Bug 1247042 - qemu quit when using sg_write_same command inside RHEL7.2 guest
qemu quit when using sg_write_same command inside RHEL7.2 guest
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: qemu-kvm-rhev (Show other bugs)
7.2
x86_64 Linux
high Severity high
: rc
: ---
Assigned To: Fam Zheng
Virtualization Bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-07-27 04:23 EDT by weliao
Modified: 2015-12-04 11:52 EST (History)
10 users (show)

See Also:
Fixed In Version: qemu-kvm-rhev-2.3.0-23.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-04 11:52:24 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description weliao 2015-07-27 04:23:30 EDT
Description of problem:
Boot rhel7.2 guest with virtio-scsi disk. then execute sg_write_same commands as below inside guest. It cause qemu-kvm-rhev process quit.

# sg_write_same --in buf --num=32 --lba=80 /dev/sdb
# sg_write_same --in /dev/zero --num=96 --lba=0 /dev/sdb
# sg_write_same -U --in /dev/zero --num=16 --lba=0 /dev/sdb
# time sg_write_same --in buf --num=65536 --lba=131074 /dev/sdb
	
	
[Create Linking Work Item] 

Version-Release number of selected component (if applicable):
Host:
3.10.0-300.el7.x86_64
qemu-kvm-rhev-2.3.0-13.el7.x86_64

Guest:
RHEL7.2
3.10.0-294.el7.x86_64

rpm:
sg3_utils-libs-1.37-5.el7.x86_64
sg3_utils-1.37-5.el7.x86_64


How reproducible:


Steps to Reproduce:
1.1. Create a 1G raw image on an XFS file system.
# qemu-img create -f raw /home/testthin.img 1G

2.Start qemu
 /usr/libexec/qemu-kvm -name rhel7.2 -M pc-i440fx-rhel7.2.0,accel=kvm,usb=off,vmport=off -cpu SandyBridge -m 8192 -smp 8 \

-drive file=/home/rhel.img,if=none,id=drive-ide0-0-0,format=raw -device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 \

-drive file=/home/testthin.img,if=none,id=drive-data-disk,format=raw,cache=none,aio=native,werror=stop,rerror=stop,discard=on -device virtio-scsi-pci,id=scsi1,bus=pci.0 -device scsi-hd,drive=drive-data-disk,id=data-disk,logical_block_size=4096,bus=scsi1.0 \

 -netdev tap,id=hostnet0 -device rtl8139,netdev=hostnet0,id=net0,mac=52:55:00:5c:89:4d,bus=pci.0 \

-device qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vgamem_mb=16,bus=pci.0 -spice port=5900,disable-ticketing, -monitor stdio

3.Execute the following commands in guest:
# yes | head -n2048 > buf
# sg_write_same --in buf --num=32 --lba=80 /dev/sdb
# sg_write_same --in /dev/zero --num=96 --lba=0 /dev/sdb
# sg_write_same -U --in /dev/zero --num=16 --lba=0 /dev/sdb
# time sg_write_same --in buf --num=65536 --lba=131074 /dev/sdb


Actual results:
Guest:
after step3.

qemu-kvm: block.c:3332: bdrv_aligned_pwritev: Assertion `!qiov || bytes == qiov->size' failed.
Aborted (core dumped)

Expected results:
qemu-kvm-rhev and guest work well

Additional info:
gdb debug info:
(gdb) bt
#0  0x00007ffff071a5d7 in raise () from /lib64/libc.so.6
#1  0x00007ffff071bcc8 in abort () from /lib64/libc.so.6
#2  0x00007ffff0713546 in __assert_fail_base () from /lib64/libc.so.6
#3  0x00007ffff07135f2 in __assert_fail () from /lib64/libc.so.6
#4  0x00005555557dd2cb in bdrv_aligned_pwritev (bs=bs@entry=0x555556a2c800, req=req@entry=0x55556439bf00, offset=offset@entry=804790272, 
    bytes=bytes@entry=520192, qiov=0x55555692dd18, flags=0) at block.c:3332
#5  0x00005555557ddcd7 in bdrv_co_do_pwritev (bs=bs@entry=0x555556a2c800, offset=<optimized out>, bytes=520192, qiov=0x55555692dd18, 
    flags=<optimized out>) at block.c:3580
#6  0x00005555557dea17 in bdrv_co_do_writev (flags=<optimized out>, qiov=<optimized out>, nb_sectors=<optimized out>, sector_num=<optimized out>, 
    bs=<optimized out>) at block.c:3604
#7  bdrv_co_do_rw (opaque=0x555557ae68f0) at block.c:4997
#8  0x00005555557e895a in coroutine_trampoline (i0=<optimized out>, i1=<optimized out>) at coroutine-ucontext.c:80
#9  0x00007ffff072c0f0 in ?? () from /lib64/libc.so.6
#10 0x00007fffe61a7ef0 in ?? ()
#11 0x0000000000000000 in ?? ()
Comment 2 Fam Zheng 2015-07-30 02:40:11 EDT
Patches posted to upstream:

https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05677.html
Comment 4 Fam Zheng 2015-09-06 05:42:11 EDT
weliao, could you test this scratch build?

http://brewweb.devel.redhat.com/brew/taskinfo?taskID=9802035
Comment 5 weliao 2015-09-06 06:10:45 EDT
Version-Release number of selected component (if applicable):
Host:
3.10.0-309.el7.x86_64
qemu-kvm-rhev-2.3.0-22.el7.test.x86_64
Guest:
RHEL7.2
3.10.0-229.el7.x86_64
[root@dhcp-66-106-190 ~]#  yes | head -n2048 > buf
[root@dhcp-66-106-190 ~]# sg_write_same --in buf --num=32 --lba=80 /dev/sdb
[root@dhcp-66-106-190 ~]# sg_write_same --in /dev/zero --num=96 --lba=0 /dev/sdb
[root@dhcp-66-106-190 ~]# sg_write_same -U --in /dev/zero --num=16 --lba=0 /dev/sdb

[root@dhcp-66-106-190 ~]# time sg_write_same --in buf --num=65537 --lba=131074 /dev/sdb

real	0m0.027s
user	0m0.004s
sys	0m0.002s


host no core dumped.
Comment 6 Miroslav Rezanina 2015-09-15 06:50:10 EDT
Fix included in qemu-kvm-rhev-2.3.0-23.el7
Comment 7 weliao 2015-09-17 05:32:10 EDT
Version-Release number of selected component (if applicable):
Host:
qemu-kvm-rhev-2.3.0-23.el7.x86_64

Guest:
RHEL7.2

[root@dhcp-9-242 ~]# yes | head -n2048 > buf
[root@dhcp-9-242 ~]#  sg_write_same --in buf --num=32 --lba=80 /dev/sdb
[root@dhcp-9-242 ~]# sg_write_same --in /dev/zero --num=96 --lba=0 /dev/sdb
[root@dhcp-9-242 ~]# sg_write_same -U --in /dev/zero --num=16 --lba=0 /dev/sdb
[root@dhcp-9-242 ~]# time sg_write_same --in buf --num=65536 --lba=131074 /dev/sdb

real	0m2.546s
user	0m0.005s
sys	0m0.001s
[root@dhcp-9-242 ~]# time sg_write_same --in buf --num=65537 --lba=131074 /dev/sdb


real	0m2.554s
user	0m0.001s
sys	0m0.004s


host no core dumped,  Bug fixed.
Comment 8 juzhang 2015-09-17 21:26:10 EDT
According to comment7, set this issue as verified.
Comment 10 errata-xmlrpc 2015-12-04 11:52:24 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2546.html

Note You need to log in before you can comment on or make changes to this bug.