Bug 1447257
Summary: | QEMU coredump while doing hexdump test onto virtio serial ports | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Min Deng <mdeng> |
Component: | qemu-kvm-rhev | Assignee: | Stefan Hajnoczi <stefanha> |
Status: | CLOSED ERRATA | QA Contact: | Sitong Liu <siliu> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 7.4 | CC: | chayang, coli, hhuang, juzhang, michen, pagupta, qzhang, siliu, stefanha, virt-maint, xfu |
Target Milestone: | rc | Keywords: | Regression |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | qemu-kvm-rhev-2.9.0-10.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-08-02 04:38:29 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Min Deng
2017-05-02 08:59:23 UTC
QE just tested it on ppc platform.For the results of x86 platform will be posted here by QE as soon as QE get result.Thanks a lot. It also can be reproduced on x86 kernel-3.10.0-660.el7.x86_64 qemu-kvm-rhev-2.9.0-2.el7.x86_64 Information, Program received signal SIGSEGV, Segmentation fault. 0x00005555557c7eb5 in do_flush_queued_data (port=0x555556d72e20, vq=0x5555599ee280, vdev=0x555559950510) at /usr/src/debug/qemu-2.9.0/hw/char/virtio-serial-bus.c:180 180 for (i = port->iov_idx; i < port->elem->out_num; i++) { Missing separate debuginfos, use: debuginfo-install alsa-lib-1.1.1-1.el7.x86_64 boost-iostreams-1.53.0-27.el7.x86_64 boost-random-1.53.0-27.el7.x86_64 boost-system-1.53.0-27.el7.x86_64 boost-thread-1.53.0-27.el7.x86_64 bzip2-libs-1.0.6-13.el7.x86_64 celt051-0.5.1.3-8.el7.x86_64 cyrus-sasl-lib-2.1.26-20.el7_2.x86_64 cyrus-sasl-md5-2.1.26-20.el7_2.x86_64 cyrus-sasl-plain-2.1.26-20.el7_2.x86_64 dbus-libs-1.6.12-17.el7.x86_64 elfutils-libelf-0.166-2.el7.x86_64 elfutils-libs-0.166-2.el7.x86_64 flac-libs-1.3.0-5.el7_1.x86_64 glib2-2.46.2-4.el7.x86_64 glibc-2.17-157.el7.x86_64 glusterfs-api-3.8.4-18.el7.x86_64 glusterfs-libs-3.8.4-18.el7.x86_64 gmp-6.0.0-12.el7_1.x86_64 gnutls-3.3.24-1.el7.x86_64 gperftools-libs-2.4-8.el7.x86_64 gsm-1.0.13-11.el7.x86_64 json-c-0.11-4.el7_0.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.14.1-26.el7.x86_64 libICE-1.0.9-2.el7.x86_64 libSM-1.2.2-2.el7.x86_64 libX11-1.6.3-3.el7.x86_64 libXau-1.0.8-2.1.el7.x86_64 libXext-1.3.3-3.el7.x86_64 libXi-1.7.4-2.el7.x86_64 libXtst-1.2.2-2.1.el7.x86_64 libacl-2.2.51-12.el7.x86_64 libaio-0.3.109-13.el7.x86_64 libasyncns-0.8-7.el7.x86_64 libattr-2.4.46-12.el7.x86_64 libblkid-2.23.2-33.el7.x86_64 libcacard-2.5.2-2.el7.x86_64 libcap-2.22-8.el7.x86_64 libcom_err-1.42.9-9.el7.x86_64 libcurl-7.29.0-35.el7.x86_64 libdb-5.3.21-19.el7.x86_64 libffi-3.0.13-18.el7.x86_64 libgcc-4.8.5-11.el7.x86_64 libgcrypt-1.5.3-12.el7_1.1.x86_64 libgpg-error-1.12-3.el7.x86_64 libibverbs-1.2.1-1.el7.x86_64 libidn-1.28-4.el7.x86_64 libiscsi-1.9.0-7.el7.x86_64 libjpeg-turbo-1.2.90-5.el7.x86_64 libnl3-3.2.28-2.el7.x86_64 libogg-1.3.0-7.el7.x86_64 libpng-1.5.13-7.el7_2.x86_64 librados2-10.2.5-2.el7.x86_64 librbd1-10.2.5-2.el7.x86_64 librdmacm-1.1.0-2.el7.x86_64 libseccomp-2.3.1-2.el7.x86_64 libselinux-2.5-6.el7.x86_64 libsndfile-1.0.25-10.el7.x86_64 libssh2-1.4.3-10.el7_2.1.x86_64 libstdc++-4.8.5-11.el7.x86_64 libtasn1-3.8-3.el7.x86_64 libunwind-1.1-5.el7_2.2.x86_64 libusbx-1.0.20-1.el7.x86_64 libuuid-2.23.2-33.el7.x86_64 libvorbis-1.3.3-8.el7.x86_64 libxcb-1.11-4.el7.x86_64 lzo-2.06-8.el7.x86_64 nettle-2.7.1-8.el7.x86_64 nspr-4.11.0-1.el7_2.x86_64 nss-3.21.0-17.el7.x86_64 nss-softokn-freebl-3.16.2.3-14.4.el7.x86_64 nss-util-3.21.0-2.2.el7_2.x86_64 numactl-libs-2.0.9-6.el7_2.x86_64 openldap-2.4.40-13.el7.x86_64 openssl-libs-1.0.1e-60.el7.x86_64 p11-kit-0.20.7-3.el7.x86_64 pcre-8.32-15.el7_2.1.x86_64 pixman-0.34.0-1.el7.x86_64 pulseaudio-libs-6.0-8.el7.x86_64 snappy-1.1.0-3.el7.x86_64 spice-server-0.12.8-2.el7.x86_64 systemd-libs-219-30.el7.x86_64 tcp_wrappers-libs-7.6-77.el7.x86_64 trousers-0.3.13-1.el7.x86_64 usbredir-0.7.1-1.el7.x86_64 xz-libs-5.2.2-1.el7.x86_64 zlib-1.2.7-17.el7.x86_64 (gdb) bt #0 0x00005555557c7eb5 in do_flush_queued_data (port=0x555556d72e20, vq=0x5555599ee280, vdev=0x555559950510) at /usr/src/debug/qemu-2.9.0/hw/char/virtio-serial-bus.c:180 #1 0x0000555555a69fc1 in aio_bh_poll (bh=0x555559a52d20) at util/async.c:90 #2 0x0000555555a69fc1 in aio_bh_poll (ctx=ctx@entry=0x555556ced700) at util/async.c:118 #3 0x0000555555a6ccd0 in aio_dispatch (ctx=0x555556ced700) at util/aio-posix.c:429 #4 0x0000555555a69e9e in aio_ctx_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at util/async.c:261 #5 0x00007fffe0cb1d7a in g_main_context_dispatch () at /lib64/libglib-2.0.so.0 #6 0x0000555555a6bf8c in main_loop_wait () at util/main-loop.c:213 #7 0x0000555555a6bf8c in main_loop_wait (timeout=<optimized out>) at util/main-loop.c:261 #8 0x0000555555a6bf8c in main_loop_wait (nonblocking=nonblocking@entry=0) at util/main-loop.c:517 #9 0x000055555575bfbc in main () at vl.c:1898 #10 0x000055555575bfbc in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4720 There is a similar coredump, when ctrl+c the data receive during data transfer on virtio-serial. FYI. Version-Release: kernel 3.10.0-657.el7.x86_64 qemu-img-rhev-2.9.0-3.el7.x86_64 steps: 1. boot up guest with two serial ports. -device virtio-serial-pci,id=virtio-serial0,max_ports=16 \ -chardev socket,id=channel1,path=/tmp/helloworld1,server,nowait \ -device virtserialport,chardev=channel1,name=com.redhat.rhevm.vdsm,bus=virtio-serial0.0,id=port1 \ -chardev socket,id=channel2,path=/tmp/helloworld2,server,nowait \ -device virtserialport,chardev=channel2,name=com.redhat.rhevm.vdsm2,bus=virtio-serial0.0,id=port2 \ 2. Login guest and sending data to /dev/vport0p1 in a loop 3. Receiving data in host using "nc -U /tmp/helloworld1" 4. Ctrl+C to interrupt the host for several times. It will trigger coredump. gdb -r core.19073 GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-99.el7 Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... [New LWP 19073] [New LWP 19092] [New LWP 19088] [New LWP 19090] [New LWP 19074] [New LWP 19091] [New LWP 19160] Reading symbols from /usr/libexec/qemu-kvm...Reading symbols from /usr/lib/debug/usr/libexec/qemu-kvm.debug...expanding to full symbols...done. expanding to full symbols...done. [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Core was generated by `/usr/libexec/qemu-kvm -name seabios-test -enable-kvm -m 4G -cpu SandyBridge -sm'. Program terminated with signal 11, Segmentation fault. #0 0x000055614d6e5f45 in do_flush_queued_data (port=0x55614fc0e520, vq=0x556151d7a280, vdev=0x556151cf4510) at /usr/src/debug/qemu-2.9.0/hw/char/virtio-serial-bus.c:180 180 for (i = port->iov_idx; i < port->elem->out_num; i++) { Missing separate debuginfos, use: debuginfo-install alsa-lib-1.1.3-3.el7.x86_64 boost-iostreams-1.53.0-27.el7.x86_64 boost-random-1.53.0-27.el7.x86_64 boost-system-1.53.0-27.el7.x86_64 boost-thread-1.53.0-27.el7.x86_64 bzip2-libs-1.0.6-13.el7.x86_64 celt051-0.5.1.3-8.el7.x86_64 cyrus-sasl-gssapi-2.1.26-21.el7.x86_64 cyrus-sasl-lib-2.1.26-21.el7.x86_64 cyrus-sasl-md5-2.1.26-21.el7.x86_64 cyrus-sasl-plain-2.1.26-21.el7.x86_64 dbus-libs-1.6.12-17.el7.x86_64 elfutils-libelf-0.168-5.el7.x86_64 elfutils-libs-0.168-5.el7.x86_64 flac-libs-1.3.0-5.el7_1.x86_64 glib2-2.50.3-2.el7.x86_64 glibc-2.17-192.el7.x86_64 glusterfs-api-3.8.4-18.el7.x86_64 glusterfs-libs-3.8.4-18.el7.x86_64 gmp-6.0.0-15.el7.x86_64 gnutls-3.3.26-7.el7.x86_64 gsm-1.0.13-11.el7.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.15.1-7.el7.x86_64 libICE-1.0.9-5.el7.x86_64 libSM-1.2.2-2.el7.x86_64 libX11-1.6.4-4.el7.x86_64 libXau-1.0.8-2.1.el7.x86_64 libXext-1.3.3-3.el7.x86_64 libXi-1.7.9-1.el7.x86_64 libXtst-1.2.3-1.el7.x86_64 libacl-2.2.51-12.el7.x86_64 libaio-0.3.109-13.el7.x86_64 libasyncns-0.8-7.el7.x86_64 libattr-2.4.46-12.el7.x86_64 libblkid-2.23.2-39.el7.x86_64 libcacard-2.5.2-2.el7.x86_64 libcap-2.22-9.el7.x86_64 libcom_err-1.42.9-10.el7.x86_64 libcurl-7.29.0-42.el7.x86_64 libdb-5.3.21-20.el7.x86_64 libffi-3.0.13-18.el7.x86_64 libgcc-4.8.5-14.el7.x86_64 libgcrypt-1.5.3-14.el7.x86_64 libgpg-error-1.12-3.el7.x86_64 libibverbs-13-5.el7.x86_64 libidn-1.28-4.el7.x86_64 libiscsi-1.9.0-7.el7.x86_64 libjpeg-turbo-1.2.90-5.el7.x86_64 libmount-2.23.2-39.el7.x86_64 libnl3-3.2.28-4.el7.x86_64 libogg-1.3.0-7.el7.x86_64 libpng-1.5.13-7.el7_2.x86_64 librados2-10.2.5-2.el7.x86_64 librbd1-10.2.5-2.el7.x86_64 librdmacm-13-5.el7.x86_64 libseccomp-2.3.1-3.el7.x86_64 libselinux-2.5-11.el7.x86_64 libsndfile-1.0.25-10.el7.x86_64 libssh2-1.4.3-10.el7_2.1.x86_64 libstdc++-4.8.5-14.el7.x86_64 libtasn1-4.10-1.el7.x86_64 libunwind-1.2-2.el7.x86_64 libusbx-1.0.20-1.el7.x86_64 libuuid-2.23.2-39.el7.x86_64 libvorbis-1.3.3-8.el7.x86_64 libxcb-1.12-1.el7.x86_64 lzo-2.06-8.el7.x86_64 nettle-2.7.1-8.el7.x86_64 nspr-4.13.1-1.0.el7_3.x86_64 nss-3.28.4-3.el7.x86_64 nss-softokn-freebl-3.28.3-4.el7.x86_64 nss-util-3.28.4-2.el7.x86_64 numactl-libs-2.0.9-6.el7_2.x86_64 openldap-2.4.44-4.el7.x86_64 openssl-libs-1.0.2k-7.el7.x86_64 p11-kit-0.23.5-1.el7.x86_64 pcre-8.32-17.el7.x86_64 pixman-0.34.0-1.el7.x86_64 pulseaudio-libs-10.0-3.el7.x86_64 snappy-1.1.0-3.el7.x86_64 spice-server-0.12.8-2.el7.x86_64 systemd-libs-219-38.el7.x86_64 tcp_wrappers-libs-7.6-77.el7.x86_64 usbredir-0.7.1-2.el7.x86_64 xz-libs-5.2.2-1.el7.x86_64 zlib-1.2.7-17.el7.x86_64 (gdb) bt #0 0x000055614d6e5f45 in do_flush_queued_data (port=0x55614fc0e520, vq=0x556151d7a280, vdev=0x556151cf4510) at /usr/src/debug/qemu-2.9.0/hw/char/virtio-serial-bus.c:180 #1 0x000055614d986ea1 in aio_bh_poll (bh=0x556151c395f0) at util/async.c:90 #2 0x000055614d986ea1 in aio_bh_poll (ctx=0x55614fb89700) at util/async.c:118 #3 0x000055614d989bb0 in aio_dispatch (ctx=0x55614fb89700) at util/aio-posix.c:429 #4 0x000055614d986d7e in aio_ctx_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at util/async.c:261 #5 0x00007fae5ee864c9 in g_main_context_dispatch () at /lib64/libglib-2.0.so.0 #6 0x000055614d988e6c in main_loop_wait () at util/main-loop.c:213 #7 0x000055614d988e6c in main_loop_wait (timeout=<optimized out>) at util/main-loop.c:261 #8 0x000055614d988e6c in main_loop_wait (nonblocking=<optimized out>) at util/main-loop.c:517 #9 0x000055614d67a01c in main () This test scenario cause qemu-kvm process "core dump" directly. From QE point of view. This is a important bug. Do you have plan to fix this bug in RHEL7.4? Hi, I am looking into this. Did this bug occur in qemu-kvm-rhev 2.8 or before as well? Can you also please provide Qemu core dump. Thanks, Pankaj Sent "[PATCH] virtio-serial: fix segfault on disconnect" to qemu-devel. (In reply to Stefan Hajnoczi from comment #17) > Sent "[PATCH] virtio-serial: fix segfault on disconnect" to > qemu-devel. But this was sent upstream. POST means a backport has been posted to rhvirt-patches (unless we're planning a rebase, in this case we switch the BZ to POST and add the upstream version to "Fixed in version" after it's merged upstream). (In reply to Ademar Reis from comment #19) > (In reply to Stefan Hajnoczi from comment #17) > > Sent "[PATCH] virtio-serial: fix segfault on disconnect" to > > qemu-devel. > > But this was sent upstream. POST means a backport has been posted to > rhvirt-patches (unless we're planning a rebase, in this case we switch the > BZ to POST and add the upstream version to "Fixed in version" after it's > merged upstream). I wonder if the Bugzilla "Status" field help can be reworded: "POST This bug report has a fix that has been posted for review, either upstream or internally, by the Assigned Engineer. Use of this state is optional. Some teams, such as kernel and virtualization, use it." Backport posted to rhvirt-patches. Fix included in qemu-kvm-rhev-2.9.0-10.el7 Reproduced bug with qemu-kvm-rhev-2.9.0-8.el7.x86_64. steps: 1. Boot guest ....-rtc base=localtime,clock=host,driftfix=slew -drive file=/home/rhel74.qcow2,if=none,id=drive-system-disk,format=qcow2,cache=none,aio=native,werror=stop,rerror=stop,serial=QEMU-DISK1 -device virtio-scsi-pci,id=scsi0,bus=pci.0,ioeventfd=off -device scsi-hd,bus=scsi0.0,drive=drive-system-disk,id=system-disk,channel=0,scsi-id=0,lun=0,ver=mike,serial=ababab,bootindex=1 -device virtio-serial-pci,id=virtio-serial0,max_ports=16 -chardev socket,id=channel1,path=/tmp/helloworld1,server,nowait -device virtserialport,chardev=channel1,name=com.redhat.rhevm.vdsm,bus=virtio-serial0.0,id=port1 -chardev socket,id=channel2,path=/tmp/helloworld2,server,nowait -device virtserialport,chardev=channel2,name=com.redhat.rhevm.vdsm2,bus=virtio-serial0.0,id=port2 2. inside guest #hexdump -C /dev/sda > /dev/vport2P1 3. on host #nc -U /tmp/helloworld1 4.ctrl+c inside guest 5.ctrl+c on host result: qemu-kvm process Segmentfault Verified bug with qemu-kvm-rhev-2.9.0-8.el7.x86_64. Repeat 10 times as above(step2~5). Guest works well. QE will run a regression testing via automated test case later. Base on test result in comment24 & 25. set this bug as verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:2392 |