Bug 978203

Summary: Segmentation fault (core dumped) when boot guest w/ vhostfds
Product: Red Hat Enterprise Linux 7 Reporter: Qian Guo <qiguo>
Component: qemu-kvmAssignee: jason wang <jasowang>
Status: CLOSED CURRENTRELEASE QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: medium    
Version: 7.0CC: acathrow, chayang, jasowang, juzhang, michen, qiguo, rhod, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qemu-kvm-1.5.3-2.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 09:30:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Qian Guo 2013-06-26 06:13:43 UTC 
Description of problem:
Boot guest w/ multi-queues nic, if assign option vhostfds, qemu-kvm will quit w/ Segmentation fault (core dumped)  

Version-Release number of selected component (if applicable):
# uname -r
3.10.0-0.rc6.62.el7.x86_64

qemu-kvm version:
# rpm -q qemu-kvm
qemu-kvm-1.5.0-2.el7.x86_64

How reproducible:
100%

Steps to Reproduce
1.Boot guest w/ multi-queues nic, and assign option vhostfds:
# /usr/libexec/qemu-kvm -cpu Penryn -enable-kvm -m 2048 -smp 4.sockets=1,cores=4,threads=1 -name rhel6u3c2 -drive file=/home/rhel7/rhel7.qcow2,if=none,id=drive-scsi0-disk0,format=qcow2,werror=stop,rerror=stop -device virtio-scsi-pci,id=scsi0,addr=0x4 -device scsi-hd,scsi-id=0,lun=0,bus=scsi0.0,drive=drive-scsi0-disk0,id=virtio-disk0 -netdev tap,id=hostnet0,vhost=on,script=/etc/qemu-ifup,queues=4,vhostfds=21:22:23:34 -device virtio-net-pci,mq=on,vectors=9,netdev=hostnet0,mac=54:52:1b:35:3c:18,id=test -device virtio-balloon-pci,id=balloon0 -vnc :10 -vga std -boot menu=on -monitor stdio -serial unix:/tmp/qiguo1,server,nowait

2.
3.

Actual results:
Segmentation fault (core dumped) 


Expected results:
qemu-kvm should not launch, but print a warning error, not a segmentation fault

Additional info:
(gdb) bt full
#0  0x000055555579b11a in monitor_handle_fd_param ()
No symbol table info available.
#1  0x00005555556d423f in net_init_tap_one ()
No symbol table info available.
#2  0x00005555556d5024 in net_init_tap ()
No symbol table info available.
#3  0x00005555556cef50 in net_client_init ()
No symbol table info available.
#4  0x00005555556cf16b in net_init_netdev ()
No symbol table info available.
#5  0x000055555585f2bb in qemu_opts_foreach ()
No symbol table info available.
#6  0x00005555556cf9a9 in net_init_clients ()
No symbol table info available.
#7  0x00005555555c858f in main ()
No symbol table info available.
Comment 2 jason wang 2013-06-26 06:32:29 UTC 
This has been fixed upstream:
c87826a878be05208c3906eb9d5e1f37cff5e98e
Comment 6 Qian Guo 2013-12-31 01:51:56 UTC 
Reproduced this bug with qemu-kvm-1.5.0-2.el7.x86_64
Steps:
1.Launch qemu with w/ multi-queues nic, and assign option vhostfds:
/usr/libexec/qemu-kvm -cpu Penryn -enable-kvm -netdev tap,id=hostnet0,vhost=on,script=/etc/qemu-ifup,queues=4,vhostfds=21:22:23:34 -device virtio-net-pci,mq=on,vectors=9,netdev=hostnet0,mac=54:52:1b:35:3c:18,id=test

Result: qemu coredumpd:

(gdb) bt
#0  0x000055555579b11a in monitor_handle_fd_param (mon=0x0, 
    fdname=fdname@entry=0x0) at /usr/src/debug/qemu-1.5.0/monitor.c:2436
#1  0x00005555556d423f in net_init_tap_one (tap=tap@entry=0x5555564d3590, 
    peer=peer@entry=0x0, model=model@entry=0x55555588de01 "tap", 
    name=name@entry=0x5555564d3530 "hostnet0", 
    ifname=ifname@entry=0x7fffffffdf00 "tap0", 
    script=0x5555564d3570 "/etc/ovs-ifup", 
    downscript=0x5555564d3630 "/etc/ovs-ifdown", 
    vhostfdname=vhostfdname@entry=0x0, vnet_hdr=1, fd=12) at net/tap.c:627
#2  0x00005555556d5024 in net_init_tap (opts=<optimized out>, 
    name=0x5555564d3530 "hostnet0", peer=0x0) at net/tap.c:812
#3  0x00005555556cef50 in net_client_init1 (errp=0x7fffffffdfe0, is_netdev=1, 
    object=<optimized out>) at net/net.c:783
#4  net_client_init (opts=<optimized out>, is_netdev=is_netdev@entry=1, 
    errp=errp@entry=0x7fffffffe030) at net/net.c:818
#5  0x00005555556cf16b in net_init_netdev (opts=<optimized out>, 
    dummy=<optimized out>) at net/net.c:1104
#6  0x000055555585f2bb in qemu_opts_foreach (list=<optimized out>, 
---Type <return> to continue, or q <return> to quit---
    func=func@entry=0x5555556cf140 <net_init_netdev>, opaque=opaque@entry=0x0, 
    abort_on_failure=abort_on_failure@entry=1) at util/qemu-option.c:1162
#7  0x00005555556cf9a9 in net_init_clients () at net/net.c:1128
#8  0x00005555555c858f in main (argc=<optimized out>, argv=<optimized out>, 
    envp=<optimized out>) at vl.c:4173


So according to above, this bug is reproduced

Verify this bug with qemu-kvm-1.5.3-30.el7.x86_64

Steps as reproducer

Result: can not launch qemu successfully, qemu quit with prompt:
vhostfds= is invalid if fds= wasn't specified
qemu-kvm: -netdev tap,id=hostnet0,vhost=on,script=/etc/qemu-ifup,queues=4,vhostfds=21:22:23:34: Device 'tap' could not be initialized


So according to above, this bug is fixed by qemu-kvm-1.5.3-30.el7.x86_64
Comment 9 Ludek Smid 2014-06-13 09:30:25 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.