Bug 1447257

Summary:	QEMU coredump while doing hexdump test onto virtio serial ports
Product:	Red Hat Enterprise Linux 7	Reporter:	Min Deng <mdeng>
Component:	qemu-kvm-rhev	Assignee:	Stefan Hajnoczi <stefanha>
Status:	CLOSED ERRATA	QA Contact:	Sitong Liu <siliu>
Severity:	high	Docs Contact:
Priority:	high
Version:	7.4	CC:	chayang, coli, hhuang, juzhang, michen, pagupta, qzhang, siliu, stefanha, virt-maint, xfu
Target Milestone:	rc	Keywords:	Regression
Target Release:	---
Hardware:	All
OS:	Unspecified
Whiteboard:
Fixed In Version:	qemu-kvm-rhev-2.9.0-10.el7	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2017-08-02 04:38:29 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Min Deng 2017-05-02 08:59:23 UTC

Description of problem:
QEMU coredump while doing hexdump test onto virtio serial ports within guest.
Version-Release number of selected component (if applicable):
kernel-3.10.0-657.el7.ppc64le (host and guest)
qemu-kvm-rhev-2.9.0-2.el7.ppc64le
SLOF-20170303-1.git66d250e.el7.noarch
How reproducible:
4/4
Steps to Reproduce:
1.boot up guest with the following cli,
  /usr/libexec/qemu-kvm -name virt-tests-vm1 -sandbox off -machine pseries-rhel7.4.0 -nodefaults -vga std -device virtio-blk-pci,id=virtio_blk_pci0,disable-legacy=off,disable-modern=off,drive=drive_image1 -drive id=drive_image1,if=none,cache=none,aio=native,format=qcow2,file=rhel74-ppc64le-virtio-scsi-latest.qcow2 -qmp tcp:0:4444,server,nowait -vnc :1 -rtc base=utc,clock=host,driftfix=slew -boot order=cdn,once=c,menu=off,strict=off -monitor stdio -device nec-usb-xhci,id=usb1 -device usb-kbd,id=input0 -device usb-mouse,id=input1 -device usb-tablet,id=input2 -netdev tap,script=/etc/qemu-ifup,downscript=/etc/qemu-down,id=hostnet1,vhost=on -device virtio-net-pci,netdev=hostnet1,id=net1,mac=00:52:11:36:3f:01 -machine accel=kvm:tcg -chardev socket,id=serial_id_serial0,path=/tmp/min,server,nowait -device spapr-vty,reg=0x30000000,chardev=serial_id_serial0 -realtime mlock=on -m 4G,slots=32,maxmem=40G -smp 12 -device virtio-serial-pci,id=virtio-serial0,max_ports=16,bus=pci.0,addr=0x4 -chardev socket,id=channel0,host=127.0.0.1,port=12345,server,nowait -device virtserialport,chardev=channel0,name=org.linux-kvm.port.0,bus=virtio-serial0.0,id=port1
2.Login guest and do 
  hexdump -C /dev/vda1 > /dev/vport2P1
3.Be back to host and do
  hexdump -C /dev/sda|nc 127.0.0.1 12345
  wait for several secs
4.Ctrl + c to interrupt step3
5.Be back to guest 
  hexdump -C /dev/vda1 > /dev/vport2P1
Actual results:
QEMU coredump 

Expected results:
The guest should run well

Additional info:

BT log
Program received signal SIGSEGV, Segmentation fault.
0x0000000050351154 in do_flush_queued_data (port=0x516f3a80, vq=0x53420280, vdev=0x53368510) at /usr/src/debug/qemu-2.9.0/hw/char/virtio-serial-bus.c:180
180	        for (i = port->iov_idx; i < port->elem->out_num; i++) {
Missing separate debuginfos, use: debuginfo-install alsa-lib-1.1.3-3.el7.ppc64le bzip2-libs-1.0.6-13.el7.ppc64le cyrus-sasl-lib-2.1.26-21.el7.ppc64le cyrus-sasl-md5-2.1.26-21.el7.ppc64le cyrus-sasl-plain-2.1.26-21.el7.ppc64le cyrus-sasl-scram-2.1.26-21.el7.ppc64le dbus-libs-1.6.12-17.el7.ppc64le elfutils-libelf-0.168-5.el7.ppc64le elfutils-libs-0.168-5.el7.ppc64le flac-libs-1.3.0-5.el7_1.ppc64le glib2-2.50.3-2.el7.ppc64le glibc-2.17-189.el7.ppc64le gmp-6.0.0-15.el7.ppc64le gnutls-3.3.26-6.el7.ppc64le gperftools-libs-2.4-8.el7.ppc64le gsm-1.0.13-11.el7.ppc64le keyutils-libs-1.5.8-3.el7.ppc64le krb5-libs-1.15.1-5.el7.ppc64le libICE-1.0.9-5.el7.ppc64le libSM-1.2.2-2.el7.ppc64le libX11-1.6.4-4.el7.ppc64le libXau-1.0.8-2.1.el7.ppc64le libXext-1.3.3-3.el7.ppc64le libXi-1.7.9-1.el7.ppc64le libXtst-1.2.3-1.el7.ppc64le libaio-0.3.109-13.el7.ppc64le libasyncns-0.8-7.el7.ppc64le libattr-2.4.46-12.el7.ppc64le libcap-2.22-9.el7.ppc64le libcom_err-1.42.9-9.el7.ppc64le libcurl-7.29.0-39.el7.ppc64le libdb-5.3.21-20.el7.ppc64le libfdt-1.4.3-1.el7.ppc64le libffi-3.0.13-18.el7.ppc64le libgcc-4.8.5-14.el7.ppc64le libgcrypt-1.5.3-14.el7.ppc64le libgpg-error-1.12-3.el7.ppc64le libibverbs-13-1.el7.ppc64le libidn-1.28-4.el7.ppc64le libiscsi-1.9.0-7.el7.ppc64le libnl3-3.2.28-3.el7_3.ppc64le libogg-1.3.0-7.el7.ppc64le libpng-1.5.13-7.el7_2.ppc64le librdmacm-13-1.el7.ppc64le libseccomp-2.3.1-3.el7.ppc64le libselinux-2.5-11.el7.ppc64le libsndfile-1.0.25-10.el7.ppc64le libssh2-1.4.3-10.el7_2.1.ppc64le libstdc++-4.8.5-14.el7.ppc64le libtasn1-4.10-1.el7.ppc64le libusbx-1.0.20-1.el7.ppc64le libuuid-2.23.2-36.el7.ppc64le libvorbis-1.3.3-8.el7.ppc64le libxcb-1.12-1.el7.ppc64le lzo-2.06-8.el7.ppc64le nettle-2.7.1-8.el7.ppc64le nspr-4.13.1-1.0.el7.ppc64le nss-3.28.3-4.el7.ppc64le nss-softokn-freebl-3.28.3-2.el7.ppc64le nss-util-3.28.3-3.el7.ppc64le numactl-libs-2.0.9-6.el7_2.ppc64le openldap-2.4.44-3.el7.ppc64le openssl-libs-1.0.2k-4.el7.ppc64le p11-kit-0.23.5-1.el7.ppc64le pcre-8.32-17.el7.ppc64le pixman-0.34.0-1.el7.ppc64le pulseaudio-libs-10.0-3.el7.ppc64le snappy-1.1.0-3.el7.ppc64le systemd-libs-219-32.el7.ppc64le tcp_wrappers-libs-7.6-77.el7.ppc64le xz-libs-5.2.2-1.el7.ppc64le zlib-1.2.7-17.el7.ppc64le
(gdb) bt
#0  0x0000000050351154 in do_flush_queued_data (port=0x516f3a80, vq=0x53420280, vdev=0x53368510) at /usr/src/debug/qemu-2.9.0/hw/char/virtio-serial-bus.c:180
#1  0x000000005037c65c in virtio_queue_notify_vq (vq=0x53420280) at /usr/src/debug/qemu-2.9.0/hw/virtio/virtio.c:1526
#2  virtio_queue_host_notifier_read (n=0x534202e8) at /usr/src/debug/qemu-2.9.0/hw/virtio/virtio.c:2449
#3  0x00000000506c17bc in aio_dispatch_handlers (ctx=0x515d1900) at util/aio-posix.c:399
#4  0x00000000506c2414 in aio_dispatch (ctx=0x515d1900) at util/aio-posix.c:430
#5  0x00000000506bd7c0 in aio_ctx_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at util/async.c:261
#6  0x00003fffb7463ab0 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#7  0x00000000506c0f04 in glib_pollfds_poll () at util/main-loop.c:213
#8  os_host_main_loop_wait (timeout=<optimized out>) at util/main-loop.c:261
#9  main_loop_wait (nonblocking=<optimized out>) at util/main-loop.c:517
#10 0x00000000502abf88 in main_loop () at vl.c:1898
#11 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4720

Comment 2 Min Deng 2017-05-02 09:02:34 UTC

QE just tested it on ppc platform.For the results of x86 platform will be posted here by QE as soon as QE get result.Thanks a lot.

Comment 3 Min Deng 2017-05-02 10:10:04 UTC

It also can be reproduced on x86
kernel-3.10.0-660.el7.x86_64
qemu-kvm-rhev-2.9.0-2.el7.x86_64
Information,
Program received signal SIGSEGV, Segmentation fault.
0x00005555557c7eb5 in do_flush_queued_data (port=0x555556d72e20, vq=0x5555599ee280, vdev=0x555559950510) at /usr/src/debug/qemu-2.9.0/hw/char/virtio-serial-bus.c:180
180	        for (i = port->iov_idx; i < port->elem->out_num; i++) {
Missing separate debuginfos, use: debuginfo-install alsa-lib-1.1.1-1.el7.x86_64 boost-iostreams-1.53.0-27.el7.x86_64 boost-random-1.53.0-27.el7.x86_64 boost-system-1.53.0-27.el7.x86_64 boost-thread-1.53.0-27.el7.x86_64 bzip2-libs-1.0.6-13.el7.x86_64 celt051-0.5.1.3-8.el7.x86_64 cyrus-sasl-lib-2.1.26-20.el7_2.x86_64 cyrus-sasl-md5-2.1.26-20.el7_2.x86_64 cyrus-sasl-plain-2.1.26-20.el7_2.x86_64 dbus-libs-1.6.12-17.el7.x86_64 elfutils-libelf-0.166-2.el7.x86_64 elfutils-libs-0.166-2.el7.x86_64 flac-libs-1.3.0-5.el7_1.x86_64 glib2-2.46.2-4.el7.x86_64 glibc-2.17-157.el7.x86_64 glusterfs-api-3.8.4-18.el7.x86_64 glusterfs-libs-3.8.4-18.el7.x86_64 gmp-6.0.0-12.el7_1.x86_64 gnutls-3.3.24-1.el7.x86_64 gperftools-libs-2.4-8.el7.x86_64 gsm-1.0.13-11.el7.x86_64 json-c-0.11-4.el7_0.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.14.1-26.el7.x86_64 libICE-1.0.9-2.el7.x86_64 libSM-1.2.2-2.el7.x86_64 libX11-1.6.3-3.el7.x86_64 libXau-1.0.8-2.1.el7.x86_64 libXext-1.3.3-3.el7.x86_64 libXi-1.7.4-2.el7.x86_64 libXtst-1.2.2-2.1.el7.x86_64 libacl-2.2.51-12.el7.x86_64 libaio-0.3.109-13.el7.x86_64 libasyncns-0.8-7.el7.x86_64 libattr-2.4.46-12.el7.x86_64 libblkid-2.23.2-33.el7.x86_64 libcacard-2.5.2-2.el7.x86_64 libcap-2.22-8.el7.x86_64 libcom_err-1.42.9-9.el7.x86_64 libcurl-7.29.0-35.el7.x86_64 libdb-5.3.21-19.el7.x86_64 libffi-3.0.13-18.el7.x86_64 libgcc-4.8.5-11.el7.x86_64 libgcrypt-1.5.3-12.el7_1.1.x86_64 libgpg-error-1.12-3.el7.x86_64 libibverbs-1.2.1-1.el7.x86_64 libidn-1.28-4.el7.x86_64 libiscsi-1.9.0-7.el7.x86_64 libjpeg-turbo-1.2.90-5.el7.x86_64 libnl3-3.2.28-2.el7.x86_64 libogg-1.3.0-7.el7.x86_64 libpng-1.5.13-7.el7_2.x86_64 librados2-10.2.5-2.el7.x86_64 librbd1-10.2.5-2.el7.x86_64 librdmacm-1.1.0-2.el7.x86_64 libseccomp-2.3.1-2.el7.x86_64 libselinux-2.5-6.el7.x86_64 libsndfile-1.0.25-10.el7.x86_64 libssh2-1.4.3-10.el7_2.1.x86_64 libstdc++-4.8.5-11.el7.x86_64 libtasn1-3.8-3.el7.x86_64 libunwind-1.1-5.el7_2.2.x86_64 libusbx-1.0.20-1.el7.x86_64 libuuid-2.23.2-33.el7.x86_64 libvorbis-1.3.3-8.el7.x86_64 libxcb-1.11-4.el7.x86_64 lzo-2.06-8.el7.x86_64 nettle-2.7.1-8.el7.x86_64 nspr-4.11.0-1.el7_2.x86_64 nss-3.21.0-17.el7.x86_64 nss-softokn-freebl-3.16.2.3-14.4.el7.x86_64 nss-util-3.21.0-2.2.el7_2.x86_64 numactl-libs-2.0.9-6.el7_2.x86_64 openldap-2.4.40-13.el7.x86_64 openssl-libs-1.0.1e-60.el7.x86_64 p11-kit-0.20.7-3.el7.x86_64 pcre-8.32-15.el7_2.1.x86_64 pixman-0.34.0-1.el7.x86_64 pulseaudio-libs-6.0-8.el7.x86_64 snappy-1.1.0-3.el7.x86_64 spice-server-0.12.8-2.el7.x86_64 systemd-libs-219-30.el7.x86_64 tcp_wrappers-libs-7.6-77.el7.x86_64 trousers-0.3.13-1.el7.x86_64 usbredir-0.7.1-1.el7.x86_64 xz-libs-5.2.2-1.el7.x86_64 zlib-1.2.7-17.el7.x86_64
(gdb) bt
#0  0x00005555557c7eb5 in do_flush_queued_data (port=0x555556d72e20, vq=0x5555599ee280, vdev=0x555559950510) at /usr/src/debug/qemu-2.9.0/hw/char/virtio-serial-bus.c:180
#1  0x0000555555a69fc1 in aio_bh_poll (bh=0x555559a52d20) at util/async.c:90
#2  0x0000555555a69fc1 in aio_bh_poll (ctx=ctx@entry=0x555556ced700) at util/async.c:118
#3  0x0000555555a6ccd0 in aio_dispatch (ctx=0x555556ced700) at util/aio-posix.c:429
#4  0x0000555555a69e9e in aio_ctx_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at util/async.c:261
#5  0x00007fffe0cb1d7a in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#6  0x0000555555a6bf8c in main_loop_wait () at util/main-loop.c:213
#7  0x0000555555a6bf8c in main_loop_wait (timeout=<optimized out>) at util/main-loop.c:261
#8  0x0000555555a6bf8c in main_loop_wait (nonblocking=nonblocking@entry=0) at util/main-loop.c:517
#9  0x000055555575bfbc in main () at vl.c:1898
#10 0x000055555575bfbc in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4720

Comment 4 Sitong Liu 2017-05-09 06:07:40 UTC

There is a similar coredump, when ctrl+c the data receive during data transfer on virtio-serial. 

FYI.

Version-Release:
kernel 3.10.0-657.el7.x86_64
qemu-img-rhev-2.9.0-3.el7.x86_64

steps:
1. boot up guest with two serial ports.
-device virtio-serial-pci,id=virtio-serial0,max_ports=16 \
-chardev socket,id=channel1,path=/tmp/helloworld1,server,nowait \
-device virtserialport,chardev=channel1,name=com.redhat.rhevm.vdsm,bus=virtio-serial0.0,id=port1 \
-chardev socket,id=channel2,path=/tmp/helloworld2,server,nowait \
-device virtserialport,chardev=channel2,name=com.redhat.rhevm.vdsm2,bus=virtio-serial0.0,id=port2 \

2. Login guest and sending data to /dev/vport0p1 in a loop

3. Receiving data in host using "nc -U /tmp/helloworld1"

4. Ctrl+C to interrupt the host for several times. It will trigger coredump.

gdb -r core.19073 
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-99.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
[New LWP 19073]
[New LWP 19092]
[New LWP 19088]
[New LWP 19090]
[New LWP 19074]
[New LWP 19091]
[New LWP 19160]
Reading symbols from /usr/libexec/qemu-kvm...Reading symbols from /usr/lib/debug/usr/libexec/qemu-kvm.debug...expanding to full symbols...done.
expanding to full symbols...done.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/usr/libexec/qemu-kvm -name seabios-test -enable-kvm -m 4G -cpu SandyBridge -sm'.
Program terminated with signal 11, Segmentation fault.
#0  0x000055614d6e5f45 in do_flush_queued_data (port=0x55614fc0e520, 
    vq=0x556151d7a280, vdev=0x556151cf4510)
    at /usr/src/debug/qemu-2.9.0/hw/char/virtio-serial-bus.c:180
180	        for (i = port->iov_idx; i < port->elem->out_num; i++) {
Missing separate debuginfos, use: debuginfo-install alsa-lib-1.1.3-3.el7.x86_64 boost-iostreams-1.53.0-27.el7.x86_64 boost-random-1.53.0-27.el7.x86_64 boost-system-1.53.0-27.el7.x86_64 boost-thread-1.53.0-27.el7.x86_64 bzip2-libs-1.0.6-13.el7.x86_64 celt051-0.5.1.3-8.el7.x86_64 cyrus-sasl-gssapi-2.1.26-21.el7.x86_64 cyrus-sasl-lib-2.1.26-21.el7.x86_64 cyrus-sasl-md5-2.1.26-21.el7.x86_64 cyrus-sasl-plain-2.1.26-21.el7.x86_64 dbus-libs-1.6.12-17.el7.x86_64 elfutils-libelf-0.168-5.el7.x86_64 elfutils-libs-0.168-5.el7.x86_64 flac-libs-1.3.0-5.el7_1.x86_64 glib2-2.50.3-2.el7.x86_64 glibc-2.17-192.el7.x86_64 glusterfs-api-3.8.4-18.el7.x86_64 glusterfs-libs-3.8.4-18.el7.x86_64 gmp-6.0.0-15.el7.x86_64 gnutls-3.3.26-7.el7.x86_64 gsm-1.0.13-11.el7.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.15.1-7.el7.x86_64 libICE-1.0.9-5.el7.x86_64 libSM-1.2.2-2.el7.x86_64 libX11-1.6.4-4.el7.x86_64 libXau-1.0.8-2.1.el7.x86_64 libXext-1.3.3-3.el7.x86_64 libXi-1.7.9-1.el7.x86_64 libXtst-1.2.3-1.el7.x86_64 libacl-2.2.51-12.el7.x86_64 libaio-0.3.109-13.el7.x86_64 libasyncns-0.8-7.el7.x86_64 libattr-2.4.46-12.el7.x86_64 libblkid-2.23.2-39.el7.x86_64 libcacard-2.5.2-2.el7.x86_64 libcap-2.22-9.el7.x86_64 libcom_err-1.42.9-10.el7.x86_64 libcurl-7.29.0-42.el7.x86_64 libdb-5.3.21-20.el7.x86_64 libffi-3.0.13-18.el7.x86_64 libgcc-4.8.5-14.el7.x86_64 libgcrypt-1.5.3-14.el7.x86_64 libgpg-error-1.12-3.el7.x86_64 libibverbs-13-5.el7.x86_64 libidn-1.28-4.el7.x86_64 libiscsi-1.9.0-7.el7.x86_64 libjpeg-turbo-1.2.90-5.el7.x86_64 libmount-2.23.2-39.el7.x86_64 libnl3-3.2.28-4.el7.x86_64 libogg-1.3.0-7.el7.x86_64 libpng-1.5.13-7.el7_2.x86_64 librados2-10.2.5-2.el7.x86_64 librbd1-10.2.5-2.el7.x86_64 librdmacm-13-5.el7.x86_64 libseccomp-2.3.1-3.el7.x86_64 libselinux-2.5-11.el7.x86_64 libsndfile-1.0.25-10.el7.x86_64 libssh2-1.4.3-10.el7_2.1.x86_64 libstdc++-4.8.5-14.el7.x86_64 libtasn1-4.10-1.el7.x86_64 libunwind-1.2-2.el7.x86_64 libusbx-1.0.20-1.el7.x86_64 libuuid-2.23.2-39.el7.x86_64 libvorbis-1.3.3-8.el7.x86_64 libxcb-1.12-1.el7.x86_64 lzo-2.06-8.el7.x86_64 nettle-2.7.1-8.el7.x86_64 nspr-4.13.1-1.0.el7_3.x86_64 nss-3.28.4-3.el7.x86_64 nss-softokn-freebl-3.28.3-4.el7.x86_64 nss-util-3.28.4-2.el7.x86_64 numactl-libs-2.0.9-6.el7_2.x86_64 openldap-2.4.44-4.el7.x86_64 openssl-libs-1.0.2k-7.el7.x86_64 p11-kit-0.23.5-1.el7.x86_64 pcre-8.32-17.el7.x86_64 pixman-0.34.0-1.el7.x86_64 pulseaudio-libs-10.0-3.el7.x86_64 snappy-1.1.0-3.el7.x86_64 spice-server-0.12.8-2.el7.x86_64 systemd-libs-219-38.el7.x86_64 tcp_wrappers-libs-7.6-77.el7.x86_64 usbredir-0.7.1-2.el7.x86_64 xz-libs-5.2.2-1.el7.x86_64 zlib-1.2.7-17.el7.x86_64

(gdb) bt
#0  0x000055614d6e5f45 in do_flush_queued_data (port=0x55614fc0e520, vq=0x556151d7a280, vdev=0x556151cf4510) at /usr/src/debug/qemu-2.9.0/hw/char/virtio-serial-bus.c:180
#1  0x000055614d986ea1 in aio_bh_poll (bh=0x556151c395f0) at util/async.c:90
#2  0x000055614d986ea1 in aio_bh_poll (ctx=0x55614fb89700) at util/async.c:118
#3  0x000055614d989bb0 in aio_dispatch (ctx=0x55614fb89700) at util/aio-posix.c:429
#4  0x000055614d986d7e in aio_ctx_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at util/async.c:261
#5  0x00007fae5ee864c9 in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#6  0x000055614d988e6c in main_loop_wait () at util/main-loop.c:213
#7  0x000055614d988e6c in main_loop_wait (timeout=<optimized out>)
    at util/main-loop.c:261
#8  0x000055614d988e6c in main_loop_wait (nonblocking=<optimized out>)
    at util/main-loop.c:517
#9  0x000055614d67a01c in main ()

Comment 5 FuXiangChun 2017-05-09 07:24:38 UTC

This test scenario cause qemu-kvm process "core dump" directly. From QE point of view. This is a important bug. Do you have plan to fix this bug in RHEL7.4?

Comment 6 pagupta 2017-05-09 10:02:54 UTC

Hi,

I am looking into this. Did this bug occur in qemu-kvm-rhev 2.8 or before as well?

Can you also please provide Qemu core dump. 

Thanks,
Pankaj

Comment 17 Stefan Hajnoczi 2017-06-02 09:57:16 UTC

Sent "[PATCH] virtio-serial: fix segfault on disconnect" to qemu-devel.

Comment 19 Ademar Reis 2017-06-06 17:08:46 UTC

(In reply to Stefan Hajnoczi from comment #17)
> Sent "[PATCH] virtio-serial: fix segfault on disconnect" to
> qemu-devel.

But this was sent upstream. POST means a backport has been posted to rhvirt-patches (unless we're planning a rebase, in this case we switch the BZ to POST and add the upstream version to "Fixed in version" after it's merged upstream).

Comment 21 Stefan Hajnoczi 2017-06-12 09:18:34 UTC

(In reply to Ademar Reis from comment #19)
> (In reply to Stefan Hajnoczi from comment #17)
> > Sent "[PATCH] virtio-serial: fix segfault on disconnect" to
> > qemu-devel.
> 
> But this was sent upstream. POST means a backport has been posted to
> rhvirt-patches (unless we're planning a rebase, in this case we switch the
> BZ to POST and add the upstream version to "Fixed in version" after it's
> merged upstream).

I wonder if the Bugzilla "Status" field help can be reworded:

"POST 	This bug report has a fix that has been posted for review, either upstream or internally, by the Assigned Engineer. Use of this state is optional. Some teams, such as kernel and virtualization, use it."

Comment 22 Stefan Hajnoczi 2017-06-12 14:39:30 UTC

Backport posted to rhvirt-patches.

Comment 23 Miroslav Rezanina 2017-06-13 16:34:09 UTC

Fix included in qemu-kvm-rhev-2.9.0-10.el7

Comment 24 FuXiangChun 2017-06-14 08:52:29 UTC

Reproduced bug with qemu-kvm-rhev-2.9.0-8.el7.x86_64. 

steps:

1. Boot guest
....-rtc base=localtime,clock=host,driftfix=slew -drive file=/home/rhel74.qcow2,if=none,id=drive-system-disk,format=qcow2,cache=none,aio=native,werror=stop,rerror=stop,serial=QEMU-DISK1 -device virtio-scsi-pci,id=scsi0,bus=pci.0,ioeventfd=off -device scsi-hd,bus=scsi0.0,drive=drive-system-disk,id=system-disk,channel=0,scsi-id=0,lun=0,ver=mike,serial=ababab,bootindex=1 -device virtio-serial-pci,id=virtio-serial0,max_ports=16 -chardev socket,id=channel1,path=/tmp/helloworld1,server,nowait -device virtserialport,chardev=channel1,name=com.redhat.rhevm.vdsm,bus=virtio-serial0.0,id=port1 -chardev socket,id=channel2,path=/tmp/helloworld2,server,nowait -device virtserialport,chardev=channel2,name=com.redhat.rhevm.vdsm2,bus=virtio-serial0.0,id=port2

2. inside guest
#hexdump -C /dev/sda > /dev/vport2P1

3. on host
#nc -U /tmp/helloworld1

4.ctrl+c inside guest

5.ctrl+c on host

result:
qemu-kvm process Segmentfault

Verified bug with qemu-kvm-rhev-2.9.0-8.el7.x86_64.

Repeat 10 times as above(step2~5). Guest works well. 


QE will run a regression testing via automated test case later.

Comment 27 FuXiangChun 2017-06-16 01:41:18 UTC

Base on test result in comment24 & 25. set this bug as verified.

Comment 29 errata-xmlrpc 2017-08-02 04:38:29 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392