Bug 1534649

Summary: Qemu crashes when all fw_cfg slots are used [rhel-7.4.z]
Product: Red Hat Enterprise Linux 7 Reporter: Oneata Mircea Teodor <toneata>
Component: qemu-kvm-rhevAssignee: Marcel Apfelbaum <marcel>
Status: CLOSED ERRATA QA Contact: huiqingding <huding>
Severity: high Docs Contact:
Priority: high    
Version: 7.4CC: ailan, chayang, fjin, juzhang, knoel, marcel, michen, mtessun, virt-maint, xfu
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: qemu-kvm-rhev-2.9.0-16.el7_4.14 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1462145 Environment:
Last Closed: 2018-03-08 10:04:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1462145    
Bug Blocks:    

Description Oneata Mircea Teodor 2018-01-15 16:41:27 UTC 
This bug has been copied from bug #1462145 and has been proposed to be backported to 7.4 z-stream (EUS).
Comment 3 Miroslav Rezanina 2018-01-18 06:35:44 UTC 
Fix included in qemu-kvm-rhev-2.9.0-16.el7_4.14
Comment 5 Chao Yang 2018-01-22 10:11:13 UTC 
Reproduced the original issue by:

# gdb --args /usr/libexec/qemu-kvm -machine pc-i440fx-rhel7.3.0,accel=kvm,usb=off,dump-guest-core=off -cpu Penryn -m size=1024000k,slots=16,maxmem=2124800k -realtime mlock=off -smp 2,sockets=2,cores=1,threads=1 -display none -no-user-config -nodefaults -device sga -boot menu=on,reboot-timeout=0,splash-time=3000,strict=on -device pxb,bus_nr=254,id=pci.1,bus=pci.0,addr=0xe -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device virtio-serial-pci,id=virtio-serial0,bus=pci.1,addr=0x5 -drive file=/dev/zero,format=raw,if=none,id=drive-virtio-disk0 -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x2 -device pvpanic,ioport=1285 -msg timestamp=on -monitor stdio

(gdb) r

(qemu) system_reset 
(qemu) qemu-kvm: hw/nvram/fw_cfg.c:879: fw_cfg_modify_file: Assertion `index < fw_cfg_file_slots(s)' failed.

(gdb) bt
#0  0x00007fffeda1c1f7 in raise () from /lib64/libc.so.6
#1  0x00007fffeda1d8e8 in abort () from /lib64/libc.so.6
#2  0x00007fffeda15266 in __assert_fail_base () from /lib64/libc.so.6
#3  0x00007fffeda15312 in __assert_fail () from /lib64/libc.so.6
#4  0x00005555559c5cb6 in fw_cfg_modify_file (s=s@entry=0x555556e80000, filename=filename@entry=0x555555bb8a7e "bootorder", 
    data=0x555558339000, len=<optimized out>) at hw/nvram/fw_cfg.c:879
#5  0x00005555559c5d18 in fw_cfg_machine_reset (opaque=0x555556e80000) at hw/nvram/fw_cfg.c:901
#6  0x000055555597566d in qemu_devices_reset () at hw/core/reset.c:69
#7  0x00005555558a5466 in pc_machine_reset () at /usr/src/debug/qemu-2.9.0/hw/i386/pc.c:2236
#8  0x0000555555926866 in qemu_system_reset (reason=reason@entry=SHUTDOWN_CAUSE_HOST_QMP) at vl.c:1702
#9  0x0000555555808026 in main_loop_should_exit () at vl.c:1876
#10 main_loop () at vl.c:1913
#11 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4733


Verified pass with qemu-kvm-rhev-2.9.0-16.el7_4.14.x86_64, no longer aborts.
Comment 8 errata-xmlrpc 2018-03-08 10:04:50 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0468