Bug 798499

Summary: Guest aborted sometimes when quit it after a savevm
Product: Red Hat Enterprise Linux 6 Reporter: Qunfang Zhang <qzhang>
Component: qemu-kvmAssignee: Kevin Wolf <kwolf>
Status: CLOSED WONTFIX QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.3CC: acathrow, areis, bsarathy, juzhang, kwolf, michen, mkenneth, pbonzini, shu, sluo, tburke, virt-maint, wdai
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-22 15:15:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Qunfang Zhang 2012-02-29 03:46:32 UTC 
Description of problem:
Boot a guest (I tested rhel5.8-64 and rhel6.3-64) and savevm, after finish save the internal snapshot, quit the command line. Aborted occurs. I attach a virtual floppy with qcow2 format in the command line. I'm not very sure whether it is related the floppy because this issue is not 100% reproduced. Re-test 7 times without floppy, did not reproduce the issue.

Version-Release number of selected component (if applicable):
kernel-2.6.32-241.el6.x86_64
qemu-kvm-0.12.1.2-2.233.el6.x86_64

How reproducible:
2/10

Steps to Reproduce:
0.Pre-install a rhel guest and create a 1.4M floppy disk. 
#qemu-img create -f qcow2 floppy.qcow2 1474560

1. Boot a guest:
(gdb) r -M rhel6.3.0 -cpu cpu64-rhel6 -enable-kvm -m 4G -smp 2,sockets=1,cores=2,threads=1 -name rhel5.8-64 -uuid 125b7bc8-1b37-49e9-9a33-7e8917c34b88 -rtc base=localtime,driftfix=slew -device virtio-serial-pci,id=virtio-serial0,max_ports=16,bus=pci.0,addr=0x4 -drive file=/home/RHEL-Server-5.8-64-virtio.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,werror=stop,rerror=stop,aio=native -device ide-drive,bus=ide.0,unit=1,drive=drive-virtio-disk0,id=virtio-disk0 -netdev tap,id=hostnet0,vhost=on,script=/etc/qemu-ifup -device virtio-net-pci,netdev=hostnet0,id=net0,mac=00:1a:4a:42:1a:52,bus=pci.0,addr=0x3 -chardev socket,id=charchannel0,path=/tmp/qzhang-test,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.rhevm.vdsm -spice port=5930,disable-ticketing -vga qxl -global qxl-vga.vram_size=33554432  -usb -device usb-tablet,id=input0 -device virtio-balloon-pci,id=balloon0,addr=0x7  -boot c -monitor stdio -drive file=/home/floppy.qcow2,if=none,id=drive-fdc0-0-0,format=qcow2,cache=none -global isa-fdc.driveA=drive-fdc0-0-0

2.(qemu)savevm

3.(qemu)quit (after finish the savevm)
  
Actual results:
(qemu) 
(qemu) savevm 
handle_dev_input: stop
[New Thread 0x7ffff05ec700 (LWP 17083)]
handle_dev_input: start
(qemu) 
(qemu) 
(qemu) q
[New Thread 0x7ffed7bfd700 (LWP 17106)]
qemu-kvm: block/qcow2-cache.c:69: qcow2_cache_destroy: Assertion `c->entries[i].ref == 0' failed.

Program received signal SIGABRT, Aborted.
0x00007ffff500e885 in raise () from /lib64/libc.so.6
(gdb) 
(gdb) 
(gdb) bt
#0  0x00007ffff500e885 in raise () from /lib64/libc.so.6
#1  0x00007ffff5010065 in abort () from /lib64/libc.so.6
#2  0x00007ffff50079fe in __assert_fail_base () from /lib64/libc.so.6
#3  0x00007ffff5007ac0 in __assert_fail () from /lib64/libc.so.6
#4  0x00007ffff7e4d1f4 in qcow2_cache_destroy (bs=<value optimized out>, 
    c=0x7ffff86d7640) at block/qcow2-cache.c:69
#5  0x00007ffff7e470ba in qcow2_close (bs=<value optimized out>)
    at block/qcow2.c:625
#6  0x00007ffff7e31531 in bdrv_close (bs=0x7ffff86eb2c0) at block.c:665
#7  0x00007ffff7e315a8 in bdrv_close_all () at block.c:688
#8  0x00007ffff7e1e2a5 in kvm_main_loop ()
    at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2249
#9  0x00007ffff7e0047c in main_loop (argc=20, argv=<value optimized out>, 
    envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4228
#10 main (argc=20, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6489

Expected results:
Guest should quit normally.

Additional info:
Once when savevm, qemu prompts error, and then quit qemu causing an aborted.But I only saw this error for only once.
(qemu) savevm 
handle_dev_input: stop
Error while creating snapshot on 'drive-fdc0-0-0'
handle_dev_input: start
Comment 2 Dor Laor 2012-03-15 10:31:07 UTC 
savevm is not supported. I'm leaving the bug open to see if the abort is rlevant to other scenarios.
Comment 3 Kevin Wolf 2012-03-15 11:00:50 UTC 
Looks like we're forgetting to call qcow2_cache_put() in some error path. Reproducing this only with qemu-io/qemu-img, so that we have a fully deteministic scriptable test case would be good.
Comment 5 Paolo Bonzini 2012-03-29 14:00:30 UTC 
From bug 807894 comment 9, this was seen also with external snapshots:

(qemu) snapshot_blkdev drive-virtio-disk0 /root/sn1 qcow2  
(qemu) block_stream drive-virtio-disk0 
(qemu) quit

qemu-kvm core dump:

Program terminated with signal 6, Aborted.
#0  0x00007f5400ae1885 in raise (sig=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
64   return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);

(gdb) bt
#0  0x00007f5400ae1885 in raise (sig=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007f5400ae3065 in abort () at abort.c:92
#2  0x00007f5400ada9fe in __assert_fail_base (fmt=<value optimized out>,
assertion=0x7f540330b286 "c->entries[i].ref == 0", file=0x7f540330b25b
"block/qcow2-cache.c", line=<value optimized out>, 
    function=<value optimized out>) at assert.c:96
#3  0x00007f5400adaac0 in __assert_fail (assertion=0x7f540330b286
"c->entries[i].ref == 0", file=0x7f540330b25b "block/qcow2-cache.c", line=69,
function=0x7f540330b2b0 "qcow2_cache_destroy") at assert.c:105
#4  0x00007f54031b4324 in qcow2_cache_destroy (bs=<value optimized out>,
c=0x7f54049dcd70) at block/qcow2-cache.c:69
#5  0x00007f54031ae34a in qcow2_close (bs=0x7f54047e4010) at block/qcow2.c:628
#6  0x00007f5403197f21 in bdrv_close (bs=0x7f54047e4010) at block.c:693
#7  0x00007f5403198068 in bdrv_close_all () at block.c:717
#8  0x00007f5403184985 in kvm_main_loop () at
/usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2270
#9  0x00007f5403165cec in main_loop (argc=20, argv=<value optimized out>,
envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4202
#10 main (argc=20, argv=<value optimized out>, envp=<value optimized out>) at
/usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6427
Comment 6 Paolo Bonzini 2012-03-29 14:05:21 UTC 
Hm, this seems to be related to quitting while streaming.  Better open a separate bug.
Comment 7 Ademar Reis 2012-04-05 16:52:32 UTC 
(In reply to comment #6)
> Hm, this seems to be related to quitting while streaming.  Better open a
> separate bug.

Discussed this with Kevin, I'm moving it to 6.4 (savevm is not supported, but it's still worth some investigation in the near future).

Paolo, I assume you'll take care of the streaming case, even though this bug currently blocks the blk_mirror bug.
Comment 8 Paolo Bonzini 2012-04-05 17:14:49 UTC 
Yes, the streaming case is bug 807898.  Mirror+streaming is broken beyond possibility of saving it, so I removed bug 806432 from the blocks list of this one.
Comment 9 Ademar Reis 2012-06-22 15:15:59 UTC 
savevm is not supported and the streaming case has been investigated by Paolo. Closing as WONTFIX.