1824628 – qemu abort()s backup destination image is too small

Bug 1824628 - qemu abort()s backup destination image is too small

Summary: qemu abort()s backup destination image is too small

Keywords:
Status:	CLOSED DUPLICATE of bug 1778593
Alias:	None
Product:	Red Hat Enterprise Linux Advanced Virtualization
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	8.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	8.3
Assignee:	Virtualization Maintenance
QA Contact:	aihua liang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-04-16 11:21 UTC by Peter Krempa
Modified:	2020-04-20 01:48 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-04-17 06:51:49 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Peter Krempa 2020-04-16 11:21:52 UTC

Description of problem:
QEMU aborts instead of reporting an error if the backup destination image is too small.

qemu-system-x86_64: block/io.c:1887: int bdrv_co_write_req_prepare(BdrvChild *, int64_t, uint64_t, BdrvTrackedRequest *, int): Assertion `end_sector <= bs->total_sectors || child->perm & BLK_PERM_RESIZE' failed.

Version-Release number of selected component (if applicable):
Observed on current upstream 5.0-rc2, so even if it's not present in current downstreams it would be rebased-in later.

How reproducible:
always

Steps to Reproduce:
1. Create images:

qemu-img create -f qcow2 /tmp/backup-test-images/backup-disk-top.qcow2 100M
qemu-io -c 'write -P 0xbb 0M 100M' -f qcow2 /tmp/backup-test-images/backup-disk-top.qcow2
                                                                                 
qemu-img create -f qcow2 /tmp/backup-test-images/backup-vda.qcow2 10M

2. Start qemu ("minimal reproducer without libvirt):
qemu-system-x86_64 \
-name guest=backup-test,debug-threads=on \
-S \
-machine pc-i440fx-2.9,accel=kvm,usb=off,vmport=off,dump-guest-core=off \
-cpu qemu64 \
-m 1000 \
-no-user-config \
-nodefaults \
-blockdev '{"driver":"file","filename":"/tmp/backup-test-images/backup-disk-top.qcow2","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"qcow2","file":"libvirt-1-storage","backing":null}' \
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x8,drive=libvirt-1-format,id=virtio-disk0,bootindex=1 \
-qmp stdio 

3. Issue following QMP commands:
"execute":"qmp_capabilities"}
{"execute":"blockdev-add","arguments":{"driver":"file","filename":"/tmp/backup-test-images/backup-vda.qcow2","node-name":"libvirt-2-storage","auto-read-only":true,"discard":"unmap"},"id":"libvirt-368"}
{"execute":"blockdev-add","arguments":{"node-name":"libvirt-2-format","read-only":false,"driver":"qcow2","file":"libvirt-2-storage","backing":null},"id":"libvirt-369"}
{"execute":"transaction","arguments":{"actions":[{"type":"blockdev-backup","data":{"device":"libvirt-1-format","job-id":"backup-vda-libvirt-1-format","target":"libvirt-2-format","sync":"full","auto-finalize":true,"auto-dismiss":false}}]},"id":"libvirt-370"}

(reproducer with libvirt:)
cat > /tmp/backup-test-images/backup.xml << EOF
<domainbackup mode='push'>
  <disks>
    <disk name='vda' type='file'>
      <driver type='qcow2'/>
      <target file='/tmp/backup-test-images/backup-vda.qcow2'/>
    </disk>
  </disks>
</domainbackup>
EOF

virsh backup-begin backup-test --backupxml /tmp/backup-test-images/backup.xml --reuse-external

Actual results:
qemu-system-x86_64: block/io.c:1887: int bdrv_co_write_req_prepare(BdrvChild *, int64_t, uint64_t, BdrvTrackedRequest *, int): Assertion `end_sector <= bs->total_sectors || child->perm & BLK_PERM_RESIZE' failed.

Expected results:
Job fails and reports error over QMP.

Additional info:
Thread 1 "qemu-system-x86" received signal SIGABRT, Aborted.
0x00007fa7d66f1a25 in raise () from target:/lib64/libc.so.6
(gdb) t a a bt

Thread 6 (Thread 0x7fa7cb134700 (LWP 1418106)):
#0  0x00007fa7d6891c58 in do_futex_wait.constprop () from target:/lib64/libpthread.so.0
#1  0x00007fa7d6891d83 in __new_sem_wait_slow.constprop.0 () from target:/lib64/libpthread.so.0
#2  0x00005625e536a352 in qemu_sem_timedwait (sem=0x5625e75835f8, ms=<optimized out>) at util/qemu-thread-posix.c:306
#3  0x00005625e5364336 in worker_thread (opaque=0x5625e7583580) at util/thread-pool.c:91
#4  0x00005625e536a7d5 in qemu_thread_start (args=0x5625e781e930) at util/qemu-thread-posix.c:519
#5  0x00007fa7d6888432 in start_thread () from target:/lib64/libpthread.so.0
#6  0x00007fa7d67b69d3 in clone () from target:/lib64/libc.so.6

Thread 5 (Thread 0x7fa7c8fff700 (LWP 1417993)):
#0  0x00007fa7d67abb6f in poll () from target:/lib64/libc.so.6
#1  0x00007fa7d8700aee in g_main_context_iterate.constprop () from target:/lib64/libglib-2.0.so.0
#2  0x00007fa7d8700e73 in g_main_loop_run () from target:/lib64/libglib-2.0.so.0
#3  0x00007fa7d73632db in red_worker_main () from target:/lib64/libspice-server.so.1
#4  0x00007fa7d6888432 in start_thread () from target:/lib64/libpthread.so.0
#5  0x00007fa7d67b69d3 in clone () from target:/lib64/libc.so.6

Thread 4 (Thread 0x7fa7c9f65700 (LWP 1417991)):
#0  0x00007fa7d688ee92 in pthread_cond_wait@@GLIBC_2.3.2 () from target:/lib64/libpthread.so.0
#1  0x00005625e5369ee4 in qemu_cond_wait_impl (cond=0x5625e79b77d0, mutex=0x5625e5834940 <qemu_global_mutex>, file=0x5625e53a6588 "/home/pipo/git/qemu.git/cpus.c", line=1203) at util/qemu-thread-posix.c:173
#2  0x00005625e4f1f578 in qemu_wait_io_event (cpu=<optimized out>) at /home/pipo/git/qemu.git/cpus.c:1203
#3  qemu_kvm_cpu_thread_fn (arg=0x5625e7993750) at /home/pipo/git/qemu.git/cpus.c:1251
#4  0x00005625e536a7d5 in qemu_thread_start (args=0x5625e79b7810) at util/qemu-thread-posix.c:519
#5  0x00007fa7d6888432 in start_thread () from target:/lib64/libpthread.so.0
#6  0x00007fa7d67b69d3 in clone () from target:/lib64/libc.so.6

Thread 3 (Thread 0x7fa7ca766700 (LWP 1417990)):
#0  0x00007fa7d67abb6f in poll () from target:/lib64/libc.so.6
#1  0x00007fa7d8700aee in g_main_context_iterate.constprop () from target:/lib64/libglib-2.0.so.0
#2  0x00007fa7d8700e73 in g_main_loop_run () from target:/lib64/libglib-2.0.so.0
#3  0x00005625e504f2ac in iothread_run (opaque=0x5625e767c700) at iothread.c:82
#4  0x00005625e536a7d5 in qemu_thread_start (args=0x5625e78bbde0) at util/qemu-thread-posix.c:519
#5  0x00007fa7d6888432 in start_thread () from target:/lib64/libpthread.so.0
#6  0x00007fa7d67b69d3 in clone () from target:/lib64/libc.so.6

Thread 2 (Thread 0x7fa7cc053700 (LWP 1417986)):
#0  0x00007fa7d67b143d in syscall () from target:/lib64/libc.so.6
#1  0x00005625e536a5b6 in qemu_futex_wait (f=<optimized out>, val=<optimized out>) at include/qemu/futex.h:29
#2  qemu_event_wait (ev=0x5625e5855d74 <rcu_call_ready_event>) at util/qemu-thread-posix.c:459
#3  0x00005625e537e9da in call_rcu_thread (opaque=<optimized out>) at util/rcu.c:260
#4  0x00005625e536a7d5 in qemu_thread_start (args=0x5625e7584310) at util/qemu-thread-posix.c:519
#5  0x00007fa7d6888432 in start_thread () from target:/lib64/libpthread.so.0
#6  0x00007fa7d67b69d3 in clone () from target:/lib64/libc.so.6

Thread 1 (Thread 0x7fa7cc1acd40 (LWP 1417969)):
#0  0x00007fa7d66f1a25 in raise () from target:/lib64/libc.so.6
#1  0x00007fa7d66da895 in abort () from target:/lib64/libc.so.6
#2  0x00007fa7d66da769 in __assert_fail_base.cold () from target:/lib64/libc.so.6
#3  0x00007fa7d66e9e86 in __assert_fail () from target:/lib64/libc.so.6
#4  0x00005625e52c44cd in bdrv_co_write_req_prepare (child=0x5625e781ac80, offset=<optimized out>, bytes=<optimized out>, req=0x7fa7c85ffa60, flags=0) at block/io.c:1887
#5  0x00005625e52c4f78 in bdrv_co_copy_range_internal (src=<optimized out>, src_offset=10813440, dst=0x5625e781ac80, dst_offset=<optimized out>, bytes=65536, re--Type <RET> for more, q to quit, c to continue without paging--c
ad_flags=0, write_flags=0, recurse_src=<optimized out>) at block/io.c:3265
#6  0x00005625e52c512f in bdrv_co_copy_range_to (src=0x5625e781f300, src_offset=10813440, dst=0x5625e781ac80, dst_offset=10485760, bytes=65536, read_flags=<optimized out>, write_flags=<optimized out>) at block/io.c:3310
#7  0x00005625e52b6c74 in raw_co_copy_range_from (bs=<optimized out>, src=0x2, src_offset=140358597998320, dst=0x0, dst_offset=140358833871397, bytes=0, read_flags=0, write_flags=0) at block/file-posix.c:3041
#8  0x00005625e52c4eb1 in bdrv_co_copy_range_internal (src=<optimized out>, src_offset=10813440, dst=0x5625e781ac80, dst_offset=<optimized out>, bytes=65536, read_flags=0, write_flags=<optimized out>, recurse_src=<optimized out>) at block/io.c:3253
#9  0x00005625e52c4c4f in bdrv_co_copy_range_from (src=0x5625e781f300, src_offset=10813440, dst=0x5625e781ac80, dst_offset=10485760, bytes=65536, read_flags=<optimized out>, write_flags=<optimized out>) at block/io.c:3294
#10 0x00005625e52896cf in qcow2_co_copy_range_from (bs=<optimized out>, src=<optimized out>, src_offset=10485760, dst=0x5625e781ac80, dst_offset=10485760, bytes=65536, read_flags=0, write_flags=0) at block/qcow2.c:3871
#11 0x00005625e52c4eb1 in bdrv_co_copy_range_internal (src=<optimized out>, src_offset=10485760, dst=0x5625e781ac80, dst_offset=<optimized out>, bytes=65536, read_flags=0, write_flags=<optimized out>, recurse_src=<optimized out>) at block/io.c:3253
#12 0x00005625e52c522f in bdrv_co_copy_range_from (src=<optimized out>, src_offset=<optimized out>, dst=<optimized out>, dst_offset=<optimized out>, bytes=<optimized out>, read_flags=<optimized out>, write_flags=<optimized out>) at block/io.c:3294
#13 bdrv_co_copy_range (src=0x5625e7dabc00, src_offset=10485760, dst=0x5625e781ac80, dst_offset=10485760, bytes=65536, read_flags=<optimized out>, write_flags=<optimized out>) at block/io.c:3319
#14 0x00005625e52da4ab in block_copy_do_copy (s=0x5625e7aa9d40, offset=10485760, bytes=65536, error_is_read=0x7fa7c85fff7f, zeroes=<optimized out>) at block/block-copy.c:284
#15 block_copy_dirty_clusters (s=0x5625e7aa9d40, offset=10485760, bytes=65536, error_is_read=<optimized out>) at block/block-copy.c:518
#16 block_copy (s=0x5625e7aa9d40, offset=<optimized out>, bytes=<optimized out>, error_is_read=0x7fa7c85fff7f) at block/block-copy.c:550
#17 0x00005625e52d849b in backup_do_cow (job=0x5625e76351f0, offset=10485760, bytes=65536, error_is_read=<optimized out>) at block/backup.c:74
#18 backup_loop (job=0x5625e76351f0) at block/backup.c:196
#19 backup_run (job=0x5625e76351f0, errp=<optimized out>) at block/backup.c:275
#20 0x00005625e526c8d2 in job_co_entry (opaque=0x5625e76351f0) at job.c:908
#21 0x00005625e5380326 in coroutine_trampoline (i0=<optimized out>, i1=<optimized out>) at util/coroutine-ucontext.c:115
#22 0x00007fa7d6707250 in ?? () from target:/lib64/libc.so.6
#23 0x00007ffd4d7adb78 in ?? ()
#24 0x0000000000000000 in ?? ()

Comment 1 aihua liang 2020-04-17 02:41:06 UTC

I think it's duplicated with bz1778593.


Hi, developer

  Please help to confirm.

Comment 2 Peter Krempa 2020-04-17 06:51:49 UTC

Good catch. It's same scenario and same assertion which failed. Closing as duplicate.

Thanks!

*** This bug has been marked as a duplicate of bug 1778593 ***

Note You need to log in before you can comment on or make changes to this bug.