Bug 1119575 - [rng] Core dump occurs after busy virtio-rng-pci is deleted from windows guest
Summary: [rng] Core dump occurs after busy virtio-rng-pci is deleted from windows guest
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: qemu-kvm
Version: 6.6
Hardware: Unspecified
OS: Unspecified
urgent
high
Target Milestone: rc
: ---
Assignee: Amnon Ilan
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-07-15 05:57 UTC by Mike Cao
Modified: 2015-07-22 06:05 UTC (History)
15 users (show)

Fixed In Version: qemu-kvm-0.12.1.2-2.462.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-07-22 06:05:59 UTC


Attachments (Terms of Use)
After step 3) we can see random data was read out (223.44 KB, image/png)
2014-07-28 11:56 UTC, Amos Kong
no flags Details
After step 4) random_bit.exe always returns error (expected :-) (223.44 KB, image/png)
2014-07-28 11:59 UTC, Amos Kong
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:1275 normal SHIPPED_LIVE qemu-kvm bug fix and enhancement update 2015-07-20 17:49:16 UTC

Description Mike Cao 2014-07-15 05:57:19 UTC
Description of problem:


Version-Release number of selected component (if applicable):
2.6.32-478.el6.x86_64
qemu-kvm-0.12.1.2-2.430.el6.x86_64
seabios-0.6.1.2-28.el6.x86_64

How reproducible:
1/1

Steps to Reproduce:
1.Start 2 virtio-rng-pci in the commandline 
CLI:/usr/libexec/qemu-kvm -name 086RNGBLUE64NQB -enable-kvm -m 6G -smp 4 -uuid d58093ff-d9da-4f75-a648-922e78eac32f -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/tmp/086RNGBLUE64NQB,server,nowait -mon chardev=charmonitor,id=monitor1,mode=control -rtc base=localtime,driftfix=slew -boot order=cd,menu=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive file=086RNGBLUE64NQB,if=none,id=drive-ide0-0-0,format=raw,serial=mike_cao,cache=none -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -drive file=en_windows_8_1_enterprise_x64_dvd_2971902.iso,if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw -device ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -drive file=086RNGBLUE64NQB.vfd,if=none,id=drive-fdc0-0-0,format=raw,cache=none -global isa-fdc.driveA=drive-fdc0-0-0 -netdev tap,script=/etc/qemu-ifup,downscript=no,id=hostnet0 -device rtl8139,netdev=hostnet0,id=net0,mac=00:52:42:0f:05:69,bus=pci.0,addr=0x3 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=isa_serial0 -device usb-tablet,id=input0 -vnc 0.0.0.0:0 -vga cirrus -object rng-random,filename=/dev/urandom,id=rng0 -monitor stdio -object rng-random,filename=/dev/random,id=rng1 -device virtio-rng-pci,id=device-rng0,rng=rng0 -device virtio-rng-pci,id=device-rng1,rng=rng1
2.Running Random.exe (provided by Gal) in a loop in the guest.
3.hotunplug the virtio-rng-pci
{"execute":"device_del","arguments":{"id":"device-rng0"}}
{"return": {}}
 {"timestamp": {"seconds": 1405402564, "microseconds": 863022}, "event": "DEVICE_DELETED", "data": {"device": "device-rng0"}}
{"execute":"device_del","arguments":{"id":"device-rng1"}}
{"return": {}}
4.After find there is no event for delete device-rng1 , stop random.exe scripts in the guest ,delete again
{"execute":"device_del","arguments":{"id":"device-rng1"}}
{"return": {}}
 {"timestamp": {"seconds": 1405402564, "microseconds": 863022}, "event": "DEVICE_DELETED", "data": {"device": "device-rng1"}}
5.wait for 10 mins 


Actual results:
Segmentation fault (core dumped) in the qemu-kvm process
(gdb) bt
#0  0x00007fa4900f06f2 in virtio_queue_ready (vq=0x0) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio.c:228
#1  0x00007fa4900f23a6 in is_guest_ready (opaque=<value optimized out>, buf=0x7fffbcab9c50, size=8)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-rng.c:40
#2  chr_read (opaque=<value optimized out>, buf=0x7fffbcab9c50, size=8) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-rng.c:64
#3  0x00007fa490058709 in entropy_available (opaque=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/backends/rng-random.c:49
#4  0x00007fa48ff8ddfb in main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4055
#5  0x00007fa48ffb12fa in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2258
#6  0x00007fa48ff90cf0 in main_loop (argc=60, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4268
#7  main (argc=60, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6711

Expected results:
no bsod occurs 

Additional info:

Comment 1 Mike Cao 2014-07-15 05:59:28 UTC
(In reply to Mike Cao from comment #0)

> 
> Expected results:
> no bsod occurs 

Sorry for typo due to testing too much windows guests ,the expected results should be "no Segmentation fault" ..

Comment 4 Amos Kong 2014-07-16 01:49:15 UTC
For Linux guest,

I started a guest with two virtio-rng devices, the second one failed to probe (-EBUSY).

I start a dd command to read data from /dev/hwrng
  guest) # dd if=/dev/hwrng of=/dev/null

Then try to hot-remove first rng device from monitor
  (qemu) device_del device-rng0

I found the dd process exited with this error:

  [root@localhost ~]# dd if=/dev/hwrng of=/dev/null
   dd: reading /dev/hwrng : Not such device        <------error
   116205+1 records in
   116205+1 records out
   59497256 bytes (59 MB) copied, 45.2083 s, 1.3 MB/s
  [root@localhost ~]# 

And device-rng0 disappeared from pci info
  (qemu) info pci

Comment 5 Mike Cao 2014-07-16 01:50:57 UTC
(In reply to Amos Kong from comment #3)
> Hi Mike,
> 
> - What's the Windows guest version?

Windows 8.1-64
> - What's the behavior of Random.exe (provided by Gal)?
It is a app to show the random data generated by RNG Device
> - Can you upload the Random.exe or its code to bugzilla? (private)
Referring to next comment 
> - Can you reproduce this issue with one virtio-rng device?
No, I failed to reproduce it w/ one virtio-rng as the device always can be deleted even it in use 

Although 2 virtio-rng-pci is not support, I do not think core dump is acceptable.

Comment 7 Mike Cao 2014-07-16 02:04:28 UTC
(In reply to Amos Kong from comment #4)
> For Linux guest,
> 
> I started a guest with two virtio-rng devices, the second one failed to
> probe (-EBUSY).

I believe windows has the same behavior ,the first can not be use for transferring data 

Mike

Comment 8 Amos Kong 2014-07-16 02:16:02 UTC
(In reply to Mike Cao from comment #5)
> (In reply to Amos Kong from comment #3)
> > Hi Mike,
> > 
> > - What's the Windows guest version?
> 
> Windows 8.1-64
> > - What's the behavior of Random.exe (provided by Gal)?
> It is a app to show the random data generated by RNG Device

From the first rng device?

> > - Can you upload the Random.exe or its code to bugzilla? (private)
> Referring to next comment 
> > - Can you reproduce this issue with one virtio-rng device?
> No, I failed to reproduce it w/ one virtio-rng as the device always can be
> deleted even it in use 

OK

> Although 2 virtio-rng-pci is not support, I do not think core dump is
> acceptable.

Agree, I want to address both Window guest driver and QEMU issue.

Comment 9 Amos Kong 2014-07-16 02:21:04 UTC
(In reply to Mike Cao from comment #7)
> (In reply to Amos Kong from comment #4)
> > For Linux guest,
> > 
> > I started a guest with two virtio-rng devices, the second one failed to
> > probe (-EBUSY).
> 
> I believe windows has the same behavior ,the first can not be use for
> transferring data 

Why do you believe it? do you know how Windows virtio-rng driver process the second devices? Here I emphasize Linux doesn't allow multiple devices.

As you mentioned in last comment, only find this issue when you start guest with two rng devices. So we should focus on how does the 2rd device is processed, not if the 1st device works or not.

> Mike

Thanks.

Comment 10 Amos Kong 2014-07-16 02:22:33 UTC
It seems Guests' the response for the hot-unplug request are different.

Linux guest stops busy device, unregister rng device and _confirms_ the request (delete vq, free irq), then device is free from QEMU.

But Windows guest didn't stop busy device (Random.exe process), it doesn't confirm the request, so device isn't free from QEMU (and no QMP event).

Gal, can you check fix Windows virtio-rng driver behavior?

Comment 11 Mike Cao 2014-07-16 03:18:50 UTC
(In reply to Amos Kong from comment #9)
> (In reply to Mike Cao from comment #7)
> > (In reply to Amos Kong from comment #4)
> > > For Linux guest,
> > > 
> > > I started a guest with two virtio-rng devices, the second one failed to
> > > probe (-EBUSY).
> > 
> > I believe windows has the same behavior ,the first can not be use for
> > transferring data 
> 
> Why do you believe it? do you know how Windows virtio-rng driver process the
> second devices? Here I emphasize Linux doesn't allow multiple devices.
> 

(reply comment #8 as well)
Pls look at comment #0

{"execute":"device_del","arguments":{"id":"device-rng0"}}
{"return": {}}
 {"timestamp": {"seconds": 1405402564, "microseconds": 863022}, "event": "DEVICE_DELETED", "data": {"device": "device-rng0"}}

{"execute":"device_del","arguments":{"id":"device-rng1"}}
{"return": {}}
4.After find there is no event for delete device-rng1 , stop random.exe scripts in the guest ,delete again

{"execute":"device_del","arguments":{"id":"device-rng1"}}
{"return": {}}
 {"timestamp": {"seconds": 1405402564, "microseconds": 863022}, "event": "DEVICE_DELETED", "data": {"device": "device-rng1"}}

Based on above ,I think only device-rng1 is used for generating data ,while device-rng0 doesn't in windows guests

> 
> > Mike
> 
> Thanks.

Comment 12 Gal Hammer 2014-07-16 08:45:58 UTC
(In reply to Amos Kong from comment #10)
> It seems Guests' the response for the hot-unplug request are different.
> 
> Linux guest stops busy device, unregister rng device and _confirms_ the
> request (delete vq, free irq), then device is free from QEMU.

Even if the device is in use? I thought the PCI's "magnetic" lock prevents it.
 
> But Windows guest didn't stop busy device (Random.exe process), it doesn't
> confirm the request, so device isn't free from QEMU (and no QMP event).
> 
> Gal, can you check fix Windows virtio-rng driver behavior?

The driver supports hot-unplug and it free the device's resources when the device is removed. However it can't release the handle that is owned by the user. In that case Windows will need a restart in order to release the driver completely.

Comment 14 Ronen Hod 2014-07-21 08:20:34 UTC
Deferring to 6.7.
It only occurs when using 2 virtio-rng devices (not yet supported), and unplugging a busy device.

Comment 15 Amos Kong 2014-07-28 11:56:19 UTC
Created attachment 921757 [details]
After step 3) we can see random data was read out

I can't reproduce this bug, two rng devices can be hot-removed without stopping random_bit.exe process, get two DEVICE_DELETED events.

virtio-win-prewhql-0.1-87
win8.1-64
qemu-kvm-0.12.1.2-2.431.el6

# qemu-kvm -vnc :0 -object rng-random,filename=/dev/urandom,id=rng0 \
 -device virtio-rng-pci,id=device-rng0,rng=rng0 /k/akong/win8.1-64-virtio.raw \
 -monitor stdio -netdev tap,id=h1 -device e1000,netdev=h1 \
 -object rng-random,filename=/dev/urandom,id=rng1 \
 -device virtio-rng-pci,id=device-rng1,rng=rng1 \
 -usbdevice tablet -m 2048 -mon chardev=qmp,mode=control \
 -chardev socket,id=qmp,host=localhost,port=1234,server,nowait

1) install virtio-win
2) register viorngum.dll
  * Copy the file viorngum.dll(from virtio-win/virtio-win-prewhql) to C:\Windows\system32
  * Run (as admin) > rundll32 C:\Windows\system32\viorngum.dll,RegisterProvider
3) execute random_bit.exe in a loop

BAT script content:
| :A
|    c:\random_bit.exe
| goto A

4) hot-remove device-rng0, then hot-remove device-rng1

{"execute":"device_del","arguments":{"id":"device-rng0"}}
{"return": {}}
{"timestamp": {"seconds": 1406547643, "microseconds": 272830}, "event": "DEVICE_DELETED", "data": {"device": "device-rng0"}}
{"execute":"device_del","arguments":{"id":"device-rng1"}}
{"return": {}}
{"timestamp": {"seconds": 1406547668, "microseconds": 120691}, "event": "DEVICE_DELETED", "data": {"device": "device-rng1"}}


Result:
After step 3) we can see random data was read out
After step 4) random_bit.exe always returns error

Comment 16 Amos Kong 2014-07-28 11:59:16 UTC
Created attachment 921758 [details]
After step 4) random_bit.exe always returns error (expected :-)

This behavior is same as Linux guest, busy virtio-rng device can be hot-removed without stopping reading process. After hot-removed the device, reading process will return with an error.

Comment 17 Amos Kong 2014-07-28 12:01:25 UTC
Mike,

Thanks for the help on setting up virtio-win-rng in Win8.

I didn't reproduce this bug, can you help to check it?

Comment 18 Mike Cao 2014-07-29 06:11:53 UTC
(In reply to Amos Kong from comment #17)
> Mike,
> 
> Thanks for the help on setting up virtio-win-rng in Win8.
> 
> I didn't reproduce this bug, can you help to check it?

Hi, Amos

I retry and failed to reproduce the segfault.
Another scenario are exactly same as what I describe in comment #0 ,it can not be hotunpluged during use 

There is a core file generated ,Does it work help to resolve it ?

Mike

Comment 19 Amos Kong 2014-08-04 05:07:57 UTC
(In reply to Mike Cao from comment #18)
> (In reply to Amos Kong from comment #17)
> > Mike,
> > 
> > Thanks for the help on setting up virtio-win-rng in Win8.
> > 
> > I didn't reproduce this bug, can you help to check it?
> 
> Hi, Amos
> 
> I retry and failed to reproduce the segfault.

Let's try to reproduce the segfault, we should fix it.

> Another scenario are exactly same as what I describe in comment #0 ,it can
> not be hotunpluged during use 

What's the difference between my steps in comment #15 and your scenario in comment #0> There is a core file generated ,Does it work help to resolve it ?

It's helpful to resolve the coredump, but it seems helpless to reproduce the issue and address the root problem.

> Mike

Comment 20 Amos Kong 2014-08-04 05:33:07 UTC
(In reply to Amos Kong from comment #19)
> (In reply to Mike Cao from comment #18)
> > (In reply to Amos Kong from comment #17)
> > > Mike,
> > > 
> > > Thanks for the help on setting up virtio-win-rng in Win8.
> > > 
> > > I didn't reproduce this bug, can you help to check it?
> > 
> > Hi, Amos
> > 
> > I retry and failed to reproduce the segfault.
> 
> Let's try to reproduce the segfault, we should fix it.
> 
> > Another scenario are exactly same as what I describe in comment #0 ,it can
> > not be hotunpluged during use 


Mike, can you help to reproduce this issue (can't remove busy dev) in your environment and let me check by network?

 
> What's the difference between my steps in comment #15 and your scenario in
> comment #0

Comment 21 Amos Kong 2014-08-04 07:36:27 UTC
After comparing with the environment of Mike, I know how to reproduce the issue(can't hot-unplug busy device) and segfault.

In my Mike's and mine host, we can't read data from /dev/random by dd:
  # dd if=/dev/random of=/dev/null
    ^C0+6 records in
    0+0 records out
    0 bytes (0 B) copied, 141.65 s, 0.0 kB/s

When we add two rng devices to guest, device 0 uses /dev/urandom as backend (I'know it's not recommended, let's ignore this here ;)
device 1 uses /dev/random as backend.

Try to read data by a loop
 for /L %i in (1, 1, 10000) do random.exe done

then hot-remove device 0
result: device can be removed

hot-remove device 1
result: device can't be removed

repeatedly execute device_del command many times (fails to remove device 1)

kill reading process in guest

then execute device_del command to remove device 0
result: success

wait for about 10 times, qemu coredump (not always, rate is very small)

Comment 22 Ronen Hod 2014-08-04 08:31:01 UTC
Note that this is not an issue with modern hardware that has a Random device that returns the random bits quickly.

Comment 23 Amos Kong 2014-08-05 17:51:33 UTC
Hi Gal,

I fixed a similar hang issue (reproduce is almost same) in linux kernel driver (virtio-rng).  bz: 1119575    QEMU works well.

Let's ignore the coredump issue first, can you help to check/debug windows driver (virtio-rng) of the hang issue?  You can find the reproduce method in comment #21.

Thanks, Amos

Comment 24 lijin 2014-08-20 04:28:42 UTC
win2k8r2 hit the similar issue.

package info:
kernel-2.6.32-492.el6.x86_64
qemu-kvm-rhev-0.12.1.2-2.438.el6.x86_64
seabios-0.6.1.2-28.el6.x86_64
virtio-win-prewhql-88

steps:
1.boot guest with on virtio-rng-pci device:
/usr/libexec/qemu-kvm -drive file=win2k8r2-new.raw,if=none,cache=none,media=disk,format=raw,id=drive-ide0-0-1 -device ide-drive,drive=drive-ide0-0-1,bus=ide.0 -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -monitor stdio -usb -device usb-tablet,id=tablet1 -boot menu=on -chardev file,path=/root/console.log,id=serial1 -device isa-serial,chardev=serial1,id=s1 -cpu Penryn,+sep -smp 2,cores=2,threads=1,sockets=1 -m 2G -enable-kvm -drive file=virtio-win-prewhql-0.1-88.iso,if=none,cache=none,media=cdrom,format=raw,id=drive-ide0-0-0 -device ide-drive,id=ide0-0-0,drive=drive-ide0-0-0,bus=ide.1 -drive file=virtio-win-prewhql-0.1-88.vfd,if=none,id=drive-fdc0-0-0,format=raw,cache=none -global isa-fdc.driveA=drive-fdc0-0-0 -qmp tcp:0:4444,server,nowait -vga qxl -spice disable-ticketing,port=5900 -object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0,id=rng-device0

2.set the verifier with all the flags enabled,then reboot guest to make it effective:
cmd:verifier /flags 0x01FFFFFF /driver viorng.sys

3.Hot-plug/unplug rng device in a loop
#!/bin/bash
# some simply scripts for balloon device hotplug/unplug in a loop
let i=0
exec 3<>/dev/tcp/localhost/4444  #note modify this to qmp port
echo -e "{ 'execute': 'qmp_capabilities' }" >&3
read response <&3
echo $response
while [ $i -lt 100 ]
do
    echo -e "{ 'execute': 'device_del', 'arguments': {'id': 'rng-device0' }}">&3 ;
    sleep 2 ;
    read response <&3 ;
    echo "$i: $response"
    sleep 2 ;
     echo -e "{'execute':'device_add','arguments':{'driver':'virtio-rng-pci','id':'rng-device0','addr':'0x9'}}">&3 ;
    sleep 2 ;
    read response <&3
    echo "$i: $response"
    let i=$i+1
done

4.run random.exe in guest 3 times,during the third times random.exe need longer time to response,press ctrl+c to cancel it.
5.run the hot-plug/unplug loop again as step2

actual result:
during step5,guest and qemu freeze for a few seconds,then qemu core dump.

(gdb) bt
#0  0x00007f0e79395af2 in virtio_queue_ready (vq=0xe0) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio.c:228
#1  0x00007f0e79397816 in is_guest_ready (opaque=<value optimized out>, buf=0x7fff0a8be630, size=9)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-rng.c:40
#2  chr_read (opaque=<value optimized out>, buf=0x7fff0a8be630, size=9) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-rng.c:64
#3  0x00007f0e792fdba9 in entropy_available (opaque=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/backends/rng-random.c:49
#4  0x00007f0e7922aa7b in main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4055
#5  0x00007f0e7924e4ea in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2258
#6  0x00007f0e7922f767 in main_loop (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4268
#7  main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6725

Comment 26 Mike Cao 2015-03-09 08:10:06 UTC
Reproduce this issue on 
2.6.32-540.el6.x86_64
qemu-kvm-rhev-0.12.1.2-2.454.el6.x86_64
virtio-win-1.7.3-1.el7.noarch

steps:
1.Start VM with virito-rng
2.hot-plug/unplug it in a loop
3.during step 2 , for /l %i in (1,1,1000) do random_32.exe done  

4.When qmp shows 15: {"error": {"class": "DuplicateId", "desc": "Duplicate ID 'rng-device0' for device", "data": {"object": "device", "id": "rng-device0"}}}

then quit process of step3

Actual Results:
(gdb) bt
#0  0x00007ffff7f18d42 in virtio_queue_ready (vq=0xa0) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio.c:228
#1  0x00007ffff7f1aa66 in is_guest_ready (opaque=0x7ffff9030050, buf=0x7fffffffc970, size=8)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-rng.c:40
#2  chr_read (opaque=0x7ffff9030050, buf=0x7fffffffc970, size=8) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-rng.c:64
#3  0x00007ffff7e80de9 in entropy_available (opaque=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/backends/rng-random.c:49
#4  0x00007ffff7dad353 in main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4072
#5  0x00007ffff7dd0c2a in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2258
#6  0x00007ffff7db1ea7 in main_loop (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4285
#7  main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6742
(gdb) bt
#0  0x00007ffff7f18d42 in virtio_queue_ready (vq=0xa0) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio.c:228
#1  0x00007ffff7f1aa66 in is_guest_ready (opaque=0x7ffff9030050, buf=0x7fffffffc970, size=8)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-rng.c:40
#2  chr_read (opaque=0x7ffff9030050, buf=0x7fffffffc970, size=8) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-rng.c:64
#3  0x00007ffff7e80de9 in entropy_available (opaque=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/backends/rng-random.c:49
#4  0x00007ffff7dad353 in main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4072
#5  0x00007ffff7dd0c2a in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2258
#6  0x00007ffff7db1ea7 in main_loop (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4285
#7  main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6742

Comment 27 Mike Cao 2015-03-24 05:17:58 UTC
I am using win8.1-32 bit  guests

Comment 32 Jeff Nelson 2015-03-25 23:06:24 UTC
Fix included in qemu-kvm-0.12.1.2-2.462.el6

Comment 34 Chao Yang 2015-03-30 06:05:21 UTC
Reproduced with qemu-kvm-0.12.1.2-2.458.el6.x86_64. 

Steps are the same as Comment 26. 

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7f19d42 in virtio_queue_ready (vq=0x8000000) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio.c:228
228	{

(gdb) bt
#0  0x00007ffff7f19d42 in virtio_queue_ready (vq=0x8000000) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio.c:228
#1  0x00007ffff7f1ba66 in is_guest_ready (opaque=<value optimized out>, buf=0x7fffffffc610, size=8)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-rng.c:40
#2  chr_read (opaque=<value optimized out>, buf=0x7fffffffc610, size=8) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-rng.c:64
#3  0x00007ffff7e81de9 in entropy_available (opaque=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/backends/rng-random.c:49
#4  0x00007ffff7db2953 in main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4072
#5  0x00007ffff7dd622a in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2258
#6  0x00007ffff7db74a7 in main_loop (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4285
#7  main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6742




Verified pass with qemu-kvm-0.12.1.2-2.462.el6.x86_64. No coredump was observed.

As per above, this issue has fixed. 

Moving to VERIFIED.

Comment 37 errata-xmlrpc 2015-07-22 06:05:59 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1275.html


Note You need to log in before you can comment on or make changes to this bug.