Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1685788

Summary: qemu crash when copying message data to a socket buffer
Product: Red Hat Enterprise Linux Advanced Virtualization Reporter: Pei Zhang <pezhang>
Component: qemu-kvmAssignee: jason wang <jasowang>
qemu-kvm sub component: General QA Contact: Lei Yang <leiyang>
Status: CLOSED CURRENTRELEASE Docs Contact:
Severity: high    
Priority: high CC: aadam, chayang, jasowang, juzhang, marcandre.lureau, philmd, rbalakri, virt-maint
Version: 8.1Flags: pm-rhel: mirror+
Target Milestone: rc   
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-06-11 12:59:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1771318    

Comment 1 Pei Zhang 2019-03-06 04:56:11 UTC 
QEMU core dump info:


Thread 6 "qemu-kvm" received signal SIGABRT, Aborted.
[Switching to Thread 0x7fffe9b09700 (LWP 21206)]
0x00007ffff301493f in raise () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ffff301493f in raise () at /lib64/libc.so.6
#1  0x00007ffff2ffec95 in abort () at /lib64/libc.so.6
#2  0x00007ffff3057d57 in __libc_message () at /lib64/libc.so.6
#3  0x00007ffff305e68c in  () at /lib64/libc.so.6
#4  0x00007ffff306179c in _int_malloc () at /lib64/libc.so.6
#5  0x00007ffff306302a in malloc () at /lib64/libc.so.6
#6  0x00007ffff76b8446 in g_malloc () at /lib64/libglib-2.0.so.0
#7  0x0000555555a7de5e in qemu_deliver_packet_iov ()
#8  0x0000555555a808f8 in qemu_net_queue_send_iov ()
#9  0x0000555555a80e5b in net_hub_port_receive_iov ()
#10 0x0000555555a7ddc7 in qemu_deliver_packet_iov ()
#11 0x0000555555a808f8 in qemu_net_queue_send_iov ()
#12 0x0000555555a15c01 in net_tx_pkt_do_sw_fragmentation ()
#13 0x0000555555a16883 in net_tx_pkt_send ()
#14 0x0000555555a1ab08 in e1000e_start_xmit.isra ()
#15 0x0000555555a1ac11 in e1000e_set_tdt ()
#16 0x0000555555896423 in memory_region_write_accessor ()
#17 0x00005555558945d6 in access_with_adjusted_size ()
#18 0x00005555558983a0 in memory_region_dispatch_write ()
#19 0x0000555555842473 in flatview_write_continue ()
#20 0x0000555555842699 in flatview_write ()
#21 0x00005555558467a3 in address_space_write ()
#22 0x00005555558a9fb8 in kvm_cpu_exec ()
--Type <RET> for more, q to quit, c to continue without paging--
#23 0x0000555555883656 in qemu_kvm_cpu_thread_fn ()
#24 0x0000555555b8d384 in qemu_thread_start ()
#25 0x00007ffff33a92de in start_thread () at /lib64/libpthread.so.0
#26 0x00007ffff30d9a63 in clone () at /lib64/libc.so.6
Comment 3 Ademar Reis 2020-02-05 22:55:05 UTC 
QEMU has been recently split into sub-components and as a one-time operation to avoid breakage of tools, we are setting the QEMU sub-component of this BZ to "General". Please review and change the sub-component if necessary the next time you review this BZ. Thanks