Bug 1019759

Summary: Qemu core dumpd during shutdown guest after hotunplug > hotplug scsi-block
Product: Red Hat Enterprise Linux 7 Reporter: Qian Guo <qiguo>
Component: qemu-kvmAssignee: Virtualization Maintenance <virt-maint>
Status: CLOSED DUPLICATE QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: acathrow, hhuang, juzhang, michen, sluo, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-10-16 11:18:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Qian Guo 2013-10-16 11:10:53 UTC 
Description of problem:
Test this issue with libiscsi backend scsi-block, hot unplug the scsi-block, then try to hot plug it, it failed with the error "Property 'scsi-block.drive' can't find value 'drive-disk' ", which is expected, but after that, if try to shutdown guest, qemu coredumpd

Version-Release number of selected component (if applicable):
# rpm -q qemu-kvm-rhev
qemu-kvm-rhev-1.5.3-9.el7.x86_64
# uname -r
3.10.0-34.el7.x86_64

Guest is  windows 8.1 32 bit, and with virtio-win-prewhql-0.1-72 installed

How reproducible:
100%

Steps to Reproduce:
1.Boot guest with libiscsi backend scsi-block device (a remote iscsi lun)
# /usr/libexec/qemu-kvm -M pc -cpu Opteron_G3 -enable-kvm -m 4096 -smp 4,sockets=1,cores=4,threads=1 -usb -device usb-tablet,id=input0 -name rhel7 -rtc base=localtime,clock=host,driftfix=slew -monitor stdio -vnc :10 -vga std -netdev tap,id=netdev0,vhost=on,script=/etc/qemu-ifup -device virtio-net-pci,mac=00:1b:21:7a:16:10,netdev=netdev0 -drive file=windows8u1cp1.raw,if=none,format=raw,id=virtio-disk0 -device virtio-blk-pci,drive=virtio-disk0,scsi=off,bootindex=0 -drive file=iscsi://10.66.90.100:3260/iqn.2001-05.com.equallogic:0-8a0906-6751f7d03-039f49b41f3525ca-s2-sluo-259030/0,if=none,id=drive-disk -iscsi initiator-name=iqn.1994-05.com.redhat:sluo,id=iqn -device virtio-scsi-pci,id=scsi1,bus=pci.0,addr=0x6 -device scsi-block,drive=drive-disk,bus=scsi1.0,id=iscsi-disk -boot menu=on

2.After boot up, hot unplug the scsi block via hmp
(qemu) device_del iscsi-disk

3.try to hot added
(qemu) device_add scsi-block,drive=drive-disk,bus=scsi1.0,id=iscsi-disk
Property 'scsi-block.drive' can't find value 'drive-disk'

4.Inside guest, shutdown

Actual results:
qemu-kvm coredumpd
from gdb:
...
Program received signal SIGSEGV, Segmentation fault.
bdrv_getlength (bs=0x0) at block.c:2765
2765	    BlockDriver *drv = bs->drv;
...
(gdb) bt
#0  bdrv_getlength (bs=0x0) at block.c:2765
#1  0x00005555555daacd in bdrv_get_geometry (bs=<optimized out>, nb_sectors_ptr=nb_sectors_ptr@entry=0x7fffebb14990)
    at block.c:2781
#2  0x0000555555689436 in scsi_disk_reset (dev=0x5555564c0390) at hw/scsi/scsi-disk.c:1982
#3  0x000055555563d839 in qdev_reset_one (dev=dev@entry=0x5555564c0390, opaque=opaque@entry=0x0) at hw/core/qdev.c:227
#4  0x000055555563cf30 in qdev_walk_children (dev=0x5555564c0390, devfn=devfn@entry=0x55555563d820 <qdev_reset_one>, 
    busfn=busfn@entry=0x55555563b820 <qbus_reset_one>, opaque=opaque@entry=0x0) at hw/core/qdev.c:376
#5  0x000055555563d03a in qbus_walk_children (bus=bus@entry=0x5555565abad0, 
    devfn=devfn@entry=0x55555563d820 <qdev_reset_one>, busfn=busfn@entry=0x55555563b820 <qbus_reset_one>, 
    opaque=opaque@entry=0x0) at hw/core/qdev.c:360
#6  0x000055555563d0ad in qbus_reset_all (bus=bus@entry=0x5555565abad0) at hw/core/qdev.c:248
#7  0x0000555555777de3 in virtio_scsi_reset (vdev=<optimized out>)
    at /usr/src/debug/qemu-1.5.3/hw/scsi/virtio-scsi.c:451
#8  0x000055555577f9ae in virtio_reset (opaque=0x5555565ab9b8) at /usr/src/debug/qemu-1.5.3/hw/virtio/virtio.c:543
#9  0x00005555556b6a80 in virtio_ioport_write (val=0, addr=<optimized out>, opaque=0x5555565ab1c0)
    at hw/virtio/virtio-pci.c:307
#10 virtio_pci_config_write (opaque=0x5555565ab1c0, addr=<optimized out>, val=0, size=<optimized out>)
    at hw/virtio/virtio-pci.c:422
#11 0x00005555557860c2 in access_with_adjusted_size (addr=addr@entry=18, value=value@entry=0x7fffebb14b58, size=1, 
    access_size_min=<optimized out>, access_size_max=<optimized out>, 
    access=access@entry=0x555555786680 <memory_region_write_accessor>, opaque=opaque@entry=0x5555565ab870)
    at /usr/src/debug/qemu-1.5.3/memory.c:364
#12 0x0000555555787597 in memory_region_iorange_write (iorange=<optimized out>, offset=18, width=1, data=0)
    at /usr/src/debug/qemu-1.5.3/memory.c:439
#13 0x0000555555784c62 in kvm_handle_io (count=1, size=1, direction=1, data=<optimized out>, port=49234)
    at /usr/src/debug/qemu-1.5.3/kvm-all.c:1497
#14 kvm_cpu_exec (env=env@entry=0x55555651bdc0) at /usr/src/debug/qemu-1.5.3/kvm-all.c:1649
#15 0x00005555557302a5 in qemu_kvm_cpu_thread_fn (arg=0x55555651bdc0) at /usr/src/debug/qemu-1.5.3/cpus.c:793
#16 0x00007ffff625ade3 in start_thread () from /lib64/libpthread.so.0
#17 0x00007ffff33a01ad in clone () from /lib64/libc.so.6


Expected results:
Can shutdown successfully and no coredumpd

Additional info:
Comment 1 Hai Huang 2013-10-16 11:18:02 UTC 

*** This bug has been marked as a duplicate of bug 1019757 ***