Bug 1230068

Summary: Segmentation fault when re-adding virtio-rng-pci device
Product: Red Hat Enterprise Linux 6 Reporter: Gal Hammer <ghammer>
Component: qemu-kvmAssignee: Gal Hammer <ghammer>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.8CC: areis, chayang, ghammer, jinzhao, juzhang, mkenneth, qzhang, rbalakri, rpacheco, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qemu-kvm-0.12.1.2-2.480.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-10 20:59:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1200654    

Description Gal Hammer 2015-06-10 08:22:38 UTC 
Version-Release number of selected component (if applicable): qemu-kvm-0.12.1.2-2.478.el6.x86_64

How reproducible:

Steps to Reproduce:
1. Start a VM with "-object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0,id=virtrng0"
2. Monitor command: "device_del virtrng0"
3. Monitor command: "device_add virtio-rng-pci,rng=rng0,id=virtrng0"

Actual results:

Program terminated with signal 11, Segmentation fault.
#0  0x00007f3a18792c59 in object_class_dynamic_cast (class=0x7f3a1a3740d0, typename=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/qom/object.c:496
496         if (type->class->interfaces &&

(gdb) bt
#0  0x00007f3a18792c59 in object_class_dynamic_cast (class=0x7f3a1a3740d0, typename=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/qom/object.c:496
#1  0x00007f3a18792cf8 in object_dynamic_cast (obj=0x7f3a1a3740d0, typename=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/qom/object.c:428
#2  0x00007f3a18794458 in object_resolve_path_type (path=<value optimized out>, typename=0x7f3a18885ff4 "rng-backend", ambiguous=0x0)
    at /usr/src/debug/qemu-kvm-0.12.1.2/qom/object.c:1199
#3  0x00007f3a186dac42 in virtio_rng_init_pci (pci_dev=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-pci.c:963
#4  0x00007f3a186d1366 in pci_qdev_init (qdev=0x7f3a1bf9cc50, base=0x7f3a18bd8668) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/pci.c:1659
#5  0x00007f3a1875cb88 in qdev_init (dev=0x7f3a1bf9cc50) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev.c:285
#6  0x00007f3a1875cf9f in qdev_device_add (opts=0x7f3a1b175fb0) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev.c:260
#7  0x00007f3a1875d59b in do_device_add (mon=<value optimized out>, qdict=<value optimized out>, ret_data=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev.c:894
#8  0x00007f3a186c94c0 in monitor_call_handler (mon=<value optimized out>, cmd=0x7f3a18bd0908, params=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:4377
#9  0x00007f3a186ce94f in handle_user_command (mon=0x7f3a1a5638d0, cmdline=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:4414
#10 0x00007f3a186cea87 in monitor_command_cb (mon=0x7f3a1a5638d0, cmdline=<value optimized out>, opaque=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:5052
#11 0x00007f3a1873c56d in readline_handle_byte (rs=0x7f3a1cd8ee40, ch=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/readline.c:369
#12 0x00007f3a186cecb5 in monitor_read (opaque=<value optimized out>, buf=0x7ffd69bfbc40 "\r\276\277i\375\177", size=1)
    at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:5038
#13 0x00007f3a187536af in qemu_chr_be_write (chan=<value optimized out>, cond=<value optimized out>, opaque=0x7f3a1a374e20)
    at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-char.c:192
#14 fd_chr_read (chan=<value optimized out>, cond=<value optimized out>, opaque=0x7f3a1a374e20) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-char.c:797
#15 0x00007f3a17b14642 in g_main_dispatch (context=0x7f3a1a374d30) at gmain.c:2441
#16 g_main_context_dispatch (context=0x7f3a1a374d30) at gmain.c:3014
#17 0x00007f3a186c1910 in glib_pollfds_poll (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4053
#18 main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4079
#19 0x00007f3a186e51ba in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2258
#20 0x00007f3a186c6317 in main_loop (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4273
#21 main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6731

Expected results:

The device would reappear in "info pci" and can be used by the guest.
Comment 1 Gal Hammer 2015-06-10 10:25:05 UTC 
I have a patch which fix this issue and will be submitted soon (I'm waiting for brew build).
Comment 2 Gal Hammer 2015-06-10 12:39:03 UTC 
A patch was posted.
Comment 5 Jeff Nelson 2015-08-06 17:55:36 UTC 
Fix included in qemu-kvm-0.12.1.2-2.480.el6
Comment 7 jingzhao 2015-12-30 06:22:07 UTC 
Verified it with following version and didn't hit this issue.
kernel version:2.6.32-595.el6.x86_64
qemu-img-0.12.1.2-2.482.el6.x86_64
guest: rhel6

The steps
1: Boot vm with following cli:

/usr/libexec/qemu-kvm \
-name rhel6 \
-machine rhel6.6.0,accel=kvm \
-realtime mlock=off \
-cpu SandyBridge \
-m 6G   \
-smp 4,cores=2,threads=1,sockets=2  \
-uuid 49a3438a-70a3-4ba8-92ce-3a05e0934608 \
-nodefaults \
-rtc base=utc,driftfix=slew \
-monitor unix:/tmp/monitor-unix,server,nowait \
-global kvm-pit.lost_tick_policy=discard \
-global PIIX4_PM.disable_s3=1 \
-global PIIX4_PM.disable_s4=1 \
-boot order=c,menu=on,strict=on \
-device usb-ehci,id=ehci \
-drive file=/home/usb/storage.qcow2,if=none,id=storage1,format=qcow2 \
-device usb-storage,drive=storage1,bus=ehci.0 \
-drive file=/home/usb/rhel6.img,if=none,id=ide,media=disk,cache=none,format=raw \
-device ide-drive,drive=ide,id=ide0 \
-cdrom /usr/share/virtio-win/virtio-win.iso \
-netdev tap,id=hostnet1  \
-device e1000,netdev=hostnet1,id=virtio-net-pci1,mac=b6:2f:a8:85:72:6c,bus=pci.0,multifunction=off \
-monitor stdio \
-qmp tcp:0:4466,server,nowait -serial unix:/tmp/ttym,server,nowait \
-vga qxl \
-spice port=5910,addr=0.0.0.0,disable-ticketing,seamless-migration=on \
-object rng-random,filename=/dev/urandom,id=rng0 \
-device virtio-rng-pci,rng=rng0,id=virtrng0 \
-k en-us \

2. Monitor command: "device_del virtrng0"
3. Monitor command: "device_add virtio-rng-pci,rng=rng0,id=virtrng0"
4. Device appear with monitor command "info pci"

  Bus  0, device   5, function 0:
    Class 0255: PCI device 1af4:1005
      IRQ 0.
      BAR0: I/O at 0x1000 [0x101f].
      id "virtrng0"
5. In guest, the current hwrng device is used
[root@localhost ~]# cat /sys/devices/virtual/misc/hw_random/rng_available 
virtio 
[root@localhost ~]# cat /sys/devices/virtual/misc/hw_random/rng_current 
virtio
Comment 8 jingzhao 2015-12-30 07:53:48 UTC 
Can reproduced this issue with qemu-kvm-0.12.1.2-2.478.el6.x86_64
Comment 9 jingzhao 2015-12-30 08:00:01 UTC 
Found another issue when verified this issue
-- RNG device didn't deleted when ran command: "device_del virtrng0" in monitor at the first time

kernel version:2.6.32-595.el6.x86_64
qemu-img-0.12.1.2-2.482.el6.x86_64
guest: rhel6

Reproduced steps:
1: Boot vm with following cli:

/usr/libexec/qemu-kvm \
-name rhel6 \
-machine rhel6.6.0,accel=kvm \
-realtime mlock=off \
-cpu SandyBridge \
-m 6G   \
-smp 4,cores=2,threads=1,sockets=2  \
-uuid 49a3438a-70a3-4ba8-92ce-3a05e0934608 \
-nodefaults \
-rtc base=utc,driftfix=slew \
-monitor unix:/tmp/monitor-unix,server,nowait \
-global kvm-pit.lost_tick_policy=discard \
-global PIIX4_PM.disable_s3=1 \
-global PIIX4_PM.disable_s4=1 \
-boot order=c,menu=on,strict=on \
-device usb-ehci,id=ehci \
-drive file=/home/usb/storage.qcow2,if=none,id=storage1,format=qcow2 \
-device usb-storage,drive=storage1,bus=ehci.0 \
-drive file=/home/usb/rhel6.img,if=none,id=ide,media=disk,cache=none,format=raw \
-device ide-drive,drive=ide,id=ide0 \
-cdrom /usr/share/virtio-win/virtio-win.iso \
-netdev tap,id=hostnet1  \
-device e1000,netdev=hostnet1,id=virtio-net-pci1,mac=b6:2f:a8:85:72:6c,bus=pci.0,multifunction=off \
-monitor stdio \
-qmp tcp:0:4466,server,nowait -serial unix:/tmp/ttym,server,nowait \
-vga qxl \
-spice port=5910,addr=0.0.0.0,disable-ticketing,seamless-migration=on \
-object rng-random,filename=/dev/urandom,id=rng0 \
-device virtio-rng-pci,rng=rng0,id=virtrng0 \
-k en-us \

2. Monitor command: "device_del virtrng0"
3. Check the rng device through monitor command "info pci"

Actual result: the RNG device didn't deleted, we must executed monitor command: "device_del virtrng0" again and the device should be deleted

Expected result: the RNG device should be deleted when executed monitor command: "device_del virtrng0" at the first time.

Could you help check this issue and should we open a new bug for tracking this issue.

Thanks
Jing
Comment 10 Gal Hammer 2015-12-31 08:54:12 UTC 
(In reply to jingzhao from comment #8)
> Can reproduced this issue with qemu-kvm-0.12.1.2-2.478.el6.x86_64

Are both problems are reproduced in qemu-kvm-0.12.1.2-2.480.el6?
Comment 16 errata-xmlrpc 2016-05-10 20:59:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0815.html