1003232 – qemu-kvm core dumped when hot plug virtio-serial and transfer character [TestOnly]

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1003232 - qemu-kvm core dumped when hot plug virtio-serial and transfer character [TestOnly]

Summary: qemu-kvm core dumped when hot plug virtio-serial and transfer character [Test...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	6.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Amit Shah
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:	985205
Blocks:
TreeView+	depends on / blocked

Reported:	2013-09-01 06:22 UTC by mazhang
Modified:	2016-09-20 04:39 UTC (History)
CC List:	13 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-11-21 07:12:45 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2013:1553	0	normal	SHIPPED_LIVE	Important: qemu-kvm security, bug fix, and enhancement update	2013-11-20 21:40:29 UTC

Description mazhang 2013-09-01 06:22:43 UTC

Description of problem:
hot plug virtio-serial port and pci device, transfer some characters, and reconnect, transfer data again, qemu-kvm will core dumped.

Version-Release number of selected component (if applicable):

host:RHEL6.5-20130820.2
qemu-kvm-0.12.1.2-2.398.el6.x86_64
kernel-2.6.32-414.el6.x86_64

guest:
win7-64
virtio-win-prewhql-0.1-68


How reproducible:
5/5

Steps to Reproduce:
1.CLI:
#gdb --args /usr/libexec/qemu-kvm \
-M pc \
-cpu Opteron_G4 \
-m 2G \
-smp 4,sockets=2,cores=2,threads=1,maxcpus=16 \
-enable-kvm \
-name win7 \
-uuid 990ea161-6b67-47b2-b803-19fb01d30d12 \
-smbios type=1,manufacturer='Red Hat',product='RHEV Hypervisor',version=el6,serial=koTUXQrb,uuid=feebc8fd-f8b0-4e75-abc3-e63fcdb67170 \
-k en-us \
-rtc base=localtime,clock=host,driftfix=slew \
-no-kvm-pit-reinjection \
-monitor stdio \
-boot menu=on \
-bios /usr/share/seabios/bios.bin \
-qmp tcp:0:6666,server,nowait \
-serial unix:/tmp/monitor-unix,server,nowait \
-nodefconfig \
-nodefaults \
-drive file=/home/win7-64-new.raw,if=none,id=drive-scsi-disk,format=raw,cache=none,werror=stop,rerror=stop \
-device virtio-scsi-pci,id=scsi0 \
-device scsi-disk,drive=drive-scsi-disk,bus=scsi0.0,scsi-id=0,lun=0,id=scsi-disk,bootindex=1 \
-global PIIX4_PM.disable_s3=0 \
-global PIIX4_PM.disable_s4=0 \
-vga cirrus \
-vnc :0 \
-netdev tap,id=hostnet0,vhost=on \
-device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:39:13:2c \
-device virtio-serial-pci,id=virtio-serial0,max_ports=16 \
-chardev socket,id=channel0,path=/tmp/channel0,server,nowait \

2.Hot plug virtio-serial pci and port.
#telnet localhost 6666
[root@amd-2427-32-1 ~]# telnet localhost 6666
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
{"QMP": {"version": {"qemu": {"micro": 1, "minor": 12, "major": 0}, "package": "(qemu-kvm-0.12.1.2)"}, "capabilities": []}}
{"execute": "qmp_capabilities"}
{"return": {}}
{"execute":"device_add","arguments":{"driver":"virtio-serial-pci","id":"virtio-serial0"}}
{"return": {}}
{"execute":"device_add","arguments":{"driver":"virtserialport","bus":"virtio-serial0.0","chardev":"channel0","name":"org.linux-kvm.port.0","id":"port0"}}
{"return": {}}

3.Transfer some characters from guest to host.
(host)# nc -U /tmp/channel0
(guest)# echo abcd >> \\.\Global\.\org.linux-kvm.port.0
/*this time virtio serial works well.

4. Ctrl+c stop connect and reconnect, then transfer character again.
(host)# nc -U /tmp/channel0
(guest)# echo abcd >> \\.\Global\.\org.linux-kvm.port.0
/*qemu-kvm will core dumped

Actual results:
qemu-kvm will core dumped.

(gdb) bt full
#0  0x00007ffff77096fd in write () from /lib64/libpthread.so.0
No symbol table info available.
#1  0x00007ffff7277651 in ?? () from /lib64/libglib-2.0.so.0
No symbol table info available.
#2  0x00007ffff7228387 in g_io_channel_write_chars () from /lib64/libglib-2.0.so.0
No symbol table info available.
#3  0x00007ffff7e53e6e in io_channel_send (fd=0x7ffff8844ba0, buf=0x7fffd224cd60, len=9) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-char.c:721
        bytes_written = 0
        offset = <value optimized out>
        status = <value optimized out>
        __PRETTY_FUNCTION__ = "io_channel_send"
#4  0x00007ffff7f24464 in flush_buf (port=0x7ffff91be820, buf=0x7fffd224cd60 "asdsdf \r\n", len=9) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-console.c:58
        vcon = 0x7ffff91be820
        ret = <value optimized out>
#5  0x00007ffff7de3cec in do_flush_queued_data (port=0x7ffff91be820, vq=0x7ffff91b0410, vdev=0x7ffff8844190) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-serial-bus.c:193
        buf_size = <value optimized out>
        ret = <value optimized out>
        i = 0
        info = 0x7ffff82dc460
        __PRETTY_FUNCTION__ = "do_flush_queued_data"
#6  0x00007ffff7e018f1 in qemu_bh_poll () at /usr/src/debug/qemu-kvm-0.12.1.2/async.c:70
        bh = <value optimized out>
        bhp = <value optimized out>
        next = 0x7fffe8000da0
        ret = 1
        nesting = 1
#7  0x00007ffff7dca079 in main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4096
        ioh = <value optimized out>
        rfds = {fds_bits = {8589934592, 0 <repeats 15 times>}}
        wfds = {fds_bits = {8589934592, 0 <repeats 15 times>}}
        xfds = {fds_bits = {0 <repeats 16 times>}}
        ret = <value optimized out>
        nfds = 33
        tv = {tv_sec = 0, tv_usec = 999991}
#8  0x00007ffff7decd3a in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2245
        fds = {23, 24}
        mask = {__val = {268443712, 0 <repeats 15 times>}}
        sigfd = 25
#9  0x00007ffff7dcccf9 in main_loop (argc=55, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4266
        r = <value optimized out>
#10 main (argc=55, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6644
        gdbstub_dev = 0x0
        i = <value optimized out>
        snapshot = 0
        linux_boot = 0
        initrd_filename = 0x0
        kernel_filename = 0x0
        kernel_cmdline = 0x7ffff7f9092f ""
---Type <return> to continue, or q <return> to quit---
        boot_devices = "cad", '\000' <repeats 29 times>
        ds = <value optimized out>
        dcl = <value optimized out>
        cyls = 0
        heads = 0
        secs = 0
        translation = 0
        hda_opts = 0x7ffff82f0170
        opts = <value optimized out>
        olist = <value optimized out>
        optind = 55
        optarg = 0x7fffffffe755 "socket,id=channel0,path=/tmp/channel0,server,nowait"
        loadvm = 0x0
        machine = 0x7ffff82e9680
        cpu_model = 0x7fffffffe380 "Opteron_G4"
        fds = {-137187184, 32767}
        tb_size = 0
        pid_file = 0x0
        incoming = 0x0
        fd = 0
        pwd = 0x0
        chroot_dir = 0x0
        run_as = 0x0
        env = <value optimized out>
        show_vnc_port = 0
        defconfig = <value optimized out>
        defconfig_verbose = <value optimized out>

Expected results:
no core dumped.

Additional info:

Comment 3 mazhang 2013-09-02 05:20:24 UTC

qemu-kvm-389 also hit this problem.

(gdb) bt
#0  0x00007ffff772d6fd in write () from /lib64/libpthread.so.0
#1  0x00007ffff749e651 in ?? () from /lib64/libglib-2.0.so.0
#2  0x00007ffff744f387 in g_io_channel_write_chars () from /lib64/libglib-2.0.so.0
#3  0x00007ffff7e5481e in io_channel_send (fd=0x7ffff86e4b10, buf=0x7fffd27cfce0, len=7)
    at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-char.c:726
#4  0x00007ffff7f24df4 in flush_buf (port=0x7ffff9bc1440, buf=0x7fffd27cfce0 "abc  \r\n", len=7)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-console.c:58
#5  0x00007ffff7de835c in do_flush_queued_data (port=0x7ffff9bc1440, vq=0x7ffff9b921a0, vdev=0x7ffff87811c0)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-serial-bus.c:193
#6  0x00007ffff7e05d21 in qemu_bh_poll () at /usr/src/debug/qemu-kvm-0.12.1.2/async.c:70
#7  0x00007ffff7dce989 in main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4090
#8  0x00007ffff7df13aa in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2244
#9  0x00007ffff7dd2248 in main_loop (argc=55, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4260
#10 main (argc=55, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6631

Comment 4 mazhang 2013-09-02 05:34:15 UTC

qemu-kvm-387 also hit this problem.

Comment 8 Amit Shah 2013-10-09 16:45:22 UTC

bug 985205 moved to ON_QA status.

Comment 9 mazhang 2013-10-17 11:38:40 UTC

qemu-kvm-0.12.1.2-2.412.el6.x86_64 can not hit this problem.

host:
qemu-kvm-0.12.1.2-2.412.el6.x86_64
kernel-2.6.32-423.el6.x86_64

guest:
win7-64
virtio-win-prewhql-72

Steps is the same as comment#0 .

Result:
Guest works well, can able transfer data by virtio serial.

Comment 11 errata-xmlrpc 2013-11-21 07:12:45 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-1553.html

Note You need to log in before you can comment on or make changes to this bug.