Bug 1686262 - Bitmap merge: Segment fault when merge with a not existed src_name in transaction mode
Summary: Bitmap merge: Segment fault when merge with a not existed src_name in transac...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux Advanced Virtualization
Classification: Red Hat
Component: qemu-kvm
Version: 8.1
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: 8.1
Assignee: John Snow
QA Contact: aihua liang
URL:
Whiteboard:
Depends On: 1686253
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-03-07 06:10 UTC by aihua liang
Modified: 2019-11-06 07:13 UTC (History)
9 users (show)

Fixed In Version: qemu-kvm-4.1.0-1.module+el8.1.0+3966+4a23dca1
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1686253
Environment:
Last Closed: 2019-11-06 07:13:36 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:3723 0 None None None 2019-11-06 07:13:56 UTC

Comment 1 aihua liang 2019-03-07 06:12:48 UTC 
Test on qemu-kvm-3.1.0-18.module+el8+2834+fa8bb6e2.x86_64, also hit this issue.

gdb info:
 (gdb) bt full
#0  0x00005639d39d6198 in hbitmap_free (hb=0x0) at util/hbitmap.c:643
        i = <optimized out>
        __PRETTY_FUNCTION__ = "hbitmap_free"
#1  0x00005639d37b90c2 in qmp_transaction (dev_list=<optimized out>, has_props=<optimized out>, props=0x5639d583be70, 
    errp=errp@entry=0x7ffe38a9e418) at blockdev.c:2315
        dev_entry = <optimized out>
        block_job_txn = 0x0
        state = 0x5639d46d8330
        next = <optimized out>
        local_err = 0x0
        snap_bdrv_states = {sqh_first = 0x5639d46d8330, sqh_last = 0x5639d46d8350}
        __PRETTY_FUNCTION__ = "qmp_transaction"
#2  0x00005639d37d5275 in qmp_marshal_transaction (args=<optimized out>, ret=<optimized out>, errp=0x7ffe38a9e488)
    at qapi/qapi-commands-transaction.c:46
        err = 0x0
        v = 0x5639d46ee330
        arg = {actions = 0x5639d544ac10, has_properties = false, properties = 0x0}
        _obj = <optimized out>
        __mptr = <optimized out>
#3  0x00005639d39c3053 in do_qmp_dispatch (errp=0x7ffe38a9e480, allow_oob=<optimized out>, request=<optimized out>, 
    cmds=0x5639d4202cb0 <qmp_commands>) at qapi/qmp-dispatch.c:129
        local_err = 0x0
        command = 0x5639d533a960 "transaction"
        dict = <optimized out>
        ret = 0x0
        oob = false
        args = 0x5639d46d9e00
        cmd = 0x5639d45810c0
        local_err = <optimized out>
        oob = <optimized out>
        command = <optimized out>
--Type <RET> for more, q to quit, c to continue without paging--
        args = <optimized out>
        dict = <optimized out>
        cmd = <optimized out>
        ret = <optimized out>
        __PRETTY_FUNCTION__ = "do_qmp_dispatch"
        __func__ = "do_qmp_dispatch"
        _o = <optimized out>
        _obj = <optimized out>
        __mptr = <optimized out>
        _g_boolean_var_ = <optimized out>
        _obj = <optimized out>
        __mptr = <optimized out>
        _obj = <optimized out>
        __mptr = <optimized out>
#4  qmp_dispatch (cmds=0x5639d4202cb0 <qmp_commands>, request=<optimized out>, allow_oob=<optimized out>)
    at qapi/qmp-dispatch.c:171
        err = 0x0
        ret = <optimized out>
        rsp = <optimized out>
#5  0x00005639d36cd153 in monitor_qmp_dispatch (mon=0x5639d4630e00, req=<optimized out>, id=0x0)
    at /usr/src/debug/qemu-kvm-3.1.0-18.module+el8+2834+fa8bb6e2.x86_64/monitor.c:4085
        old_mon = 0x0
        rsp = <optimized out>
        error = <optimized out>
#6  0x00005639d36d30c8 in monitor_qmp_bh_dispatcher (data=<optimized out>)
    at /usr/src/debug/qemu-kvm-3.1.0-18.module+el8+2834+fa8bb6e2.x86_64/monitor.c:4157
        req_obj = 0x5639d4910b90
        rsp = <optimized out>
        need_resume = 255
        __PRETTY_FUNCTION__ = "monitor_qmp_bh_dispatcher"
#7  0x00005639d39ce026 in aio_bh_call (bh=0x5639d45836d0) at util/async.c:118
--Type <RET> for more, q to quit, c to continue without paging--
No locals.
#8  aio_bh_poll (ctx=ctx@entry=0x5639d4582380) at util/async.c:118
        bh = 0x5639d45836d0
        bhp = <optimized out>
        next = 0x5639d45828f0
        ret = 1
        deleted = false
#9  0x00005639d39d1354 in aio_dispatch (ctx=0x5639d4582380) at util/aio-posix.c:440
No locals.
#10 0x00005639d39cdf02 in aio_ctx_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>)
    at util/async.c:261
        ctx = <optimized out>
        __PRETTY_FUNCTION__ = "aio_ctx_dispatch"
#11 0x00007f1193f6f89d in g_main_dispatch (context=0x5639d45f8cd0) at gmain.c:3176
        dispatch = 0x5639d39cdef0 <aio_ctx_dispatch>
        prev_source = 0x0
        was_in_call = 0
        user_data = 0x0
        callback = 0x0
        cb_funcs = 0x0
        cb_data = 0x0
        need_destroy = <optimized out>
        source = 0x5639d4582380
        current = 0x5639d45f2e40
        i = 0
        current = <optimized out>
        i = <optimized out>
        __func__ = "g_main_dispatch"
        source = <optimized out>
        _g_boolean_var_ = <optimized out>
        was_in_call = <optimized out>
--Type <RET> for more, q to quit, c to continue without paging--
        user_data = <optimized out>
        callback = <optimized out>
        cb_funcs = <optimized out>
        cb_data = <optimized out>
        need_destroy = <optimized out>
        dispatch = <optimized out>
        prev_source = <optimized out>
        _g_boolean_var_ = <optimized out>
#12 g_main_context_dispatch (context=context@entry=0x5639d45f8cd0) at gmain.c:3829
No locals.
#13 0x00005639d39d05d8 in glib_pollfds_poll () at util/main-loop.c:215
        context = 0x5639d45f8cd0
        pfds = <optimized out>
        context = <optimized out>
        pfds = <optimized out>
#14 os_host_main_loop_wait (timeout=<optimized out>) at util/main-loop.c:238
        context = 0x5639d45f8cd0
        ret = 1
        context = <optimized out>
        ret = <optimized out>
#15 main_loop_wait (nonblocking=<optimized out>) at util/main-loop.c:497
        ret = <optimized out>
        timeout = 4294967295
        timeout_ns = <optimized out>
#16 0x00005639d37c34e9 in main_loop () at vl.c:1910
No locals.
#17 0x00005639d36839b4 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4681
        i = <optimized out>
        snapshot = 0
        linux_boot = <optimized out>
        initrd_filename = 0x0
--Type <RET> for more, q to quit, c to continue without paging--
        kernel_filename = 0x0
        kernel_cmdline = <optimized out>
        boot_order = 0x5639d4586720 "cdn"
        boot_once = <optimized out>
        ds = <optimized out>
        opts = <optimized out>
        machine_opts = <optimized out>
        icount_opts = <optimized out>
        accel_opts = 0x0
        olist = <optimized out>
        optind = 64
        optarg = 0x7ffe38aa0478 "tcp:0:3000,server,nowait"
        loadvm = 0x0
        machine_class = <optimized out>
        cpu_model = 0x7ffe38aa03b4 "Penryn,+kvm_pv_unhalt"
        vga_model = 0x0
        qtest_chrdev = 0x0
        qtest_log = 0x0
        incoming = 0x0
        userconfig = <optimized out>
        nographic = false
        display_remote = <optimized out>
        log_mask = <optimized out>
        log_file = <optimized out>
        trace_file = <optimized out>
        maxram_size = 4294967296
        ram_slots = 0
        vmstate_dump_file = 0x0
        main_loop_err = 0x0
        err = 0x0
        list_data_dirs = <optimized out>
--Type <RET> for more, q to quit, c to continue without paging--
        dir = <optimized out>
        dirs = <optimized out>
        bdo_queue = {sqh_first = 0x0, sqh_last = 0x7ffe38a9e7b0}
        __func__ = "main"
Comment 2 John Snow 2019-07-08 20:09:18 UTC 
Expected to be fixed by 360d4e4e9a501d92fb8866ac307d33a25f70c6d1 included in rebase to 4.0
Comment 4 aihua liang 2019-08-16 03:28:56 UTC 
Verified it on qemu-kvm-4.1.0-1.module+el8.1.0+3966+4a23dca1.x86_64, the issue has been resolved, set bug's status to 'Verified'.

Test steps:
 1.Start guest with qemu cmds
   /usr/libexec/qemu-kvm \
    -S \
    -name 'avocado-vt-vm1' \
    -machine pc  \
    -nodefaults \
    -device VGA,bus=pci.0,addr=0x2  \
    -chardev socket,id=qmp_id_qmpmonitor1,path=/var/tmp/monitor-qmpmonitor1-20190123-032240-rOoB4cgD,server,nowait \
    -mon chardev=qmp_id_qmpmonitor1,mode=control  \
    -chardev socket,id=qmp_id_catch_monitor,path=/var/tmp/monitor-catch_monitor-20190123-032240-rOoB4cgD,server,nowait \
    -mon chardev=qmp_id_catch_monitor,mode=control \
    -device pvpanic,ioport=0x505,id=id8Ec4Bn  \
    -chardev socket,id=serial_id_serial0,path=/var/tmp/serial-serial0-20190123-032240-rOoB4cgD,server,nowait \
    -device isa-serial,chardev=serial_id_serial0  \
    -chardev socket,id=seabioslog_id_20190123-032240-rOoB4cgD,path=/var/tmp/seabios-20190123-032240-rOoB4cgD,server,nowait \
    -device isa-debugcon,chardev=seabioslog_id_20190123-032240-rOoB4cgD,iobase=0x402 \
    -device ich9-usb-ehci1,id=usb1,addr=0x1d.7,multifunction=on,bus=pci.0 \
    -device ich9-usb-uhci1,id=usb1.0,multifunction=on,masterbus=usb1.0,addr=0x1d.0,firstport=0,bus=pci.0 \
    -device ich9-usb-uhci2,id=usb1.1,multifunction=on,masterbus=usb1.0,addr=0x1d.2,firstport=2,bus=pci.0 \
    -device ich9-usb-uhci3,id=usb1.2,multifunction=on,masterbus=usb1.0,addr=0x1d.4,firstport=4,bus=pci.0 \
    -blockdev driver=file,node-name=file_base,filename=/home/kvm_autotest_root/images/rhel77-64-virtio.qcow2,auto-read-only=on \
    -blockdev driver=qcow2,file=file_base,node-name=drive_image1,auto-read-only=on \
    -device virtio-blk-pci,id=image1,drive=drive_image1,bus=pci.0 \
    -device virtio-net-pci,mac=9a:39:3a:3b:3c:3d,id=id1JNQsL,vectors=4,netdev=idVpZZ6A,bus=pci.0  \
    -netdev tap,id=idVpZZ6A,vhost=on \
    -m 4096  \
    -smp 2,maxcpus=2,cores=1,threads=1,sockets=2  \
    -cpu 'Penryn',+kvm_pv_unhalt \
    -device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1  \
    -vnc :0  \
    -rtc base=utc,clock=host,driftfix=slew  \
    -boot order=cdn,once=c,menu=off,strict=off \
    -enable-kvm \
    -monitor stdio \
    -qmp tcp:0:3000,server,nowait \

2. Add bitmap0 on "drive_image1"
    { "execute": "block-dirty-bitmap-add", "arguments": { "node": "drive_image1", "name": "bitmap0"}}

3. Merge bitmap1 to bitmap0 in transaction mode
    { "execute": "transaction", "arguments": { "actions": [{"type":"block-dirty-bitmap-merge", "data": { "node": "drive_image1", "bitmaps": ["bitmap1"], "target":"bitmap0"} }]}}
    {"error": {"class": "GenericError", "desc": "Dirty bitmap 'bitmap1' not found"}}
Comment 6 errata-xmlrpc 2019-11-06 07:13:36 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:3723
Note You need to log in before you can comment on or make changes to this bug.