Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1151947

Summary: virtconsole causes qemu-kvm core dump
Product: Red Hat Enterprise Linux 7 Reporter: Shaolong Hu <shu>
Component: qemu-kvm-rhevAssignee: Amit Shah <amit.shah>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: medium    
Version: 7.1CC: amit.shah, hhuang, juli, juzhang, mdeng, michen, mrezanin, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qemu-kvm-rhev-2.1.2-8.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-05 09:56:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Shaolong Hu 2014-10-13 07:20:24 UTC 
Description of problem:
----------------------------
virtconsole causes qemu-kvm core dump.


Version-Release number of selected component (if applicable):
--------------------------------------------------------------------
qemu-kvm-rhev-2.1.2-3.el7.x86_64


How reproducible:
------------------
100%

Steps to Reproduce:
--------------------
1. boot guest with "-device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x8 -chardev socket,id=charchannel0,path=/tmp/serial-socket,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.rhevm.vdsm -chardev socket,path=/tmp/foo,server,nowait,id=foo -device virtconsole,chardev=foo,id=console0"

qemu-kvm core dump:

(gdb) bt
#0  0x00007fa7ded9a23a in __strcmp_ssse3 () from /usr/lib64/libc.so.6
#1  0x00007fa7e5378288 in find_port_by_name (name=0x0) at /usr/src/debug/qemu-2.1.2/hw/char/virtio-serial-bus.c:67
#2  virtser_port_device_realize (dev=0x7fa7e69debb0, errp=0x7fff20673c70) at /usr/src/debug/qemu-2.1.2/hw/char/virtio-serial-bus.c:874
#3  0x00007fa7e5496a18 in device_set_realized (obj=<optimized out>, value=<optimized out>, errp=0x7fff20673d98) at hw/core/qdev.c:834
#4  0x00007fa7e5512fbe in property_set_bool (obj=0x7fa7e69debb0, v=<optimized out>, opaque=0x7fa7e6968a90, name=<optimized out>, 
    errp=0x7fff20673d98) at qom/object.c:1473
#5  0x00007fa7e5515767 in object_property_set_qobject (obj=0x7fa7e69debb0, value=<optimized out>, name=0x7fa7e55d52b0 "realized", 
    errp=0x7fff20673d98) at qom/qom-qobject.c:24
#6  0x00007fa7e5514380 in object_property_set_bool (obj=obj@entry=0x7fa7e69debb0, value=value@entry=true, 
    name=name@entry=0x7fa7e55d52b0 "realized", errp=errp@entry=0x7fff20673d98) at qom/object.c:888
#7  0x00007fa7e542381f in qdev_device_add (opts=0x7fa7e66c5950) at qdev-monitor.c:554
#8  0x00007fa7e5435819 in device_init_func (opts=<optimized out>, opaque=<optimized out>) at vl.c:2356
#9  0x00007fa7e55a269b in qemu_opts_foreach (list=<optimized out>, func=func@entry=0x7fa7e5435810 <device_init_func>, opaque=opaque@entry=0x0, 
    abort_on_failure=abort_on_failure@entry=1) at util/qemu-option.c:1072
#10 0x00007fa7e5330548 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4436


Additional info:
-------------------
remove "-chardev socket,path=/tmp/foo,server,nowait,id=foo -device virtconsole,chardev=foo,id=console0", it works fine, and QEMU 1.5.3 won't hit the problem.
Comment 2 Amit Shah 2014-11-03 12:24:01 UTC 
A patch was posted upstream by Marc-Andre Lureau fixing this.
Comment 4 Miroslav Rezanina 2014-11-13 09:06:26 UTC 
Fix included in qemu-kvm-rhev-2.1.2-8.el7
Comment 6 Jun Li 2014-11-21 05:00:05 UTC 
Reproduce:
Version of components:
qemu-kvm-rhev-2.1.2-1.el7.x86_64

steps the same with comment 0:
1. boot guest with "-device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x8 -chardev socket,id=charchannel0,path=/tmp/serial-socket,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.rhevm.vdsm -chardev socket,path=/tmp/foo,server,nowait,id=foo -device virtconsole,chardev=foo,id=console0"
e.g:
# gdb --args /usr/libexec/qemu-kvm -m 2G -smp 2 -boot menu=on -drive file=/root/RHEL-7.1-20141111.0.qcow2,if=none,id=img,snapshot=on -device virtio-blk-pci,drive=img,id=sys-img,bootindex=1 -monitor stdio -qmp tcp::8888,server,nowait -spice port=5931,disable-ticketing -serial unix:/tmp/ttyS0,server,nowait -netdev tap,id=tap0,script=/etc/qemu-ifup,vhost=on -device virtio-net-pci,netdev=tap0,id=net0,mac=24:be:05:12:33:11,mq=on,bootindex=2 -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x8 -chardev socket,id=charchannel0,path=/tmp/serial-socket,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=comredhat.rhevm.vdsm -chardev socket,path=/tmp/foo,server,nowait,id=foo -device virtconsole,chardev=foo,id=console0


qemu-kvm core dump:

(gdb) bt
#0  0x00007ffff1f74dea in __strcmp_sse42 () from /usr/lib64/libc.so.6
#1  0x00005555556646b8 in virtser_port_device_realize ()
#2  0x0000555555782b98 in device_set_realized ()
#3  0x00005555557ff23e in property_set_bool ()
#4  0x00005555558019e7 in object_property_set_qobject ()
#5  0x0000555555800600 in object_property_set_bool ()
#6  0x000055555570fb2f in qdev_device_add ()
#7  0x0000555555721b29 in device_init_func ()
#8  0x000055555588d92b in qemu_opts_foreach ()
#9  0x000055555561c9e8 in main ()

As above show, this bz has been reproduced.
======================
Verify:
Version of components:
qemu-kvm-rhev-2.1.2-8.el7.x86_64
host kernel and guest kernel version:
3.10.0-205.el7.x86_64

steps as comment 0:
1. boot guest with "-device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x8 -chardev socket,id=charchannel0,path=/tmp/serial-socket,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.rhevm.vdsm -chardev socket,path=/tmp/foo,server,nowait,id=foo -device virtconsole,chardev=foo,id=console0"
e.g:
# gdb --args /usr/libexec/qemu-kvm -m 2G -smp 2 -boot menu=on -drive file=/root/RHEL-7.1-20141111.0.qcow2,if=none,id=img,snapshot=on -device virtio-blk-pci,drive=img,id=sys-img,bootindex=1 -monitor stdio -qmp tcp::8888,server,nowait -spice port=5931,disable-ticketing -serial unix:/tmp/ttyS0,server,nowait -netdev tap,id=tap0,script=/etc/qemu-ifup,vhost=on -device virtio-net-pci,netdev=tap0,id=net0,mac=24:be:05:12:33:11,mq=on,bootindex=2 -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x8 -chardev socket,id=charchannel0,path=/tmp/serial-socket,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=comredhat.rhevm.vdsm -chardev socket,path=/tmp/foo,server,nowait,id=foo -device virtconsole,chardev=foo,id=console0

virtserialport can works well inside guest, can transfer character correctly between guest and host.

But can not use virtconsole device to transfer character. I just ref[1]'s method to do.

BTW, will find 8 ports inside guest.
# ls /dev/hvc* -l
crw-------. 1 root root 229, 0 Nov 21 12:40 /dev/hvc0
crw-------. 1 root root 229, 1 Nov 21 12:40 /dev/hvc1
crw-------. 1 root root 229, 2 Nov 21 12:40 /dev/hvc2
crw-------. 1 root root 229, 3 Nov 21 12:40 /dev/hvc3
crw-------. 1 root root 229, 4 Nov 21 12:40 /dev/hvc4
crw-------. 1 root root 229, 5 Nov 21 12:40 /dev/hvc5
crw-------. 1 root root 229, 6 Nov 21 12:40 /dev/hvc6
crw-------. 1 root root 229, 7 Nov 21 12:40 /dev/hvc7

[1]fedoraproject.org/wiki/Features/VirtioSerial


As above show, this bz seems has been verified(qemu-kvm won't core dump).


Hi Miroslav,

  Could you give some explanation why QE can not use this virtconsole device inside guest? Thank you very much.

Best Regards,
Jun Li
Comment 7 Amit Shah 2014-11-25 08:27:32 UTC 
Can you give more details on what you did?  cmdline in host as well as guest?  virtconsole also isn't tested properly since not a lot of people use it.

For purposes of this bug, though, there's no problem.
Comment 8 juzhang 2014-11-25 08:33:04 UTC 
Hi Juli,

Can you reply comment7?

Best Regards,
Junyi
Comment 9 Jun Li 2014-11-26 02:32:35 UTC 
(In reply to Amit Shah from comment #7)
> Can you give more details on what you did?  cmdline in host as well as
> guest?  virtconsole also isn't tested properly since not a lot of people use
> it.
> 

> For purposes of this bug, though, there's no problem.

Just do as the following url show:
http://fedoraproject.org/wiki/Features/VirtioSerial

Inside guest side:
# agetty /dev/hvc0 9600 vt100

On the host side:
$ socat /tmp/foo -

Guest and host can not communicate via above port hvc0. I also test with (hvc1/hvc2/.../hvc7), they can not communicate, too.
------
Another issue is:
I will find 8 ports inside guest, just like following:
# ls /dev/hvc* -l
crw-------. 1 root root 229, 0 Nov 21 12:40 /dev/hvc0
crw-------. 1 root root 229, 1 Nov 21 12:40 /dev/hvc1
crw-------. 1 root root 229, 2 Nov 21 12:40 /dev/hvc2
crw-------. 1 root root 229, 3 Nov 21 12:40 /dev/hvc3
crw-------. 1 root root 229, 4 Nov 21 12:40 /dev/hvc4
crw-------. 1 root root 229, 5 Nov 21 12:40 /dev/hvc5
crw-------. 1 root root 229, 6 Nov 21 12:40 /dev/hvc6
crw-------. 1 root root 229, 7 Nov 21 12:40 /dev/hvc7

But I only add one console device in qemu-kvm command line. Could you give some explanations about this?
Comment 10 juzhang 2014-11-26 02:35:43 UTC 
Hi Amit,

Would you please have a look? It's new bz?

Best Regards,
Junyi
Comment 11 Amit Shah 2014-11-26 02:47:13 UTC 
It could be for several reasons (including bad config), but separate from this BZ so let's open a new one and examine the failures in the new bz.
Comment 12 Jun Li 2014-11-26 08:08:09 UTC 
(In reply to Amit Shah from comment #11)
> It could be for several reasons (including bad config), but separate from
> this BZ so let's open a new one and examine the failures in the new bz.

Thanks Amit, I have filed a new bug to trace this issue(bz1168115). But based on comment 6, this bz has been verified.
Comment 15 errata-xmlrpc 2015-03-05 09:56:27 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0624.html