Bug 698537

Summary: ide: core dump when stop/cont guest
Product: Red Hat Enterprise Linux 6 Reporter: Xiaoqing Wei <xwei>
Component: qemu-kvmAssignee: Kevin Wolf <kwolf>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: medium    
Version: 6.1CC: drjones, ehabkost, fan-wxa, gcosta, juzhang, lcapitulino, mfuruta, mkenneth, myamazak, shuang, tuhongj, virt-maint, xfu
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qemu-kvm-0.12.1.2-2.172.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-06 15:39:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 658636, 703492    
Attachments:
Description Flags
gdb bt info
none
core dump bt info when running rhel56 guest
none
sosreport
none
[abrt] new crash was detected none

Description Xiaoqing Wei 2011-04-21 07:42:02 UTC 
Description of problem:

create image in lvm, boot guest the with the lvm image attached, create partition in the image attached and run dd. stop/cont guest during dd. guest core dump

Version-Release number of selected component (if applicable):

qemu-kvm-0.12.1.2-2.158.el6.x86_64
How reproducible:
100%

Steps to Reproduce:


1. qemu-img create -f qcow2 /dev/vgtest/lvtest 500M
2. boot a guest:
qemu-kvm -name 'rhel47-32' -monitor stdio -chardev socket,id=serial_id_20110420-134929-ocyE,path=/tmp/serial-20110420-134929-ocyE,server,nowait -device isa-serial,chardev=serial_id_20110420-134929-ocyE -device rtl8139,netdev=idvjxRgD,mac=9a:fe:9d:9b:1e:a4,id=ndev00idvjxRgD,bus=pci.0,addr=0x3 -netdev tap,id=idvjxRgD,ifname='t0-134929-ocyE',script='/usr/local/staf/test/RHEV/kvm/autotest-devel/client/tests/kvm/scripts/qemu-ifup-switch',downscript='no' -m 4096 -smp 4,cores=2,threads=1,sockets=2 -cpu cpu64-rhel6,+sse2,+x2apic -vnc :0 -rtc base=utc,clock=host,driftfix=none -M rhel6.1.0 -boot order=cdn,once=c,menu=off   -usbdevice tablet -no-kvm-pit-reinjection -enable-kvm \
\
\-drive file='/home/kvm_autotest_root/images/rhel49.qcow2',werror=stop,rerror=stop,index=0,if=ide
\ -drive file=/dev/vgtest/lvtest,if=ide,werror=stop,rerror=stop

where rhel49.qcow is the file based image used for storaging the OS,  (guest shows as /dev/hda)
lvtest is the LVM based qcow2 image attached.   (guest shows as /dev/hdb)


3. log into guest,do
""""
  fdisk /dev/hdb   to create a partition and mount it under /media

mount /dev/hdb1 /media
dd if=/dev/urandom of=/media/tes.img bs=1M count=300

""""

after dd in guest, type "stop" in monitor ,info status comfirm it really stopped,type "cont" to continue

Actual results:
qemu-kvm process core dump

Expected results:
guest continue run as normal.

Additional info:

host info :kernel-2.6.32-130.el6.x86_64
processor       : 3
vendor_id       : GenuineIntel
cpu family      : 6
model           : 23
model name      : Intel(R) Core(TM)2 Quad CPU    Q9400  @ 2.66GHz
stepping        : 10
cpu MHz         : 2660.161
cache size      : 3072 KB



guest info : OS rhel4.9-32
Comment 2 Xiaoqing Wei 2011-04-21 07:55:20 UTC 
Created attachment 493729 [details]
gdb bt info

qemu-kvm can core dump during vm boots,just do stop/cont in monitor
Comment 3 Xiaoqing Wei 2011-04-22 01:52:45 UTC 
Created attachment 494035 [details]
core dump bt info when running rhel56 guest

also tested 
rhel61-32    20 / 0
rhel56-32    15 / 1
Win2008r2-32 10 / 0
Win7-32      15 / 0



attached bt info collected from qemu-kvm core dump when running rhel5.6 guest.
Comment 5 Kevin Wolf 2011-05-31 12:36:57 UTC 
It's trying to restart a flush that probably didn't even exist. Might be a guest that writes to the status register, which the IDE emulation abuses for its internal error status. The fix would be to stop this abuse.
Comment 8 Kevin Wolf 2011-06-21 13:42:15 UTC 
Note for reproducers: The important thing here is that you have some I/O on the IDE slave. It doesn't matter whether you take the primary or secondary channel, /dev/hdb and /dev/hdd both work. You don't need a disk in /dev/hda to reproduce this.
Comment 10 Luiz Capitulino 2011-06-27 15:02:43 UTC 
*** Bug 703554 has been marked as a duplicate of this bug. ***
Comment 11 Luiz Capitulino 2011-06-27 15:06:31 UTC 
I'm marking this a blocker to 703492, as requested by Weiguo Fan in bug 703554 comment 21.
Comment 15 FuXiangChun 2011-08-04 06:20:50 UTC 
Verified on qemu-kvm-0.12.1.2-2.175.el6.x86_64

Steps to Verify:
1.run a VM with two disks,and sec disk is iscsi block device.
/usr/libexec/qemu-kvm -M rhel6.1.0 -enable-kvm -m 4G -smp 2,sockets=2,cores=1,threads=1 -name rhel6 -uuid 745fe449-aac8-29f1-0c2d-5042a707263b -boot c -drive file=rhel61.qcow2,if=none,id=drive-ide0-0-0,format=qcow2,cache=none,aio=threads -device ide-drive,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -drive file=/dev/migrate/data1,if=none,id=drive-ide0-0-1,format=qcow2,cache=none,aio=threads -device ide-drive,drive=drive-ide0-0-1,id=ide0-0-1  -netdev tap,id=hostnet1,vhost=on,script=/etc/qemu-ifup -device rtl8139,netdev=hostnet1,mac=00:24:21:7F:B6:01,bus=pci.0,id=virtio-net-pci1 -monitor stdio  -spice disable-ticketing,port=5911
2.format sec disk and mount it in guest
  mkfs.ext4 /dev/sdb 
  mount /dev/sdb /mnt
3.execute dd command in mount point
  cd /mnt
  dd if=/dev/urandom of=/media/tes.img bs=1M count=300
4.stop/cont in monitor

Actual Results:
guest and host work well, and command execute successfully.

Based on above ,this issue has been fixed.
Comment 16 FuXiangChun 2011-08-05 02:26:14 UTC 
Verified on qemu-kvm-0.12.1.2-2.175.el6.x86_64
reproduce on qemu-kvm-0.12.1.2-2.160.el6.x86_64

steps to reproduce:
1. install rhel5.9 guest
2./usr/libexec/qemu-kvm -M rhel6.1.0 -enable-kvm -m 4G -smp 2,sockets=2,cores=1,threads=1 -name rhel6 -uuid 745fe449-aac8-29f1-0c2d-5042a707263b -boot dc -drive file=rhel49.qcow2,if=none,id=drive-ide0-0-0,format=qcow2,cache=none,aio=threads -device ide-drive,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -drive file=/dev/vg0/data2,if=none,id=drive,format=qcow2,cache=none,aio=threads -device ide-drive,drive=drive,id=ide0-0-1 -netdev tap,id=hostnet1,vhost=on,script=/etc/qemu-ifup -device rtl8139,netdev=hostnet1,mac=00:24:21:7F:B6:02,bus=pci.0,id=virtio-net-pci1 -monitor stdio  -spice disable-ticketing,port=5911
2. format sec disk and mount it in guest
  mkfs.ext3 /dev/hdd
3.execute dd command in mount point
  cd /mnt
  dd if=/dev/urandom of=/media/tes.img bs=1M count=300
4.stop/cont in monitor

Actual Results:
 on qemu-kvm-0.12.1.2-2.160.el6.x86_64
(qemu) qemu-kvm: /builddir/build/BUILD/qemu-kvm-0.12.1.2/hw/ide/internal.h:517: bmdma_active_if: Assertion `bmdma->unit != (uint8_t)-1' failed.
Aborted (core dumped)

on qemu-kvm-0.12.1.2-2.175.el6.x86_64
guest work well

Based on above ,this issue has been fixed.
Comment 18 Kevin Wolf 2011-08-26 14:14:07 UTC 
*** Bug 714344 has been marked as a duplicate of this bug. ***
Comment 19 IBM Bug Proxy 2011-08-26 14:25:00 UTC 
Created attachment 520099 [details]
sosreport
Comment 20 IBM Bug Proxy 2011-08-26 14:25:07 UTC 
Created attachment 520100 [details]
[abrt] new crash was detected
Comment 21 IBM Bug Proxy 2011-09-27 08:21:37 UTC 
------- Comment From vahegde1.ibm.com 2011-09-27 04:13 EDT-------
Verified on RHEL6.2 Alpha with RHEL5.4 64bit guest and this issue is fixed.

[root@llm112 images]#  uname -a
Linux llm112 2.6.32-195.el6.x86_64 #1 SMP Sun Sep 4 15:32:25 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux

[root@llm112 images]#  rpm  -qa |grep qemu
qemu-kvm-0.12.1.2-2.183.el6.x86_64
qemu-kvm-tools-0.12.1.2-2.183.el6.x86_64
gpxe-roms-qemu-0.9.7-6.7.el6.noarch
qemu-img-0.12.1.2-2.183.el6.x86_64

[root@llm112 images]# virsh list
Id Name                 State
----------------------------------
2 rhel5.4-64bit        running

[root@llm112 images]# virsh suspend 2
Domain 2 suspended

[root@llm112 images]# virsh list
Id Name                 State
----------------------------------
2 rhel5.4-64bit        paused

[root@llm112 images]#  virsh resume 2
Domain 2 resumed

[root@llm112 images]# virsh  list
Id Name                 State
----------------------------------
2 rhel5.4-64bit        running

Thanks
Vasant
Comment 22 Masaki Furuta ( RH ) 2011-09-27 09:57:37 UTC 
Dear weiguo fan,

Would you please kindly verify fix on latest RHEL6.2Alpha (kernel-2.6.32-195.el6, qemu-kvm-0.12.1.2-2.183 ), if possible?

Best Regards,
Masaki Furuta
Comment 23 weiguo fan 2011-09-28 03:07:23 UTC 
(In reply to comment #22)
Dear Furuta-san

> Would you please kindly verify fix on latest RHEL6.2Alpha
> (kernel-2.6.32-195.el6, qemu-kvm-0.12.1.2-2.183 ), if possible?

I confirmed that this problem did not occur on RHEL6.2 Alpha(kernel-2.6.32-195.el6, qemu-kvm-0.12.1.2-2.183 ). 

Thanks
Best Regards.
Comment 24 errata-xmlrpc 2011-12-06 15:39:55 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1531.html