Bug 1009285
| Summary: | -device usb-storage,serial=... crashes with SCSI generic drive | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Markus Armbruster <armbru> | |
| Component: | qemu-kvm | Assignee: | Markus Armbruster <armbru> | |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Virtualization Bugs <virt-bugs> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 7.0 | CC: | acathrow, hhuang, juzhang, sluo, virt-maint, xuhan | |
| Target Milestone: | rc | |||
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | qemu-kvm-1.5.3-10.el7 | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1013478 (view as bug list) | Environment: | ||
| Last Closed: | 2014-06-13 10:35:45 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1013478 | |||
|
Description
Markus Armbruster
2013-09-18 06:36:40 UTC
I suspect the crash was introduced by the patch for bug 947411. Reproduce this issue on kernel-3.10.0-28.el7.x86_64 and qemu-kvm-rhev-1.5.3-6.el7.x86_64 that attempt to set usb-storage property serial crashes when property drive refers to a SCSI generic device.
host info:
# uname -r && rpm -q qemu-kvm-rhev
3.10.0-28.el7.x86_64
qemu-kvm-rhev-1.5.3-6.el7.x86_64
Steps:
1.insert a USB stick to host and get the displays mapping between Linux sg and other SCSI devices.
# sg_map
/dev/sg0 /dev/sda
/dev/sg1 /dev/sr0
/dev/sg2 /dev/sdb
2.boot guest with setting usb-storage property serial when property drive refers to a SCSI generic device.
# /usr/libexec/qemu-kvm -nodefaults -vga qxl -S -usb -drive if=none,file=/dev/sg2,id=usb-drv0 -device usb-storage,id=usb-msd0,drive=usb-drv0,serial=0x123 -monitor stdio
Results:
after step 2, QEMU core dump and quit.
(gdb) bt
#0 0x00007ffff32e3999 in raise () from /lib64/libc.so.6
#1 0x00007ffff32e50a8 in abort () from /lib64/libc.so.6
#2 0x000055555584f2ea in assert_no_error (err=<optimized out>) at qobject/qerror.c:128
#3 0x000055555563cdb6 in qdev_prop_set_string (dev=dev@entry=0x55555655f720, name=name@entry=0x55555586fad2 "serial",
value=value@entry=0x55555656a230 "0x123") at hw/core/qdev-properties.c:1049
#4 0x000055555568af60 in scsi_bus_legacy_add_drive (bus=bus@entry=0x555556592398, bdrv=bdrv@entry=0x5555564d3430,
unit=unit@entry=0, removable=<optimized out>, bootindex=-1, serial=0x55555656a230 "0x123") at hw/scsi/scsi-bus.c:227
#5 0x000055555569f4ae in usb_msd_initfn_storage (dev=0x555556590cb0) at hw/usb/dev-storage.c:627
#6 0x0000555555694ffb in usb_device_init (dev=0x555556590cb0) at hw/usb/bus.c:97
#7 usb_qdev_init (qdev=0x555556590cb0) at hw/usb/bus.c:214
#8 0x000055555563dda1 in device_realize (dev=0x555556590cb0, err=0x7fffffffde50) at hw/core/qdev.c:178
#9 0x000055555563f30b in device_set_realized (obj=0x555556590cb0, value=<optimized out>, err=0x7fffffffdf60)
at hw/core/qdev.c:699
#10 0x00005555556fd5fe in property_set_bool (obj=0x555556590cb0, v=<optimized out>, opaque=0x5555565675f0,
name=<optimized out>, errp=0x7fffffffdf60) at qom/object.c:1301
#11 0x00005555556ffee7 in object_property_set_qobject (obj=0x555556590cb0, value=<optimized out>,
name=0x55555587112d "realized", errp=0x7fffffffdf60) at qom/qom-qobject.c:24
#12 0x00005555556fee80 in object_property_set_bool (obj=obj@entry=0x555556590cb0, value=value@entry=true,
name=name@entry=0x55555587112d "realized", errp=errp@entry=0x7fffffffdf60) at qom/object.c:852
#13 0x000055555563e2ba in qdev_init (dev=dev@entry=0x555556590cb0) at hw/core/qdev.c:163
#14 0x00005555556ea95b in qdev_device_add (opts=0x5555564ce9d0) at qdev-monitor.c:497
#15 0x000055555572f839 in device_init_func (opts=<optimized out>, opaque=<optimized out>) at vl.c:2353
#16 0x000055555585f14b in qemu_opts_foreach (list=<optimized out>, func=func@entry=0x55555572f820 <device_init_func>,
opaque=opaque@entry=0x0, abort_on_failure=abort_on_failure@entry=1) at util/qemu-option.c:1164
#17 0x00005555555c4cd6 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4352
(gdb) bt full
#0 0x00007ffff32e3999 in raise () from /lib64/libc.so.6
No symbol table info available.
#1 0x00007ffff32e50a8 in abort () from /lib64/libc.so.6
No symbol table info available.
#2 0x000055555584f2ea in assert_no_error (err=<optimized out>) at qobject/qerror.c:128
No locals.
#3 0x000055555563cdb6 in qdev_prop_set_string (dev=dev@entry=0x55555655f720, name=name@entry=0x55555586fad2 "serial",
value=value@entry=0x55555656a230 "0x123") at hw/core/qdev-properties.c:1049
errp = 0x55555655fca0
#4 0x000055555568af60 in scsi_bus_legacy_add_drive (bus=bus@entry=0x555556592398, bdrv=bdrv@entry=0x5555564d3430,
unit=unit@entry=0, removable=<optimized out>, bootindex=-1, serial=0x55555656a230 "0x123") at hw/scsi/scsi-bus.c:227
driver = <optimized out>
dev = 0x55555655f720
__func__ = "scsi_bus_legacy_add_drive"
#5 0x000055555569f4ae in usb_msd_initfn_storage (dev=0x555556590cb0) at hw/usb/dev-storage.c:627
s = 0x555556590cb0
bs = 0x5555564d3430
scsi_dev = <optimized out>
#6 0x0000555555694ffb in usb_device_init (dev=0x555556590cb0) at hw/usb/bus.c:97
klass = <optimized out>
#7 usb_qdev_init (qdev=0x555556590cb0) at hw/usb/bus.c:214
dev = 0x555556590cb0
__func__ = "usb_qdev_init"
rc = <optimized out>
#8 0x000055555563dda1 in device_realize (dev=0x555556590cb0, err=0x7fffffffde50) at hw/core/qdev.c:178
rc = <optimized out>
dc = <optimized out>
#9 0x000055555563f30b in device_set_realized (obj=0x555556590cb0, value=<optimized out>, err=0x7fffffffdf60)
at hw/core/qdev.c:699
dev = 0x555556590cb0
__func__ = "device_set_realized"
dc = 0x555556567880
local_err = 0x0
#10 0x00005555556fd5fe in property_set_bool (obj=0x555556590cb0, v=<optimized out>, opaque=0x5555565675f0,
name=<optimized out>, errp=0x7fffffffdf60) at qom/object.c:1301
prop = 0x5555565675f0
value = true
local_err = 0x0
#11 0x00005555556ffee7 in object_property_set_qobject (obj=0x555556590cb0, value=<optimized out>,
name=0x55555587112d "realized", errp=0x7fffffffdf60) at qom/qom-qobject.c:24
mi = 0x55555659f090
#12 0x00005555556fee80 in object_property_set_bool (obj=obj@entry=0x555556590cb0, value=value@entry=true,
name=name@entry=0x55555587112d "realized", errp=errp@entry=0x7fffffffdf60) at qom/object.c:852
qbool = 0x55555656a250
#13 0x000055555563e2ba in qdev_init (dev=dev@entry=0x555556590cb0) at hw/core/qdev.c:163
local_err = 0x0
__PRETTY_FUNCTION__ = "qdev_init"
#14 0x00005555556ea95b in qdev_device_add (opts=0x5555564ce9d0) at qdev-monitor.c:497
obj = <optimized out>
k = 0x555556567880
driver = 0x5555564ceaa0 "usb-storage"
path = 0x0
id = <optimized out>
qdev = 0x555556590cb0
bus = <optimized out>
__func__ = "qdev_device_add"
#15 0x000055555572f839 in device_init_func (opts=<optimized out>, opaque=<optimized out>) at vl.c:2353
dev = <optimized out>
#16 0x000055555585f14b in qemu_opts_foreach (list=<optimized out>, func=func@entry=0x55555572f820 <device_init_func>,
opaque=opaque@entry=0x0, abort_on_failure=abort_on_failure@entry=1) at util/qemu-option.c:1164
loc = {kind = LOC_CMDLINE, num = 2, ptr = 0x7fffffffe518, prev = 0x55555645ab00 <std_loc>}
opts = 0x5555564ce9d0
rc = 0
#17 0x00005555555c4cd6 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4352
i = <optimized out>
snapshot = 0
linux_boot = 0
icount_option = 0x0
initrd_filename = 0x0
kernel_filename = 0x0
kernel_cmdline = 0x5555558b4d90 ""
boot_devices = '\000' <repeats 32 times>
ds = <optimized out>
cyls = 0
heads = 0
secs = 0
translation = 0
hda_opts = <optimized out>
opts = <optimized out>
machine_opts = <optimized out>
olist = <optimized out>
optind = 12
optarg = 0x7fffffffe820 "stdio"
loadvm = 0x0
machine = 0x555555c3e8c0 <pc_machine_rhel700>
cpu_model = 0x0
vga_model = 0x7fffffffe7a6 "qxl"
pid_file = 0x0
incoming = 0x0
show_vnc_port = 1
defconfig = <optimized out>
userconfig = true
log_mask = 0x0
log_file = 0x0
mem_trace = {malloc = 0x555555730230 <malloc_and_trace>, realloc = 0x5555557301f0 <realloc_and_trace>,
free = 0x5555557301b0 <free_and_trace>, calloc = 0x0, try_malloc = 0x0, try_realloc = 0x0}
trace_events = 0x0
trace_file = 0x0
__PRETTY_FUNCTION__ = "main"
args = {ram_size = 134217728, boot_device = 0x55555586e0e6 "cad", kernel_filename = 0x0,
kernel_cmdline = 0x5555558b4d90 "", initrd_filename = 0x0, cpu_model = 0x0}
(gdb)
Fix included in qemu-kvm-1.5.3-10.el7 Reproduce this bug with components: qemu-kvm-rhev-1.5.3-8.el7.x86_64 Steps: 1.insert a USB stick to host and get the displays mapping between Linux sg and other SCSI devices. # sg_map /dev/sg0 /dev/sda /dev/sg1 /dev/sr0 /dev/sg2 /dev/sdb 2.boot guest with setting usb-storage property serial when property drive refers to a SCSI generic device. # /usr/libexec/qemu-kvm -nodefaults -vga qxl -S -usb -drive if=none,file=/dev/sg2,id=usb-drv0 -device usb-storage,id=usb-msd0,drive=usb-drv0,serial=0x123 -monitor stdio Result: after step 2, QEMU core dump and quit. (qemu) qemu-kvm: -device usb-storage,id=usb-msd0,drive=usb-drv0,serial=0x123: Property '.serial' not found Aborted (core dumped) Verify this bug with component: qemu-kvm-rhev-1.5.3-11.el7.x86_64 Same steps as above. Result: after step 2, QEMU not core dump. (qemu) c (qemu) info status VM status: running According to above test result, this bug has been fixed. This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |