1170871 – qemu core dumped when unhotplug gpu card assigned to guest

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1170871 - qemu core dumped when unhotplug gpu card assigned to guest

Summary: qemu core dumped when unhotplug gpu card assigned to guest

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	qemu-kvm-rhev
Sub Component:
Version:	7.1
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Alex Williamson
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1180942
TreeView+	depends on / blocked

Reported:	2014-12-05 03:21 UTC by Lin Chen
Modified:	2015-03-05 09:59 UTC (History)
CC List:	8 users (show)
Fixed In Version:	qemu-kvm-rhev-2.1.2-22.el7
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	1180942 (view as bug list)
Environment:
Last Closed:	2015-03-05 09:59:23 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2015:0624	0	normal	SHIPPED_LIVE	Important: qemu-kvm-rhev security, bug fix, and enhancement update	2015-03-05 14:37:36 UTC

Description Lin Chen 2014-12-05 03:21:08 UTC

Description of problem:
Boot a guest with a assigned gpu card, then unhotplug the gpu card inside qemu. Qemu core dumped.

Version-Release number of selected component (if applicable):
inside host:
  uname  -r
  3.10.0-211.el7.x86_64
  rpm -qa |grep qemu
  qemu-kvm-rhev-2.1.2-14.el7.x86_64


How reproducible:
100%

Steps to Reproduce:
1.Boot a guest with a assigned gpu card:
/usr/libexec/qemu-kvm ... -device vfio-pci,host=06:00.0,id=GPU-k1,addr=06.0

2.unhotplug the gpu card inside qemu
(qemu) device_del GPU-k1

Actual results:
qemu core dumped and get info as follows:
(gdb) bt
#0  0x000055555640f070 in ?? ()
#1  0x00005555556e131d in qemu_devices_reset () at vl.c:1840
#2  qemu_system_reset (report=report@entry=true) at vl.c:1853
#3  0x00005555555dcbb3 in main_loop_should_exit () at vl.c:1984
#4  main_loop () at vl.c:2024
#5  main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4607


Expected results:
unhotplug the gpu card successfully.

Additional info:

Comment 2 Lin Chen 2014-12-05 04:46:59 UTC

Additional, it is only for Linux guest ,and inside guest:
uname  -r
2.6.32-584.el6.x86_64

Comment 3 Alex Williamson 2014-12-05 14:08:34 UTC

Linux guests do not support GPU hot unplug, can this be reproduced with a Windows guest?  Please reproduce with the -debug qemu-kvm package.

Comment 4 Lin Chen 2014-12-08 09:25:54 UTC

(In reply to Alex Williamson from comment #3)
> Linux guests do not support GPU hot unplug, can this be reproduced with a
> Windows guest?  Please reproduce with the -debug qemu-kvm package.
Hi Alex,

1.For QE, even if Linux guests do not support GPU hot unplug, qemu shouldn't core dump.

2.QE tested it with a Windows guest and didn't hit the same issue.

3.where to download the -debug qemu-kvm package? There is only -debuginfo package inside brewweb.

Thanks.

Comment 5 Alex Williamson 2014-12-08 14:55:38 UTC

(In reply to Lin Chen from comment #4)
> (In reply to Alex Williamson from comment #3)
> > Linux guests do not support GPU hot unplug, can this be reproduced with a
> > Windows guest?  Please reproduce with the -debug qemu-kvm package.
> Hi Alex,
> 
> 1.For QE, even if Linux guests do not support GPU hot unplug, qemu shouldn't
> core dump.
> 
> 2.QE tested it with a Windows guest and didn't hit the same issue.
> 
> 3.where to download the -debug qemu-kvm package? There is only -debuginfo
> package inside brewweb.

Yes, debuginfo is what I mean so that we can get a more complete backtrace.

Comment 8 Alex Williamson 2015-01-12 05:01:00 UTC

Fixed by qemu.git b3e27c3aee8f5a96debfe0346e9c0e3a641a8516

A fairly effective test for this is to install the debuginfo package and run gdb on qemu before removing the device.  Set a breakpoint on vfio_intx_interrupt.  After removing the device with device_del or libvirt tools, vfio_intx_interrupt should not be called.  In the failing case, it continues to be called with the opaque data for the deleted device.  Since the error is continued use of an fd with freed data, reliable test cases can be temporary.

Comment 10 Miroslav Rezanina 2015-01-26 06:52:08 UTC

Fix included in qemu-kvm-rhev-2.1.2-22.el7

Comment 12 FuXiangChun 2015-01-27 12:37:59 UTC

QE tested bug with the latest qemu-kvm-rhev-2.1.2-22.el7.x86_64. The following are test scenarios and result.

S1. Assigned one GPU device(k1 or k2) to guest. then unhotplug it.

For windows(win7sp1 64bit) guest. qemu and guest work well

For RHEL7.1 guest. qemu and guest work well(guest kernel 3.10.0-226.el7.x86_64)

S2. Assigned two GPU devices(k1 and k2) to guest. then unhotplug one of them and restart guest.  

For windows(win7sp1 64big) guest. qemu and guest work well

For RHEL7.1 guest
result:guest kernel panic. I filed a new bug 1186194 to track it.

Comment 15 errata-xmlrpc 2015-03-05 09:59:23 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0624.html

Note You need to log in before you can comment on or make changes to this bug.