Bug 1373816 - [virtio-win][netkvm]qemu core dump when hotplug/hot-unplug netkvm device(queues=4) in a loop in windows 2012R2 guest
Summary: [virtio-win][netkvm]qemu core dump when hotplug/hot-unplug netkvm device(queu...
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: qemu-kvm-rhev   
(Show other bugs)
Version: 7.3
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: ybendito
QA Contact: xiywang
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-09-07 08:06 UTC by lijin
Modified: 2017-08-02 03:29 UTC (History)
10 users (show)

Fixed In Version: 2.8.0
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-01 23:34:44 UTC
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:2392 normal SHIPPED_LIVE Important: qemu-kvm-rhev security, bug fix, and enhancement update 2017-08-01 20:04:36 UTC

Description lijin 2016-09-07 08:06:28 UTC
Description of problem:


Version-Release number of selected component (if applicable):
qemu-kvm-rhev-2.6.0-23.el7.x86_64
kernel-3.10.0-494.el7.x86_64
seabios-1.9.1-4.el7.x86_64
virtio-win-prewhql-126

How reproducible:
100%

Steps to Reproduce:
1.boot win2012R2 guest with virtio-net-pci(queues=4)
-netdev tap,script=/etc/qemu-ifup,downscript=no,id=hostnet0,queues=4,vhost=on -device virtio-net-pci,vectors=10,netdev=hostnet0,id=net0,mac=00:52:4c:20:8d:00,mq=on \

2.hotplug/hot-unplug netkvm device in a loop
let i=0
exec 3<>/dev/tcp/localhost/4445 #note modify this to qmp port
echo -e "{ 'execute': 'qmp_capabilities' }" >&3
read response <&3
echo $response
while [ $i -lt 100 ]
do
    echo -e "{ 'execute': 'device_del', 'arguments': {'id': 'net0' }}">&3 ;
    sleep 3 ;
    read response <&3 ;
    echo "$i: $response"
    echo -e "{ 'execute': 'netdev_del', 'arguments': {'id': 'hostnet0' }}">&3 ;
    sleep 3 ;
    read response <&3 ;
    echo "$i: $response"
    echo -e "{'execute':'netdev_add','arguments':{'type':'tap','queues':'4','id':'hostnet0','vhost':'on','script':'/etc/qemu-ifup'}}">&3 ;
    sleep 3 ;
    read response <&3
    echo "$i: $response"
    echo -e "{'execute':'device_add','arguments':{'driver':'virtio-net-pci','vectors':'10','id':'net0','mac':'00:1a:4a:42:0b:01','netdev':'hostnet0'}}">&3 ;
    sleep 3 ;
    read response <&3
    echo "$i: $response"
    let i=$i+1
done


Actual results:
During step2,qemu core dump:
(qemu) qemu-kvm: could not disable queue
qemu-kvm: /builddir/build/BUILD/qemu-2.6.0/hw/net/virtio-net.c:517: virtio_net_set_queues: Assertion `!r' failed.

Expected results:
nic can be hot-plug/unplug correctly,no core dump

Additional info:
1.can NOT reproduce this issue without queues=4
2.win2012R2 hit this issue,win8-32 does NOT
3.(gdb) bt
#0  0x00007efe551915f7 in raise () from /lib64/libc.so.6
#1  0x00007efe55192ce8 in abort () from /lib64/libc.so.6
#2  0x00007efe5518a566 in __assert_fail_base () from /lib64/libc.so.6
#3  0x00007efe5518a612 in __assert_fail () from /lib64/libc.so.6
#4  0x00007efe5d5af792 in virtio_net_set_queues (n=0x7efe658aa340) at /usr/src/debug/qemu-2.6.0/hw/net/virtio-net.c:517
#5  0x00007efe5d5b0a77 in virtio_net_set_multiqueue (multiqueue=0, n=0x7efe658aa340) at /usr/src/debug/qemu-2.6.0/hw/net/virtio-net.c:1498
#6  virtio_net_set_features (vdev=<optimized out>, features=807377319) at /usr/src/debug/qemu-2.6.0/hw/net/virtio-net.c:606
#7  0x00007efe5d5bfb88 in virtio_set_features_nocheck (vdev=0x7efe658aa340, val=807377319) at /usr/src/debug/qemu-2.6.0/hw/virtio/virtio.c:1466
#8  0x00007efe5d587323 in memory_region_write_accessor (mr=<optimized out>, addr=<optimized out>, value=<optimized out>, size=<optimized out>, shift=<optimized out>, 
    mask=<optimized out>, attrs=...) at /usr/src/debug/qemu-2.6.0/memory.c:525
#9  0x00007efe5d585289 in access_with_adjusted_size (addr=addr@entry=12, value=value@entry=0x7efe4a6688b8, size=size@entry=4, access_size_min=<optimized out>, 
    access_size_max=<optimized out>, access=access@entry=0x7efe5d5872e0 <memory_region_write_accessor>, mr=mr@entry=0x7efe658a2988, attrs=attrs@entry=...)
    at /usr/src/debug/qemu-2.6.0/memory.c:591
#10 0x00007efe5d588aa5 in memory_region_dispatch_write (mr=mr@entry=0x7efe658a2988, addr=addr@entry=12, data=807377319, size=size@entry=4, attrs=attrs@entry=...)
    at /usr/src/debug/qemu-2.6.0/memory.c:1273
#11 0x00007efe5d54b579 in address_space_write_continue (mr=0x7efe658a2988, l=4, addr1=12, len=4, buf=0x7efe5d2cf028 <Address 0x7efe5d2cf028 out of bounds>, attrs=..., 
    addr=4261412876, as=0x7efe5dd97d40 <address_space_memory>) at /usr/src/debug/qemu-2.6.0/exec.c:2599
#12 address_space_write (as=<optimized out>, addr=<optimized out>, attrs=..., buf=<optimized out>, len=<optimized out>) at /usr/src/debug/qemu-2.6.0/exec.c:2657
#13 0x00007efe5d54baed in address_space_rw (as=<optimized out>, addr=<optimized out>, attrs=..., attrs@entry=..., 
    buf=buf@entry=0x7efe5d2cf028 <Address 0x7efe5d2cf028 out of bounds>, len=<optimized out>, is_write=<optimized out>) at /usr/src/debug/qemu-2.6.0/exec.c:2760
#14 0x00007efe5d584460 in kvm_cpu_exec (cpu=cpu@entry=0x7efe603cc000) at /usr/src/debug/qemu-2.6.0/kvm-all.c:1969
#15 0x00007efe5d572e26 in qemu_kvm_cpu_thread_fn (arg=0x7efe603cc000) at /usr/src/debug/qemu-2.6.0/cpus.c:1076
#16 0x00007efe56b19dc5 in start_thread () from /lib64/libpthread.so.0
#17 0x00007efe552521cd in clone () from /lib64/libc.so.6

Comment 2 lijin 2016-09-07 08:21:06 UTC
can reproduce this issue with rhel7.2 released virtio-win version(build110)

Comment 3 Yu Wang 2016-09-07 08:47:02 UTC
win10-32 also hit this issue w/ queues=4, cannot reproduce w/o multi-queue.

Comment 4 Peixiu Hou 2016-09-07 09:55:33 UTC
Win2016 also hit this issue w/ queues=4, cannot reproduce w/o multi-queue.

Comment 5 ybendito 2016-11-02 06:53:28 UTC
Applied in qemu upstream

Comment 6 ybendito 2016-11-07 08:49:12 UTC
Will be in upstream soon

http://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00252.html

Comment 9 lijin 2017-05-11 08:06:05 UTC
Verify this issue on win10-32 guest with qemu-kvm-rhev-2.9.0-3.el7.x86_64

steps same as comment#0,qemu does NOT core dump,the plug script can finished correctly and network in guest works well.

So this issue has been fixed,thanks a lot.

Change status to verified.


packages info during verification:
qemu-kvm-rhev-2.9.0-3.el7.x86_64
kernel-3.10.0-664.el7.x86_64
seabios-1.10.2-2.el7.x86_64
virtio-win-prewhql-137

Comment 11 errata-xmlrpc 2017-08-01 23:34:44 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Comment 12 errata-xmlrpc 2017-08-02 01:12:22 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Comment 13 errata-xmlrpc 2017-08-02 02:04:21 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Comment 14 errata-xmlrpc 2017-08-02 02:45:08 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Comment 15 errata-xmlrpc 2017-08-02 03:09:50 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Comment 16 errata-xmlrpc 2017-08-02 03:29:59 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392


Note You need to log in before you can comment on or make changes to this bug.