1373816 – [virtio-win][netkvm]qemu core dump when hotplug/hot-unplug netkvm device(queues=4) in a loop in windows 2012R2 guest

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1373816 - [virtio-win][netkvm]qemu core dump when hotplug/hot-unplug netkvm device(queues=4) in a loop in windows 2012R2 guest

Summary: [virtio-win][netkvm]qemu core dump when hotplug/hot-unplug netkvm device(queu...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	qemu-kvm-rhev
Sub Component:
Version:	7.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	ybendito
QA Contact:	xiywang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-09-07 08:06 UTC by lijin
Modified:	2017-08-02 03:29 UTC (History)
CC List:	10 users (show)
Fixed In Version:	2.8.0
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-08-01 23:34:44 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2017:2392	0	normal	SHIPPED_LIVE	Important: qemu-kvm-rhev security, bug fix, and enhancement update	2017-08-01 20:04:36 UTC

Description lijin 2016-09-07 08:06:28 UTC

Description of problem:


Version-Release number of selected component (if applicable):
qemu-kvm-rhev-2.6.0-23.el7.x86_64
kernel-3.10.0-494.el7.x86_64
seabios-1.9.1-4.el7.x86_64
virtio-win-prewhql-126

How reproducible:
100%

Steps to Reproduce:
1.boot win2012R2 guest with virtio-net-pci(queues=4)
-netdev tap,script=/etc/qemu-ifup,downscript=no,id=hostnet0,queues=4,vhost=on -device virtio-net-pci,vectors=10,netdev=hostnet0,id=net0,mac=00:52:4c:20:8d:00,mq=on \

2.hotplug/hot-unplug netkvm device in a loop
let i=0
exec 3<>/dev/tcp/localhost/4445 #note modify this to qmp port
echo -e "{ 'execute': 'qmp_capabilities' }" >&3
read response <&3
echo $response
while [ $i -lt 100 ]
do
    echo -e "{ 'execute': 'device_del', 'arguments': {'id': 'net0' }}">&3 ;
    sleep 3 ;
    read response <&3 ;
    echo "$i: $response"
    echo -e "{ 'execute': 'netdev_del', 'arguments': {'id': 'hostnet0' }}">&3 ;
    sleep 3 ;
    read response <&3 ;
    echo "$i: $response"
    echo -e "{'execute':'netdev_add','arguments':{'type':'tap','queues':'4','id':'hostnet0','vhost':'on','script':'/etc/qemu-ifup'}}">&3 ;
    sleep 3 ;
    read response <&3
    echo "$i: $response"
    echo -e "{'execute':'device_add','arguments':{'driver':'virtio-net-pci','vectors':'10','id':'net0','mac':'00:1a:4a:42:0b:01','netdev':'hostnet0'}}">&3 ;
    sleep 3 ;
    read response <&3
    echo "$i: $response"
    let i=$i+1
done


Actual results:
During step2,qemu core dump:
(qemu) qemu-kvm: could not disable queue
qemu-kvm: /builddir/build/BUILD/qemu-2.6.0/hw/net/virtio-net.c:517: virtio_net_set_queues: Assertion `!r' failed.

Expected results:
nic can be hot-plug/unplug correctly,no core dump

Additional info:
1.can NOT reproduce this issue without queues=4
2.win2012R2 hit this issue,win8-32 does NOT
3.(gdb) bt
#0  0x00007efe551915f7 in raise () from /lib64/libc.so.6
#1  0x00007efe55192ce8 in abort () from /lib64/libc.so.6
#2  0x00007efe5518a566 in __assert_fail_base () from /lib64/libc.so.6
#3  0x00007efe5518a612 in __assert_fail () from /lib64/libc.so.6
#4  0x00007efe5d5af792 in virtio_net_set_queues (n=0x7efe658aa340) at /usr/src/debug/qemu-2.6.0/hw/net/virtio-net.c:517
#5  0x00007efe5d5b0a77 in virtio_net_set_multiqueue (multiqueue=0, n=0x7efe658aa340) at /usr/src/debug/qemu-2.6.0/hw/net/virtio-net.c:1498
#6  virtio_net_set_features (vdev=<optimized out>, features=807377319) at /usr/src/debug/qemu-2.6.0/hw/net/virtio-net.c:606
#7  0x00007efe5d5bfb88 in virtio_set_features_nocheck (vdev=0x7efe658aa340, val=807377319) at /usr/src/debug/qemu-2.6.0/hw/virtio/virtio.c:1466
#8  0x00007efe5d587323 in memory_region_write_accessor (mr=<optimized out>, addr=<optimized out>, value=<optimized out>, size=<optimized out>, shift=<optimized out>, 
    mask=<optimized out>, attrs=...) at /usr/src/debug/qemu-2.6.0/memory.c:525
#9  0x00007efe5d585289 in access_with_adjusted_size (addr=addr@entry=12, value=value@entry=0x7efe4a6688b8, size=size@entry=4, access_size_min=<optimized out>, 
    access_size_max=<optimized out>, access=access@entry=0x7efe5d5872e0 <memory_region_write_accessor>, mr=mr@entry=0x7efe658a2988, attrs=attrs@entry=...)
    at /usr/src/debug/qemu-2.6.0/memory.c:591
#10 0x00007efe5d588aa5 in memory_region_dispatch_write (mr=mr@entry=0x7efe658a2988, addr=addr@entry=12, data=807377319, size=size@entry=4, attrs=attrs@entry=...)
    at /usr/src/debug/qemu-2.6.0/memory.c:1273
#11 0x00007efe5d54b579 in address_space_write_continue (mr=0x7efe658a2988, l=4, addr1=12, len=4, buf=0x7efe5d2cf028 <Address 0x7efe5d2cf028 out of bounds>, attrs=..., 
    addr=4261412876, as=0x7efe5dd97d40 <address_space_memory>) at /usr/src/debug/qemu-2.6.0/exec.c:2599
#12 address_space_write (as=<optimized out>, addr=<optimized out>, attrs=..., buf=<optimized out>, len=<optimized out>) at /usr/src/debug/qemu-2.6.0/exec.c:2657
#13 0x00007efe5d54baed in address_space_rw (as=<optimized out>, addr=<optimized out>, attrs=..., attrs@entry=..., 
    buf=buf@entry=0x7efe5d2cf028 <Address 0x7efe5d2cf028 out of bounds>, len=<optimized out>, is_write=<optimized out>) at /usr/src/debug/qemu-2.6.0/exec.c:2760
#14 0x00007efe5d584460 in kvm_cpu_exec (cpu=cpu@entry=0x7efe603cc000) at /usr/src/debug/qemu-2.6.0/kvm-all.c:1969
#15 0x00007efe5d572e26 in qemu_kvm_cpu_thread_fn (arg=0x7efe603cc000) at /usr/src/debug/qemu-2.6.0/cpus.c:1076
#16 0x00007efe56b19dc5 in start_thread () from /lib64/libpthread.so.0
#17 0x00007efe552521cd in clone () from /lib64/libc.so.6

Comment 2 lijin 2016-09-07 08:21:06 UTC

can reproduce this issue with rhel7.2 released virtio-win version(build110)

Comment 3 Yu Wang 2016-09-07 08:47:02 UTC

win10-32 also hit this issue w/ queues=4, cannot reproduce w/o multi-queue.

Comment 4 Peixiu Hou 2016-09-07 09:55:33 UTC

Win2016 also hit this issue w/ queues=4, cannot reproduce w/o multi-queue.

Comment 5 ybendito 2016-11-02 06:53:28 UTC

Applied in qemu upstream

Comment 6 ybendito 2016-11-07 08:49:12 UTC

Will be in upstream soon

http://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00252.html

Comment 7 ybendito 2016-11-21 11:44:16 UTC

Committed to upstream,
http://git.qemu.org/?p=qemu.git;a=commit;h=68b5f314a269979b4f2014eb22873732d4745bcc

Comment 9 lijin 2017-05-11 08:06:05 UTC

Verify this issue on win10-32 guest with qemu-kvm-rhev-2.9.0-3.el7.x86_64

steps same as comment#0,qemu does NOT core dump,the plug script can finished correctly and network in guest works well.

So this issue has been fixed,thanks a lot.

Change status to verified.


packages info during verification:
qemu-kvm-rhev-2.9.0-3.el7.x86_64
kernel-3.10.0-664.el7.x86_64
seabios-1.10.2-2.el7.x86_64
virtio-win-prewhql-137

Comment 11 errata-xmlrpc 2017-08-01 23:34:44 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Comment 12 errata-xmlrpc 2017-08-02 01:12:22 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Comment 13 errata-xmlrpc 2017-08-02 02:04:21 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Comment 14 errata-xmlrpc 2017-08-02 02:45:08 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Comment 15 errata-xmlrpc 2017-08-02 03:09:50 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Comment 16 errata-xmlrpc 2017-08-02 03:29:59 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Note You need to log in before you can comment on or make changes to this bug.