1176553 – PCI: Nesting more than 10 PCI bridges causes qemu segmentation fault (core dumped)

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1176553 - PCI: Nesting more than 10 PCI bridges causes qemu segmentation fault (core dumped)

Summary: PCI: Nesting more than 10 PCI bridges causes qemu segmentation fault (core du...

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	qemu-kvm-rhev
Sub Component:
Version:	7.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	low
Target Milestone:	rc
Target Release:	---
Assignee:	Marcel Apfelbaum
QA Contact:	yduan
Docs Contact:
URL:
Whiteboard:
Duplicates (3):	1176540 1260932 1411632 (view as bug list)
Depends On:
Blocks:	1058200
TreeView+	depends on / blocked

Reported:	2014-12-22 10:21 UTC by Sibiao Luo
Modified:	2017-11-14 13:10 UTC (History)
CC List:	14 users (show)
Fixed In Version:
Doc Type:	Known Issue
Doc Text:	Nesting more than 7 PCI bridges is known to cause segmentation fault errors. It is not recommended to create more than 7 nested PCI bridges.
Clone Of:
Environment:
Last Closed:	2017-11-14 13:10:08 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Sibiao Luo 2014-12-22 10:21:05 UTC

Description of problem:
this bug is different from Bug 1176540 which only 9 and 10 pci-bridge hit it, but if more than 11 pci-bridge, qemu will Segmentation fault (core dumped) which has different bt log.

Version-Release number of selected component (if applicable):
host info:
3.10.0-217.el7.x86_64
qemu-kvm-rhev-2.1.2-17.el7.x86_64
seabios-1.7.5-6.el7.x86_64
guest info:
rhel6.6-z, 2.6.32-504.6.1.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1.assign all the device behind the more than eleventh pci-bridge.
2.
3.

Actual results:
after step 1, qemu will Segmentation fault (core dumped) 
QEMU 2.1.2 monitor - type 'help' for more information
(qemu) *** stack smashing detected ***: /usr/libexec/qemu-kvm terminated
Segmentation fault (core dumped)

(gdb) bt
#0  0x00007fd213055128 in ?? () from /lib64/libgcc_s.so.1
#1  0x00007fd213056029 in _Unwind_Backtrace () from /lib64/libgcc_s.so.1
#2  0x00007fd212d8ef86 in backtrace () from /lib64/libc.so.6
#3  0x00007fd212cfae44 in __libc_message () from /lib64/libc.so.6
#4  0x00007fd212d92937 in __fortify_fail () from /lib64/libc.so.6
#5  0x00007fd212d92900 in __stack_chk_fail () from /lib64/libc.so.6
#6  0x00007fd21a4ea805 in qdev_get_fw_dev_path (dev=<optimized out>) at hw/core/qdev.c:675
#7  0x3540697363732f31 in ?? ()
#8  0x00007fd21ae90000 in inode.24178 ()
#9  0x0000000000000000 in ?? ()
(gdb) bt full
#0  0x00007fd213055128 in ?? () from /lib64/libgcc_s.so.1
No symbol table info available.
#1  0x00007fd213056029 in _Unwind_Backtrace () from /lib64/libgcc_s.so.1
No symbol table info available.
#2  0x00007fd212d8ef86 in backtrace () from /lib64/libc.so.6
No symbol table info available.
#3  0x00007fd212cfae44 in __libc_message () from /lib64/libc.so.6
No symbol table info available.
#4  0x00007fd212d92937 in __fortify_fail () from /lib64/libc.so.6
No symbol table info available.
#5  0x00007fd212d92900 in __stack_chk_fail () from /lib64/libc.so.6
No symbol table info available.
#6  0x00007fd21a4ea805 in qdev_get_fw_dev_path (dev=<optimized out>) at hw/core/qdev.c:675
        path = "/pci@i0cf8/pci-bridge@3/pci-bridge@1/pci-bridge@1/pci-bridge@1/pci-bridge@1/pci-bridge@1/pci-bridge@1/pci-bridge@1/pci-bridge@1"
        l = <optimized out>
#7  0x3540697363732f31 in ?? ()
No symbol table info available.
#8  0x00007fd21ae90000 in inode.24178 ()
No symbol table info available.
#9  0x0000000000000000 in ?? ()
No symbol table info available.
(gdb) q

Expected results:

Additional info:
# /usr/libexec/qemu-kvm -machine type=pc,dump-guest-core=off -S -cpu SandyBridge -enable-kvm -m 4096 -smp 4,sockets=2,cores=2,threads=1 -no-kvm-pit-reinjection -usb -device usb-tablet,id=input0 -name sluo -uuid 990ea161-6b67-47b2-b803-19fb01d30d11 -rtc base=localtime,clock=host,driftfix=slew -device pci-bridge,bus=pci.0,id=bridge1,chassis_nr=1,addr=0x3 -device pci-bridge,bus=bridge1,id=bridge2,chassis_nr=1,addr=0x1 -device pci-bridge,bus=bridge2,id=bridge3,chassis_nr=1,addr=0x1 -device pci-bridge,bus=bridge3,id=bridge4,chassis_nr=1,addr=0x1 -device pci-bridge,bus=bridge4,id=bridge5,chassis_nr=1,addr=0x1 -device pci-bridge,bus=bridge5,id=bridge6,chassis_nr=1,addr=0x1 -device pci-bridge,bus=bridge6,id=bridge7,chassis_nr=1,addr=0x1 -device pci-bridge,bus=bridge7,id=bridge8,chassis_nr=1,addr=0x1 -device pci-bridge,bus=bridge8,id=bridge9,chassis_nr=1,addr=0x1 -device pci-bridge,bus=bridge9,id=bridge10,chassis_nr=1,addr=0x1 -device pci-bridge,bus=bridge10,id=bridge11,chassis_nr=1,addr=0x1 -device virtio-serial-pci,id=virtio-serial0,max_ports=16,vectors=0,bus=bridge11,addr=0x4 -chardev socket,id=channel1,path=/tmp/helloworld1,server,nowait -device virtserialport,chardev=channel1,name=com.redhat.rhevm.vdsm0,bus=virtio-serial0.0,id=port1 -chardev socket,id=channel2,path=/tmp/helloworld2,server,nowait -device virtserialport,chardev=channel2,name=com.redhat.rhevm.vdsm1,bus=virtio-serial0.0,id=port2 -drive file=/home/RHEL-Server-6.6.z-64-virtio-scsi.qcow2,if=none,id=drive-system-disk,format=qcow2,cache=none,aio=native,werror=stop,rerror=stop -device virtio-blk-pci,bus=bridge11,addr=0x5,drive=drive-system-disk,id=system-disk,bootindex=1 -netdev tap,id=hostnet0,vhost=on,queues=4,script=/etc/qemu-ifup -device virtio-net-pci,mq=on,vectors=17,netdev=hostnet0,id=virtio-net-pci0,mac=08:2e:5f:0a:0d:b1,bus=bridge11,addr=0x6,bootindex=2 -device virtio-balloon-pci,id=ballooning,bus=bridge11,addr=0x7 -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -k en-us -boot menu=on -qmp tcp:0:4444,server,nowait -serial unix:/tmp/ttyS0,server,nowait -vnc :1 -spice disable-ticketing,port=5931 -monitor stdio

Comment 2 Marcel Apfelbaum 2014-12-24 10:46:23 UTC

*** Bug 1176540 has been marked as a duplicate of this bug. ***

Comment 16 Marcel Apfelbaum 2015-12-22 10:10:18 UTC

Low priority, deferred to 7.4

Comment 17 Marcel Apfelbaum 2015-12-23 13:43:40 UTC

*** Bug 1260932 has been marked as a duplicate of this bug. ***

Comment 19 Marcel Apfelbaum 2017-01-12 11:31:35 UTC

*** Bug 1411632 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.