Bug 915636

Summary: destroy guest when dompmsuspend hung will cause libvirtd crash
Product: Red Hat Enterprise Linux 6 Reporter: zhpeng
Component: libvirtAssignee: John Ferlan <jferlan>
Status: CLOSED DUPLICATE QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.4CC: acathrow, cwei, dyasny, dyuan, jdenemar, mzhan, rwu
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-05-22 11:00:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
libvirtd crash log
none
libvirtd crash log en_US.UTF-8
none
gdb backtrace log
none
backtrace log with all threads none

Description zhpeng 2013-02-26 09:11:23 UTC 
Description of problem:
destroy guest when dompmsuspend hung will lead libvirtd crash

This bug is from https://bugzilla.redhat.com/show_bug.cgi?id=872420#c3 and https://bugzilla.redhat.com/show_bug.cgi?id=872420#c15

Version-Release number of selected component (if applicable):
libvirt-0.10.2-18.el6.x86_64

How reproducible:
80%

Steps to Reproduce:
0, prepare a guest with qemu-ga env.
1, boot the guest(4G mem)
2, setmem to 2G mem
3, virsh # dompmsuspend guest --target disk
   it will hang
4, open second terminal, run: virsh # shutdown guest
   it will hang  
5, open the third terminal, run: virsh # destroy guest
error: Failed to destroy domain guest
error: End of file while reading data: Input/output error
error: Failed to reconnect to the hypervisor

Actual results:
libvirtd crashed

Expected results:
No crash happen

Additional info:
Comment 1 zhpeng 2013-02-26 09:12:36 UTC 
Created attachment 702714 [details]
libvirtd crash log
Comment 3 Jiri Denemark 2013-02-26 10:29:36 UTC 
Since libvirtd crashed, could you provide backtrace for all threads at the time of the crash? Also enabling debug logs for libvirtd and setting English locale would help too.
Comment 4 zhpeng 2013-02-27 02:35:26 UTC 
Created attachment 703233 [details]
libvirtd crash log  en_US.UTF-8
Comment 5 zhpeng 2013-02-27 02:49:53 UTC 
Created attachment 703235 [details]
gdb backtrace log
Comment 6 zhpeng 2013-02-27 05:16:11 UTC 
Created attachment 703268 [details]
backtrace log with all threads
Comment 8 John Ferlan 2013-05-22 11:00:19 UTC 
After reviewing all the log data I have come to the conclusion that this ends up being a duplicate of BZ 915353.  Of particular note is log data from comment 1:

2013-02-26 08:58:22.247+000016545: debug : virObjectUnref:137 : OBJECT_DISPOSE: obj=0x7fb420004680
...
2013-02-26 08:58:22.247+000016550: debug : qemuDomainObjEndJob:937 : Stopping job: modify (async=none)


then the last few lines just prior to the segv, there's references to the same object:

2013-02-26 08:58:22.247+000016546: debug : virObjectRef:168 : OBJECT_REF: obj=0x7fb420004680
2013-02-26 08:58:22.247+000016545: debug : virEventPollCalculateTimeout:346 : Timeout at 1361869102621 due in 374 ms
2013-02-26 08:58:22.247+000016545: debug : virEventPollRunOnce:614 : EVENT_POLL_RUN: nhandles=13 timeout=374
2013-02-26 08:58:22.247+000016545: debug : virEventPollRunOnce:625 : Poll got 5 event(s)
2013-02-26 08:58:22.247+000016546: debug : qemuAgentGuestSync:948 : Sending guest-sync command with ID: 1361869102247
2013-02-26 08:58:22.247+000016545: debug : virEventPollDispatchTimeouts:410 : Dispatch 11
2013-02-26 08:58:22.247+000016546: debug : qemuAgentSend:866 : Attempt to send command while error is set in

That "in" is a the "%s" of a NULLSTR(mon->lastError.message), so it's quite bogus.

*** This bug has been marked as a duplicate of bug 915353 ***