917884 – qemu core dump when boot guest with virtio-rng device, then cat /dev/hwrng in guest, cat /dev/random in host

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 917884 - qemu core dump when boot guest with virtio-rng device, then cat /dev/hwrng in guest, cat /dev/random in host

Summary: qemu core dump when boot guest with virtio-rng device, then cat /dev/hwrng i...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Amit Shah
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	VirtIORNG
TreeView+	depends on / blocked

Reported:	2013-03-05 02:33 UTC by yunpingzheng
Modified:	2014-06-18 03:23 UTC (History)
CC List:	8 users (show)
Fixed In Version:	qemu-kvm-1.5.0-1.el7
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-06-13 13:29:44 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description yunpingzheng 2013-03-05 02:33:48 UTC

Description of problem:
When i boot the guest (rhel6.4) with  virtio-rng device. the guest can boot normally. when i cat /dev/hwrng in guest. then cat /dev/random in host. several minutes the qemu will exit and generate core dump file.

Before the qemu core dumped, the qemu will report error like:
ERROR:backends/rng-random.c:44:entropy_available: assertion failed: (len != -1)
then core dumped.

Version-Release number of selected component (if applicable):
kernel: kernel-3.7.0-0.34.el7.x86_64
qemu: qemu-kvm-1.3.0-5.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1.boot guest with rng device like :
 -device virtio-rng-pci
2. in guest  open /dev/hwrng
  # cat /dev/hwrng
3. in host open /dev/random
  # cat /dev/random

  
Actual results:
the qemu will exit (core dumped).

Expected results:
qemu shouldn't core dump

Additional info:
core info:
(gdb) bt full
#0  0x00007ff8f9545ba5 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:63
        resultvar = 0
        pid = 3061
        selftid = 3061
#1  0x00007ff8f9547358 in __GI_abort () at abort.c:90
        save_stage = 2
        act = {__sigaction_handler = {sa_handler = 0x7ff8ff539890 <poll_fds+16>, sa_sigaction = 0x7ff8ff539890 <poll_fds+16>}, 
          sa_mask = {__val = {3, 140707394339520, 140707398640628, 5, 0, 140707311479976, 7421932190169428627, 
    140707426805552, 140707394339520, 80, 140707398666725, 0, 0, 140707315324776, 4294967295, 140707315324736}}, sa_flags = 1, 
          sa_restorer = 0x0}
        sigs = {__val = {32, 0 <repeats 15 times>}}
#2  0x00007ff8fe164b37 in g_assertion_message (domain=domain@entry=0x0, file=file@entry=
    0x7ff8fed69c97 "backends/rng-random.c", line=line@entry=44, func=func@entry=
    0x7ff8fed69ce0 <__PRETTY_FUNCTION__.15812> "entropy_available", message=<optimized out>) at gtestutils.c:1877
        lstr = "44\000(\377\177\000\000\020\246#(\377\177\000\000\202\234\326\376\370\177\000\000\215\234\326\376\370\177\000"
        s = 0x7ff900312730 ""
#3  0x00007ff8fe165054 in g_assertion_message_expr (domain=domain@entry=0x0, file=file@entry=
    0x7ff8fed69c97 "backends/rng-random.c", line=line@entry=44, func=func@entry=
    0x7ff8fed69ce0 <__PRETTY_FUNCTION__.15812> "entropy_available", expr=expr@entry=0x7ff8fed69c8d "len != -1")
    at gtestutils.c:1888
        s = <optimized out>
#4  0x00007ff8feadeb21 in entropy_available (opaque=<optimized out>) at backends/rng-random.c:44
        s = 0x7ff9003b5960
        buffer = 0x7fff2823a690 "`Y;"
        len = <optimized out>
        __PRETTY_FUNCTION__ = "entropy_available"
#5  0x00007ff8febe6157 in qemu_iohandler_poll (readfds=readfds@entry=0x7ff8ff5396e0 <rfds>, writefds=writefds@entry=
    0x7ff8ff539760 <wfds>, xfds=xfds@entry=0x7ff8ff5397e0 <xfds>, ret=ret@entry=1) at iohandler.c:160
        pioh = 0x7ff8e000cd00
        ioh = 0x7ff9002f5990
#6  0x00007ff8febf4248 in main_loop_wait (nonblocking=<optimized out>) at main-loop.c:418
        ret = 1
        timeout = 4294967295
#7  0x00007ff8feac9379 in main_loop () at vl.c:1770
        nonblocking = <optimized out>
        last_io = 1
#8  main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:3999
        i = <optimized out>
        snapshot = 0
---Type <return> to continue, or q <return> to quit---  
        linux_boot = <optimized out>
        icount_option = 0x0
        initrd_filename = <optimized out>
        kernel_filename = <optimized out>
        kernel_cmdline = <optimized out>
        boot_devices = "c\000n", '\000' <repeats 29 times>
        ds = <optimized out>
        cyls = 0
        heads = 0
        secs = 0
        translation = 0
        hda_opts = <optimized out>
        opts = <optimized out>
        machine_opts = <optimized out>
        olist = <optimized out>
        optind = 55
        optarg = 0x7fff2823c87d "virtio-rng-pci"
        loadvm = 0x0
        machine = 0x7ff8ff129a80 <pc_machine_v1_3>
        cpu_model = 0x0
        vga_model = 0x7fff2823c411 "qxl"
        pid_file = 0x0
        incoming = 0x0
        defconfig = <optimized out>
        userconfig = <optimized out>
        log_mask = 0x0
        log_file = 0x0
        mem_trace = {malloc = 0x7ff8fec65890 <malloc_and_trace>, realloc = 0x7ff8fec65840 <realloc_and_trace>, free = 
    0x7ff8fec65800 <free_and_trace>, calloc = 0x0, try_malloc = 0x0, try_realloc = 0x0}
        trace_events = 0x0
        trace_file = 0x0
        args = {ram_size = 4294967296, boot_device = 0x7fff2823a8f0 "c", kernel_filename = 0x0, kernel_cmdline = 
    0x7ff8fed8eb0d "", initrd_filename = 0x0, cpu_model = 0x0}


qemu-command:
/usr/libexec/qemu-kvm \
-name 'vm1' \
-nodefaults \
-m 4096 \
-smp 4,cores=2,threads=1,sockets=2 \
-vnc :22 \
-vga qxl \
-rtc base=utc,clock=host,driftfix=none \
-drive file=/root/RHEL-Server-6.4-64-virtio.qcow2,if=none,cache=none,id=virtio0 \
-device virtio-blk-pci,drive=virtio0 \
-device virtio-net-pci,netdev=id3Ibo2c,mac=9a:5e:5f:60:61:62 \
-netdev tap,id=id3Ibo2c,script=/root/qemu-ifup-switch \
-device ich9-usb-uhci1,id=usb1 \
-boot order=cdn,once=c,menu=on \
-enable-kvm \
-monitor stdio \
-global PIIX4_PM.disable_s3=0 \
-global PIIX4_PM.disable_s4=0 \
-chardev socket,id=qmp_id_qmpmonitor1,path=/tmp/qmpmonitor-1,server,nowait \
-mon chardev=qmp_id_qmpmonitor1,mode=control \
-chardev socket,id=isa-serial-1,path=/tmp/isa-serial-1,server,nowait \
-device isa-serial,chardev=isa-serial-1 \
-device virtio-serial,id=virt-serial-1,max_ports=31,bus=pci.0 \
-chardev socket,id=virtio-serial-1-1,path=/tmp/virtio-serial-1-1,server,nowait \
-device virtserialport,chardev=virtio-serial-1-1,name=virtio.serial.1.1,bus=virt-serial-1.0,id=virtio-serial-port1-1 \
-device virtio-serial,id=virt-console-1 \
-chardev socket,id=virtio-console-1-1,path=/tmp/virtio-console-1-1,server,nowait \
-device virtconsole,chardev=virtio-console-1-1,name=virtio.console.1.1,bus=virt-console-1.0 \
-device virtio-rng-pci

host cpuinfo:
Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                8
On-line CPU(s) list:   0-7
Thread(s) per core:    2
Core(s) per socket:    4
Socket(s):             1
NUMA node(s):          1
Vendor ID:             GenuineIntel
CPU family:            6
Model:                 42
Stepping:              7
CPU MHz:               1600.000
BogoMIPS:              6784.61
Virtualization:        VT-x
L1d cache:             32K
L1i cache:             32K
L2 cache:              256K
L3 cache:              8192K
NUMA node0 CPU(s):     0-7

Comment 2 Amit Shah 2013-03-05 08:00:27 UTC

Error message is:

ERROR:/home/amit/src/qemu/backends/rng-random.c:44:entropy_available: assertion failed: (len != -1)
Aborted (core dumped)

Comment 3 Amit Shah 2013-03-06 05:55:47 UTC

backends/rng-random.c:entropy_available() just calls read() on the fd, doesn't check for EAGAIN or EINTR return values.

Comment 4 Amit Shah 2013-04-16 10:47:54 UTC

Patch submitted upstream.

Comment 5 Amit Shah 2013-04-23 05:44:13 UTC

commit acbbc036619092fcd2c882222e1be168bd972b3e
Author: Amit Shah
Date:   Tue Apr 16 15:58:16 2013 +0530

    rng random backend: check for -EAGAIN errors on read
    
    Not handling EAGAIN triggers the assert
    
    qemu/backends/rng-random.c:44:entropy_available: assertion failed: (len != -1)
    Aborted (core dumped)
    
    This happens when starting a guest with '-device virtio-rng-pci',
    issuing a 'cat /dev/hwrng' in the guest, while also doing 'cat
    /dev/random' on the host.

Comment 6 Miroslav Rezanina 2013-05-23 12:01:56 UTC

Build in qemu-kvm-1.5.0-1.el7

Comment 8 Xu Han 2014-01-23 09:36:22 UTC

Reproduce this bug with component:
qemu-kvm-1.3.0-6.el7.x86_64

Steps:
1. Boot guest with virtio-rng using rng-random backend.
# /usr/libexec/qemu-kvm -M pc -cpu SandyBridge -m 1G -vga qxl -spice disable-ticketing,port=5930 -drive file=/home/RHEL-Server-7.0-64-virtio.qcow2,if=none,id=guest-img -device ide-hd,drive=guest-img,id=os-disk \
-device virtio-rng-pci,id=rng0 (using '/dev/random' as default)

2. Read rng device in host and guest.
(host)# cat /dev/random
(guest)# cat /dev/hwrng

Results:
After a while, qemu-kvm core dump.
ERROR:backends/rng-random.c:44:entropy_available: assertion failed: (len != -1)
Aborted (core dumped)
------
Verify this bug with component:
qemu-kvm-1.5.3-40.el7.x86_64

Same steps as above.

Results:
After 10 mins, qemu-kvm still running well.

Base on these test results above, this bug has been fixed.

Comment 11 Ludek Smid 2014-06-13 13:29:44 UTC

This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.