1001436 – Qemu core dumped when set iops,bps... to a negative value var monitor

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1001436 - Qemu core dumped when set iops,bps... to a negative value var monitor

Summary: Qemu core dumped when set iops,bps... to a negative value var monitor

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	6.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Fam Zheng
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-08-27 04:29 UTC by Sibiao Luo
Modified:	2013-11-22 00:40 UTC (History)
CC List:	12 users (show)
Fixed In Version:	qemu-kvm-0.12.1.2-2.400.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-11-22 00:40:30 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2013:1754	0	normal	SHIPPED_LIVE	Important: qemu-kvm-rhev, qemu-kvm-rhev-tools, qemu-img-rhev security and bug fix update	2013-11-21 10:48:24 UTC

Description Sibiao Luo 2013-08-27 04:29:13 UTC

Description of problem:
boot a guest and then set iops,bps... to a negative value var monitor, qemu will core dumped.

Version-Release number of selected component (if applicable):
host info:
# uname -r && rpm -q qemu-kvm-rhev
2.6.32-413.el6.x86_64
qemu-kvm-rhev-0.12.1.2-2.398.el6.x86_64
guest info:
2.6.32-413.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1.boot a guest.
e.g:...-drive file=/home/RHEL6.5-20130814.n.0-6.5-Server.qcow2,if=none,id=drive-system-disk,format=qcow2,cache=none,aio=native,werror=stop,rerror=stop,serial="QEMU-DISK1" -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=drive-system-disk,id=system-disk,bootindex=1
2.set iops,bps... to a negative value var monitor.
(qemu) info block
(qemu) block_set_io_throttle drive-system-disk -1024000 0 0 0 0 0

Actual results:
after step 2, the qemu core dumped, i will paste the bt log later.
(qemu) info block
drive-system-disk: removable=0 io-status=ok file=/home/RHEL6.5-20130814.n.0-6.5-Server.qcow2 ro=0 drv=qcow2 encrypted=0 bps=0 bps_rd=0 bps_wr=0 iops=0 iops_rd=0 iops_wr=0
ide1-cd0: removable=1 locked=0 tray-open=0 io-status=ok [not inserted]
floppy0: removable=1 locked=0 tray-open=0 [not inserted]
sd0: removable=1 locked=0 tray-open=0 [not inserted]
(qemu) block_set_io_throttle drive-system-disk -1024000 0 0 0 0 0
qemu-kvm: /builddir/build/BUILD/qemu-kvm-0.12.1.2/error.c:34: error_set: Assertion `*errp == ((void *)0)' failed.
Aborted (core dumped)

Expected results:
It should no cored dumped, and it should give a warning friendly message like
"Parameter 'bps' expects a positive number".

Additional info:
# /usr/libexec/qemu-kvm -S -M rhel6.5.0 -cpu SandyBridge -enable-kvm -m 4096 -smp 4,sockets=2,cores=2,threads=1 -no-kvm-pit-reinjection -name sluo -uuid 43425b70-86e5-4664-bf2c-3b76699b8bec -rtc base=localtime,clock=host,driftfix=slew -device virtio-serial-pci,id=virtio-serial0,max_ports=16,vectors=0,bus=pci.0,addr=0x3 -chardev socket,id=channel1,path=/tmp/helloworld1,server,nowait -device virtserialport,chardev=channel1,name=com.redhat.rhevm.vdsm.1,bus=virtio-serial0.0,id=port1,nr=1 -chardev socket,id=channel2,path=/tmp/helloworld2,server,nowait -device virtserialport,chardev=channel2,name=com.redhat.rhevm.vdsm.2,bus=virtio-serial0.0,id=port2,nr=2 -drive file=/home/RHEL6.5-20130814.n.0-6.5-Server.qcow2,if=none,id=drive-system-disk,format=qcow2,cache=none,aio=native,werror=stop,rerror=stop,serial="QEMU-DISK1" -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=drive-system-disk,id=system-disk,bootindex=1 -device virtio-balloon-pci,id=ballooning,bus=pci.0,addr=0x5 -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -netdev tap,id=hostnet0,vhost=off,script=/etc/qemu-ifup -device virtio-net-pci,netdev=hostnet0,id=virtio-net-pci0,mac=2C:41:38:B6:40:21,bus=pci.0,addr=0x6,bootindex=2 -k en-us -boot menu=on -qmp tcp:0:4444,server,nowait -serial unix:/tmp/ttyS0,server,nowait -vnc :1 -spice port=5931,disable-ticketing -monitor stdio

Comment 1 Sibiao Luo 2013-08-27 04:30:42 UTC

(gdb) bt
#0  0x00007ffca6d7f925 in raise () from /lib64/libc.so.6
#1  0x00007ffca6d81105 in abort () from /lib64/libc.so.6
#2  0x00007ffca6d78a4e in __assert_fail_base () from /lib64/libc.so.6
#3  0x00007ffca6d78b10 in __assert_fail () from /lib64/libc.so.6
#4  0x00007ffca9f173ba in error_set (errp=0x7fff219ca698, 
    fmt=0x7ffcaa074b48 "{ 'class': 'GenericError', 'data': { 'message': %s } }")
    at /usr/src/debug/qemu-kvm-0.12.1.2/error.c:34
#5  0x00007ffca9f17427 in error_vsetg_errno (errp=0x7fff219ca698, os_errno=<value optimized out>, 
    fmt=<value optimized out>, ap=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/error.c:66
#6  0x00007ffca9f174dd in error_setg (errp=<value optimized out>, fmt=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/error.c:84
#7  0x00007ffca9f189a1 in do_check_io_limits (io_limits=<value optimized out>, errp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/blockdev.c:335
#8  0x00007ffca9f18b34 in do_block_set_io_throttle (mon=<value optimized out>, qdict=<value optimized out>, 
    ret_data=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/blockdev.c:1290
#9  0x00007ffca9eb3b20 in monitor_call_handler (mon=0x7ffcad813f60, cmd=0x7ffcaa3a82b8, params=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:4369
#10 0x00007ffca9eb8faf in handle_user_command (mon=0x7ffcad813f60, cmdline=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:4406
#11 0x00007ffca9eb90e7 in monitor_command_cb (mon=0x7ffcad813f60, cmdline=<value optimized out>, 
    opaque=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:5044
#12 0x00007ffca9f21abd in readline_handle_byte (rs=0x7ffcad84c0d0, ch=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/readline.c:369
#13 0x00007ffca9eb9355 in monitor_read (opaque=<value optimized out>, buf=0x7fff219ca7c0 "\r\213\340\251\374\177", 
    size=1) at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:5030
#14 0x00007ffca9f3838c in qemu_chr_be_write (chan=<value optimized out>, cond=<value optimized out>, 
    opaque=0x7ffcac1d7cd0) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-char.c:192
#15 fd_chr_read (chan=<value optimized out>, cond=<value optimized out>, opaque=0x7ffcac1d7cd0)
    at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-char.c:786
#16 0x00007ffca9313eb2 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#17 0x00007ffca9eac01a in glib_select_poll (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:3999
#18 main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4072
#19 0x00007ffca9ecedaa in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2245
#20 0x00007ffca9eaed69 in main_loop (argc=56, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4266
#21 main (argc=56, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6644
(gdb) bt full
#0  0x00007ffca6d7f925 in raise () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007ffca6d81105 in abort () from /lib64/libc.so.6
No symbol table info available.
#2  0x00007ffca6d78a4e in __assert_fail_base () from /lib64/libc.so.6
No symbol table info available.
#3  0x00007ffca6d78b10 in __assert_fail () from /lib64/libc.so.6
No symbol table info available.
#4  0x00007ffca9f173ba in error_set (errp=0x7fff219ca698, 
    fmt=0x7ffcaa074b48 "{ 'class': 'GenericError', 'data': { 'message': %s } }")
    at /usr/src/debug/qemu-kvm-0.12.1.2/error.c:34
        err = <value optimized out>
        ap = {{gp_offset = 0, fp_offset = 0, overflow_arg_area = 0x0, reg_save_area = 0x2}}
        __PRETTY_FUNCTION__ = "error_set"
#5  0x00007ffca9f17427 in error_vsetg_errno (errp=0x7fff219ca698, os_errno=<value optimized out>, 
    fmt=<value optimized out>, ap=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/error.c:66
        msg = 0x7ffcac4141b0 "bps and iops values must be 0 or greater"
#6  0x00007ffca9f174dd in error_setg (errp=<value optimized out>, fmt=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/error.c:84
        ap = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fff219ca650, reg_save_area = 0x7fff219ca590}}
#7  0x00007ffca9f189a1 in do_check_io_limits (io_limits=<value optimized out>, errp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/blockdev.c:335
        bps_flag = <value optimized out>
        iops_flag = <value optimized out>
        __PRETTY_FUNCTION__ = "do_check_io_limits"
#8  0x00007ffca9f18b34 in do_block_set_io_throttle (mon=<value optimized out>, qdict=<value optimized out>, 
    ret_data=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/blockdev.c:1290
        io_limits = {bps = {0, 0, -1024000}, iops = {0, 0, 0}}
        devname = 0x7ffcac3fb0d0 "drive-system-disk"
        bs = 0x7ffcac1ee010
        error = <value optimized out>
        __func__ = "do_block_set_io_throttle"
#9  0x00007ffca9eb3b20 in monitor_call_handler (mon=0x7ffcad813f60, cmd=0x7ffcaa3a82b8, params=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:4369
        ret = <value optimized out>
        data = 0x0
#10 0x00007ffca9eb8faf in handle_user_command (mon=0x7ffcad813f60, cmdline=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:4406
        qdict = 0x7ffcad84ec30
        cmd = 0x7ffcaa3a82b8
#11 0x00007ffca9eb90e7 in monitor_command_cb (mon=0x7ffcad813f60, cmdline=<value optimized out>, 
    opaque=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:5044
No locals.
#12 0x00007ffca9f21abd in readline_handle_byte (rs=0x7ffcad84c0d0, ch=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/readline.c:369
No locals.
#13 0x00007ffca9eb9355 in monitor_read (opaque=<value optimized out>, buf=0x7fff219ca7c0 "\r\213\340\251\374\177", 
    size=1) at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:5030
        old_mon = 0x0
        i = <value optimized out>
#14 0x00007ffca9f3838c in qemu_chr_be_write (chan=<value optimized out>, cond=<value optimized out>, 
    opaque=0x7ffcac1d7cd0) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-char.c:192
No locals.
#15 fd_chr_read (chan=<value optimized out>, cond=<value optimized out>, opaque=0x7ffcac1d7cd0)
    at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-char.c:786
        chr = 0x7ffcac1d7cd0
        s = 0x7ffcac1d7d90
        len = <value optimized out>
        buf = "\r\213\340\251\374\177\000\000\236\023\264\247\374\177\000\000\000\000\066\343\201S\371\377\250Z$\002\004P8\006\n\201\030\300\021\000\242K\210\001\030\002\000 \023\t\004\004|\n\340\020\b\240\260˜!\377\177\000\000 ̜!\377\177\000\000\002\000\000\000\000\000\000\000\240\251\234!\377\177\000\000\022\363\366\245\374\177\000\000 \257\234!\377\177\000\000\020\257\234!\377\177\000\000\"\000\000\000\000\000\000\000\220\260\234!\377\177\000\000\022\220\005\252\374\177\000\000i\247~\251\374\177\000\000\000\000\000\000\000\000\000\000\005\350\354\251\374\177\000\000\001\000\000\000\000\000\000\000\200z5\254\374\177\000\000\200\265\001\000\000\000\000\000\300|5\254\374\177\000\000\200\257\234!\377\177\000\000p\257\234!\377\177\000\000\a\000\000\000\000\000\000\000\240\260\234!\377\177\000\000iE\352\246\374\177\000\000g\024٦\374\177\000\000iE\352\246\374\177\000\000\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\210\256\234!\377\177\000\000\373=\265\247\000\000\000\000\250\256\234!\377\177\000\000\000\023"...
        status = <value optimized out>
#16 0x00007ffca9313eb2 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
No symbol table info available.
#17 0x00007ffca9eac01a in glib_select_poll (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:3999
        context = 0x7ffcac1d6a20
#18 main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4072
        ioh = <value optimized out>
        rfds = {fds_bits = {1, 0 <repeats 15 times>}}
        wfds = {fds_bits = {0 <repeats 16 times>}}
        xfds = {fds_bits = {0 <repeats 16 times>}}
        ret = <value optimized out>
        nfds = 28
        tv = {tv_sec = 0, tv_usec = 976935}
#19 0x00007ffca9ecedaa in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2245
        fds = {26, 27}
        mask = {__val = {268443712, 0 <repeats 15 times>}}
        sigfd = 28
#20 0x00007ffca9eaed69 in main_loop (argc=56, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4266
        r = <value optimized out>
#21 main (argc=56, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6644
        gdbstub_dev = 0x0
        i = <value optimized out>
        snapshot = 0
        linux_boot = 0
        initrd_filename = 0x0
        kernel_filename = 0x0
        kernel_cmdline = 0x7ffcaa07796f ""
        boot_devices = "cad", '\000' <repeats 29 times>
        ds = <value optimized out>
        dcl = <value optimized out>
        cyls = 0
        heads = 0
        secs = 0
        translation = 0
        hda_opts = 0x7ffcaa3d8490
        opts = <value optimized out>
        olist = <value optimized out>
        optind = 56
        optarg = 0x7fff219ce7ed "stdio"
        loadvm = 0x0
        machine = 0x7ffcaa3d1980
        cpu_model = 0x7fff219ce2d3 "SandyBridge"
        fds = {-1444904816, 32764}
        tb_size = 0
        pid_file = 0x0
        incoming = 0x0
        fd = 0
        pwd = 0x0
        chroot_dir = 0x0
        run_as = 0x0
        env = <value optimized out>
        show_vnc_port = 0
        defconfig = <value optimized out>
        defconfig_verbose = <value optimized out>
(gdb)

Comment 2 Sibiao Luo 2013-08-27 04:37:50 UTC

This issue is regression issue, maybe was cause by the bug 987725 fixed code.

host info:
# uname -r && rpm -q qemu-kvm-rhev
2.6.32-413.el6.x86_64
qemu-kvm-rhev-0.12.1.2-2.397.el6.x86_64

e.g:....-drive file=/home/RHEL6.5-20130814.n.0-6.5-Server.qcow2,if=none,id=drive-system-disk,format=qcow2,cache=none,aio=native,werror=stop,rerror=stop,serial="QEMU-DISK1" -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=drive-system-disk,id=system-disk,bootindex=1
(qemu) block_set_io_throttle drive-system-disk -1024000 0 0 0 0 0
(qemu) 
(qemu) info block
drive-system-disk: removable=0 io-status=ok file=/home/RHEL6.5-20130814.n.0-6.5-Server.qcow2 ro=0 drv=qcow2 encrypted=0 bps=-1024000 bps_rd=0 bps_wr=0 iops=0 iops_rd=0 iops_wr=0
...

Best Regards,
sluo

Comment 3 Sibiao Luo 2013-08-27 04:49:51 UTC

Also tried the rhel7 host that did not hit this issue, it can give a warning message prompt correctly.
(qemu) info block
drive-system-disk: removable=0 io-status=ok file=/home/RHEL-Server-7.0-64.qcow2 ro=0 drv=qcow2 encrypted=0 bps=0 bps_rd=0 bps_wr=0 iops=0 iops_rd=0 iops_wr=0
...
(qemu) block_set_io_throttle drive-system-disk -1024000 0 0 0 0 0
bps and iops values must be 0 or greater

Best Regards,
sluo

Comment 11 Sibiao Luo 2013-09-12 06:07:46 UTC

Verify this issue on qemu-kvm-rhev-0.12.1.2-2.401.el6.x86_64 that "bps and iops values must be 0 or greater".

host info:
# uname -r && rpm -q qemu-kvm-rhev
2.6.32-414.el6.x86_64
qemu-kvm-rhev-0.12.1.2-2.401.el6.x86_64

e.g:...-drive file=/home/RHEL6.5-20130830.2-Server-x86_64.qcow2,if=none,id=drive-system-disk,format=qcow2,cache=none,aio=native,werror=stop,rerror=stop -device virtio-blk-pci,vectors=0,bus=pci.0,addr=0x4,scsi=off,drive=drive-system-disk,id=system-disk,bootindex=1

{"execute":"qmp_capabilities"}
{"return": {}}
{ "execute": "block_set_io_throttle", "arguments": { "device": "drive-system-disk","bps": -1024000,"bps_rd": 0,"bps_wr": 0,"iops": 0,"iops_rd": 0,"iops_wr": 0 } }
{"error": {"class": "GenericError", "desc": "bps and iops values must be 0 or greater", "data": {"message": "bps and iops values must be 0 or greater"}}}

{ "execute": "block_set_io_throttle", "arguments": { "device": "drive-system-disk","bps": 0,"bps_rd": -1024000,"bps_wr": 0,"iops": 0,"iops_rd": 0,"iops_wr": 0 } }
{"error": {"class": "GenericError", "desc": "bps and iops values must be 0 or greater", "data": {"message": "bps and iops values must be 0 or greater"}}}

{ "execute": "block_set_io_throttle", "arguments": { "device": "drive-system-disk","bps": 0,"bps_rd": 0,"bps_wr": -1024000,"iops": 0,"iops_rd": 0,"iops_wr": 0 } }
{"error": {"class": "GenericError", "desc": "bps and iops values must be 0 or greater", "data": {"message": "bps and iops values must be 0 or greater"}}}

{ "execute": "block_set_io_throttle", "arguments": { "device": "drive-system-disk","bps": 0,"bps_rd": 0,"bps_wr": 0,"iops": -1024000,"iops_rd": 0,"iops_wr": 0 } }
{"error": {"class": "GenericError", "desc": "bps and iops values must be 0 or greater", "data": {"message": "bps and iops values must be 0 or greater"}}}

{ "execute": "block_set_io_throttle", "arguments": { "device": "drive-system-disk","bps": 0,"bps_rd": 0,"bps_wr": 0,"iops": 0,"iops_rd": -1024000,"iops_wr": 0 } }
{"error": {"class": "GenericError", "desc": "bps and iops values must be 0 or greater", "data": {"message": "bps and iops values must be 0 or greater"}}}

{ "execute": "block_set_io_throttle", "arguments": { "device": "drive-system-disk","bps": 0,"bps_rd": 0,"bps_wr": 0,"iops": 0,"iops_rd": 0,"iops_wr": -1024000 } }
{"error": {"class": "GenericError", "desc": "bps and iops values must be 0 or greater", "data": {"message": "bps and iops values must be 0 or greater"}}}

Base on above, this issue has been fixed correctly. Move to VERIFIED status.

Best Regards,
sluo

Comment 14 errata-xmlrpc 2013-11-22 00:40:30 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-1754.html

Note You need to log in before you can comment on or make changes to this bug.