[Qemu-devel] [Bug 1405385] Re: QEMU crashes when virtio network cards are used together with e1000 network cards

Wed, 24 Dec 2014 02:57:07 -0800 

Hm. I guess it says nothing, as else some write(2) should be seen by
strace.  So it is like abort() not assert().  And we have about 800
abort() calls in the code.  Oh well.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1405385

Title:
  QEMU crashes when virtio network cards are used together with e1000
  network cards

Status in QEMU:
  New

Bug description:
  QEMU version: QEMU emulator version 2.2.50, Copyright (c) 2003-2008 Fabrice 
Bellard
  QEMU GIT version: ab0302ee764fd702465aef6d88612cdff4302809
  Configure flags: ./configure --enable-kvm --prefix=/opt/qemu-devel
  Linux version: Ubuntu 14.04.1 LTS
  Kernel version: 3.13.0-43-generic #72-Ubuntu SMP Mon Dec 8 19:35:06 UTC 2014 
x86_64 x86_64 x86_64 GNU/Linux

  Problem:

          QEMU crashes when using one (or more) virtio network cards
  together with one (or more) e1000 (and possibly others) network cards
  when those cards are bound to a linux bridge. When the cards are *not*
  bound to a bridge QEMU does not crash.

  Bridge configuration:

        iface bridge0 inet dhcp
        bridge_ports eth1
        bridge_stp off
        bridge_fd 0

  Start-up command (including binding the network cards to the bridge +
  strace logging):

  ./qemu-system-x86_64 -daemonize -smp 1 -m 128 -vnc 0.0.0.0:0 \
  -netdev tap,id=tap_1,script=no,downscript=no,ifname=net_1_1,vhost=on \
  -device 
virtio-net-pci,bootindex=1,id=nic_1,netdev=tap_1,mac=02:16:3F:00:00:FA \
  -netdev tap,id=tap_2,script=no,downscript=no,ifname=net_1_2 \
  -device e1000,bootindex=2,id=nic_2,netdev=tap_2,mac=02:16:3F:00:00:FB; \
  brctl addif bridge0 net_1_1; \
  brctl addif bridge0 net_1_2; \
  ifconfig net_1_1 0.0.0.0 up; \
  ifconfig net_1_2 0.0.0.0 up; \
  sleep 2; \
  strace -p `ps x |grep qemu-system-x86_64 |grep -v grep|awk '{print $1}'` -o 
/tmp/qemu-devel-trace.txt 

  Kernel log:

  Dec 24 11:12:08 bramws kernel: [12466.885581] device net_1_1 entered 
promiscuous mode
  Dec 24 11:12:08 bramws kernel: [12466.886238] device net_1_2 entered 
promiscuous mode
  Dec 24 11:12:08 bramws kernel: [12466.887084] bridge0: port 2(net_1_1) 
entered forwarding state
  Dec 24 11:12:08 bramws kernel: [12466.887089] bridge0: port 2(net_1_1) 
entered forwarding state
  Dec 24 11:12:08 bramws kernel: [12466.888940] bridge0: port 3(net_1_2) 
entered forwarding state
  Dec 24 11:12:08 bramws kernel: [12466.888947] bridge0: port 3(net_1_2) 
entered forwarding state
  Dec 24 11:12:29 bramws kernel: [12488.026376] bridge0: port 2(net_1_1) 
entered disabled state
  Dec 24 11:12:29 bramws kernel: [12488.026820] device net_1_1 left promiscuous 
mode
  Dec 24 11:12:29 bramws kernel: [12488.026832] bridge0: port 2(net_1_1) 
entered disabled state
  Dec 24 11:12:29 bramws kernel: [12488.049636] bridge0: port 3(net_1_2) 
entered disabled state
  Dec 24 11:12:29 bramws kernel: [12488.050058] device net_1_2 left promiscuous 
mode
  Dec 24 11:12:29 bramws kernel: [12488.050074] bridge0: port 3(net_1_2) 
entered disabled state

  Strace log: (full log attached)

  ppoll([{fd=13, events=POLLIN|POLLERR|POLLHUP}, {fd=7, 
events=POLLIN|POLLERR|POLLHUP}, {fd=12, events=POLLIN|POLLERR|POLLHUP}, {fd=3, 
events=POLLIN|POLLERR|POLLHUP}, {fd=6, events=POLLIN}, {fd=5, events=POLLIN}], 
6, {0, 28646613}, NULL, 8) = 0 (Timeout)
  write(5, "\1\0\0\0\0\0\0\0", 8)         = 8
  ppoll([{fd=13, events=POLLIN|POLLERR|POLLHUP}, {fd=7, 
events=POLLIN|POLLERR|POLLHUP}, {fd=12, events=POLLIN|POLLERR|POLLHUP}, {fd=3, 
events=POLLIN|POLLERR|POLLHUP}, {fd=6, events=POLLIN}, {fd=5, events=POLLIN}], 
6, {0, 10899760}, NULL, 8) = 1 ([{fd=5, revents=POLLIN}], left {0, 10895457})
  write(6, "\1\0\0\0\0\0\0\0", 8)         = 8
  read(5, "\1\0\0\0\0\0\0\0", 512)        = 8
  write(6, "\1\0\0\0\0\0\0\0", 8)         = 8
  ppoll([{fd=13, events=POLLIN|POLLERR|POLLHUP}, {fd=7, 
events=POLLIN|POLLERR|POLLHUP}, {fd=12, events=POLLIN|POLLERR|POLLHUP}, {fd=3, 
events=POLLIN|POLLERR|POLLHUP}, {fd=6, events=POLLIN}, {fd=5, events=POLLIN}], 
6, {0, 0}, NULL, 8) = 1 ([{fd=6, revents=POLLIN}], left {0, 0})
  ppoll([{fd=13, events=POLLIN|POLLERR|POLLHUP}, {fd=7, 
events=POLLIN|POLLERR|POLLHUP}, {fd=12, events=POLLIN|POLLERR|POLLHUP}, {fd=3, 
events=POLLIN|POLLERR|POLLHUP}, {fd=6, events=POLLIN}, {fd=5, events=POLLIN}], 
6, {0, 0}, NULL, 8) = 1 ([{fd=6, revents=POLLIN}], left {0, 0})
  read(6, "\2\0\0\0\0\0\0\0", 16)         = 8
  ppoll([{fd=13, events=POLLIN|POLLERR|POLLHUP}, {fd=7, 
events=POLLIN|POLLERR|POLLHUP}, {fd=12, events=POLLIN|POLLERR|POLLHUP}, {fd=3, 
events=POLLIN|POLLERR|POLLHUP}, {fd=6, events=POLLIN}, {fd=5, events=POLLIN}], 
6, {0, 0}, NULL, 8) = 0 (Timeout)
  read(6, 0x7fff697320e0, 16)             = -1 EAGAIN (Resource temporarily 
unavailable)
  ppoll([{fd=13, events=POLLIN|POLLERR|POLLHUP}, {fd=7, 
events=POLLIN|POLLERR|POLLHUP}, {fd=12, events=POLLIN|POLLERR|POLLHUP}, {fd=3, 
events=POLLIN|POLLERR|POLLHUP}, {fd=6, events=POLLIN}, {fd=5, events=POLLIN}], 
6, {0, 9570429}, NULL, 8) = 0 (Timeout)
  futex(0x7f011c8ef094, FUTEX_CMP_REQUEUE_PRIVATE, 1, 2147483647, 
0x7f011aaa0860, 224) = 1
  write(5, "\1\0\0\0\0\0\0\0", 8)         = 8
  write(5, "\1\0\0\0\0\0\0\0", 8)         = 8
  futex(0x7f011aaa0860, FUTEX_WAKE_PRIVATE, 1) = 1
  ppoll([{fd=13, events=POLLIN|POLLERR|POLLHUP}, {fd=7, 
events=POLLIN|POLLERR|POLLHUP}, {fd=12, events=POLLIN|POLLERR|POLLHUP}, {fd=3, 
events=POLLIN|POLLERR|POLLHUP}, {fd=6, events=POLLIN}, {fd=5, events=POLLIN}], 
6, {0, 54463396}, NULL, 8) = 1 ([{fd=5, revents=POLLIN}], left {0, 54459649})
  tgkill(7779, 7784, SIGUSR1)             = 0
  futex(0x7f011aaa0824, FUTEX_CMP_REQUEUE_PRIVATE, 1, 2147483647, 
0x7f011aaa0860, 1650) = 1
  write(6, "\1\0\0\0\0\0\0\0", 8)         = 8
  read(5, "\2\0\0\0\0\0\0\0", 512)        = 8
  write(6, "\1\0\0\0\0\0\0\0", 8)         = 8
  ppoll([{fd=13, events=POLLIN|POLLERR|POLLHUP}, {fd=7, 
events=POLLIN|POLLERR|POLLHUP}, {fd=12, events=POLLIN|POLLERR|POLLHUP}, {fd=3, 
events=POLLIN|POLLERR|POLLHUP}, {fd=6, events=POLLIN}, {fd=5, events=POLLIN}], 
6, {0, 0}, NULL, 8) = 1 ([{fd=6, revents=POLLIN}], left {0, 0})
  ppoll([{fd=13, events=POLLIN|POLLERR|POLLHUP}, {fd=7, 
events=POLLIN|POLLERR|POLLHUP}, {fd=12, events=POLLIN|POLLERR|POLLHUP}, {fd=3, 
events=POLLIN|POLLERR|POLLHUP}, {fd=6, events=POLLIN}, {fd=5, events=POLLIN}], 
6, {0, 0}, NULL, 8) = 1 ([{fd=6, revents=POLLIN}], left {0, 0})
  read(6, "\2\0\0\0\0\0\0\0", 16)         = 8
  ppoll([{fd=13, events=POLLIN|POLLERR|POLLHUP}, {fd=7, 
events=POLLIN|POLLERR|POLLHUP}, {fd=12, events=POLLIN|POLLERR|POLLHUP}, {fd=3, 
events=POLLIN|POLLERR|POLLHUP}, {fd=6, events=POLLIN}, {fd=5, events=POLLIN}], 
6, {0, 0}, NULL, 8) = 0 (Timeout)
  read(6, 0x7fff697320e0, 16)             = -1 EAGAIN (Resource temporarily 
unavailable)
  futex(0x7f011aaa0860, FUTEX_WAKE_PRIVATE, 1) = 1
  ppoll([{fd=13, events=POLLIN|POLLERR|POLLHUP}, {fd=7, 
events=POLLIN|POLLERR|POLLHUP}, {fd=12, events=POLLIN|POLLERR|POLLHUP}, {fd=3, 
events=POLLIN|POLLERR|POLLHUP}, {fd=6, events=POLLIN}, {fd=5, events=POLLIN}], 
6, {0, 53843633}, NULL, 8 <unfinished ...>
  +++ killed by SIGABRT +++

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1405385/+subscriptions

Reply via email to