RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1297267 - reboot guest qemu core dump after delete tap1 in host
Summary: reboot guest qemu core dump after delete tap1 in host
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: qemu-kvm
Version: 6.8
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: jason wang
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-01-11 03:28 UTC by weliao
Modified: 2016-01-15 02:46 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-01-15 02:46:58 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description weliao 2016-01-11 03:28:25 UTC 
Description of problem:
Launch guest with 4 NIC,then delete tap1 in host, reboot guest,qemu core dumped.

Version-Release number of selected component (if applicable):
2.6.32-595.el6.x86_64
qemu-kvm-0.12.1.2-2.483.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1.Launch guest with 4 Nics.
/usr/libexec/qemu-kvm -name rhel6.8 \
-machine pc  \
-drive id=drive_image1,if=none,cache=none,snapshot=off,format=qcow2,file=/mnt/RHEL-Server-6.7-64-virtio.qcow2 \
-device virtio-blk-pci,id=image1,drive=drive_image1,bus=pci.0,bootindex=0 \
-netdev tap,id=hostnet0,vhost=on \
-device virtio-net-pci,netdev=hostnet0,mac=52:56:25:93:79:67,id=net0,status=on \
-netdev tap,id=hostnet1,vhost=on -device virtio-net-pci,netdev=hostnet1,mac=52:56:25:93:79:61,id=net1,status=on \
-netdev tap,id=hostnet2,vhost=on \
-device virtio-net-pci,netdev=hostnet2,mac=52:56:25:93:79:62,id=net2,status=off \
-netdev tap,id=hostnet3,vhost=on \
-device virtio-net-pci,netdev=hostnet3,mac=52:56:25:93:79:63,id=net3,status=off  \
-m 2048 \
-smp 4,maxcpus=8,cores=4,threads=1,sockets=1 \
-cpu SandyBridge \
-boot menu=on -enable-kvm \
-qmp tcp:0:5556,nowait,server \
-monitor stdio -spice port=5901,disable-ticketing \
-global qxl-vga.vram_size=67108864 \
-vga qxl
2.delete tap1 in host
[root@dhcp-8-118 ~]# ip link del tap1
3.reboot guest

Actual results:
(qemu) inputs_detach_tablet: 
TUNSETVNETHDRSZ ioctl() failed: File descriptor in bad state. Exiting.
qemu-kvm: /builddir/build/BUILD/qemu-kvm-0.12.1.2/net/tap-linux.c:160: tap_fd_set_vnet_hdr_len: Assertion `0' failed.
Aborted (core dumped)

Expected results:
guest work well

Additional info:
gdb debug:
(gdb) bt full
#0  0x00007ffff4836625 in raise () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007ffff4837e05 in abort () from /lib64/libc.so.6
No symbol table info available.
#2  0x00007ffff482f74e in __assert_fail_base () from /lib64/libc.so.6
No symbol table info available.
#3  0x00007ffff482f810 in __assert_fail () from /lib64/libc.so.6
No symbol table info available.
#4  0x00007ffff7e2915e in tap_fd_set_vnet_hdr_len (fd=<value optimized out>, len=10) at /usr/src/debug/qemu-kvm-0.12.1.2/net/tap-linux.c:160
        __PRETTY_FUNCTION__ = "tap_fd_set_vnet_hdr_len"
#5  0x00007ffff7e28e1d in tap_set_vnet_hdr_len (nc=0x7ffff86f6b90, len=10) at /usr/src/debug/qemu-kvm-0.12.1.2/net/tap.c:252
        s = 0x7ffff86f6b90
        __PRETTY_FUNCTION__ = "tap_set_vnet_hdr_len"
#6  0x00007ffff7dcc7e1 in vhost_net_stop (net=0x7ffff8708250, dev=0x7ffff9323010) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/vhost_net.c:200
        file = {index = 2, fd = -1}
        __PRETTY_FUNCTION__ = "vhost_net_stop"
#7  0x00007ffff7dc6453 in virtio_net_vhost_status (vdev=0x7ffff9323010, status=0 '\000') at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-net.c:138
No locals.
#8  virtio_net_set_status (vdev=0x7ffff9323010, status=0 '\000') at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-net.c:147
        n = 0x7ffff9323010
#9  0x00007ffff7f18bb1 in virtio_set_status (opaque=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio.h:138
No locals.
#10 virtio_reset (opaque=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio.c:532
        vdev = 0x7ffff9323010
        i = <value optimized out>
#11 0x00007ffff7dc9855 in virtio_pci_reset (d=0x7ffff9312c20) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-pci.c:327
        proxy = 0x7ffff9312c20
#12 0x00007ffff7dae1d2 in qemu_system_reset (report=true) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:3417
        re = <value optimized out>
        nre = 0x7ffff9331f80
#13 0x00007ffff7dd40c0 in qemu_kvm_system_reset (report=true) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1992
        penv = 0x7ffff88a9f40
#14 0x00007ffff7dd42c3 in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2272
        fds = {32, 33}
        mask = {__val = {268443712, 0 <repeats 15 times>}}
        sigfd = 34
---Type <return> to continue, or q <return> to quit--- 
#15 0x00007ffff7db5317 in main_loop (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4273
        r = <value optimized out>
#16 main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6731
        gdbstub_dev = 0x0
        i = <value optimized out>
        snapshot = 0
        linux_boot = 0
        initrd_filename = 0x0
        kernel_filename = 0x0
        kernel_cmdline = 0x7ffff7f8a86f ""
        boot_devices = "cad", '\000' <repeats 29 times>
        ds = <value optimized out>
        dcl = <value optimized out>
        cyls = 0
        heads = 0
        secs = 0
        translation = 0
        hda_opts = 0x7ffff82f1498
        opts = <value optimized out>
        olist = <value optimized out>
        optind = 44
        optarg = 0x7fffffffe6f2 "qxl"
        loadvm = 0x0
        machine = 0x7ffff82ea7e0
        cpu_model = 0x7fffffffe654 "SandyBridge"
        fds = {9674912, 49030163}
        tb_size = 0
        pid_file = 0x0
        incoming = 0x0
        fd = 0
        pwd = 0x0
        chroot_dir = 0x0
        run_as = 0x0
        env = <value optimized out>
        show_vnc_port = 0
---Type <return> to continue, or q <return> to quit---
        defconfig = -12800
        defconfig_verbose = -131132264
        vmstate_dump_file = 0x0
Comment 2 weliao 2016-01-11 08:07:44 UTC 
retest 6.7 version :
Host: 
2.6.32-573.18.1.el6.x86_64
qemu-kvm-0.12.1.2-2.479.el6_7.3.x86_64
still hit this issue. so this bug not a regression.

tested with rhel7.2:
Host:
3.10.0-327.el7.x86_64
qemu-kvm-1.5.3-105.el7.x86_64
has a error message:
(qemu) TUNSETOFFLOAD ioctl() failed: File descriptor in bad state
qemu-kvm: unable to start vhost net: 22: falling back on userspace virtio
but qemu didn't core dumped.
Comment 3 jason wang 2016-01-15 02:46:58 UTC 
Not nice, but there's no way to qemu to recover from host mis-configuration currently. Close this as WONTFIX for RHEL6. May consider a better solution upstream.
Note You need to log in before you can comment on or make changes to this bug.