Bug 656779

Summary: Core dumped when hot plug/un-plug virtio serial port to the same chardev
Product: Red Hat Enterprise Linux 6 Reporter: Mike Cao <bcao>
Component: qemu-kvmAssignee: Amit Shah <amit.shah>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: high    
Version: 6.0CC: amit.shah, ehabkost, juzhang, michen, mkenneth, shu, tburke, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: qemu-kvm-0.12.1.2-2.162.el6 Doc Type: Bug Fix
Doc Text:
[bug triggered using invalid qemu-kvm configuration, no Errata description required]
 Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-06 15:43:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 580953    

Description Mike Cao 2010-11-24 05:03:17 UTC 
Description of problem:


Version-Release number of selected component (if applicable):
# uname -r 
2.6.32-71.9.1.el6.x86_64
# rpm -q qemu-kvm
qemu-kvm-0.12.1.2-2.113.el6_0.4.x86_64

How reproducible:
100%

Steps to Reproduce:
1.Start VM with
-device virtio-serial-pci,id=virtio-serial0,max_ports=16,vectors=4,bus=pci.0 
-chardev socket,path=/tmp/tt,server,nowait,id=channel0 
-device virtserialport,chardev=channel0,name=org.linux-kvm.port.0,bus=virtio-serial0.0,id=port0

2.hot add another virtioserialport with chardev=channel0
(qemu)device_add virtserialport,chardev=channel0,name=org.linux-kvm.port.0,bus=virtio-serial0.0,id=port1

3.remove 2 virtio serial port 
(qemu)device_del port0
(qemu)device_del port1
  
Actual results:
Core dumped

Expected results:
step 2 should not be allowed or steps 3 should not core dump

Additional info:
#0  0x0000003263e329a5 in raise () from /lib64/libc.so.6
#1  0x0000003263e34185 in abort () from /lib64/libc.so.6
#2  0x0000003263e6fd5b in __libc_message () from /lib64/libc.so.6
#3  0x0000003263e75676 in malloc_printerr () from /lib64/libc.so.6
#4  0x00000000004b5e46 in qemu_chr_close (chr=0x166ef30) at qemu-char.c:2491
#5  0x0000000000575bc9 in virtconsole_exitfn (dev=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-console.c:86
#6  0x0000000000422576 in virtser_port_qdev_exit (qdev=0x1744260)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-serial-bus.c:722
#7  0x00000000004bd83c in qdev_free (dev=0x1744260)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev.c:337
#8  0x00000000004bd8c9 in qdev_simple_unplug_cb (dev=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev.c:305
#9  0x00000000004129c0 in monitor_call_handler (mon=<value optimized out>, 
    cmd=0x5810d8, params=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:3921
#10 0x0000000000417750 in handle_user_command (mon=0x1712870, 
    cmdline=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:3958
#11 0x000000000041787a in monitor_command_cb (mon=0x1712870, 
    cmdline=<value optimized out>, opaque=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:4506
#12 0x000000000049e5bb in readline_handle_byte (rs=0x2b3ab50, 
---Type <return> to continue, or q <return> to quit---
    ch=<value optimized out>) at readline.c:369
#13 0x00000000004178ec in monitor_read (opaque=<value optimized out>, 
    buf=0x7fffe962c030 "\r", size=1)
    at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:4492
#14 0x00000000004b66ab in qemu_chr_read (opaque=0x166edb0) at qemu-char.c:154
#15 fd_chr_read (opaque=0x166edb0) at qemu-char.c:568
#16 0x000000000040b4af in main_loop_wait (timeout=1000)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4234
#17 0x0000000000428c2a in kvm_main_loop ()
    at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2133
#18 0x000000000040e5cb in main_loop (argc=<value optimized out>, 
    argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4444
#19 main (argc=<value optimized out>, argv=<value optimized out>, 
    envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:660
Comment 1 Mike Cao 2010-11-24 05:04:08 UTC 
Tried with 
# rpm -q qemu-kvm
qemu-kvm-0.12.1.2-2.120.el6.x86_64

still hit this issue.
Comment 4 Amit Shah 2011-02-10 07:34:35 UTC 
Patch sent upstream:

http://thread.gmane.org/gmane.comp.emulators.qemu/93315
Comment 11 Shaolong Hu 2011-08-12 03:30:29 UTC 
Reproduced on qemu-kvm-0.12.1.2-2.160.el6.x86_64 as following steps.

Reproduce Procedure:
---------------------
1. boot a guest.
# /usr/libexec/qemu-kvm -enable-kvm -M rhel6.1.0 -smp 4 -m 4G -name rhel6.1-64 -uuid 3f2ea5cd-3d29-48ff-aab2-23df1b6ae213 -drive file=RHEL-Server-6.1-64-virtio.qcow2,cache=none,if=none,rerror=stop,werror=stop,id=drive-virtio-disk0,format=qcow2 -device virtio-blk-pci,drive=drive-virtio-disk0,id=device-virtio-disk0 -netdev tap,script=/etc/qemu-ifup,id=netdev0 -device virtio-net-pci,netdev=netdev0,id=device-net0 -boot order=cd,menu=on -usb -device usb-tablet,id=input0 -monitor stdio -device virtio-serial-pci,id=virtio-serial0,max_ports=16,bus=pci.0,addr=0x5 -chardev socket,id=channel1,path=/tmp/tt,server,nowait -device virtserialport,chardev=channel1,name=port1,bus=virtio-serial0.0,id=port1 -spice disable-ticketing,port=5910

2. in qemu monitor:
   (qemu)  device_add virtserialport,chardev=channel1,name=port1,bus=virtio-serial0.0,id=port2

3.remove 2 virtio serial port 
(qemu)device_del port1
(qemu)device_del port2


Actual results:
----------------
After step 3, qemu-kvm: Aborted (core dumped)


Verify this bug on qemu-kvm-0.12.1.2-2.180.el6.x86_64 as same steps above.

Actual results:
----------------
After step 2:
(qemu) device_add virtserialport,chardev=channel1,name=port1,bus=virtio-serial0.0,id=port2
Property 'virtserialport.chardev' can't take value 'channel1', it's in use


Conclusion:
-------------
According to result above, this bug has been fixed.
Comment 14 Eduardo Habkost 2011-11-22 13:22:11 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
[bug triggered using invalid qemu-kvm configuration, no Errata description required]
Comment 15 errata-xmlrpc 2011-12-06 15:43:53 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1531.html