Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1062840 - qemu-kvm will core dumped when pass-through a configured libiscsi disk with chap authentication
Summary: qemu-kvm will core dumped when pass-through a configured libiscsi disk with c...
Keywords:
Status: CLOSED DUPLICATE of bug 1067784
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libiscsi
Version: 7.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: Paolo Bonzini
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks: 1062841 1067784
TreeView+ depends on / blocked
 
Reported: 2014-02-08 07:15 UTC by Sibiao Luo
Modified: 2014-02-24 05:47 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-02-21 18:32:28 UTC


Attachments (Terms of Use)

Description Sibiao Luo 2014-02-08 07:15:38 UTC
Description of problem:
This bug was found during verified bug 1032358.
Configured a libiscsi disk with chap authentication in iscsi target server and iscsi initator, then pass-through (scsi-block interface) it to a guest with chap authentication, qemu will core dumped.
BTW, If use scsi-hd interface did not meet any core dumped, but the libiscsi disk fail to be detected in guest correctly, i will separate it to a new bug.

Version-Release number of selected component (if applicable):
host info:
3.10.0-76.el7.x86_64
qemu-kvm-1.5.3-45.el7.x86_64
libiscsi-1.9.0-6.el7.x86_64
guest info:
3.10.0-76.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Prepare the iscsi target server:
1) On the iscsi target server, created the target by adding an XML entry to the configuration file:

# vim /etc/tgt/targets.conf
<target iqn.2008-09.com.example:server.target2>
    backing-store /iscsi.img
    incominguser redhat redhat
</target>

# service tgtd restart
# tgt-admin --show
Target 1: iqn.2008-09.com.example:server.target2
    System information:
        Driver: iscsi
        State: ready
...
    LUN information:
        LUN: 0
            Type: controller
            SCSI ID: IET     00010000
            SCSI SN: beaf10
            Size: 0 MB, Block size: 1
            Online: Yes
            Removable media: No
            Prevent removal: No
            Readonly: No
            Backing store type: null
            Backing store path: None
            Backing store flags: 
        LUN: 1
            Type: disk
            SCSI ID: IET     00010001
            SCSI SN: beaf11
            Size: 2097 MB, Block size: 512
            Online: Yes
            Removable media: No
            Prevent removal: No
            Readonly: No
            Backing store type: rdwr
            Backing store path: /iscsi.img
            Backing store flags: 
    Account information:
        redhat
    ACL information:
        ALL

2. Prepare the iscsi initator:

# vim /etc/iscsi/iscsid.conf
node.session.auth.authmethod = CHAP
node.session.auth.username = redhat
node.session.auth.password = redhat

# service iscsid restart

# iscsiadm --mode discovery --type sendtargets --portal 10.66.9.107 –discover
10.66.9.107:3260,1 iqn.2008-09.com.example:server.target2

# iscsiadm -m node -T iqn.2008-09.com.example:server.target2 -p 10.66.9.107 -l
Logging in to [iface: default, target: iqn.2008-09.com.example:server.target2, portal: 10.66.9.107,3260] (multiple)
Login to [iface: default, target: iqn.2008-09.com.example:server.target2, portal: 10.66.9.107,3260] successful.

# iscsiadm -m node -T iqn.2008-09.com.example:server.target2 -p 10.66.9.107 --logout
Logging out of session [sid: 5, target: iqn.2008-09.com.example:server.target2, portal: 10.66.9.107,3260]
Logout of [sid: 5, target: iqn.2008-09.com.example:server.target2, portal: 10.66.9.107,3260] successful.

3. Boot a guest passthroughed this libiscsi disk with chap authentication.
e.g:# /usr/libexec/qemu-kvm -M pc -cpu SandyBridge -enable-kvm -m 2048 -smp 2,sockets=2,cores=1,threads=1 -no-kvm-pit-reinjection ... -drive file=iscsi://10.66.9.107:3260/iqn.2008-09.com.example:server.target2/0,if=none,id=drive-disk,cache=none,format=raw -iscsi user=redhat,password=redhat,id=iqn -device virtio-scsi-pci,id=scsi1,bus=pci.0,addr=0x7 -device scsi-block,drive=drive-disk,bus=scsi1.0,id=iscsi-disk
Warning: option deprecated, use lost_tick_policy property of kvm-pit instead.
QEMU 1.5.3 monitor - type 'help' for more information
(qemu) (/usr/libexec/qemu-kvm:2887): SpiceWorker-Warning **: red_worker.c:11464:dev_destroy_primary_surface: double destroy of primary surface
(/usr/libexec/qemu-kvm:2887): SpiceWorker-Warning **: red_worker.c:9650:red_create_surface: condition `surface->context.canvas' reached
Floating point exception (core dumped)

Actual results:
after step 3, qemu will Floating point exception (core dumped), I will paste the bt log later.

Expected results:
It should no any core dumped occur, it work correctly.

Additional info:
# /usr/libexec/qemu-kvm -M pc -cpu SandyBridge -enable-kvm -m 2048 -smp 2,sockets=2,cores=1,threads=1 -no-kvm-pit-reinjection -usb -device usb-tablet,id=input0 -name sluo -uuid 990ea161-6b67-47b2-b803-19fb01d30d30 -device virtio-serial-pci,id=virtio-serial0,max_ports=16,vectors=0,bus=pci.0,addr=0x3 -chardev socket,id=channel1,path=/tmp/helloworld1,server,nowait -device virtserialport,chardev=channel1,name=com.redhat.rhevm.vdsm,bus=virtio-serial0.0,id=port1 -chardev socket,id=channel2,path=/tmp/helloworld2,server,nowait -device virtserialport,chardev=channel2,name=com.redhat.rhevm.vdsm,bus=virtio-serial0.0,id=port2 -drive file=/home/RHEL-7.0-20140116.1_Server_x86_64.qcow2,if=none,id=drive-system-disk,format=qcow2,cache=none,aio=native,werror=stop,rerror=stop -device virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x4 -device scsi-hd,drive=drive-system-disk,id=system-disk,bus=scsi0.0,bootindex=1 -netdev tap,id=hostnet0,vhost=on,script=/etc/qemu-ifup -device virtio-net-pci,netdev=hostnet0,id=virtio-net-pci0,mac=00:01:02:B6:40:21,bus=pci.0,addr=0x5 -device virtio-balloon-pci,id=ballooning,bus=pci.0,addr=0x6 -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -k en-us -boot menu=on -qmp tcp:0:4444,server,nowait -serial unix:/tmp/ttyS0,server,nowait -vnc :1 -spice disable-ticketing,port=5931 -monitor stdio -drive file=iscsi://10.66.9.107:3260/iqn.2008-09.com.example:server.target2/0,if=none,id=drive-disk,cache=none,format=raw -iscsi user=redhat,password=redhat,id=iqn -device virtio-scsi-pci,id=scsi1,bus=pci.0,addr=0x7 -device scsi-block,drive=drive-disk,bus=scsi1.0,id=iscsi-disk

Comment 1 Sibiao Luo 2014-02-08 07:16:57 UTC
Core was generated by `/usr/libexec/qemu-kvm -M pc -cpu SandyBridge -enable-kvm -m 2048 -smp 2,sockets'.
Program terminated with signal 8, Arithmetic exception.
#0  0x00007fa78e034a41 in scsi_disk_reset (dev=0x7fa78f5c27a0) at hw/scsi/scsi-disk.c:2091
2091	    nb_sectors /= s->qdev.blocksize / 512;

(gdb) bt
#0  0x00007fa78e034a41 in scsi_disk_reset (dev=0x7fa78f5c27a0) at hw/scsi/scsi-disk.c:2091
#1  0x00007fa78dfe8349 in qdev_reset_one (dev=dev@entry=0x7fa78f5c27a0, opaque=opaque@entry=0x0) at hw/core/qdev.c:227
#2  0x00007fa78dfe7a40 in qdev_walk_children (dev=0x7fa78f5c27a0, devfn=devfn@entry=0x7fa78dfe8330 <qdev_reset_one>, 
    busfn=busfn@entry=0x7fa78dfe6370 <qbus_reset_one>, opaque=opaque@entry=0x0) at hw/core/qdev.c:370
#3  0x00007fa78dfe7b4a in qbus_walk_children (bus=bus@entry=0x7fa78f5c3290, 
    devfn=devfn@entry=0x7fa78dfe8330 <qdev_reset_one>, busfn=busfn@entry=0x7fa78dfe6370 <qbus_reset_one>, 
    opaque=opaque@entry=0x0) at hw/core/qdev.c:354
#4  0x00007fa78dfe7bbd in qbus_reset_all (bus=bus@entry=0x7fa78f5c3290) at hw/core/qdev.c:248
#5  0x00007fa78e12d2c3 in virtio_scsi_reset (vdev=<optimized out>) at /usr/src/debug/qemu-1.5.3/hw/scsi/virtio-scsi.c:451
#6  0x00007fa78e134e8e in virtio_reset (opaque=0x7fa78f5c3178) at /usr/src/debug/qemu-1.5.3/hw/virtio/virtio.c:543
#7  0x00007fa78e05fc20 in virtio_ioport_write (val=0, addr=<optimized out>, opaque=0x7fa78f5c2980)
    at hw/virtio/virtio-pci.c:307
#8  virtio_pci_config_write (opaque=0x7fa78f5c2980, addr=<optimized out>, val=0, size=<optimized out>)
    at hw/virtio/virtio-pci.c:422
#9  0x00007fa78e13b612 in access_with_adjusted_size (addr=addr@entry=18, value=value@entry=0x7fa77bffeb58, size=1, 
    access_size_min=<optimized out>, access_size_max=<optimized out>, 
    access=access@entry=0x7fa78e13bbd0 <memory_region_write_accessor>, opaque=opaque@entry=0x7fa78f5c3030)
    at /usr/src/debug/qemu-1.5.3/memory.c:365
#10 0x00007fa78e13cae7 in memory_region_iorange_write (iorange=<optimized out>, offset=18, width=1, data=0)
    at /usr/src/debug/qemu-1.5.3/memory.c:440
#11 0x00007fa78e13a1e2 in kvm_handle_io (count=1, size=1, direction=1, data=<optimized out>, port=49234)
    at /usr/src/debug/qemu-1.5.3/kvm-all.c:1490
#12 kvm_cpu_exec (env=env@entry=0x7fa78f50b570) at /usr/src/debug/qemu-1.5.3/kvm-all.c:1642
#13 0x00007fa78e0e29d5 in qemu_kvm_cpu_thread_fn (arg=0x7fa78f50b570) at /usr/src/debug/qemu-1.5.3/cpus.c:793
#14 0x00007fa78bf0cde3 in start_thread () from /lib64/libpthread.so.0
#15 0x00007fa788c1a25d in clone () from /lib64/libc.so.6
(gdb) bt full
#0  0x00007fa78e034a41 in scsi_disk_reset (dev=0x7fa78f5c27a0) at hw/scsi/scsi-disk.c:2091
        s = 0x7fa78f5c27a0
        nb_sectors = 0
#1  0x00007fa78dfe8349 in qdev_reset_one (dev=dev@entry=0x7fa78f5c27a0, opaque=opaque@entry=0x0) at hw/core/qdev.c:227
No locals.
#2  0x00007fa78dfe7a40 in qdev_walk_children (dev=0x7fa78f5c27a0, devfn=devfn@entry=0x7fa78dfe8330 <qdev_reset_one>, 
    busfn=busfn@entry=0x7fa78dfe6370 <qbus_reset_one>, opaque=opaque@entry=0x0) at hw/core/qdev.c:370
        bus = <optimized out>
        err = <optimized out>
#3  0x00007fa78dfe7b4a in qbus_walk_children (bus=bus@entry=0x7fa78f5c3290, 
    devfn=devfn@entry=0x7fa78dfe8330 <qdev_reset_one>, busfn=busfn@entry=0x7fa78dfe6370 <qbus_reset_one>, 
    opaque=opaque@entry=0x0) at hw/core/qdev.c:354
        kid = 0x7fa78f5c6ad0
        err = <optimized out>
#4  0x00007fa78dfe7bbd in qbus_reset_all (bus=bus@entry=0x7fa78f5c3290) at hw/core/qdev.c:248
No locals.
#5  0x00007fa78e12d2c3 in virtio_scsi_reset (vdev=<optimized out>) at /usr/src/debug/qemu-1.5.3/hw/scsi/virtio-scsi.c:451
        s = 0x7fa78f5c3178
        __func__ = "virtio_scsi_reset"
        vs = 0x7fa78f5c3178
#6  0x00007fa78e134e8e in virtio_reset (opaque=0x7fa78f5c3178) at /usr/src/debug/qemu-1.5.3/hw/virtio/virtio.c:543
        vdev = 0x7fa78f5c3178
        k = 0x7fa78f5cf410
        __func__ = "virtio_reset"
        i = <optimized out>
#7  0x00007fa78e05fc20 in virtio_ioport_write (val=0, addr=<optimized out>, opaque=0x7fa78f5c2980)
    at hw/virtio/virtio-pci.c:307
        proxy = 0x7fa78f5c2980
        vdev = 0x7fa78f5c3178
        pa = <optimized out>
#8  virtio_pci_config_write (opaque=0x7fa78f5c2980, addr=<optimized out>, val=0, size=<optimized out>)
    at hw/virtio/virtio-pci.c:422
        proxy = 0x7fa78f5c2980
#9  0x00007fa78e13b612 in access_with_adjusted_size (addr=addr@entry=18, value=value@entry=0x7fa77bffeb58, size=1, 
    access_size_min=<optimized out>, access_size_max=<optimized out>, 
    access=access@entry=0x7fa78e13bbd0 <memory_region_write_accessor>, opaque=opaque@entry=0x7fa78f5c3030)
    at /usr/src/debug/qemu-1.5.3/memory.c:365
        access_mask = 255
        access_size = 1
        i = <optimized out>
#10 0x00007fa78e13cae7 in memory_region_iorange_write (iorange=<optimized out>, offset=18, width=1, data=0)
    at /usr/src/debug/qemu-1.5.3/memory.c:440
        mrio = <optimized out>
        mr = 0x7fa78f5c3030
        __PRETTY_FUNCTION__ = "memory_region_iorange_write"
#11 0x00007fa78e13a1e2 in kvm_handle_io (count=1, size=1, direction=1, data=<optimized out>, port=49234)
    at /usr/src/debug/qemu-1.5.3/kvm-all.c:1490
        i = 0
        ptr = 0x7fa78deae000 <Address 0x7fa78deae000 out of bounds>
#12 kvm_cpu_exec (env=env@entry=0x7fa78f50b570) at /usr/src/debug/qemu-1.5.3/kvm-all.c:1642
        cpu = 0x7fa78f50b460
        __func__ = "kvm_cpu_exec"
        run = 0x7fa78dead000
        ret = <optimized out>
        run_ret = <optimized out>
#13 0x00007fa78e0e29d5 in qemu_kvm_cpu_thread_fn (arg=0x7fa78f50b570) at /usr/src/debug/qemu-1.5.3/cpus.c:793
        cpu = 0x7fa78f50b460
        __func__ = "qemu_kvm_cpu_thread_fn"
        r = <optimized out>
#14 0x00007fa78bf0cde3 in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#15 0x00007fa788c1a25d in clone () from /lib64/libc.so.6
No symbol table info available.
(gdb)

Comment 2 Sibiao Luo 2014-02-08 07:28:07 UTC
I think this is a regression issue since libiscsi-1.9.0-5.el7, mark Regression keywords and set hight priority to it. Please correct me directly if any mistake, thanks.

Best Regards,
sluo

Comment 4 juzhang 2014-02-10 06:48:06 UTC
According to comment2, update the component to libiscsi.

Comment 5 Paolo Bonzini 2014-02-21 18:26:45 UTC
Please retry with /1 instead of /0 at the end of the iscsi URL.Please retry with /1 instead of /0 at the end of the iscsi URL.

Comment 6 Paolo Bonzini 2014-02-21 18:32:28 UTC

*** This bug has been marked as a duplicate of bug 1067784 ***

Comment 7 Sibiao Luo 2014-02-24 05:47:08 UTC
(In reply to Paolo Bonzini from comment #5)
> Please retry with /1 instead of /0 at the end of the iscsi URL.Please retry
> with /1 instead of /0 at the end of the iscsi URL.

Use /1 is OK, but /0 will meet bug 1067784(qemu-kvm: block.c:850: bdrv_open_common: Assertion `bs->request_alignment != 0' failed. Aborted (core dumped)).

# uname -r && rpm -q qemu-kvm && rpm -q libiscsi
3.10.0-86.el7.x86_64
qemu-kvm-1.5.3-47.el7.x86_64
libiscsi-1.9.0-6.el7.x86_64

e.g1:...-drive file=iscsi://10.66.9.107/iqn.2008-09.com.example:server.target2/1,if=none,id=drive-data-disk,format=raw,cache=none,aio=native -iscsi id=iqn1,user=redhat,password=redhat -device virtio-scsi-pci,id=scsi1,bus=pci.0,addr=0x7 -device scsi-hd,drive=drive-data-disk,bus=scsi1.0,id=data-disk

Above e.g1 is ok which can boot up guest successfully and detect the libiscsi disk in guest correctly.

e.g2:...-drive file=iscsi://10.66.9.107/iqn.2008-09.com.example:server.target2/0,if=none,id=drive-data-disk,format=raw,cache=none,aio=native -iscsi id=iqn1,user=redhat,password=redhat -device virtio-scsi-pci,id=scsi1,bus=pci.0,addr=0x7 -device scsi-hd,drive=drive-data-disk,bus=scsi1.0,id=data-disk

Above e.g2 meet bug 1067784 which qemu-kvm: block.c:850: bdrv_open_common: Assertion `bs->request_alignment != 0' failed. Aborted (core dumped).

# iscsi-ls -s iscsi://redhat:redhat@10.66.9.107:3260/iqn.2008-09.com.example:server.target2
Target:iqn.2008-09.com.example:server.target2 Portal:10.66.9.107:3260,1
Lun:0    Type:STORAGE_ARRAY_CONTROLLER
Lun:1    Type:DIRECT_ACCESS (Size:99M)
Lun:2    Type:DIRECT_ACCESS (Size:99M)


Note You need to log in before you can comment on or make changes to this bug.