Bug 1025680

Summary: [TestOnly] hot-plugging multi-func devices caused: register_subpage: Assertion `existing->mr->subpage || existing->mr == &io_mem_unassigned' failed
Product: Red Hat Enterprise Linux 7 Reporter: Sibiao Luo <sluo>
Component: qemu-kvmAssignee: Virtualization Maintenance <virt-maint>
Status: CLOSED DUPLICATE QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: acathrow, akong, alex.williamson, bsarathy, chayang, juzhang, kraxel, lnovich, michen, mkenneth, mst, qzhang, sluo, virt-maint
Target Milestone: rcKeywords: Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 952240 Environment:
Last Closed: 2013-11-01 09:47:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 952240    
Bug Blocks:    

Comment 1 Sibiao Luo 2013-11-01 09:27:51 UTC 
Met it in rhel7 host but different qemu core dumped. 
BTW, this issue also a different from bug 895436.
 
host info:
# uname -r && rpm -q qemu-kvm
3.10.0-37.el7.x86_64
qemu-kvm-1.5.3-10.el7.x86_64
guest info:
3.10.0-37.el7.x86_64

e.g:# /usr/libexec/qemu-kvm -M pc -enable-kvm -m 2048 -smp 2,sockets=1,cores=2,threads=1 -drive file=/home/sluo-rhel7cp1.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,serial=f82002eb-520c-469b-90c2-663277e90437,cache=none,werror=stop,rerror=stop,aio=native -device virtio-blk-pci,scsi=off,bus=pci.0,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 -net none -nodefaults -spice port=8000,disable-ticketing -k en-us -vga qxl -global qxl-vga.vram_size=67108864 -monitor unix:/tmp/test,server,nowait -monitor stdio

hotplug script:
# cat hotplug_disk.sh 
#!/bin/bash

for i in `seq 4 9` a b c d e f 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f; do
    for j in `seq 1 7` 0; do
        qemu-img create /tmp/resize$i$j.qcow2 1M -f qcow2
        sleep 2
        echo drive_add pci_addr=auto id=drv$i$j,file=/tmp/resize$i$j.qcow2,if=none | nc -U /tmp/test
        sleep 2 
        echo device_add virtio-blk-pci,id=dev$i$j,drive=drv$i$j,addr=0x$i.$j,multifunction=on | nc -U /tmp/test
    done
done

QEMU core dump log:
(qemu) [Thread 0x7fffeb300700 (LWP 8855) exited]
[New Thread 0x7fffeb300700 (LWP 9614)]
[Thread 0x7fffeb300700 (LWP 9614) exited]
qemu-kvm: /builddir/build/BUILD/qemu-1.5.3/exec.c:762: register_subpage: Assertion `existing->mr->subpage || existing->mr == &io_mem_unassigned' failed.

Program received signal SIGABRT, Aborted.
[Switching to Thread 0x7fffea8fe700 (LWP 8826)]
0x00007ffff32de999 in raise () from /lib64/libc.so.6

(gdb) bt
#0  0x00007ffff32de999 in raise () from /lib64/libc.so.6
#1  0x00007ffff32e00a8 in abort () from /lib64/libc.so.6
#2  0x00007ffff32d7906 in __assert_fail_base () from /lib64/libc.so.6
#3  0x00007ffff32d79b2 in __assert_fail () from /lib64/libc.so.6
#4  0x0000555555737d3c in register_subpage (d=d@entry=0x555564d3a7f0, section=section@entry=0x7fffea8fd730)
    at /usr/src/debug/qemu-1.5.3/exec.c:762
#5  0x0000555555737f62 in mem_add (listener=0x555564d3a7f8, section=<optimized out>)
    at /usr/src/debug/qemu-1.5.3/exec.c:822
#6  0x000055555578895c in address_space_update_topology_pass (as=as@entry=0x5555672119c0, adding=adding@entry=true, 
    old_view=..., new_view=...) at /usr/src/debug/qemu-1.5.3/memory.c:697
#7  0x00005555557894ed in address_space_update_topology (as=0x5555672119c0) at /usr/src/debug/qemu-1.5.3/memory.c:726
#8  memory_region_transaction_commit () at /usr/src/debug/qemu-1.5.3/memory.c:750
#9  0x000055555567f54c in pci_default_write_config (d=d@entry=0x5555610f20d0, addr=addr@entry=4, val=0, l=l@entry=2)
    at hw/pci/pci.c:1167
#10 0x00005555556b77ca in virtio_write_config (pci_dev=0x5555610f20d0, address=4, val=<optimized out>, len=2)
    at hw/virtio/virtio-pci.c:464
#11 0x0000555555786f12 in access_with_adjusted_size (addr=addr@entry=0, value=value@entry=0x7fffea8fdb58, size=2, 
    access_size_min=<optimized out>, access_size_max=<optimized out>, 
    access=access@entry=0x5555557874d0 <memory_region_write_accessor>, opaque=opaque@entry=0x555556663e68)
    at /usr/src/debug/qemu-1.5.3/memory.c:364
#12 0x00005555557883e7 in memory_region_iorange_write (iorange=<optimized out>, offset=0, width=2, data=7)
    at /usr/src/debug/qemu-1.5.3/memory.c:439
#13 0x0000555555785cc5 in kvm_handle_io (count=1, size=2, direction=1, data=<optimized out>, port=3324)
    at /usr/src/debug/qemu-1.5.3/kvm-all.c:1500
#14 kvm_cpu_exec (env=env@entry=0x55555664b250) at /usr/src/debug/qemu-1.5.3/kvm-all.c:1649
#15 0x0000555555731005 in qemu_kvm_cpu_thread_fn (arg=0x55555664b250) at /usr/src/debug/qemu-1.5.3/cpus.c:793
#16 0x00007ffff6259de3 in start_thread () from /lib64/libpthread.so.0
#17 0x00007ffff339f1ad in clone () from /lib64/libc.so.6
(gdb) bt full
#0  0x00007ffff32de999 in raise () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007ffff32e00a8 in abort () from /lib64/libc.so.6
No symbol table info available.
#2  0x00007ffff32d7906 in __assert_fail_base () from /lib64/libc.so.6
No symbol table info available.
#3  0x00007ffff32d79b2 in __assert_fail () from /lib64/libc.so.6
No symbol table info available.
#4  0x0000555555737d3c in register_subpage (d=d@entry=0x555564d3a7f0, section=section@entry=0x7fffea8fd730)
    at /usr/src/debug/qemu-1.5.3/exec.c:762
        subpage = <optimized out>
        base = 2147692544
        existing = <optimized out>
        subsection = {mr = 0x0, address_space = 0x0, offset_within_region = 0, size = 4096, 
          offset_within_address_space = 2147692544, readonly = false}
        start = <optimized out>
        end = <optimized out>
        __PRETTY_FUNCTION__ = "register_subpage"
#5  0x0000555555737f62 in mem_add (listener=0x555564d3a7f8, section=<optimized out>)
    at /usr/src/debug/qemu-1.5.3/exec.c:822
        d = 0x555564d3a7f0
        now = {mr = 0x55555f6d4358, address_space = 0x5555672119c0, offset_within_region = 0, size = 32, 
          offset_within_address_space = 2147692544, readonly = false}
        remain = {mr = 0x55555f6d4358, address_space = 0x5555672119c0, offset_within_region = 0, size = 32, 
          offset_within_address_space = <optimized out>, readonly = <optimized out>}
#6  0x000055555578895c in address_space_update_topology_pass (as=as@entry=0x5555672119c0, adding=adding@entry=true, 
    old_view=..., new_view=...) at /usr/src/debug/qemu-1.5.3/memory.c:697
        _listener = 0x555564d3a7f8
        iold = 108
        inew = 108
        frold = 0x7fffdfda6ba0
        frnew = 0x7fff4009b010
#7  0x00005555557894ed in address_space_update_topology (as=0x5555672119c0) at /usr/src/debug/qemu-1.5.3/memory.c:726
        old_view = {ranges = 0x7fffdfda5400, nr = 188, nr_allocated = <optimized out>}
        new_view = {ranges = 0x7fff40099870, nr = 188, nr_allocated = 320}
#8  memory_region_transaction_commit () at /usr/src/debug/qemu-1.5.3/memory.c:750
        as = 0x5555672119c0
#9  0x000055555567f54c in pci_default_write_config (d=d@entry=0x5555610f20d0, addr=addr@entry=4, val=0, l=l@entry=2)
    at hw/pci/pci.c:1167
        i = <optimized out>
        was_irq_disabled = 0
        __PRETTY_FUNCTION__ = "pci_default_write_config"
#10 0x00005555556b77ca in virtio_write_config (pci_dev=0x5555610f20d0, address=4, val=<optimized out>, len=2)
    at hw/virtio/virtio-pci.c:464
        proxy = 0x5555610f20d0
#11 0x0000555555786f12 in access_with_adjusted_size (addr=addr@entry=0, value=value@entry=0x7fffea8fdb58, size=2, 
    access_size_min=<optimized out>, access_size_max=<optimized out>, 
    access=access@entry=0x5555557874d0 <memory_region_write_accessor>, opaque=opaque@entry=0x555556663e68)
    at /usr/src/debug/qemu-1.5.3/memory.c:364
        access_mask = 65535
        access_size = 2
        i = <optimized out>
#12 0x00005555557883e7 in memory_region_iorange_write (iorange=<optimized out>, offset=0, width=2, data=7)
    at /usr/src/debug/qemu-1.5.3/memory.c:439
        mrio = <optimized out>
        mr = 0x555556663e68
        __PRETTY_FUNCTION__ = "memory_region_iorange_write"
#13 0x0000555555785cc5 in kvm_handle_io (count=1, size=2, direction=1, data=<optimized out>, port=3324)
    at /usr/src/debug/qemu-1.5.3/kvm-all.c:1500
        i = 0
        ptr = 0x7ffff7ff4000 "\a"
#14 kvm_cpu_exec (env=env@entry=0x55555664b250) at /usr/src/debug/qemu-1.5.3/kvm-all.c:1649
        cpu = 0x55555664b140
        __func__ = "kvm_cpu_exec"
        run = 0x7ffff7ff3000
        ret = <optimized out>
        run_ret = <optimized out>
#15 0x0000555555731005 in qemu_kvm_cpu_thread_fn (arg=0x55555664b250) at /usr/src/debug/qemu-1.5.3/cpus.c:793
        cpu = 0x55555664b140
        __func__ = "qemu_kvm_cpu_thread_fn"
        r = <optimized out>
#16 0x00007ffff6259de3 in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#17 0x00007ffff339f1ad in clone () from /lib64/libc.so.6
No symbol table info available.
(gdb)
Comment 2 Sibiao Luo 2013-11-01 09:43:03 UTC 
(In reply to Sibiao Luo from comment #1)
> Met it in rhel7 host but different qemu core dumped. 
> BTW, this issue also a different from bug 895436.
>  
> QEMU core dump log:
> (qemu) [Thread 0x7fffeb300700 (LWP 8855) exited]
> [New Thread 0x7fffeb300700 (LWP 9614)]
> [Thread 0x7fffeb300700 (LWP 9614) exited]
> qemu-kvm: /builddir/build/BUILD/qemu-1.5.3/exec.c:762: register_subpage:
> Assertion `existing->mr->subpage || existing->mr == &io_mem_unassigned'
> failed.
> 
From this core dumped point "register_subpage: Assertion `existing->mr->subpage || existing->mr == &io_mem_unassigned' failed.", this issue is the same to bug 895436 just with the different scenarios. In QE point, we can leave this bug here for testing only when it fixed, and marked '[TestOnly]' to the title.

Best Regards,
sluo
Comment 3 Amos Kong 2013-11-01 09:47:46 UTC 

*** This bug has been marked as a duplicate of bug 1003535 ***