Bug 1019220

Summary: QEMU core dumped when using -drive if=scsi
Product: Red Hat Enterprise Linux 6 Reporter: Sibiao Luo <sluo>
Component: qemu-kvmAssignee: Fam Zheng <famz>
Status: CLOSED WONTFIX QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.5CC: acathrow, bsarathy, chayang, famz, juzhang, michen, mkenneth, pbonzini, qzhang, virt-maint, xfu
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1019535 (view as bug list) Environment:
Last Closed: 2014-04-23 03:08:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1019535    

Description Sibiao Luo 2013-10-15 10:14:19 UTC 
Description of problem:
boot up a guest attaching a data disk speicified if=scsi/ide without rerror=stop in cli, the QEMU will quit and core dumped.

Version-Release number of selected component (if applicable):
# uname -r && rpm -q qemu-kvm-rhev
2.6.32-422.el6.x86_64
qemu-kvm-rhev-0.12.1.2-2.412.el6.x86_64
guest info:
2.6.32-422.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1.boot up a guest attaching a data disk speicified if=scsi/ide without rerror=stop in cli.
# qemu-img info my-data-disk.qcow2 
image: my-data-disk.qcow2
file format: qcow2
virtual size: 10G (10737418240 bytes)
disk size: 136K
cluster_size: 65536
# /usr/libexec/qemu-kvm -M pc -S -cpu SandyBridge -enable-kvm -m 2048 -smp 2,sockets=2,cores=1,threads=1 -no-kvm-pit-reinjection -usb -device usb-tablet,id=input0 -name sluo -uuid 990ea161-6b67-47b2-b803-19fb01d30d30 -rtc base=localtime,clock=host,driftfix=slew -device virtio-serial-pci,id=virtio-serial0,max_ports=16,vectors=0,bus=pci.0,addr=0x3 -chardev socket,id=channel1,path=/tmp/helloworld1,server,nowait -device virtserialport,chardev=channel1,name=com.redhat.rhevm.vdsm,bus=virtio-serial0.0,id=port1 -chardev socket,id=channel2,path=/tmp/helloworld2,server,nowait -device virtserialport,chardev=channel2,name=com.redhat.rhevm.vdsm,bus=virtio-serial0.0,id=port2 -drive file=/mnt/RHEL-Server-6.4-64.qcow2,if=none,id=drive-virtio-disk,format=qcow2,cache=none,aio=native,werror=stop,rerror=stop -device virtio-blk-pci,vectors=0,bus=pci.0,addr=0x4,scsi=off,drive=drive-virtio-disk,id=virtio-disk,bootindex=1 -netdev tap,id=hostnet0,vhost=on,script=/etc/qemu-ifup -device virtio-net-pci,netdev=hostnet0,id=virtio-net-pci0,mac=2C:41:38:B6:40:21,bus=pci.0,addr=0x5 -device virtio-balloon-pci,id=ballooning,bus=pci.0,addr=0x6 -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -drive file=/mnt/my-data-disk.qcow2,if=scsi,id=drive-data-disk,format=qcow2,cache=none,werror=stop -device virtio-scsi-pci,bus=pci.0,addr=0x7,id=scsi0 -device scsi-hd,drive=drive-data-disk,id=data-disk,bus=scsi0.0 -k en-us -boot menu=on -spice disable-ticketing,port=5931 -monitor stdio
qemu: hardware error: Unknown device 'lsi53c895a' for bus 'PCI'

CPU #0:
EAX=00000000 EBX=00000000 ECX=00000000 EDX=000206a1
ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000
EIP=0000fff0 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 00000000 0000ffff 00009300
CS =f000 ffff0000 0000ffff 00009b00
SS =0000 00000000 0000ffff 00009300
DS =0000 00000000 0000ffff 00009300
FS =0000 00000000 0000ffff 00009300
GS =0000 00000000 0000ffff 00009300
LDT=0000 00000000 0000ffff 00008200
TR =0000 00000000 0000ffff 00008b00
GDT=     00000000 0000ffff
IDT=     00000000 0000ffff
CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000
DR0=00000000 DR1=00000000 DR2=00000000 DR3=00000000 
DR6=ffff0ff0 DR7=00000400
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
CPU #1:
EAX=00000000 EBX=00000000 ECX=00000000 EDX=000206a1
ESI=00000000 EDI=00000000 EBP=00000000 ESP=00000000
EIP=0000fff0 EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 00000000 0000ffff 00009300
CS =f000 ffff0000 0000ffff 00009b00
SS =0000 00000000 0000ffff 00009300
DS =0000 00000000 0000ffff 00009300
FS =0000 00000000 0000ffff 00009300
GS =0000 00000000 0000ffff 00009300
LDT=0000 00000000 0000ffff 00008200
TR =0000 00000000 0000ffff 00008b00
GDT=     00000000 0000ffff
IDT=     00000000 0000ffff
CR0=60000010 CR2=00000000 CR3=00000000 CR4=00000000
DR0=00000000 DR1=00000000 DR2=00000000 DR3=00000000 
DR6=ffff0ff0 DR7=00000400
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
Aborted (core dumped)
2.
3.

Actual results:
QEMU will quit and core dumped.

Expected results:
It should give some warnning message prompt if not support, anyway it should no any core dumped.

Additional info:
Comment 1 Sibiao Luo 2013-10-15 10:15:16 UTC 
(gdb) bt
#0  0x00007f8849305925 in raise () from /lib64/libc.so.6
#1  0x00007f8849307105 in abort () from /lib64/libc.so.6
#2  0x00007f884c4349a2 in hw_error (fmt=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:519
#3  0x00007f884c4c9ddd in qdev_create (bus=0x7f884d49d010, name=0x7f884c61e0d1 "lsi53c895a")
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev.c:119
#4  0x00007f884c44218f in pci_create_multifunction (bus=<value optimized out>, devfn=-1, multifunction=false, 
    name=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/pci.c:1580
#5  0x00007f884c4421e9 in pci_create_simple_multifunction (bus=<value optimized out>, devfn=<value optimized out>, 
    multifunction=<value optimized out>, name=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/pci.c:1590
#6  0x00007f884c5b864f in pc_init1 (ram_size=140734446235064, boot_device=0x7fff4aad0020 "cad", kernel_filename=0x0, 
    kernel_cmdline=0x7f884c60088f "", initrd_filename=0x0, cpu_model=0x7fff4aad22ee "SandyBridge", pci_enabled=1)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/pc.c:1429
#7  0x00007f884c435772 in main (argc=59, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6426
(gdb) bt full
#0  0x00007f8849305925 in raise () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007f8849307105 in abort () from /lib64/libc.so.6
No symbol table info available.
#2  0x00007f884c4349a2 in hw_error (fmt=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:519
        ap = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fff4aaceca0, reg_save_area = 0x7fff4aacebd0}}
        env = 0x0
#3  0x00007f884c4c9ddd in qdev_create (bus=0x7f884d49d010, name=0x7f884c61e0d1 "lsi53c895a")
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev.c:119
        info = <value optimized out>
#4  0x00007f884c44218f in pci_create_multifunction (bus=<value optimized out>, devfn=-1, multifunction=false, 
    name=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/pci.c:1580
        dev = <value optimized out>
#5  0x00007f884c4421e9 in pci_create_simple_multifunction (bus=<value optimized out>, devfn=<value optimized out>, 
    multifunction=<value optimized out>, name=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/pci.c:1590
        dev = <value optimized out>
#6  0x00007f884c5b864f in pc_init1 (ram_size=140734446235064, boot_device=0x7fff4aad0020 "cad", kernel_filename=0x0, 
    kernel_cmdline=0x7f884c60088f "", initrd_filename=0x0, cpu_model=0x7fff4aad22ee "SandyBridge", pci_enabled=1)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/pc.c:1429
        max_bus = 0
        bus = <value optimized out>
        filename = <value optimized out>
        ret = <value optimized out>
        i = <value optimized out>
        ram_addr = <value optimized out>
        bios_offset = 140223388942352
        option_rom_offset = <value optimized out>
        below_4g_mem_size = 140734446235064
        above_4g_mem_size = 0
        bios_size = <value optimized out>
        isa_bios_size = <value optimized out>
        pci_bus = 0x7f884d49d010
        piix3_devfn = 8
        cpu_irq = <value optimized out>
        isa_irq = 0x7fff4aacedc0
        i8259 = <value optimized out>
        isa_irq_state = <value optimized out>
        hd = {0x0, 0x0, 0x7f884d1afc10, 0x0}
        fd = {0x7f884d1bfe10, 0x0}
        linux_boot = 0
#7  0x00007f884c435772 in main (argc=59, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6426
        gdbstub_dev = 0x0
        i = <value optimized out>
        snapshot = 0
        linux_boot = 0
        initrd_filename = 0x0
        kernel_filename = 0x0
        kernel_cmdline = 0x7f884c60088f ""
        boot_devices = "cad", '\000' <repeats 29 times>
        ds = <value optimized out>
        dcl = <value optimized out>
        cyls = 0
        heads = 0
        secs = 0
        translation = 0
        hda_opts = 0x7f884c961590
        opts = <value optimized out>
        olist = <value optimized out>
        optind = 59
        optarg = 0x7fff4aad2883 "stdio"
        loadvm = 0x0
        machine = 0x7f884c95aa80
        cpu_model = 0x7fff4aad22ee "SandyBridge"
        fds = {1278800016, 32648}
        tb_size = 0
        pid_file = 0x0
        incoming = 0x0
        fd = 0
        pwd = 0x0
        chroot_dir = 0x0
        run_as = 0x0
        env = <value optimized out>
        show_vnc_port = 0
        defconfig = <value optimized out>
        defconfig_verbose = <value optimized out>
(gdb)
Comment 2 Sibiao Luo 2013-10-15 10:17:03 UTC 
If add rerror=stop in cli, QEMU will not core dumped but quit with promt "rerror is not supported by this bus type".
e.g:...-drive file=/mnt/my-data-disk.qcow2,if=scsi,id=drive-data-disk,format=qcow2,cache=none,rerror=stop,werror=stop -device virtio-scsi-pci,bus=pci.0,addr=0x7,id=scsi0 -device scsi-hd,drive=drive-data-disk,id=data-disk,bus=scsi0.0 -k en-us -boot menu=on -spice disable-ticketing,port=5931 -monitor stdio
qemu-kvm: -drive file=/mnt/my-data-disk.qcow2,if=scsi,id=drive-data-disk,format=qcow2,cache=none,rerror=stop,werror=stop: rerror is not supported by this bus type
/etc/qemu-ifdown: could not launch network script

Best regards,
sluo
Comment 3 Sibiao Luo 2013-10-16 02:45:47 UTC 
(In reply to Sibiao Luo from comment #0)
> Description of problem:
> boot up a guest attaching a data disk speicified if=scsi/ide without
> rerror=stop in cli, the QEMU will quit and core dumped.
>
This bug only hit when specified if=scsi. Please refer to bug 1019538 that if specify if=virtio/ide/floppy.
Comment 4 Fam Zheng 2014-04-17 10:54:21 UTC 
-drive file=/mnt/my-data-disk.qcow2,if=scsi,id=drive-data-disk ... -device scsi-hd,drive=drive-data-disk,id=data-disk,bus=scsi0.0

Notice that an interface is already created with if=scsi, then create another device with the drive, is not a valid use case.

Will look into the core dump and replace it with an exit with a friendly error message.