Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1625567

Summary: Qemu core dump with invalid iothread param
Product: Red Hat Enterprise Linux 7 Reporter: aihua liang <aliang>
Component: qemu-kvm-rhevAssignee: Stefan Hajnoczi <stefanha>
Status: CLOSED WONTFIX QA Contact: aihua liang <aliang>
Severity: low Docs Contact:
Priority: medium    
Version: 7.5CC: chayang, coli, hachen, juzhang, lijin, lolyu, michen, ngu, phou, qzhang, virt-maint, xuhan, xuwei, yhong
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-12-05 14:17:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1649160    
Attachments:
Description Flags
core.tar none

Description aihua liang 2018-09-05 08:53:02 UTC 
Created attachment 1481025 [details]
core.tar

Description of problem:
 Qemu core dump with invalid iothread param

Version-Release number of selected component (if applicable):
 kernel version: 3.10.0-862.14.1.el7.x86_64
 qemu-kvm-rhev version: qemu-kvm-rhev-2.10.0-21.el7_5.7.x86_64

How reproducible:
 100%

Steps to Reproduce:
1.Start guest with dataplane enable with invalid param "poll=0", qemu cmds:
    ...
    -object iothread,id=iothread0,poll=0 \
    -device virtio-scsi-pci,id=virtio_scsi_pci0,bus=pci.0,addr=0x4,iothread=iothread0 \
    -drive id=drive_image1,if=none,snapshot=off,aio=threads,cache=none,format=qcow2,file=/home/kvm_autotest_root/images/rhel75-64-virtio-scsi.qcow2 \
    -device scsi-hd,id=image1,drive=drive_image1 \
    ...

Actual results:
 Qemu core dump.
 [root@ibm-x3650m5-07 home]# gdb -c core.27814 
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-110.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
[New LWP 27814]
[New LWP 27815]
Reading symbols from /usr/libexec/qemu-kvm...Reading symbols from /usr/lib/debug/usr/libexec/qemu-kvm.debug...done.
done.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/usr/libexec/qemu-kvm -name avocado-vt-vm1 -sandbox off -machine pc -nodefaults'.
Program terminated with signal 6, Aborted.
#0  0x00007f108f162207 in raise () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install boost-system-1.53.0-27.el7.x86_64 boost-thread-1.53.0-27.el7.x86_64 bzip2-libs-1.0.6-13.el7.x86_64 celt051-0.5.1.3-8.el7.x86_64 cyrus-sasl-lib-2.1.26-23.el7.x86_64 elfutils-libelf-0.170-4.el7.x86_64 elfutils-libs-0.170-4.el7.x86_64 glib2-2.54.2-2.el7.x86_64 glibc-2.17-222.el7.x86_64 glusterfs-api-3.8.4-54.15.el7.x86_64 glusterfs-libs-3.8.4-54.15.el7.x86_64 gmp-6.0.0-15.el7.x86_64 gnutls-3.3.26-9.el7.x86_64 gperftools-libs-2.6.1-1.el7.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.15.1-18.el7.x86_64 libacl-2.2.51-14.el7.x86_64 libaio-0.3.109-13.el7.x86_64 libattr-2.4.46-13.el7.x86_64 libblkid-2.23.2-52.el7.x86_64 libcacard-2.5.2-2.el7.x86_64 libcap-2.22-9.el7.x86_64 libcom_err-1.42.9-11.el7.x86_64 libcurl-7.29.0-46.el7.x86_64 libffi-3.0.13-18.el7.x86_64 libgcc-4.8.5-28.el7.x86_64 libgcrypt-1.5.3-14.el7.x86_64 libgpg-error-1.12-3.el7.x86_64 libibverbs-15-6.el7.x86_64 libidn-1.28-4.el7.x86_64 libiscsi-1.9.0-7.el7.x86_64 libjpeg-turbo-1.2.90-5.el7.x86_64 libmount-2.23.2-52.el7.x86_64 libnl3-3.2.28-4.el7.x86_64 libpng-1.5.13-7.el7_2.x86_64 librados2-0.94.5-2.el7.x86_64 librbd1-0.94.5-2.el7.x86_64 librdmacm-15-6.el7.x86_64 libseccomp-2.3.1-3.el7.x86_64 libselinux-2.5-12.el7.x86_64 libssh2-1.4.3-10.el7_2.1.x86_64 libstdc++-4.8.5-28.el7.x86_64 libtasn1-4.10-1.el7.x86_64 libusbx-1.0.21-1.el7.x86_64 libuuid-2.23.2-52.el7.x86_64 lz4-1.7.5-2.el7.x86_64 lzo-2.06-8.el7.x86_64 nettle-2.7.1-8.el7.x86_64 nspr-4.17.0-1.el7.x86_64 nss-3.34.0-4.el7.x86_64 nss-softokn-freebl-3.34.0-2.el7.x86_64 nss-util-3.34.0-2.el7.x86_64 numactl-libs-2.0.9-7.el7.x86_64 openldap-2.4.44-13.el7.x86_64 openssl-libs-1.0.2k-12.el7.x86_64 opus-1.0.2-6.el7.x86_64 p11-kit-0.23.5-3.el7.x86_64 pcre-8.32-17.el7.x86_64 pixman-0.34.0-1.el7.x86_64 snappy-1.1.0-3.el7.x86_64 spice-server-0.14.0-2.el7_5.5.x86_64 systemd-libs-219-57.el7.x86_64 usbredir-0.7.1-3.el7.x86_64 xz-libs-5.2.2-1.el7.x86_64 zlib-1.2.7-17.el7.x86_64
(gdb) bt
#0  0x00007f108f162207 in raise () at /lib64/libc.so.6
#1  0x00007f108f1638f8 in abort () at /lib64/libc.so.6
#2  0x00007f108f15b026 in __assert_fail_base () at /lib64/libc.so.6
#3  0x00007f108f15b0d2 in  () at /lib64/libc.so.6
#4  0x000055894bfc8f2b in qemu_cond_destroy (cond=cond@entry=0x55894dc4f2e8) at util/qemu-thread-posix.c:128
#5  0x000055894bdb9d5d in iothread_instance_finalize (obj=<optimized out>) at iothread.c:119
#6  0x000055894befc962 in object_unref (type=<optimized out>, obj=0x55894dc4f260) at qom/object.c:453
#7  0x000055894befc962 in object_unref (data=0x55894dc4f260) at qom/object.c:467
#8  0x000055894befc962 in object_unref (obj=obj@entry=0x55894dc4f260) at qom/object.c:902
#9  0x000055894beff87d in user_creatable_add_type (type=type@entry=0x55894db97f40 "iothread", id=id@entry=0x55894db97f20 "iothread0", qdict=qdict@entry=0x55894dc6c000, v=v@entry=
    0x55894dbcc960, errp=errp@entry=0x7fff4cd0b460) at qom/object_interfaces.c:105
#10 0x000055894beffac6 in user_creatable_add_opts (opts=opts@entry=0x55894db99220, errp=errp@entry=0x7fff4cd0b460) at qom/object_interfaces.c:135
#11 0x000055894beffc48 in user_creatable_add_opts_foreach (opaque=0x55894bdbe920 <object_create_initial>, opts=0x55894db99220, errp=<optimized out>) at qom/object_interfaces.c:159
#12 0x000055894bfd63ba in qemu_opts_foreach (list=<optimized out>, func=
    0x55894beffc00 <user_creatable_add_opts_foreach>, opaque=opaque@entry=0x55894bdbe920 <object_create_initial>, errp=errp@entry=0x0) at util/qemu-option.c:1104
#13 0x000055894bca2398 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4429
(gdb)

Expected results:
 Guest start fail with info "invalid param for iothread"

Additional info: 
 Qemu cmds to start guest:
   /usr/libexec/qemu-kvm \
    -name 'avocado-vt-vm1'  \
    -sandbox off  \
    -machine pc  \
    -nodefaults \
    -device VGA,bus=pci.0,addr=0x2  \
    -chardev socket,id=qmp_id_qmpmonitor1,path=/var/tmp/monitor-qmpmonitor1-20180830-230201-7MoWH1eV,server,nowait \
    -mon chardev=qmp_id_qmpmonitor1,mode=control  \
    -chardev socket,id=qmp_id_catch_monitor,path=/var/tmp/monitor-catch_monitor-20180830-230201-7MoWH1eV,server,nowait \
    -mon chardev=qmp_id_catch_monitor,mode=control \
    -device pvpanic,ioport=0x505,id=idOtLmvi  \
    -chardev socket,id=serial_id_serial0,path=/var/tmp/serial-serial0-20180830-230201-7MoWH1eV,server,nowait \
    -device isa-serial,chardev=serial_id_serial0  \
    -chardev socket,id=seabioslog_id_20180830-230201-7MoWH1eV,path=/var/tmp/seabios-20180830-230201-7MoWH1eV,server,nowait \
    -device isa-debugcon,chardev=seabioslog_id_20180830-230201-7MoWH1eV,iobase=0x402 \
    -device nec-usb-xhci,id=usb1,bus=pci.0,addr=0x3 \
    -object iothread,id=iothread0,poll=0 \
    -device virtio-scsi-pci,id=virtio_scsi_pci0,bus=pci.0,addr=0x4,iothread=iothread0 \
    -drive id=drive_image1,if=none,snapshot=off,aio=threads,cache=none,format=qcow2,file=/home/kvm_autotest_root/images/rhel75-64-virtio-scsi.qcow2 \
    -device scsi-hd,id=image1,drive=drive_image1 \
    -device virtio-net-pci,mac=9a:a8:a9:aa:ab:ac,id=idGFxXnE,vectors=4,netdev=idFpcM6z,bus=pci.0,addr=0x5  \
    -netdev tap,id=idFpcM6z,vhost=on \
    -m 14336  \
    -smp 10,maxcpus=10,cores=5,threads=1,sockets=2  \
    -cpu 'Broadwell',+kvm_pv_unhalt \
    -device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1  \
    -vnc :0  \
    -rtc base=utc,clock=host,driftfix=slew  \
    -boot menu=off,strict=off,order=cdn,once=d  \
    -enable-kvm \
    -monitor stdio \
    -object iothread,id=iothread1 \
    -drive id=drive_data1,if=none,snapshot=off,aio=native,cache=none,format=qcow2,file=/home/data.qcow2,readonly=on \
    -device virtio-blk-pci,id=data1,drive=drive_data1,iothread=iothread1 \
    -object iothread,id=iothread2 \
    -drive id=drive_f1,if=none,snapshot=off,aio=native,cache=none,format=qcow2,file=/home/f1.qcow2 \
    -device virtio-blk-pci,id=f1,drive=drive_f1,iothread=iothread0,addr=0x7.0,multifunction=on \
    -drive id=drive_f2,if=none,snapshot=off,aio=native,cache=none,format=qcow2,file=/home/f2.qcow2,readonly=on \
    -device virtio-blk-pci,id=f2,drive=drive_f2,iothread=iothread1,addr=0x7.1 \
    -drive id=drive_f3,if=none,snapshot=off,aio=native,cache=none,format=qcow2,file=/home/f3.qcow2,readonly=on \
    -device virtio-blk-pci,id=f3,drive=drive_f3,iothread=iothread2,addr=0x7.2 \
    -drive id=drive_f4,if=none,snapshot=off,aio=native,cache=none,format=qcow2,file=/home/f4.qcow2,readonly=on \
    -device virtio-blk-pci,id=f4,drive=drive_f4,iothread=iothread0,addr=0x7.3 \
    -drive id=drive_f5,if=none,snapshot=off,aio=native,cache=none,format=qcow2,file=/home/f5.qcow2,readonly=on \
    -device virtio-blk-pci,id=f5,drive=drive_f5,iothread=iothread1,addr=0x7.4 \
    -drive id=drive_f6,if=none,snapshot=off,aio=native,cache=none,format=qcow2,file=/home/f6.qcow2,readonly=on \
    -device virtio-blk-pci,id=f6,drive=drive_f6,iothread=iothread2,addr=0x7.5 \
    -drive id=drive_f7,if=none,snapshot=off,aio=native,cache=none,format=qcow2,file=/home/f7.qcow2,readonly=on \
    -device virtio-blk-pci,id=f7,drive=drive_f7,iothread=iothread2,addr=0x7.6 \
    -drive id=drive_f8,if=none,snapshot=off,aio=native,cache=none,format=qcow2,file=/home/f8.qcow2,readonly=on \
    -device virtio-blk-pci,id=f8,drive=drive_f8,iothread=iothread1,addr=0x7.7 \

 Attachment is the core dump file..
Comment 2 aihua liang 2018-09-05 09:11:29 UTC 
Test on rhel7.6, also hit this issue.
  kernel version: 3.10.0-935.el7.x86_64
  qemu-kvm-rhev version: qemu-kvm-rhev-2.12.0-11.el7.x86_64
Comment 3 Longxiang Lyu 2018-10-16 03:01:55 UTC 
*** Bug 1639218 has been marked as a duplicate of this bug. ***
Comment 4 Stefan Hajnoczi 2018-12-05 14:17:17 UTC 
This is the same root cause as bz#1607768 with a fix already in RHEL7.7.  Upstream commit 14a2d11825ddc37d6547a80704ae6450e9e376c7 fixes it.

I don't think this issue is critical enough for 7.5/7.6 z-stream.  Please feel free to reopen if you disagree.