Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-128240

Qemu core dumps when doing guest reboot during backup

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • rhel-9.2.0
    • qemu-kvm / Storage
    • None
    • None
    • None
    • 1
    • rhel-virt-storage
    • 3
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • VirtStorage Sprint15 CY251203
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • x86_64
    • None

      What were you trying to do that didn't work?

      qemu core dumps when do guest reboot during backup with iothread

      What is the impact of this issue to you?

      Please provide the package NVR for which the bug is seen:

      Host: RHEL 9.2
      qemu-kvm: qemu-kvm-core-7.2.0-14.el9_2.19.x86_64
      kernel: 5.14.0-284.144.1.el9_2.x86_64

      Guest: RHEL 10.0

      How reproducible is this bug?:

      100% with iothread

      If no iothread, not reproducible 

      Steps to reproduce

      1. Boot a vm with command line:

      /usr/libexec/qemu-kvm \
     -name 'avocado-vt-vm1'  \
     -sandbox on,elevateprivileges=deny,obsolete=deny,resourcecontrol=deny,spawn=deny \
     -blockdev '\{"node-name": "file_ovmf_code", "driver": "file", "filename": "/usr/share/OVMF/OVMF_CODE.secboot.fd", "auto-read-only": true, "discard": "unmap"}' \
     -blockdev '\{"node-name": "drive_ovmf_code", "driver": "raw", "read-only": true, "file": "file_ovmf_code"}' \
     -blockdev '\{"node-name": "file_ovmf_vars", "driver": "file", "filename": "/root/avocado/data/avocado-vt/avocado-vt-vm1_rhel100-64-virtio-ovmf_qcow2_filesystem_VARS.raw", "auto-read-only": true, "discard": "unmap"}' \
     -blockdev '\{"node-name": "drive_ovmf_vars", "driver": "raw", "read-only": false, "file": "file_ovmf_vars"}' \
     -machine q35,pflash0=drive_ovmf_code,pflash1=drive_ovmf_vars,memory-backend=mem-machine_mem \
     -device '\{"id": "pcie-root-port-0", "driver": "pcie-root-port", "multifunction": true, "bus": "pcie.0", "addr": "0x1", "chassis": 1}' \
     -device '\{"id": "pcie-pci-bridge-0", "driver": "pcie-pci-bridge", "addr": "0x0", "bus": "pcie-root-port-0"}'  \
     -nodefaults \
     -device '\{"driver": "VGA", "bus": "pcie.0", "addr": "0x2"}' \
     -m 123904 \
     -object '\{"size": 129922760704, "id": "mem-machine_mem", "qom-type": "memory-backend-ram"}'  \
     -smp 64,maxcpus=64,cores=32,threads=1,dies=1,sockets=2  \
     -cpu 'SapphireRapids',ss=on,vmx=on,pdcm=on,hypervisor=on,tsc-adjust=on,sgx=on,waitpkg=on,cldemote=on,movdiri=on,movdir64b=on,sgxlc=on,md-clear=on,stibp=on,sgx1=on,sgx2=on,sgx-exinfo=on,sgx-debug=on,sgx-mode64=on,sgx-provisionkey=on,sgx-tokenkey=on,sgx-kss=on,ibpb=on,ibrs=on,amd-stibp=on,amd-ssbd=on,tsx-ctrl=on,hle=off,rtm=off,taa-no=off,kvm_pv_unhalt=on \
     -chardev socket,id=qmp_id_qmpmonitor1,server=on,wait=off,path=/var/tmp/avocado_f3dbb9pi/monitor-qmpmonitor1-20251113-032434-JZGnpw2P  \
     -mon chardev=qmp_id_qmpmonitor1,mode=control \
     -chardev socket,id=qmp_id_catch_monitor,server=on,wait=off,path=/var/tmp/avocado_f3dbb9pi/monitor-catch_monitor-20251113-032434-JZGnpw2P  \
     -mon chardev=qmp_id_qmpmonitor1,mode=control \
     -chardev socket,id=qmp_id_catch_monitor,server=on,wait=off,path=/var/tmp/avocado_f3dbb9pi/monitor-catch_monitor-20251113-032434-JZGnpw2P  \
     -mon chardev=qmp_id_catch_monitor,mode=control \
     -device '\{"ioport": 1285, "driver": "pvpanic", "id": "id1cZ05C"}' \
     -chardev socket,id=chardev_serial0,server=on,wait=off,path=/var/tmp/avocado_f3dbb9pi/serial-serial0-20251113-032434-JZGnpw2P \
     -device '\{"id": "serial0", "driver": "isa-serial", "chardev": "chardev_serial0"}'  \
     -chardev socket,id=seabioslog_id_20251113-032434-JZGnpw2P,path=/var/tmp/avocado_f3dbb9pi/seabios-20251113-032434-JZGnpw2P,server=on,wait=off \
     -device isa-debugcon,chardev=seabioslog_id_20251113-032434-JZGnpw2P,iobase=0x402 \
     -device '\{"driver": "qemu-xhci", "id": "usb1", "bus": "pcie-root-port-1", "addr": "0x0"}' \
     -device '\{"driver": "usb-tablet", "id": "usb-tablet1", "bus": "usb1.0", "port": "1"}' \
     -blockdev '\{"node-name": "file_image1", "driver": "file", "auto-read-only": true, "discard": "unmap", "aio": "threads", "filename": "/home/kvm_autotest_root/images/rhel100-64-virtio-ovmf.qcow2", "cache": {"direct": true, "no-flush": false}}' \
     -object '\{"id": "iothread0", "qom-type": "iothread"}' \
     -blockdev '\{"node-name": "drive_image1", "driver": "qcow2", "read-only": false, "cache": {"direct": true, "no-flush": false}, "file": "file_image1"}' \
     -device '\{"id": "pcie-root-port-2", "port": 2, "driver": "pcie-root-port", "addr": "0x1.0x2", "bus": "pcie.0", "chassis": 3}' \
     -device '\{"driver": "virtio-blk-pci", "id": "image1", "drive": "drive_image1", "write-cache": "on", "bus": "pcie-root-port-2", "addr": "0x0", "iothread": "iothread0"}' \
     -device '\{"id": "pcie-root-port-3", "port": 3, "driver": "pcie-root-port", "addr": "0x1.0x3", "bus": "pcie.0", "chassis": 4}' \
     -device '\{"driver": "virtio-net-pci", "mac": "9a:94:a6:ff:ea:c3", "id": "id4o5ChM", "netdev": "idZIceoa", "bus": "pcie-root-port-3", "addr": "0x0"}' \
     -netdev  '\{"id": "idZIceoa", "type": "tap", "vhost": true, "vhostfd": "16", "fd": "10"}'  \
     -vnc :0  \
     -rtc base=utc,clock=host,driftfix=slew  \
     -boot menu=off,order=cdn,once=c,strict=off \
     -chardev socket,id=char_vtpm_avocado-vt-vm1_tpm0,path=/root/avocado/data/avocado-vt/swtpm/avocado-vt-vm1_tpm0_swtpm.sock \
     -tpmdev emulator,chardev=char_vtpm_avocado-vt-vm1_tpm0,id=emulator_vtpm_avocado-vt-vm1_tpm0 \
     -device '\{"id": "tpm-crb_vtpm_avocado-vt-vm1_tpm0", "tpmdev": "emulator_vtpm_avocado-vt-vm1_tpm0", "driver": "tpm-crb"}' \
     -enable-kvm \
     -device '\{"id": "pcie_extra_root_port_0", "driver": "pcie-root-port", "multifunction": true, "bus": "pcie.0", "addr": "0x3", "chassis": 5}'

      2. start the nbd server:
      {"execute": "nbd-server-start", "arguments": {"addr": {"type": "inet", "data":

      {"host": "0.0.0.0", "port": "10810"}

      }}, "id": "ZtPMp2M3"}

      3. Create a scratch image and add it to the guest  /usr/bin/qemu-img create -f qcow2 -b /home/kvm_autotest_root/images/rhel100-64-virtio-ovmf.qcow2 -F qcow2 /root/avocado/data/avocado-vt/full.qcow2 20G

      {"execute": "blockdev-add", "arguments": {"node-name": "file_full", "driver": "file", "auto-read-only": true, "discard": "unmap", "aio": "threads", "filename": "/root/avocado/data/avocado-vt/full.qcow2", "cache": {"direct": true, "no-flush": false}}, "id": "9AqYVlVn"}
      {"execute": "blockdev-add", "arguments": {"node-name": "drive_full", "driver": "qcow2", "read-only": false, "cache":

      {"direct": true, "no-flush": false}

      , "file": "file_full", "backing": "drive_image1"}, "id": "SY2lOJp5"}

      4. Build the full backup channel by cmd:
      {"execute": "transaction", "arguments": {"actions": [{"type": "blockdev-backup", "data": {"device": "drive_image1", "target": "drive_full", "job-id": "drive_image1_0Di2", "sync": "none", "speed": 0, "compress": false, "auto-finalize": true, "auto-dismiss": true, "on-source-error": "report", "on-target-error": "report"}}, \{"type": "block-dirty-bitmap-add", "data": {"node": "drive_image1", "name": "bitmap_image1"}}]}, "id": "pf5zeVON"}

      5. Add image node to the nbd server

      {"execute": "block-export-add", "arguments": \{"type": "nbd", "id": "block_export_drive_full", "node-name": "drive_full", "writable": false, "name": "nbd_full_image"}

      , "id": "ofzN3aBQ"}

      6, Create an image for full backup in client
       /usr/bin/qemu-img create -f qcow2 /root/avocado/data/avocado-vt/fullbk.qcow2 20G

      7. Run data copy and vm reboot in parallel

      Expected results

      Test passes 

      Actual results

      [qemu output] /tmp/aexpect_QOgQRC4P/aexpect-930dlrzz.sh: line 1: 361663 Aborted                 (core dumped) MALLOC_PERTURB_=1 /usr/libexec/qemu-kvm -S -name 'avocado-vt-vm1' -sandbox on,elevateprivileges=deny,obsolete=deny,resourcecontrol=deny,spawn=deny -blockdev '{"node-name": "file_ovmf_code", "driver": "file", "filename": "/usr/share/OVMF/OVMF_CODE.secboot.fd", "auto-read-only": true, "discard": "unmap"}' -blockdev '{"node-name": "drive_ovmf_code", "driver": "raw", "read-only": true, "file": "file_ovmf_code"}' -blockdev '{"node-name": "file_ovmf_vars", "driver": "file", "filename": "/root/avocado/data/avocado-vt/avocado-vt-vm1_rhel100-64-virtio-ovmf_qcow2_filesystem_VARS.raw", "auto-read-only": true, "discard": "unmap"}' -blockdev '{"node-name": "drive_ovmf_vars", "driver": "raw", "read-only": false, "file": "file_ovmf_vars"}' -machine q35,pflash0=drive_ovmf_code,pflash1=drive_ovmf_vars,memory-backend=mem-machine_mem -device '{"id": "pcie-root-port-0", "driver": "pcie-root-port", "multifunction": true, "bus": "pcie.0", "addr": "0x1", "chassis": 1}' -device '{"id": "pcie-pci-bridge-0", "driver": "pcie-pci-bridge", "addr": "0x0", "bus": "pcie-root-port-0"}' -nodefaults -device '{"driver": "VGA", "bus": "pcie.0", "addr": "0x2"}' -m 123904 -object '{"size": 129922760704, "id": "mem-machine_mem", "qom-type": "memory-backend-ram"}' -smp 64,maxcpus=64,cores=32,threads=1,dies=1,sockets=2 -cpu 'SapphireRapids',ss=on,vmx=on,pdcm=on,hypervisor=on,tsc-adjust=on,sgx=on,waitpkg=on,cldemote=on,movdiri=on,movdir64b=on,sgxlc=on,md-clear=on,stibp=on,sgx1=on,sgx2=on,sgx-exinfo=on,sgx-debug=on,sgx-mode64=on,sgx-provisionkey=on,sgx-tokenkey=on,sgx-kss=on,ibpb=on,ibrs=on,amd-stibp=on,amd-ssbd=on,tsx-ctrl=on,hle=off,rtm=off,taa-no=off,kvm_pv_unhalt=on -chardev socket,id=qmp_id_qmpmonitor1,server=on,wait=off,path=/var/tmp/avocado_f3dbb9pi/monitor-qmpmonitor1-20251113-032434-JZGnpw2P -mon chardev=qmp_id_qmpmonitor1,mode=control -chardev socket,id=qmp_id_catch_monitor,server=on,wait=off,path=/var/tmp/avocado_f3dbb9pi/monitor-catch_monitor-20251113-032434-JZGnpw2P -mon chardev=qmp_id_catch_monitor,mode=control -device '{"ioport": 1285, "driver": "pvpanic", "id": "id1cZ05C"}' -chardev socket,id=chardev_serial0,server=on,wait=off,path=/var/tmp/avocado_f3dbb9pi/serial-serial0-20251113-032434-JZGnpw2P -device '{"id": "serial0", "driver": "isa-serial", "chardev": "chardev_serial0"}' -chardev socket,id=seabioslog_id_20251113-032434-JZGnpw2P,path=/var/tmp/avocado_f3dbb9pi/seabios-20251113-032434-JZGnpw2P,server=on,wait=off -device isa-debugcon,chardev=seabioslog_id_20251113-032434-JZGnpw2P,iobase=0x402 -device '{"id": "pcie-root-port-1", "port": 1, "driver": "pcie-root-port", "addr": "0x1.0x1", "bus": "pcie.0", "chassis": 2}' -device '{"driver": "qemu-xhci", "id": "usb1", "bus": "pcie-root-port-1", "addr": "0x0"}' -device '{"driver": "usb-tablet", "id": "usb-tablet1", "bus": "usb1.0", "port": "1"}' -blockdev '{"node-name": "file_image1", "driver": "file", "auto-read-only": true, "discard": "unmap", "aio": "threads", "filename": "/home/kvm_autotest_root/images/rhel100-64-virtio-ovmf.qcow2", "cache": {"direct": true, "no-flush": false}}' -object '{"id": "iothread0", "qom-type": "iothread"}' -blockdev '{"node-name": "drive_image1", "driver": "qcow2", "read-only": false, "cache": {"direct": true, "no-flush": false}, "file": "file_image1"}' -device '{"id": "pcie-root-port-2", "port": 2, "driver": "pcie-root-port", "addr": "0x1.0x2", "bus": "pcie.0", "chassis": 3}' -device '{"driver": "virtio-blk-pci", "id": "image1", "drive": "drive_image1", "write-cache": "on", "bus": "pcie-root-port-2", "addr": "0x0", "iothread": "iothread0"}' -device '{"id": "pcie-root-port-3", "port": 3, "driver": "pcie-root-port", "addr": "0x1.0x3", "bus": "pcie.0", "chassis": 4}' -device '{"driver": "virtio-net-pci", "mac": "9a:94:a6:ff:ea:c3", "id": "id4o5ChM", "netdev": "idZIceoa", "bus": "pcie-root-port-3", "addr": "0x0"}' -netdev '{"id": "idZIceoa", "type": "tap", "vhost": true, "vhostfd": "16", "fd": "10"}' -vnc :0 -rtc base=utc,clock=host,driftfix=slew -boot menu=off,order=cdn,once=c,strict=off -chardev socket,id=char_vtpm_avocado-vt-vm1_tpm0,path=/root/avocado/data/avocado-vt/swtpm/avocado-vt-vm1_tpm0_swtpm.sock -tpmdev emulator,chardev=char_vtpm_avocado-vt-vm1_tpm0,id=emulator_vtpm_avocado-vt-vm1_tpm0 -device '{"id": "tpm-crb_vtpm_avocado-vt-vm1_tpm0", "tpmdev": "emulator_vtpm_avocado-vt-vm1_tpm0", "driver": "tpm-crb"}' -enable-kvm -device '{"id": "pcie_extra_root_port_0", "driver": "pcie-root-port", "multifunction": true, "bus": "pcie.0", "addr": "0x3", "chassis": 5}'

      
(gdb) bt
#0  0x00007f05988a158c in __pthread_kill_implementation ()
   from /lib64/libc.so.6
#1  0x00007f0598854d46 in raise () from /lib64/libc.so.6
#2  0x00007f05988287f3 in abort () from /lib64/libc.so.6
#3  0x00007f059882871b in __assert_fail_base.cold () from /lib64/libc.so.6
#4  0x00007f059884dce6 in __assert_fail () from /lib64/libc.so.6
#5  0x0000562da2ca3a9a in nbd_blockdev_client_closed ()
#6  0x0000562da2c90ca3 in nbd_trip ()
#7  0x0000562da2ead976 in coroutine_trampoline ()
#8  0x00007f059882a360 in ?? () from /lib64/libc.so.6
#9  0x00007f0595f5e8b0 in ?? ()
#10 0x0000000000000000 in ?? ()
(gdb)

      This bug is not reproduced on RHEL 9.4 qemu-kvm-core-8.2.0-11.el9_4.16.x86_64

              eblake_redhat Eric Blake
              rhn-support-qcheng Qinghua Cheng
              virt-maint virt-maint
              Qinghua Cheng Qinghua Cheng
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: