Bug 1013478

host info:
# uname -r && rpm -q qemu-kvm
2.6.32-420.el6.x86_64
qemu-kvm-0.12.1.2-2.407.el6.x86_64

e.g: # /usr/libexec/qemu-kvm -nodefaults -vga qxl -S -usb -drive if=none,file=/dev/sg2,id=usb-drv0 -device usb-storage,id=usb-msd0,drive=usb-drv0,serial=0x123 -monitor stdio

(gdb) bt
#0  0x00007ffff4c9b925 in raise () from /lib64/libc.so.6
#1  0x00007ffff4c9d105 in abort () from /lib64/libc.so.6
#2  0x00007ffff7e5cfe1 in qdev_prop_set (dev=0x7ffff8708490, name=0x7ffff7f722fc "serial", src=0x7fffffffcfd8, 
    type=PROP_TYPE_STRING) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev-properties.c:688
#3  0x00007ffff7e5d188 in qdev_prop_set_string (dev=<value optimized out>, name=<value optimized out>, 
    value=0x7ffff8745fc0 "0x123") at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev-properties.c:725
#4  0x00007ffff7e4a25e in scsi_bus_legacy_add_drive (bus=<value optimized out>, bdrv=0x7ffff86e3580, unit=0, 
    removable=false, bootindex=-1, serial=0x7ffff8745fc0 "0x123") at /usr/src/debug/qemu-kvm-0.12.1.2/hw/scsi-bus.c:205
#5  0x00007ffff7e47de2 in usb_msd_initfn (dev=0x7ffff87072c0) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-msd.c:588
#6  0x00007ffff7e466c2 in usb_qdev_init (qdev=0x7ffff87072c0, base=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-bus.c:96
#7  0x00007ffff7e5b3a8 in qdev_init (dev=0x7ffff87072c0) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev.c:284
#8  0x00007ffff7e5b7bf in qdev_device_add (opts=0x7ffff86e0b60) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev.c:259
#9  0x00007ffff7dc5ce9 in device_init_func (opts=<value optimized out>, opaque=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4784
#10 0x00007ffff7dfddda in qemu_opts_foreach (list=<value optimized out>, func=0x7ffff7dc5ce0 <device_init_func>, 
    opaque=0x0, abort_on_failure=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-option.c:1035
#11 0x00007ffff7dca58c in main (argc=12, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6447
(gdb) bt full
#0  0x00007ffff4c9b925 in raise () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007ffff4c9d105 in abort () from /lib64/libc.so.6
No symbol table info available.
#2  0x00007ffff7e5cfe1 in qdev_prop_set (dev=0x7ffff8708490, name=0x7ffff7f722fc "serial", src=0x7fffffffcfd8, 
    type=PROP_TYPE_STRING) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev-properties.c:688
        prop = <value optimized out>
        __FUNCTION__ = "qdev_prop_set"
#3  0x00007ffff7e5d188 in qdev_prop_set_string (dev=<value optimized out>, name=<value optimized out>, 
    value=0x7ffff8745fc0 "0x123") at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev-properties.c:725
No locals.
#4  0x00007ffff7e4a25e in scsi_bus_legacy_add_drive (bus=<value optimized out>, bdrv=0x7ffff86e3580, unit=0, 
    removable=false, bootindex=-1, serial=0x7ffff8745fc0 "0x123") at /usr/src/debug/qemu-kvm-0.12.1.2/hw/scsi-bus.c:205
        driver = <value optimized out>
        dev = 0x7ffff8708490
#5  0x00007ffff7e47de2 in usb_msd_initfn (dev=0x7ffff87072c0) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-msd.c:588
        s = 0x7ffff87072c0
        bs = 0x7ffff86e3580
        dinfo = <value optimized out>
#6  0x00007ffff7e466c2 in usb_qdev_init (qdev=0x7ffff87072c0, base=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-bus.c:96
        dev = 0x7ffff87072c0
        info = <value optimized out>
        rc = 0
#7  0x00007ffff7e5b3a8 in qdev_init (dev=0x7ffff87072c0) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev.c:284
        rc = <value optimized out>
        __PRETTY_FUNCTION__ = "qdev_init"
#8  0x00007ffff7e5b7bf in qdev_device_add (opts=0x7ffff86e0b60) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev.c:259
        driver = 0x7ffff86e0c30 "usb-storage"
        path = 0x0
        id = <value optimized out>
        info = 0x7ffff82d3f00
        qdev = 0x7ffff87072c0
        bus = <value optimized out>
        __func__ = "qdev_device_add"
#9  0x00007ffff7dc5ce9 in device_init_func (opts=<value optimized out>, opaque=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4784
        dev = <value optimized out>
#10 0x00007ffff7dfddda in qemu_opts_foreach (list=<value optimized out>, func=0x7ffff7dc5ce0 <device_init_func>, 
    opaque=0x0, abort_on_failure=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-option.c:1035
        loc = {kind = LOC_CMDLINE, num = 2, ptr = 0x7fffffffe588, prev = 0x7ffff82f3e60}
        opts = 0x7ffff86e0b60
        rc = <value optimized out>
#11 0x00007ffff7dca58c in main (argc=12, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6447
        gdbstub_dev = 0x0
        i = <value optimized out>
        snapshot = 0
        linux_boot = 0
        initrd_filename = 0x0
        kernel_filename = 0x0
        kernel_cmdline = 0x7ffff7f8fa6f ""
        boot_devices = "cad", '\000' <repeats 29 times>
        ds = <value optimized out>
        dcl = <value optimized out>
        cyls = 0
        heads = 0
        secs = 0
        translation = 0
        hda_opts = 0x7ffff82ef270
        opts = <value optimized out>
        olist = <value optimized out>
        optind = 12
        optarg = 0x7fffffffe88d "stdio"
        loadvm = 0x0
        machine = 0x7ffff82e8780
        cpu_model = 0x0
        fds = {0, 0}
        tb_size = 0
        pid_file = 0x0
        incoming = 0x0
        fd = 0
        pwd = 0x0
        chroot_dir = 0x0
        run_as = 0x0
        env = <value optimized out>
        show_vnc_port = 0
        defconfig = <value optimized out>
        defconfig_verbose = <value optimized out>
(gdb)

Verify this issue on qemu-kvm-0.12.1.2-2.410.el6.x86_64 with the same steps as comment #0.

host info:
# uname -r && rpm -q qemu-kvm
2.6.32-420.el6.x86_64
qemu-kvm-0.12.1.2-2.410.el6.x86_64

Steps:
1.insert a USB stick to host and get the displays mapping between Linux sg and other SCSI devices.
# sg_map
/dev/sg0  /dev/sda
/dev/sg1  /dev/sr0
/dev/sg2  /dev/sdb
2.boot guest with setting usb-storage property serial when property drive refers to a SCSI generic device.
# # /usr/libexec/qemu-kvm -M pc -S -cpu SandyBridge -nodefaults -enable-kvm -m 2048 -smp 2,sockets=2,cores=1,threads=1 -no-kvm-pit-reinjection -usb -device usb-tablet,id=input0 -name sluo -uuid 990ea161-6b67-47b2-b803-19fb01d30d30 -rtc base=localtime,clock=host,driftfix=slew -drive file=/home/Qemu-ga-RHEL-Server-6.5-64bit.qcow2,if=none,id=drive-virtio-disk,format=qcow2,cache=none,aio=native,werror=stop,rerror=stop -device virtio-blk-pci,vectors=0,bus=pci.0,addr=0x4,scsi=off,drive=drive-virtio-disk,id=virtio-disk,bootindex=1 -netdev tap,id=hostnet0,vhost=on,script=/etc/qemu-ifup -device virtio-net-pci,netdev=hostnet0,id=virtio-net-pci0,mac=2C:41:38:B6:40:21,bus=pci.0,addr=0x5 -device virtio-balloon-pci,id=ballooning,bus=pci.0,addr=0x6 -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -k en-us -boot menu=on -qmp tcp:0:4444,server,nowait -serial unix:/tmp/ttyS0,server,nowait -vnc :1 -spice disable-ticketing,port=5931 -vga qxl -monitor stdio -usb -drive if=none,file=/dev/sg2,id=usb-drv0 -device usb-storage,id=usb-msd0,drive=usb-drv0,serial=0x123

Results:
after step 2, attempting to set usb-storage property serial successfully when property drive refers to a SCSI generic device, no any crash and the ust stick worked well(e.g: format, dd..) in guest correctly.
(qemu) info usb
  Device 0.2, Port 1, Speed 12 Mb/s, Product QEMU USB Tablet
  Device 0.3, Port 2, Speed 12 Mb/s, Product QEMU USB Hub
  Device 0.4, Port 2.1, Speed 12 Mb/s, Product QEMU USB MSD
(qemu)

Base on above, this issue has been fixed correctly, move to VERIFIED status. please correct me if any mistake.

Best Regards,
sluo

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-1553.html