1462145 – Qemu crashes when all fw_cfg slots are used

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1462145 - Qemu crashes when all fw_cfg slots are used

Summary: Qemu crashes when all fw_cfg slots are used

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	qemu-kvm-rhev
Sub Component:
Version:	7.4
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Marcel Apfelbaum
QA Contact:	jingzhao
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1473046 1534649
TreeView+	depends on / blocked

Reported:	2017-06-16 10:13 UTC by Fangge Jin
Modified:	2018-04-11 00:28 UTC (History)
CC List:	9 users (show)
Fixed In Version:	qemu-kvm-rhev-2.10.0-17.el7
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1534649 (view as bug list)
Environment:
Last Closed:	2018-04-11 00:26:27 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
guest xml (3.08 KB, text/plain) 2017-06-16 10:13 UTC, Fangge Jin	no flags	Details
backtrace (19.31 KB, text/plain) 2017-06-16 10:16 UTC, Fangge Jin	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2018:1104	0	None	None	None	2018-04-11 00:28:56 UTC

Description Fangge Jin 2017-06-16 10:13:12 UTC

Created attachment 1288307 [details]
guest xml

Description of problem:
Start guest with the xml in the attachment.

Reboot guest, qemu will crash. The error message from qemu log:
qemu-kvm: hw/nvram/fw_cfg.c:879: fw_cfg_modify_file: Assertion `index < fw_cfg_file_slots(s)' failed.
2017-06-14 12:43:27.809+0000: shutting down, reason=crashed

Version-Release number of selected component:
libvirt-3.2.0-10.el7.x86_64
qemu-kvm-rhev-2.9.0-10.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1.Define a guest with xml in the attachment.
# virsh define rhel7.3.xml

2.Start guest:
# virsh start rhel7.3

3.After guest boots up fully, reboot guest:
# virsh reboot rhel7.3


Actual results:
qemu crash when reboot guest


Expected results:
qemu doesn't crash


Additional info:
1. Change machine type to pc-i440fx-rhel7.4.0, can't reproduce.
2. Delete any one of the following elements from xml, can't reproduce:
   1) <bootmenu enable='yes' timeout='3000'/>
   2) <bios useserial='yes' rebootTimeout='0'/>
   3) <maxMemory> and <numa>....
   4) <controller type='pci' index='1' model='pci-expander-bus'>...
   5) <panic model='isa'>
3. This is NOT a regression, I can reproduce on RHEL7.3.z: 
   qemu-kvm-rhev-2.6.0-28.el7_3.10.x86_64

Comment 2 Fangge Jin 2017-06-16 10:16:18 UTC

Created attachment 1288308 [details]
backtrace

Comment 6 Marcel Apfelbaum 2018-01-09 14:16:31 UTC

Patch posted upstream:
https://lists.nongnu.org/archive/html/qemu-devel/2018-01/msg01381.html

Comment 9 Miroslav Rezanina 2018-01-16 13:43:28 UTC

Fix included in qemu-kvm-rhev-2.10.0-17.el7

Comment 11 Chao Yang 2018-01-17 06:56:53 UTC

Reproduced with qemu-kvm-rhev-2.10.0-12.el7.x86_64

Starting program: /usr/libexec/qemu-kvm -machine pc-i440fx-rhel7.3.0,accel=kvm,usb=off,dump-guest-core=off -cpu Penryn -m size=1024000k,slots=16,maxmem=2124800k -realtime mlock=off -smp 2,sockets=2,cores=1,threads=1 -display none -no-user-config -nodefaults -device sga -boot menu=on,reboot-timeout=0,splash-time=3000,strict=on -device pxb,bus_nr=254,id=pci.1,bus=pci.0,addr=0xe -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device virtio-serial-pci,id=virtio-serial0,bus=pci.1,addr=0x5 -drive file=/home/chayang/rhel7.4.qcow2,format=qcow2,if=none,id=drive-virtio-disk0 -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x2 -device pvpanic,ioport=1285 -msg timestamp=on -monitor stdio

(qemu) system_reset 
(qemu) qemu-kvm: hw/nvram/fw_cfg.c:836: fw_cfg_modify_file: Assertion `index < fw_cfg_file_slots(s)' failed.

Program received signal SIGABRT, Aborted.

(gdb) bt
#0  0x00007fffed8891d7 in raise () at /lib64/libc.so.6
#1  0x00007fffed88a8d0 in abort () at /lib64/libc.so.6
#2  0x00007fffed881fcc in __assert_fail_base () at /lib64/libc.so.6
#3  0x00007fffed882088 in  () at /lib64/libc.so.6
#4  0x0000555555958fdb in fw_cfg_modify_file (s=s@entry=0x55555715e580, filename=filename@entry=0x555555b6132b "bootorder", data=0x55555800c320, len=<optimized out>) at hw/nvram/fw_cfg.c:836
#5  0x0000555555959038 in fw_cfg_machine_reset (opaque=0x55555715e580) at hw/nvram/fw_cfg.c:858
#6  0x0000555555907d9d in qemu_devices_reset () at hw/core/reset.c:69
#7  0x0000555555836ff6 in pc_machine_reset () at /usr/src/debug/qemu-2.10.0/hw/i386/pc.c:2277
#8  0x00005555558b6a76 in qemu_system_reset (reason=reason@entry=SHUTDOWN_CAUSE_HOST_QMP) at vl.c:1710
#9  0x000055555579dba1 in main () at vl.c:1884
#10 0x000055555579dba1 in main () at vl.c:1921
#11 0x000055555579dba1 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4805



Verified pass with qemu-kvm-rhev-2.10.0-17.el7, no more assert failure.

Comment 14 errata-xmlrpc 2018-04-11 00:26:27 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:1104

Note You need to log in before you can comment on or make changes to this bug.