=qmp_id_qmpmonitor1,path=/var/tmp/monitor-qmpmonitor1-20190123-032240-rOoB4cgD,server,nowait \ -mon chardev=qmp_id_qmpmonitor1,mode=control \ -chardev socket,id=qmp_id_catch_monitor,path=/var/tmp/monitor-catch_monitor-20190123-032240-rOoB4cgD,server,nowait \ -mon chardev=qmp_id_catch_monitor,mode=control \ -device pvpanic,ioport=0x505,id=id8Ec4Bn \ -chardev socket,id=serial_id_serial0,path=/var/tmp/serial-serial0-20190123-032240-rOoB4cgD,server,nowait \ -device isa-serial,chardev=serial_id_serial0 \ -chardev socket,id=seabioslog_id_20190123-032240-rOoB4cgD,path=/var/tmp/seabios-20190123-032240-rOoB4cgD,server,nowait \ -device isa-debugcon,chardev=seabioslog_id_20190123-032240-rOoB4cgD,iobase=0x402 \ -device ich9-usb-ehci1,id=usb1,addr=0x1d.7,multifunction=on,bus=pci.0 \ -device ich9-usb-uhci1,id=usb1.0,multifunction=on,masterbus=usb1.0,addr=0x1d.0,firstport=0,bus=pci.0 \ -device ich9-usb-uhci2,id=usb1.1,multifunction=on,masterbus=usb1.0,addr=0x1d.2,firstport=2,bus=pci.0 \ -device ich9-usb-uhci3,id=usb1.2,multifunction=on,masterbus=usb1.0,addr=0x1d.4,firstport=4,bus=pci.0 \ -blockdev driver=file,node-name=file_base,filename=/home/kvm_autotest_root/images/rhel77-64-virtio.qcow2,auto-read-only=on \ -blockdev driver=qcow2,file=file_base,node-name=drive_image1,auto-read-only=on \ -device virtio-blk-pci,id=image1,drive=drive_image1,bus=pci.0 \ -device virtio-net-pci,mac=9a:39:3a:3b:3c:3d,id=id1JNQsL,vectors=4,netdev=idVpZZ6A,bus=pci.0 \ -netdev tap,id=idVpZZ6A,vhost=on \ -m 4096 \ -smp 2,maxcpus=2,cores=1,threads=1,sockets=2 \ -cpu 'Penryn',+kvm_pv_unhalt \ -device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1 \ -vnc :0 \ -rtc base=utc,clock=host,driftfix=slew \ -boot order=cdn,once=c,menu=off,strict=off \ -enable-kvm \ -monitor stdio \ -qmp tcp:0:3000,server,nowait \ 2. Add bitmap0 on "drive_image1" { "execute": "block-dirty-bitmap-add", "arguments": { "node": "drive_image1", "name": "bitmap0"}} 3. Merge bitmap1 to bitmap0 in transaction mode { "execute": "transaction", "arguments": { "actions": [{"type":"x-block-dirty-bitmap-merge", "data": { "node": "drive_image1", "src_name": "bitmap1", "dst_name":"bitmap0"} }]}} Actual results: Qemu quit with segment fault. (gdb) bt full #0 0x000055a4f3907939 in hbitmap_free (hb=0x0) at util/hbitmap.c:643 i = <optimized out> __PRETTY_FUNCTION__ = "hbitmap_free" #1 0x000055a4f36cdfbb in qmp_transaction (dev_list=<optimized out>, has_props=<optimized out>, props=<optimized out>, errp=errp@entry=0x7ffc324f6598) at blockdev.c:2465 dev_entry = <optimized out> block_job_txn = 0x0 state = 0x55a4f510db30 next = <optimized out> local_err = 0x0 snap_bdrv_states = {tqh_first = 0x55a4f510db30, tqh_last = 0x55a4f510db50} __PRETTY_FUNCTION__ = "qmp_transaction" #2 0x000055a4f36e919d in qmp_marshal_transaction (args=<optimized out>, ret=<optimized out>, errp=0x7ffc324f6608) at qapi/qapi-commands-transaction.c:46 err = 0x0 v = 0x55a4f519c750 arg = {actions = 0x55a4f6f63c70, has_properties = false, properties = 0x0} #3 0x000055a4f38f63fa in qmp_dispatch (errp=0x7ffc324f6600, request=0x7ffc324f6600, cmds=<optimized out>) at qapi/qmp-dispatch.c:111 local_err = 0x0 command = 0x55a4f6f63d60 "transaction" dict = <optimized out> ret = 0x0 args = 0x55a4f514e400 cmd = 0x55a4f51f5b00 err = 0x0 rsp = <optimized out> #4 0x000055a4f38f63fa in qmp_dispatch (cmds=<optimized out>, request=request@entry=0x55a4f514d200) at qapi/qmp-dispatch.c:160 err = 0x0 rsp = <optimized out> #5 0x000055a4f35f0ab1 in monitor_qmp_dispatch_one (req_obj=<optimized out>) at /usr/src/debug/qemu-2.12.0/monitor.c:4102 mon = 0x55a4f511f760 old_mon = 0x0 req = 0x55a4f514d200 rsp = 0x0 id = 0x0 need_resume = true ---Type <return> to continue, or q <return> to quit--- #6 0x000055a4f35f0d15 in monitor_qmp_bh_dispatcher (data=<optimized out>) at /usr/src/debug/qemu-2.12.0/monitor.c:4160 req_obj = 0x55a4f6da9ae0 #7 0x000055a4f3900341 in aio_bh_poll (bh=0x55a4f54fa2a0) at util/async.c:90 bh = <optimized out> bhp = <optimized out> next = 0x55a4f51b3500 ret = 1 deleted = false #8 0x000055a4f3900341 in aio_bh_poll (ctx=ctx@entry=0x55a4f513f680) at util/async.c:118 bh = <optimized out> bhp = <optimized out> next = 0x55a4f51b3500 ret = 1 deleted = false #9 0x000055a4f39033f0 in aio_dispatch (ctx=0x55a4f513f680) at util/aio-posix.c:440 #10 0x000055a4f390021e in aio_ctx_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at util/async.c:261 ctx = <optimized out> #11 0x00007f721160f049 in g_main_context_dispatch () at /lib64/libglib-2.0.so.0 #12 0x000055a4f39026e7 in main_loop_wait () at util/main-loop.c:215 context = 0x55a4f518ea50 pfds = <optimized out> context = 0x55a4f518ea50 ret = 1 ret = 1 timeout = 4294967295 timeout_ns = 1644434452 #13 0x000055a4f39026e7 in main_loop_wait (timeout=<optimized out>) at util/main-loop.c:238 context = 0x55a4f518ea50 ret = 1 ret = 1 timeout = 4294967295 timeout_ns = 1644434452 #14 0x000055a4f39026e7 in main_loop_wait (nonblocking=nonblocking@entry=0) at util/main-loop.c:497 ret = 1 timeout = 4294967295 timeout_ns = 1644434452 ---Type <return> to continue, or q <return> to quit--- #15 0x000055a4f35a4ba7 in main () at vl.c:1963 i = <optimized out> snapshot = <optimized out> linux_boot = <optimized out> initrd_filename = <optimized out> kernel_filename = <optimized out> kernel_cmdline = <optimized out> boot_order = <optimized out> boot_once = 0x55a4f50f29f8 "c" ds = <optimized out> opts = <optimized out> machine_opts = <optimized out> icount_opts = <optimized out> accel_opts = <optimized out> olist = <optimized out> optind = 64 optarg = 0x7ffc324f8453 "tcp:0:3000,server,nowait" loadvm = <optimized out> machine_class = 0x0 cpu_model = <optimized out> vga_model = 0x0 qtest_chrdev = <optimized out> qtest_log = <optimized out> pid_file = <optimized out> incoming = <optimized out> userconfig = <optimized out> nographic = <optimized out> display_remote = <optimized out> log_mask = <optimized out> log_file = <optimized out> trace_file = <optimized out> maxram_size = <optimized out> ram_slots = <optimized out> vmstate_dump_file = <optimized out> main_loop_err = 0x0 err = 0x0 ---Type <return> to continue, or q <return> to quit--- list_data_dirs = <optimized out> dir = <optimized out> dirs = 0x0 bdo_queue = {sqh_first = 0x0, sqh_last = 0x7ffc324f68e0} __func__ = "main" __FUNCTION__ = "main" #16 0x000055a4f35a4ba7 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4768 i = <optimized out> snapshot = <optimized out> linux_boot = <optimized out> initrd_filename = <optimized out> kernel_filename = <optimized out> kernel_cmdline = <optimized out> boot_order = <optimized out> boot_once = 0x55a4f50f29f8 "c" ds = <optimized out> opts = <optimized out> machine_opts = <optimized out> icount_opts = <optimized out> accel_opts = <optimized out> olist = <optimized out> optind = 64 optarg = 0x7ffc324f8453 "tcp:0:3000,server,nowait" loadvm = <optimized out> machine_class = 0x0 cpu_model = <optimized out> vga_model = 0x0 qtest_chrdev = <optimized out> qtest_log = <optimized out> pid_file = <optimized out> incoming = <optimized out> userconfig = <optimized out> nographic = <optimized out> display_remote = <optimized out> log_mask = <optimized out> log_file = <optimized out> ---Type <return> to continue, or q <return> to quit--- trace_file = <optimized out> maxram_size = <optimized out> ram_slots = <optimized out> vmstate_dump_file = <optimized out> main_loop_err = 0x0 err = 0x0 list_data_dirs = <optimized out> dir = <optimized out> dirs = 0x0 bdo_queue = {sqh_first = 0x0, sqh_last = 0x7ffc324f68e0} __func__ = "main" __FUNCTION__ = "main" Expected results: Bitmap merge failed. Additional info: When execute bitmap merge not in trasaction mode, it works fine. {"execute": "x-block-dirty-bitmap-merge","arguments":{"node": "drive_image1", "src_name": "bitmap1", "dst_name":"bitmap0"}} {"error": {"class": "GenericError", "desc": "Dirty bitmap 'bitmap1' not found"}}