Bug 1151947 - virtconsole causes qemu-kvm core dump
Summary: virtconsole causes qemu-kvm core dump
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: qemu-kvm-rhev
Version: 7.1
Hardware: Unspecified
OS: Unspecified
medium
high
Target Milestone: rc
: ---
Assignee: Amit Shah
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-10-13 07:20 UTC by Shaolong Hu
Modified: 2015-03-05 09:56 UTC (History)
8 users (show)

Fixed In Version: qemu-kvm-rhev-2.1.2-8.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-03-05 09:56:27 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0624 normal SHIPPED_LIVE Important: qemu-kvm-rhev security, bug fix, and enhancement update 2015-03-05 14:37:36 UTC

Description Shaolong Hu 2014-10-13 07:20:24 UTC
Description of problem:
----------------------------
virtconsole causes qemu-kvm core dump.


Version-Release number of selected component (if applicable):
--------------------------------------------------------------------
qemu-kvm-rhev-2.1.2-3.el7.x86_64


How reproducible:
------------------
100%

Steps to Reproduce:
--------------------
1. boot guest with "-device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x8 -chardev socket,id=charchannel0,path=/tmp/serial-socket,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.rhevm.vdsm -chardev socket,path=/tmp/foo,server,nowait,id=foo -device virtconsole,chardev=foo,id=console0"

qemu-kvm core dump:

(gdb) bt
#0  0x00007fa7ded9a23a in __strcmp_ssse3 () from /usr/lib64/libc.so.6
#1  0x00007fa7e5378288 in find_port_by_name (name=0x0) at /usr/src/debug/qemu-2.1.2/hw/char/virtio-serial-bus.c:67
#2  virtser_port_device_realize (dev=0x7fa7e69debb0, errp=0x7fff20673c70) at /usr/src/debug/qemu-2.1.2/hw/char/virtio-serial-bus.c:874
#3  0x00007fa7e5496a18 in device_set_realized (obj=<optimized out>, value=<optimized out>, errp=0x7fff20673d98) at hw/core/qdev.c:834
#4  0x00007fa7e5512fbe in property_set_bool (obj=0x7fa7e69debb0, v=<optimized out>, opaque=0x7fa7e6968a90, name=<optimized out>, 
    errp=0x7fff20673d98) at qom/object.c:1473
#5  0x00007fa7e5515767 in object_property_set_qobject (obj=0x7fa7e69debb0, value=<optimized out>, name=0x7fa7e55d52b0 "realized", 
    errp=0x7fff20673d98) at qom/qom-qobject.c:24
#6  0x00007fa7e5514380 in object_property_set_bool (obj=obj@entry=0x7fa7e69debb0, value=value@entry=true, 
    name=name@entry=0x7fa7e55d52b0 "realized", errp=errp@entry=0x7fff20673d98) at qom/object.c:888
#7  0x00007fa7e542381f in qdev_device_add (opts=0x7fa7e66c5950) at qdev-monitor.c:554
#8  0x00007fa7e5435819 in device_init_func (opts=<optimized out>, opaque=<optimized out>) at vl.c:2356
#9  0x00007fa7e55a269b in qemu_opts_foreach (list=<optimized out>, func=func@entry=0x7fa7e5435810 <device_init_func>, opaque=opaque@entry=0x0, 
    abort_on_failure=abort_on_failure@entry=1) at util/qemu-option.c:1072
#10 0x00007fa7e5330548 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4436


Additional info:
-------------------
remove "-chardev socket,path=/tmp/foo,server,nowait,id=foo -device virtconsole,chardev=foo,id=console0", it works fine, and QEMU 1.5.3 won't hit the problem.

Comment 2 Amit Shah 2014-11-03 12:24:01 UTC
A patch was posted upstream by Marc-Andre Lureau fixing this.

Comment 4 Miroslav Rezanina 2014-11-13 09:06:26 UTC
Fix included in qemu-kvm-rhev-2.1.2-8.el7

Comment 6 Jun Li 2014-11-21 05:00:05 UTC
Reproduce:
Version of components:
qemu-kvm-rhev-2.1.2-1.el7.x86_64

steps the same with comment 0:
1. boot guest with "-device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x8 -chardev socket,id=charchannel0,path=/tmp/serial-socket,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.rhevm.vdsm -chardev socket,path=/tmp/foo,server,nowait,id=foo -device virtconsole,chardev=foo,id=console0"
e.g:
# gdb --args /usr/libexec/qemu-kvm -m 2G -smp 2 -boot menu=on -drive file=/root/RHEL-7.1-20141111.0.qcow2,if=none,id=img,snapshot=on -device virtio-blk-pci,drive=img,id=sys-img,bootindex=1 -monitor stdio -qmp tcp::8888,server,nowait -spice port=5931,disable-ticketing -serial unix:/tmp/ttyS0,server,nowait -netdev tap,id=tap0,script=/etc/qemu-ifup,vhost=on -device virtio-net-pci,netdev=tap0,id=net0,mac=24:be:05:12:33:11,mq=on,bootindex=2 -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x8 -chardev socket,id=charchannel0,path=/tmp/serial-socket,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=comredhat.rhevm.vdsm -chardev socket,path=/tmp/foo,server,nowait,id=foo -device virtconsole,chardev=foo,id=console0


qemu-kvm core dump:

(gdb) bt
#0  0x00007ffff1f74dea in __strcmp_sse42 () from /usr/lib64/libc.so.6
#1  0x00005555556646b8 in virtser_port_device_realize ()
#2  0x0000555555782b98 in device_set_realized ()
#3  0x00005555557ff23e in property_set_bool ()
#4  0x00005555558019e7 in object_property_set_qobject ()
#5  0x0000555555800600 in object_property_set_bool ()
#6  0x000055555570fb2f in qdev_device_add ()
#7  0x0000555555721b29 in device_init_func ()
#8  0x000055555588d92b in qemu_opts_foreach ()
#9  0x000055555561c9e8 in main ()

As above show, this bz has been reproduced.
======================
Verify:
Version of components:
qemu-kvm-rhev-2.1.2-8.el7.x86_64
host kernel and guest kernel version:
3.10.0-205.el7.x86_64

steps as comment 0:
1. boot guest with "-device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x8 -chardev socket,id=charchannel0,path=/tmp/serial-socket,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.rhevm.vdsm -chardev socket,path=/tmp/foo,server,nowait,id=foo -device virtconsole,chardev=foo,id=console0"
e.g:
# gdb --args /usr/libexec/qemu-kvm -m 2G -smp 2 -boot menu=on -drive file=/root/RHEL-7.1-20141111.0.qcow2,if=none,id=img,snapshot=on -device virtio-blk-pci,drive=img,id=sys-img,bootindex=1 -monitor stdio -qmp tcp::8888,server,nowait -spice port=5931,disable-ticketing -serial unix:/tmp/ttyS0,server,nowait -netdev tap,id=tap0,script=/etc/qemu-ifup,vhost=on -device virtio-net-pci,netdev=tap0,id=net0,mac=24:be:05:12:33:11,mq=on,bootindex=2 -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x8 -chardev socket,id=charchannel0,path=/tmp/serial-socket,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=comredhat.rhevm.vdsm -chardev socket,path=/tmp/foo,server,nowait,id=foo -device virtconsole,chardev=foo,id=console0

virtserialport can works well inside guest, can transfer character correctly between guest and host.

But can not use virtconsole device to transfer character. I just ref[1]'s method to do.

BTW, will find 8 ports inside guest.
# ls /dev/hvc* -l
crw-------. 1 root root 229, 0 Nov 21 12:40 /dev/hvc0
crw-------. 1 root root 229, 1 Nov 21 12:40 /dev/hvc1
crw-------. 1 root root 229, 2 Nov 21 12:40 /dev/hvc2
crw-------. 1 root root 229, 3 Nov 21 12:40 /dev/hvc3
crw-------. 1 root root 229, 4 Nov 21 12:40 /dev/hvc4
crw-------. 1 root root 229, 5 Nov 21 12:40 /dev/hvc5
crw-------. 1 root root 229, 6 Nov 21 12:40 /dev/hvc6
crw-------. 1 root root 229, 7 Nov 21 12:40 /dev/hvc7

[1]fedoraproject.org/wiki/Features/VirtioSerial


As above show, this bz seems has been verified(qemu-kvm won't core dump).


Hi Miroslav,

  Could you give some explanation why QE can not use this virtconsole device inside guest? Thank you very much.

Best Regards,
Jun Li

Comment 7 Amit Shah 2014-11-25 08:27:32 UTC
Can you give more details on what you did?  cmdline in host as well as guest?  virtconsole also isn't tested properly since not a lot of people use it.

For purposes of this bug, though, there's no problem.

Comment 8 juzhang 2014-11-25 08:33:04 UTC
Hi Juli,

Can you reply comment7?

Best Regards,
Junyi

Comment 9 Jun Li 2014-11-26 02:32:35 UTC
(In reply to Amit Shah from comment #7)
> Can you give more details on what you did?  cmdline in host as well as
> guest?  virtconsole also isn't tested properly since not a lot of people use
> it.
> 

> For purposes of this bug, though, there's no problem.

Just do as the following url show:
http://fedoraproject.org/wiki/Features/VirtioSerial

Inside guest side:
# agetty /dev/hvc0 9600 vt100

On the host side:
$ socat /tmp/foo -

Guest and host can not communicate via above port hvc0. I also test with (hvc1/hvc2/.../hvc7), they can not communicate, too.
------
Another issue is:
I will find 8 ports inside guest, just like following:
# ls /dev/hvc* -l
crw-------. 1 root root 229, 0 Nov 21 12:40 /dev/hvc0
crw-------. 1 root root 229, 1 Nov 21 12:40 /dev/hvc1
crw-------. 1 root root 229, 2 Nov 21 12:40 /dev/hvc2
crw-------. 1 root root 229, 3 Nov 21 12:40 /dev/hvc3
crw-------. 1 root root 229, 4 Nov 21 12:40 /dev/hvc4
crw-------. 1 root root 229, 5 Nov 21 12:40 /dev/hvc5
crw-------. 1 root root 229, 6 Nov 21 12:40 /dev/hvc6
crw-------. 1 root root 229, 7 Nov 21 12:40 /dev/hvc7

But I only add one console device in qemu-kvm command line. Could you give some explanations about this?

Comment 10 juzhang 2014-11-26 02:35:43 UTC
Hi Amit,

Would you please have a look? It's new bz?

Best Regards,
Junyi

Comment 11 Amit Shah 2014-11-26 02:47:13 UTC
It could be for several reasons (including bad config), but separate from this BZ so let's open a new one and examine the failures in the new bz.

Comment 12 Jun Li 2014-11-26 08:08:09 UTC
(In reply to Amit Shah from comment #11)
> It could be for several reasons (including bad config), but separate from
> this BZ so let's open a new one and examine the failures in the new bz.

Thanks Amit, I have filed a new bug to trace this issue(bz1168115). But based on comment 6, this bz has been verified.

Comment 15 errata-xmlrpc 2015-03-05 09:56:27 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0624.html


Note You need to log in before you can comment on or make changes to this bug.