Bug 839947

Summary: Guest aborted on src host immediately when start migration with virtio nic + vhost=on
Product: Red Hat Enterprise Linux 7 Reporter: Qunfang Zhang <qzhang>
Component: qemu-kvmAssignee: Virtualization Maintenance <virt-maint>
Status: CLOSED UPSTREAM QA Contact: Virtualization Bugs <virt-bugs>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 7.0CC: akong, jasowang, juzhang, michen, mst, owasserm, quintela, xwei
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-07-13 14:23:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Qunfang Zhang 2012-07-13 09:29:10 UTC 
Description of problem:
Migrate a rhel7.0 guest with virtio nic with *vhost=on*, guest aborted immediately on the src host. Re-test and remove "vhost=on" option, migration succeed. 

Version-Release number of selected component (if applicable):
host&guest install tree: RHEL-7.0-20120709.0
kernel-3.3.0-0.19.el7.x86_64
qemu-kvm-1.0-17.1.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Boot a guest with virtio_nic+vhost
/usr/bin/qemu-kvm -m 2048 -smp 2,sockets=2,cores=1,threads=1 -enable-kvm -name rhel7 -uuid f4d94cab-602f-476b-ae1d-6d3d96418543 -k en-us -rtc base=localtime,driftfix=slew -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device usb-tablet,id=input0 -drive file=/opt/rhel7-64-0709.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,serial=koTUXQrb,cache=none,werror=stop,rerror=stop,aio=native -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,id=virtio-disk0 -drive file=/opt/boot.iso,if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw -device ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -netdev tap,id=hostnet0,vhost=on -device virtio-net-pci,netdev=hostnet0,id=net0,mac=00:1a:4a:7a:12:1a,bus=pci.0,addr=0x5 -monitor stdio -qmp tcp:0:6666,server,nowait -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6 -vnc :10 -boot c

2. Boot on dst host with "-incoming tcp:0:5800"

3. Migrate guest
(qemu)migrate -d tcp:$dst_host_ip:5800
  
Actual results:
(qemu) qemu-kvm: /builddir/build/BUILD/qemu-kvm-1.0/hw/vhost.c:30: vhost_dev_sync_region: Assertion `start / (0x1000 * (8 * sizeof(vhost_log_chunk_t))) < dev->log_size' failed.

Expected results:
Migration succeed.

Additional info:

(qemu) migrate -d tcp:10.66.6.233:5800[Thread 0x7fffece45700 (LWP 28506) exited]
[New Thread 0x7fffece45700 (LWP 28507)]
(qemu) qemu-kvm: /builddir/build/BUILD/qemu-kvm-1.0/hw/vhost.c:30: vhost_dev_sync_region: Assertion `start / (0x1000 * (8 * sizeof(vhost_log_chunk_t))) < dev->log_size' failed.

Program received signal SIGABRT, Aborted.
0x00007ffff2fcf965 in raise () from /lib64/libc.so.6
(gdb) 
(gdb) bt
#0  0x00007ffff2fcf965 in raise () from /lib64/libc.so.6
#1  0x00007ffff2fd1118 in abort () from /lib64/libc.so.6
#2  0x00007ffff2fc86e2 in __assert_fail_base () from /lib64/libc.so.6
#3  0x00007ffff2fc8792 in __assert_fail () from /lib64/libc.so.6
#4  0x00005555557e81b2 in vhost_dev_sync_region (mfirst=mfirst@entry=4227858432, mlast=mlast@entry=4244635648, rfirst=<optimized out>, 
    rlast=<optimized out>, dev=<error reading variable: Unhandled dwarf expression opcode 0xfa>, 
    dev=<error reading variable: Unhandled dwarf expression opcode 0xfa>) at /usr/src/debug/qemu-kvm-1.0/hw/vhost.c:30
#5  0x00005555557e8237 in vhost_client_sync_dirty_bitmap (end_addr=<optimized out>, start_addr=<optimized out>, client=<optimized out>)
    at /usr/src/debug/qemu-kvm-1.0/hw/vhost.c:71
#6  vhost_client_sync_dirty_bitmap (client=0x5555563c7ba0, start_addr=4227858432, end_addr=4244635648)
    at /usr/src/debug/qemu-kvm-1.0/hw/vhost.c:60
#7  0x0000555555721cd5 in cpu_notify_sync_dirty_bitmap (end=4244635648, start=4227858432) at /usr/src/debug/qemu-kvm-1.0/exec.c:1753
#8  cpu_physical_sync_dirty_bitmap (start_addr=4227858432, end_addr=4244635648) at /usr/src/debug/qemu-kvm-1.0/exec.c:2141
#9  0x0000555555750955 in memory_region_sync_dirty_bitmap (mr=mr@entry=0x555556d6e320) at /usr/src/debug/qemu-kvm-1.0/memory.c:1077
#10 0x00005555557e5cc0 in vga_sync_dirty_bitmap (s=0x555556d6e310) at /usr/src/debug/qemu-kvm-1.0/hw/vga.c:1570
#11 vga_draw_graphic (full_update=0, s=0x555556d6e310) at /usr/src/debug/qemu-kvm-1.0/hw/vga.c:1599
#12 vga_update_display (opaque=0x555556d6e310) at /usr/src/debug/qemu-kvm-1.0/hw/vga.c:1861
#13 vga_update_display (opaque=0x555556d6e310) at /usr/src/debug/qemu-kvm-1.0/hw/vga.c:1836
#14 0x00005555556e4d84 in vnc_refresh (opaque=0x7fffec1eb010) at ui/vnc.c:2475
#15 0x00005555556acca5 in qemu_run_timers (clock=0x5555563afad0) at qemu-timer.c:420
#16 qemu_run_timers (clock=0x5555563afad0) at qemu-timer.c:400
#17 0x00005555556acf1c in qemu_run_all_timers () at qemu-timer.c:483
#18 0x000055555568697a in main_loop_wait (nonblocking=<optimized out>) at main-loop.c:468
#19 0x00005555555c8e49 in main_loop () at /usr/src/debug/qemu-kvm-1.0/vl.c:1482
#20 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /usr/src/debug/qemu-kvm-1.0/vl.c:3528
(gdb)
Comment 1 Michael S. Tsirkin 2012-07-13 14:23:42 UTC 
Fixed in upstream v1.1.0 commit e314672a8a95f5dc98534f0682fce50fb83dbc5c
Also same bug as 622356