969945 – qemu-kvm core dump during iofuzz test

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 969945 - qemu-kvm core dump during iofuzz test

Summary: qemu-kvm core dump during iofuzz test

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Hai Huang
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-06-03 06:57 UTC by Xiaoqing Wei
Modified:	2014-06-18 03:29 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-06-13 09:39:34 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
gdb thread apply all bt full (18.07 KB, text/plain) 2013-06-03 06:57 UTC, Xiaoqing Wei	no flags	Details
View All

Description Xiaoqing Wei 2013-06-03 06:57:34 UTC

Created attachment 756163 [details]
gdb thread apply all bt full

Description of problem:

qemu-kvm core dump during iofuzz test

Version-Release number of selected component (if applicable):
qemu-kvm-1.5.0-2.el7.x86_64
kernel-3.9.0-0.55.el7.x86_64


How reproducible:
only once

Steps to Reproduce:
1./home/staf-kvm-devel/autotest-devel/client/tests/virt/qemu/qemu \
    -S \
    -name 'vm1' \
    -chardev socket,id=qmp_id_qmpmonitor1,path=/tmp/monitor-qmpmonitor1-20130530-191349-ZMSDl1gm,server,nowait \
    -mon chardev=qmp_id_qmpmonitor1,mode=control \
    -chardev socket,id=serial_id_serial1,path=/tmp/serial-serial1-20130530-191349-ZMSDl1gm,server,nowait \
    -device isa-serial,chardev=serial_id_serial1 \
    -chardev socket,id=seabioslog_id_20130530-191349-ZMSDl1gm,path=/tmp/seabios-20130530-191349-ZMSDl1gm,server,nowait \
    -device isa-debugcon,chardev=seabioslog_id_20130530-191349-ZMSDl1gm,iobase=0x402 \
    -device ich9-usb-uhci1,id=usb1,bus=pci.0,addr=0x4 \
    -drive file='/home/staf-kvm-devel/autotest-devel/client/tests/virt/shared/data/images/RHEL-Server-7.0-64.qcow2',if=none,id=drive-ide0-0-0,media=disk,cache=none,snapshot=off,format=qcow2,aio=native \
    -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0 \
    -device rtl8139,netdev=idIg594w,mac=9a:3b:3c:3d:3e:3f,bus=pci.0,addr=0x3,id='idCSLDpm' \
    -netdev tap,id=idIg594w,fd=23 \
    -m 4096 \
    -smp 4,maxcpus=4,cores=2,threads=1,sockets=2 \
    -cpu 'SandyBridge' \
    -M pc \
    -device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1 \
    -vnc :0 \
    -vga cirrus \
    -rtc base=utc,clock=host,driftfix=slew  \
    -boot order=cdn,once=c,menu=off   \
    -no-kvm-pit-reinjection \
    -enable-kvm
2.
    KVM iofuzz test:
    1) Log into a guest
    2) Enumerate all IO port ranges through /proc/ioports
    3) On each port of the range:
        * Read it
        * Write 0 to it
        * Write a random value to a random port on a random order

3.

Actual results:
qemu-kvm core dump
(gdb) bt
#0  __memcmp_sse4_1 () at ../sysdeps/x86_64/multiarch/memcmp-sse4.S:1015
#1  0x00007f4afe4a1ed9 in patch_hypercalls (s=0x7f4b01165ad0, s=0x7f4b01165ad0) at /usr/src/debug/qemu-1.5.0/hw/i386/kvmvapic.c:549
#2  vapic_prepare (s=s@entry=0x7f4b01165ad0) at /usr/src/debug/qemu-1.5.0/hw/i386/kvmvapic.c:614
#3  0x00007f4afe4a201e in vapic_write (opaque=0x7f4b01165ad0, addr=<optimized out>, data=<optimized out>, size=<optimized out>)
    at /usr/src/debug/qemu-1.5.0/hw/i386/kvmvapic.c:651
#4  0x00007f4afe4c5432 in access_with_adjusted_size (addr=addr@entry=0, value=value@entry=0x7f4af2b7db58, size=2, access_size_min=<optimized out>, 
    access_size_max=<optimized out>, access=access@entry=0x7f4afe4c59f0 <memory_region_write_accessor>, opaque=opaque@entry=0x7f4b01167df8)
    at /usr/src/debug/qemu-1.5.0/memory.c:364
#5  0x00007f4afe4c6907 in memory_region_iorange_write (iorange=<optimized out>, offset=0, width=2, data=32) at /usr/src/debug/qemu-1.5.0/memory.c:439
#6  0x00007f4afe4c41ad in kvm_handle_io (count=1, size=2, direction=1, data=<optimized out>, port=126) at /usr/src/debug/qemu-1.5.0/kvm-all.c:1485
#7  kvm_cpu_exec (env=env@entry=0x7f4b01147b70) at /usr/src/debug/qemu-1.5.0/kvm-all.c:1634
#8  0x00007f4afe46f195 in qemu_kvm_cpu_thread_fn (arg=0x7f4b01147b70) at /usr/src/debug/qemu-1.5.0/cpus.c:759
#9  0x00007f4afc4efc53 in start_thread (arg=0x7f4af2b7e700) at pthread_create.c:308
#10 0x00007f4af9c850dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113


Expected results:

both host && guest work well

Additional info:
processor	: 23
vendor_id	: GenuineIntel
cpu family	: 6
model		: 45
model name	: Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz
stepping	: 7
microcode	: 0x70d
cpu MHz		: 1200.000
cache size	: 15360 KB
physical id	: 1
siblings	: 12
core id		: 5
cpu cores	: 6
apicid		: 43
initial apicid	: 43
fpu		: yes
fpu_exception	: yes
cpuid level	: 13
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx lahf_lm ida arat epb xsaveopt pln pts dtherm tpr_shadow vnmi flexpriority ept vpid
bogomips	: 4004.58
clflush size	: 64
cache_alignment	: 64
address sizes	: 46 bits physical, 48 bits virtual
power management:

Comment 3 Hai Huang 2014-01-03 17:41:40 UTC

*** Bug 991288 has been marked as a duplicate of this bug. ***

Comment 7 Xiaoqing Wei 2014-03-13 02:55:42 UTC

Wow, this is an old bug,

The last few time QE ran iofuzz test was on version -52

not core dump happening,
but vm kernel crashing, which seems not identical to this one.

https://bugzilla.redhat.com/show_bug.cgi?id=947694#c18
https://bugzilla.redhat.com/show_bug.cgi?id=751937#c36

Comment 10 Ludek Smid 2014-06-13 09:39:34 UTC

This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.