1230068 – Segmentation fault when re-adding virtio-rng-pci device

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1230068 - Segmentation fault when re-adding virtio-rng-pci device

Summary: Segmentation fault when re-adding virtio-rng-pci device

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	6.8
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Gal Hammer
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1200654
TreeView+	depends on / blocked

Reported:	2015-06-10 08:22 UTC by Gal Hammer
Modified:	2016-05-10 20:59 UTC (History)
CC List:	10 users (show)
Fixed In Version:	qemu-kvm-0.12.1.2-2.480.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-05-10 20:59:02 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2016:0815	0	normal	SHIPPED_LIVE	qemu-kvm bug fix and enhancement update	2016-05-10 22:39:31 UTC

Description Gal Hammer 2015-06-10 08:22:38 UTC

Version-Release number of selected component (if applicable): qemu-kvm-0.12.1.2-2.478.el6.x86_64

How reproducible:

Steps to Reproduce:
1. Start a VM with "-object rng-random,filename=/dev/urandom,id=rng0 -device virtio-rng-pci,rng=rng0,id=virtrng0"
2. Monitor command: "device_del virtrng0"
3. Monitor command: "device_add virtio-rng-pci,rng=rng0,id=virtrng0"

Actual results:

Program terminated with signal 11, Segmentation fault.
#0  0x00007f3a18792c59 in object_class_dynamic_cast (class=0x7f3a1a3740d0, typename=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/qom/object.c:496
496         if (type->class->interfaces &&

(gdb) bt
#0  0x00007f3a18792c59 in object_class_dynamic_cast (class=0x7f3a1a3740d0, typename=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/qom/object.c:496
#1  0x00007f3a18792cf8 in object_dynamic_cast (obj=0x7f3a1a3740d0, typename=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/qom/object.c:428
#2  0x00007f3a18794458 in object_resolve_path_type (path=<value optimized out>, typename=0x7f3a18885ff4 "rng-backend", ambiguous=0x0)
    at /usr/src/debug/qemu-kvm-0.12.1.2/qom/object.c:1199
#3  0x00007f3a186dac42 in virtio_rng_init_pci (pci_dev=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-pci.c:963
#4  0x00007f3a186d1366 in pci_qdev_init (qdev=0x7f3a1bf9cc50, base=0x7f3a18bd8668) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/pci.c:1659
#5  0x00007f3a1875cb88 in qdev_init (dev=0x7f3a1bf9cc50) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev.c:285
#6  0x00007f3a1875cf9f in qdev_device_add (opts=0x7f3a1b175fb0) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev.c:260
#7  0x00007f3a1875d59b in do_device_add (mon=<value optimized out>, qdict=<value optimized out>, ret_data=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev.c:894
#8  0x00007f3a186c94c0 in monitor_call_handler (mon=<value optimized out>, cmd=0x7f3a18bd0908, params=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:4377
#9  0x00007f3a186ce94f in handle_user_command (mon=0x7f3a1a5638d0, cmdline=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:4414
#10 0x00007f3a186cea87 in monitor_command_cb (mon=0x7f3a1a5638d0, cmdline=<value optimized out>, opaque=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:5052
#11 0x00007f3a1873c56d in readline_handle_byte (rs=0x7f3a1cd8ee40, ch=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/readline.c:369
#12 0x00007f3a186cecb5 in monitor_read (opaque=<value optimized out>, buf=0x7ffd69bfbc40 "\r\276\277i\375\177", size=1)
    at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:5038
#13 0x00007f3a187536af in qemu_chr_be_write (chan=<value optimized out>, cond=<value optimized out>, opaque=0x7f3a1a374e20)
    at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-char.c:192
#14 fd_chr_read (chan=<value optimized out>, cond=<value optimized out>, opaque=0x7f3a1a374e20) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-char.c:797
#15 0x00007f3a17b14642 in g_main_dispatch (context=0x7f3a1a374d30) at gmain.c:2441
#16 g_main_context_dispatch (context=0x7f3a1a374d30) at gmain.c:3014
#17 0x00007f3a186c1910 in glib_pollfds_poll (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4053
#18 main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4079
#19 0x00007f3a186e51ba in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2258
#20 0x00007f3a186c6317 in main_loop (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4273
#21 main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6731

Expected results:

The device would reappear in "info pci" and can be used by the guest.

Comment 1 Gal Hammer 2015-06-10 10:25:05 UTC

I have a patch which fix this issue and will be submitted soon (I'm waiting for brew build).

Comment 2 Gal Hammer 2015-06-10 12:39:03 UTC

A patch was posted.

Comment 5 Jeff Nelson 2015-08-06 17:55:36 UTC

Fix included in qemu-kvm-0.12.1.2-2.480.el6

Comment 7 jingzhao 2015-12-30 06:22:07 UTC

Verified it with following version and didn't hit this issue.
kernel version:2.6.32-595.el6.x86_64
qemu-img-0.12.1.2-2.482.el6.x86_64
guest: rhel6

The steps
1: Boot vm with following cli:

/usr/libexec/qemu-kvm \
-name rhel6 \
-machine rhel6.6.0,accel=kvm \
-realtime mlock=off \
-cpu SandyBridge \
-m 6G   \
-smp 4,cores=2,threads=1,sockets=2  \
-uuid 49a3438a-70a3-4ba8-92ce-3a05e0934608 \
-nodefaults \
-rtc base=utc,driftfix=slew \
-monitor unix:/tmp/monitor-unix,server,nowait \
-global kvm-pit.lost_tick_policy=discard \
-global PIIX4_PM.disable_s3=1 \
-global PIIX4_PM.disable_s4=1 \
-boot order=c,menu=on,strict=on \
-device usb-ehci,id=ehci \
-drive file=/home/usb/storage.qcow2,if=none,id=storage1,format=qcow2 \
-device usb-storage,drive=storage1,bus=ehci.0 \
-drive file=/home/usb/rhel6.img,if=none,id=ide,media=disk,cache=none,format=raw \
-device ide-drive,drive=ide,id=ide0 \
-cdrom /usr/share/virtio-win/virtio-win.iso \
-netdev tap,id=hostnet1  \
-device e1000,netdev=hostnet1,id=virtio-net-pci1,mac=b6:2f:a8:85:72:6c,bus=pci.0,multifunction=off \
-monitor stdio \
-qmp tcp:0:4466,server,nowait -serial unix:/tmp/ttym,server,nowait \
-vga qxl \
-spice port=5910,addr=0.0.0.0,disable-ticketing,seamless-migration=on \
-object rng-random,filename=/dev/urandom,id=rng0 \
-device virtio-rng-pci,rng=rng0,id=virtrng0 \
-k en-us \

2. Monitor command: "device_del virtrng0"
3. Monitor command: "device_add virtio-rng-pci,rng=rng0,id=virtrng0"
4. Device appear with monitor command "info pci"

  Bus  0, device   5, function 0:
    Class 0255: PCI device 1af4:1005
      IRQ 0.
      BAR0: I/O at 0x1000 [0x101f].
      id "virtrng0"
5. In guest, the current hwrng device is used
[root@localhost ~]# cat /sys/devices/virtual/misc/hw_random/rng_available 
virtio 
[root@localhost ~]# cat /sys/devices/virtual/misc/hw_random/rng_current 
virtio

Comment 8 jingzhao 2015-12-30 07:53:48 UTC

Can reproduced this issue with qemu-kvm-0.12.1.2-2.478.el6.x86_64

Comment 9 jingzhao 2015-12-30 08:00:01 UTC

Found another issue when verified this issue
-- RNG device didn't deleted when ran command: "device_del virtrng0" in monitor at the first time

kernel version:2.6.32-595.el6.x86_64
qemu-img-0.12.1.2-2.482.el6.x86_64
guest: rhel6

Reproduced steps:
1: Boot vm with following cli:

/usr/libexec/qemu-kvm \
-name rhel6 \
-machine rhel6.6.0,accel=kvm \
-realtime mlock=off \
-cpu SandyBridge \
-m 6G   \
-smp 4,cores=2,threads=1,sockets=2  \
-uuid 49a3438a-70a3-4ba8-92ce-3a05e0934608 \
-nodefaults \
-rtc base=utc,driftfix=slew \
-monitor unix:/tmp/monitor-unix,server,nowait \
-global kvm-pit.lost_tick_policy=discard \
-global PIIX4_PM.disable_s3=1 \
-global PIIX4_PM.disable_s4=1 \
-boot order=c,menu=on,strict=on \
-device usb-ehci,id=ehci \
-drive file=/home/usb/storage.qcow2,if=none,id=storage1,format=qcow2 \
-device usb-storage,drive=storage1,bus=ehci.0 \
-drive file=/home/usb/rhel6.img,if=none,id=ide,media=disk,cache=none,format=raw \
-device ide-drive,drive=ide,id=ide0 \
-cdrom /usr/share/virtio-win/virtio-win.iso \
-netdev tap,id=hostnet1  \
-device e1000,netdev=hostnet1,id=virtio-net-pci1,mac=b6:2f:a8:85:72:6c,bus=pci.0,multifunction=off \
-monitor stdio \
-qmp tcp:0:4466,server,nowait -serial unix:/tmp/ttym,server,nowait \
-vga qxl \
-spice port=5910,addr=0.0.0.0,disable-ticketing,seamless-migration=on \
-object rng-random,filename=/dev/urandom,id=rng0 \
-device virtio-rng-pci,rng=rng0,id=virtrng0 \
-k en-us \

2. Monitor command: "device_del virtrng0"
3. Check the rng device through monitor command "info pci"

Actual result: the RNG device didn't deleted, we must executed monitor command: "device_del virtrng0" again and the device should be deleted

Expected result: the RNG device should be deleted when executed monitor command: "device_del virtrng0" at the first time.

Could you help check this issue and should we open a new bug for tracking this issue.

Thanks
Jing

Comment 10 Gal Hammer 2015-12-31 08:54:12 UTC

(In reply to jingzhao from comment #8)
> Can reproduced this issue with qemu-kvm-0.12.1.2-2.478.el6.x86_64

Are both problems are reproduced in qemu-kvm-0.12.1.2-2.480.el6?

Comment 16 errata-xmlrpc 2016-05-10 20:59:02 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-0815.html

Note You need to log in before you can comment on or make changes to this bug.