Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 890111

Summary: qemu-kvm core dump when resume guest from S4 after do hot-unplug/plug network device
Product: Red Hat Enterprise Linux 6 Reporter: Sibiao Luo <sluo>
Component: qemu-kvmAssignee: Virtualization Maintenance <virt-maint>
Status: CLOSED NOTABUG QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: high    
Version: 6.4CC: acathrow, bsarathy, chayang, dyasny, juzhang, mazhang, michen, mkenneth, qzhang, sluo, virt-maint, xwei
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-12-25 11:14:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
qemu prompts and qemu-kvm core dump logs.
none
guest kernel log when do S4. none

Description Sibiao Luo 2012-12-25 07:45:25 UTC 
Description of problem:
boot a guest with virtual nic device(e1000,rtl8139, virtio-net), do hot-unplug the nic device and hot-plug it again, check the network works fine in guest, then do S4 and resume it, the qemu-kvm core dump occurs.
BTW, if i remove the rtl8139 in cli and retest it again with the same steps, have no such issue, so this issue is relate to rtl8139 device.

Version-Release number of selected component (if applicable):
host info:
kernel-2.6.32-351.el6.x86_64
qemu-kvm-rhev-0.12.1.2-2.348.el6.x86_64
guest info:
kernel-2.6.32-351.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1.boot a guest with virtual nic device(e1000,rtl8139, virtio-net).
eg:...-netdev tap,id=hostnet0,vhost=on,script=/etc/qemu-ifup -device virtio-net-pci,netdev=hostnet0,id=virtio-net-pci0,mac=34:40:B5:9E:D3:90,bus=pci.0,addr=0x5 -netdev tap,id=hostnet1,vhost=on,script=/etc/qemu-ifup -device e1000,netdev=hostnet1,id=virtio-net-pci1,mac=34:40:B5:9E:D3:91,bus=pci.0,addr=0x6 -netdev tap,id=hostnet2,vhost=on,script=/etc/qemu-ifup -device rtl8139,netdev=hostnet2,id=virtio-net-pci2,mac=34:40:B5:9E:D3:92,bus=pci.0,addr=0x7
2.hot-unplug the nic device.
{"execute": "device_del", "arguments": {"id": "virtio-net-pci0"}}
{"return": {}}
{"execute": "device_del", "arguments": {"id": "virtio-net-pci1"}}
{"return": {}}
{"execute": "device_del", "arguments": {"id": "virtio-net-pci2"}}
{"return": {}}
{"execute": "netdev_del", "arguments": {"id": "hostnet0"}}     
{"return": {}}
{"execute": "netdev_del", "arguments": {"id": "hostnet1"}}
{"return": {}}
{"execute": "netdev_del", "arguments": {"id": "hostnet2"}}
3.hot-plug the nic device.
{"execute": "netdev_add", "arguments": {"type": "tap","id": "hostnet0", "script": "/etc/qemu-ifup", "vhost":"on"}}
{"return": {}}
{"execute": "device_add", "arguments": {"driver": "virtio-net-pci", "netdev": "hostnet0", "mac": "34:40:B5:9E:D3:90", "id": "virtio-net-pci0", "bus": "pci.0", "addr": "0x5"}}
{"return": {}}
{"execute": "netdev_add", "arguments": {"type": "tap","id": "hostnet1", "script": "/etc/qemu-ifup", "vhost":"on"}}
{"return": {}}
{"execute": "device_add", "arguments": {"driver": "virtio-net-pci", "netdev": "hostnet1", "mac": "34:40:B5:9E:D3:91", "id": "virtio-net-pci1", "bus": "pci.0", "addr": "0x6"}}
{"return": {}}
{"execute": "netdev_add", "arguments": {"type": "tap","id": "hostnet2", "script": "/etc/qemu-ifup", "vhost":"on"}}
{"return": {}}
{"execute": "device_add", "arguments": {"driver": "virtio-net-pci", "netdev": "hostnet2", "mac": "34:40:B5:9E:D3:92", "id": "virtio-net-pci2", "bus": "pci.0", "addr": "0x7"}}
{"return": {}}
4.do S4.
# pm-hibernate
5.resume the guest.
  
Actual results:
after step 3, the network works well in guest.
after step 5, qemu-kvm core dump, I will attach the detail logs later.
Program received signal SIGABRT, Aborted.
0x00007ffff57408a5 in raise () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ffff57408a5 in raise () from /lib64/libc.so.6
#1  0x00007ffff5742085 in abort () from /lib64/libc.so.6
#2  0x00007ffff7dde8a2 in hw_error (fmt=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:505
#3  0x00007ffff7e4ac8d in register_ioport_write (start=<value optimized out>, length=<value optimized out>, size=6, func=0xffffffffffffffff, opaque=0x7fffee2ba700)
    at /usr/src/debug/qemu-kvm-0.12.1.2/ioport.c:171
#4  0x00007ffff7e0d887 in rtl8139_ioport_map (pci_dev=0x7ffff8a68010, region_num=<value optimized out>, addr=4096, size=<value optimized out>, type=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/rtl8139.c:3317
#5  0x00007ffff7deb74b in pci_update_mappings (d=0x7ffff8a68010) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/pci.c:1067
#6  0x00007ffff7e0183c in kvm_handle_io (env=0x7ffff89f6990) at /usr/src/debug/qemu-kvm-0.12.1.2/kvm-all.c:150
#7  kvm_run (env=0x7ffff89f6990) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1048
#8  0x00007ffff7e01919 in kvm_cpu_exec (env=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1743
#9  0x00007ffff7e027fd in kvm_main_loop_cpu (_env=0x7ffff89f6990) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2004
#10 ap_main_loop (_env=0x7ffff89f6990) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2060
#11 0x00007ffff7737851 in start_thread () from /lib64/libpthread.so.0
#12 0x00007ffff57f690d in clone () from /lib64/libc.so.6
(gdb)

Expected results:
resume the guest from S4 successfully without any problem.

Additional info:
Comment 1 Sibiao Luo 2012-12-25 07:47:22 UTC 
Created attachment 668766 [details]
qemu prompts and qemu-kvm core dump logs.
Comment 2 Sibiao Luo 2012-12-25 07:50:40 UTC 
Created attachment 668768 [details]
guest kernel log when do S4.
Comment 3 Sibiao Luo 2012-12-25 07:51:47 UTC 
my host cpu info:
processor	: 7
vendor_id	: GenuineIntel
cpu family	: 6
model		: 42
model name	: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
stepping	: 7
cpu MHz		: 1600.000
cache size	: 8192 KB
physical id	: 0
siblings	: 8
core id		: 3
cpu cores	: 4
apicid		: 7
initial apicid	: 7
fpu		: yes
fpu_exception	: yes
cpuid level	: 13
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm ida arat epb xsaveopt pln pts dts tpr_shadow vnmi flexpriority ept vpid
bogomips	: 6784.16
clflush size	: 64
cache_alignment	: 64
address sizes	: 36 bits physical, 48 bits virtual
power management:
Comment 5 Sibiao Luo 2012-12-25 11:14:51 UTC 
(In reply to comment #0)
> 3.hot-plug the nic device.
> {"execute": "netdev_add", "arguments": {"type": "tap","id": "hostnet0",
> "script": "/etc/qemu-ifup", "vhost":"on"}}
> {"return": {}}
> {"execute": "device_add", "arguments": {"driver": "virtio-net-pci",
> "netdev": "hostnet0", "mac": "34:40:B5:9E:D3:90", "id": "virtio-net-pci0",
> "bus": "pci.0", "addr": "0x5"}}
> {"return": {}}
> {"execute": "netdev_add", "arguments": {"type": "tap","id": "hostnet1",
> "script": "/etc/qemu-ifup", "vhost":"on"}}
> {"return": {}}
> {"execute": "device_add", "arguments": {"driver": "virtio-net-pci",
> "netdev": "hostnet1", "mac": "34:40:B5:9E:D3:91", "id": "virtio-net-pci1",
> "bus": "pci.0", "addr": "0x6"}}
{"execute": "device_add", "arguments": {"driver": "e1000", "netdev": "hostnet1", "mac": "34:40:B5:9E:D3:91", "id": "virtio-net-pci1", "bus": "pci.0", "addr": "0x6"}}
> {"execute": "netdev_add", "arguments": {"type": "tap","id": "hostnet2",
> "script": "/etc/qemu-ifup", "vhost":"on"}}
> {"return": {}}
> {"execute": "device_add", "arguments": {"driver": "virtio-net-pci",
> "netdev": "hostnet2", "mac": "34:40:B5:9E:D3:92", "id": "virtio-net-pci2",
> "bus": "pci.0", "addr": "0x7"}}
{"execute": "device_add", "arguments": {"driver": "rtl8139", "netdev": "hostnet2", "mac": "34:40:B5:9E:D3:92", "id": "virtio-net-pci2", "bus": "pci.0", "addr": "0x7"}}

Sorry for my wrong QMP commands cause the wrong judgment, so close this bug.

Best Regards.
sluo