Bug 1297267

Summary: reboot guest qemu core dump after delete tap1 in host
Product: Red Hat Enterprise Linux 6 Reporter: weliao <weliao>
Component: qemu-kvmAssignee: jason wang <jasowang>
Status: CLOSED WONTFIX QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.8CC: ailan, chayang, juzhang, mkenneth, rbalakri, virt-maint, xfu
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-01-15 02:46:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description weliao 2016-01-11 03:28:25 UTC 
Description of problem:
Launch guest with 4 NIC,then delete tap1 in host, reboot guest,qemu core dumped.

Version-Release number of selected component (if applicable):
2.6.32-595.el6.x86_64
qemu-kvm-0.12.1.2-2.483.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1.Launch guest with 4 Nics.
/usr/libexec/qemu-kvm -name rhel6.8 \
-machine pc  \
-drive id=drive_image1,if=none,cache=none,snapshot=off,format=qcow2,file=/mnt/RHEL-Server-6.7-64-virtio.qcow2 \
-device virtio-blk-pci,id=image1,drive=drive_image1,bus=pci.0,bootindex=0 \
-netdev tap,id=hostnet0,vhost=on \
-device virtio-net-pci,netdev=hostnet0,mac=52:56:25:93:79:67,id=net0,status=on \
-netdev tap,id=hostnet1,vhost=on -device virtio-net-pci,netdev=hostnet1,mac=52:56:25:93:79:61,id=net1,status=on \
-netdev tap,id=hostnet2,vhost=on \
-device virtio-net-pci,netdev=hostnet2,mac=52:56:25:93:79:62,id=net2,status=off \
-netdev tap,id=hostnet3,vhost=on \
-device virtio-net-pci,netdev=hostnet3,mac=52:56:25:93:79:63,id=net3,status=off  \
-m 2048 \
-smp 4,maxcpus=8,cores=4,threads=1,sockets=1 \
-cpu SandyBridge \
-boot menu=on -enable-kvm \
-qmp tcp:0:5556,nowait,server \
-monitor stdio -spice port=5901,disable-ticketing \
-global qxl-vga.vram_size=67108864 \
-vga qxl
2.delete tap1 in host
[root@dhcp-8-118 ~]# ip link del tap1
3.reboot guest

Actual results:
(qemu) inputs_detach_tablet: 
TUNSETVNETHDRSZ ioctl() failed: File descriptor in bad state. Exiting.
qemu-kvm: /builddir/build/BUILD/qemu-kvm-0.12.1.2/net/tap-linux.c:160: tap_fd_set_vnet_hdr_len: Assertion `0' failed.
Aborted (core dumped)

Expected results:
guest work well

Additional info:
gdb debug:
(gdb) bt full
#0  0x00007ffff4836625 in raise () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007ffff4837e05 in abort () from /lib64/libc.so.6
No symbol table info available.
#2  0x00007ffff482f74e in __assert_fail_base () from /lib64/libc.so.6
No symbol table info available.
#3  0x00007ffff482f810 in __assert_fail () from /lib64/libc.so.6
No symbol table info available.
#4  0x00007ffff7e2915e in tap_fd_set_vnet_hdr_len (fd=<value optimized out>, len=10) at /usr/src/debug/qemu-kvm-0.12.1.2/net/tap-linux.c:160
        __PRETTY_FUNCTION__ = "tap_fd_set_vnet_hdr_len"
#5  0x00007ffff7e28e1d in tap_set_vnet_hdr_len (nc=0x7ffff86f6b90, len=10) at /usr/src/debug/qemu-kvm-0.12.1.2/net/tap.c:252
        s = 0x7ffff86f6b90
        __PRETTY_FUNCTION__ = "tap_set_vnet_hdr_len"
#6  0x00007ffff7dcc7e1 in vhost_net_stop (net=0x7ffff8708250, dev=0x7ffff9323010) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/vhost_net.c:200
        file = {index = 2, fd = -1}
        __PRETTY_FUNCTION__ = "vhost_net_stop"
#7  0x00007ffff7dc6453 in virtio_net_vhost_status (vdev=0x7ffff9323010, status=0 '\000') at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-net.c:138
No locals.
#8  virtio_net_set_status (vdev=0x7ffff9323010, status=0 '\000') at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-net.c:147
        n = 0x7ffff9323010
#9  0x00007ffff7f18bb1 in virtio_set_status (opaque=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio.h:138
No locals.
#10 virtio_reset (opaque=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio.c:532
        vdev = 0x7ffff9323010
        i = <value optimized out>
#11 0x00007ffff7dc9855 in virtio_pci_reset (d=0x7ffff9312c20) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-pci.c:327
        proxy = 0x7ffff9312c20
#12 0x00007ffff7dae1d2 in qemu_system_reset (report=true) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:3417
        re = <value optimized out>
        nre = 0x7ffff9331f80
#13 0x00007ffff7dd40c0 in qemu_kvm_system_reset (report=true) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1992
        penv = 0x7ffff88a9f40
#14 0x00007ffff7dd42c3 in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2272
        fds = {32, 33}
        mask = {__val = {268443712, 0 <repeats 15 times>}}
        sigfd = 34
---Type <return> to continue, or q <return> to quit--- 
#15 0x00007ffff7db5317 in main_loop (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4273
        r = <value optimized out>
#16 main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6731
        gdbstub_dev = 0x0
        i = <value optimized out>
        snapshot = 0
        linux_boot = 0
        initrd_filename = 0x0
        kernel_filename = 0x0
        kernel_cmdline = 0x7ffff7f8a86f ""
        boot_devices = "cad", '\000' <repeats 29 times>
        ds = <value optimized out>
        dcl = <value optimized out>
        cyls = 0
        heads = 0
        secs = 0
        translation = 0
        hda_opts = 0x7ffff82f1498
        opts = <value optimized out>
        olist = <value optimized out>
        optind = 44
        optarg = 0x7fffffffe6f2 "qxl"
        loadvm = 0x0
        machine = 0x7ffff82ea7e0
        cpu_model = 0x7fffffffe654 "SandyBridge"
        fds = {9674912, 49030163}
        tb_size = 0
        pid_file = 0x0
        incoming = 0x0
        fd = 0
        pwd = 0x0
        chroot_dir = 0x0
        run_as = 0x0
        env = <value optimized out>
        show_vnc_port = 0
---Type <return> to continue, or q <return> to quit---
        defconfig = -12800
        defconfig_verbose = -131132264
        vmstate_dump_file = 0x0
Comment 2 weliao 2016-01-11 08:07:44 UTC 
retest 6.7 version :
Host: 
2.6.32-573.18.1.el6.x86_64
qemu-kvm-0.12.1.2-2.479.el6_7.3.x86_64
still hit this issue. so this bug not a regression.

tested with rhel7.2:
Host:
3.10.0-327.el7.x86_64
qemu-kvm-1.5.3-105.el7.x86_64
has a error message:
(qemu) TUNSETOFFLOAD ioctl() failed: File descriptor in bad state
qemu-kvm: unable to start vhost net: 22: falling back on userspace virtio
but qemu didn't core dumped.
Comment 3 jason wang 2016-01-15 02:46:58 UTC 
Not nice, but there's no way to qemu to recover from host mis-configuration currently. Close this as WONTFIX for RHEL6. May consider a better solution upstream.