Bug 1454537

Summary: [Q35] qemu core dump when hotplug scsi disk three times
Product: Red Hat Enterprise Linux 7 Reporter: jinchen
Component: qemu-kvm-rhevAssignee: Fam Zheng <famz>
Status: CLOSED DUPLICATE QA Contact: jingzhao <jinzhao>
Severity: high Docs Contact:
Priority: high    
Version: 7.4CC: chayang, drjones, jinchen, jinzhao, juzhang, knoel, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-06-14 03:06:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description jinchen 2017-05-23 01:51:57 UTC 
Description of problem:
qemu core dump when hotplug scsi disk three times

Version-Release number of selected component (if applicable):
[root@ibm-x3850x5-09 dir]# uname -r
3.10.0-668.el7.x86_64
[root@ibm-x3850x5-09 dir]# rpm -qa |grep qemu-kvm-rhev
qemu-kvm-rhev-2.9.0-5.el7.x86_64
qemu-kvm-rhev-debuginfo-2.9.0-5.el7.x86_64
[root@ibm-x3850x5-09 dir]# rpm -qa |grep OVMF
OVMF-20170228-5.gitc325e41585e3.el7.noarch


How reproducible:
3/3

Steps to Reproduce:
1. Boot guest with qemu command line [1]

2. Hot-plug virtio-scsi disk with qmp 

{"execute":"__com.redhat_drive_add", "arguments": {"file":"/home/test/win/win7/block.qcow2","format":"qcow2","id":"drive_datadisk0"}}
{"return": {}}

{"execute":"device_add","arguments":{"driver":"virtio-scsi-pci","id":"scsi2","bus":"root2"}}
{"return": {}}

{"execute":"device_add","arguments":{"driver":"scsi-hd","drive":"drive_datadisk0","id":"device_datadisk0","bus":"scsi2.0"}}
{"return": {}}

3. un plug virtio scsi with qmp

{"execute":"device_del","arguments":{"id":"device_datadisk0"}}
{"timestamp": {"seconds": 1495503229, "microseconds": 237752}, "event": "DEVICE_DELETED", "data": {"device": "device_datadisk0", "path": "/machine/peripheral/device_datadisk0"}}
{"return": {}}

{"execute":"device_del","arguments":{"id":"scsi2"}}
{"return": {}}
{"timestamp": {"seconds": 1495503240, "microseconds": 245602}, "event": "DEVICE_DELETED", "data": {"path": "/machine/peripheral/scsi2/virtio-backend"}}
{"timestamp": {"seconds": 1495503240, "microseconds": 245672}, "event": "DEVICE_DELETED", "data": {"device": "scsi2", "path": "/machine/peripheral/scsi2"}}

4. repeat step2 and step3 for 3 times 

Actual results:
qemu core dump when hotplug virtio scsi disk at 3rd times

Expected results:
Hot-plug successfully and no core dump
(gdb) bt
#0  0x00005606d5c69451 in memory_listener_register (listener=listener@entry=0x5606dad3a260, as=as@entry=0x5606dad3a210)
    at /usr/src/debug/qemu-2.9.0/memory.c:2381
#1  0x00005606d5c19e57 in address_space_init_dispatch (as=as@entry=0x5606dad3a210) at /usr/src/debug/qemu-2.9.0/exec.c:2561
#2  0x00005606d5c69677 in address_space_init (as=0x5606dad3a210, root=0x5606dad3a320, name=0x5606dad3a0b8 "")
    at /usr/src/debug/qemu-2.9.0/memory.c:2425
#3  0x00005606d5ddb39f in pci_qdev_realize (errp=0x7ffd1b7fa960, devfn=<optimized out>, name=0x5606d73e3c70 "virtio-scsi-pci", bus=0x5606d95e59f0, pci_dev=0x5606dad3a000) at hw/pci/pci.c:1006
#4  0x00005606d5ddb39f in pci_qdev_realize (qdev=0x5606dad3a000, errp=0x7ffd1b7fa960) at hw/pci/pci.c:1994
#5  0x00005606d5d7f861 in device_set_realized (obj=<optimized out>, value=<optimized out>, errp=0x7ffd1b7faa98) at hw/core/qdev.c:939
#6  0x00005606d5e65e2e in property_set_bool (obj=0x5606dad3a000, v=<optimized out>, name=<optimized out>, opaque=0x5606d7925e80, errp=0x7ffd1b7faa98)
    at qom/object.c:1860
#7  0x00005606d5e69aef in object_property_set_qobject (obj=0x5606dad3a000, value=<optimized out>, name=0x5606d5f9010b "realized", errp=0x7ffd1b7faa98) at qom/qom-qobject.c:27
#8  0x00005606d5e67960 in object_property_set_bool (obj=0x5606dad3a000, value=<optimized out>, name=0x5606d5f9010b "realized", errp=0x7ffd1b7faa98)
    at qom/object.c:1163
#9  0x00005606d5d2ae43 in qdev_device_add (opts=opts@entry=0x5606d73e87b0, errp=errp@entry=0x7ffd1b7fab70) at qdev-monitor.c:623
#10 0x00005606d5d2b3d3 in qmp_device_add (qdict=<optimized out>, ret_data=ret_data@entry=0x0, errp=errp@entry=0x7ffd1b7faba0) at qdev-monitor.c:800
#11 0x00005606d5d4405a in hmp_device_add (mon=<optimized out>, qdict=<optimized out>) at hmp.c:1720
#12 0x00005606d5c5711e in handle_hmp_command (mon=mon@entry=0x5606d73c0100, cmdline=0x5606d789400b "virtio-scsi-pci,id=scsi2,bus=root2")
    at /usr/src/debug/qemu-2.9.0/monitor.c:3111
#13 0x00005606d5c587a7 in monitor_command_cb (opaque=0x5606d73c0100, cmdline=<optimized out>, readline_opaque=<optimized out>)
    at /usr/src/debug/qemu-2.9.0/monitor.c:3909
#14 0x00005606d5f35338 in readline_handle_byte (rs=0x5606d7894000, ch=<optimized out>) at util/readline.c:393
#15 0x00005606d5c57327 in monitor_read (opaque=<optimized out>, buf=<optimized out>, size=<optimized out>)
    at /usr/src/debug/qemu-2.9.0/monitor.c:3892
#16 0x00005606d5ed0abf in fd_chr_read (chan=0x5606d73dc040, cond=<optimized out>, opaque=0x5606d7488bb0) at chardev/char-fd.c:66
#17 0x00007fdc1ef884c9 in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#18 0x00005606d5f2308c in main_loop_wait () at util/main-loop.c:213
#19 0x00005606d5f2308c in main_loop_wait (timeout=<optimized out>) at util/main-loop.c:261
#20 0x00005606d5f2308c in main_loop_wait (nonblocking=nonblocking@entry=0) at util/main-loop.c:517
#21 0x00005606d5c12a1c in main () at vl.c:1898
#22 0x00005606d5c12a1c in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4720



Additional info:
can reproduce the issue with rhel7.4 guest on ovmf and seabios


[1]
/usr/libexec/qemu-kvm \
-M q35 \
-cpu Penryn \
-nodefaults -rtc base=utc \
-m 2G \
-smp 2,sockets=1,cores=2,threads=1 \
-enable-kvm \
-name rhel7.4 \
-uuid 990ea161-6b67-47b2-b803-19fb01d30d12 \
-smbios type=1,manufacturer='Red Hat',product='RHEV Hypervisor',version=el6,serial=koTUXQrb,uuid=feebc8fd-f8b0-4e75-abc3-e63fcdb67170 \
-drive file=/usr/share/OVMF/OVMF_CODE.secboot.fd,if=pflash,format=raw,unit=0 \
-drive file=/usr/share/OVMF/OVMF_VARS.fd,if=pflash,format=raw,unit=1 \
-k en-us \
-serial unix:/tmp/console,server,nowait \
-boot menu=on -qmp tcp::4446,server,nowait \
-spice port=5906,disable-ticketing \
-vga qxl \
-device pcie-root-port,id=root1,slot=1 \
-drive file=/home/jinchen/demo/test/win7.ovmf,if=none,id=drive0,format=qcow2,cache=none,werror=stop,rerror=stop,aio=threads \
-device virtio-scsi-pci,id=scsi1,bus=root1 \
-device scsi-hd,id=virtio-disk0,drive=drive0,bus=scsi1.0,bootindex=1 \
-device pcie-root-port,id=root2,slot=2 \
-device pcie-root-port,id=root3,slot=3,multifunction=on,addr=0xa.0 \
-netdev tap,vhost=on,id=dev1 \
-device virtio-net-pci,netdev=dev1,id=net1,mac=9a:6a:6b:6c:6d:6a \
-monitor stdio \
-cdrom /home/jinchen/en_windows_7_ultimate_with_sp1_x64_dvd_u_677332.iso \
-device ahci,id=ahci0,bus=pcie.0 \
-drive file=/usr/share/virtio-win/virtio-win-1.9.0.iso,if=none,media=cdrom,id=drive-ide1,format=raw \
-device ide-drive,bus=ahci0.0,drive=drive-ide1,id=ahci1 \
-usb -device usb-tablet \
Comment 2 jinchen 2017-05-23 02:43:47 UTC 
didn't reproduce the issue with virtio blk  on win7+ovmf and win7+seabios

can reproduce the issue with virtio blk on win7+seabios
Comment 3 jinchen 2017-05-23 02:46:21 UTC 
please ignore comment 2

didn't reproduce the issue with virtio blk  on win7+ovmf and win7+seabios

can reproduce the issue with virtio scsi disk on win7+seabios
Comment 4 Ademar Reis 2017-05-24 17:55:24 UTC 
May be related to Bug 1449031.