Bug 595665

Summary: Guest crashed after hot add virtio disk in win7 64bit guest
Product: Red Hat Enterprise Linux 6 Reporter: Mike Cao <bcao>
Component: qemu-kvmAssignee: Markus Armbruster <armbru>
Status: CLOSED NOTABUG QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.0CC: lihuang, llim, michen, ndai, tburke, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-07-08 17:10:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mike Cao 2010-05-25 10:32:08 UTC 
Description of problem:
Guest crashed after hot add virtio disk because the host core dumps

Version-Release number of selected component (if applicable):
Host:
# uname -r
2.6.32-28.el6.x86_64
Guest:
windows 7 64 bit.

How reproducible:
100%

Steps to Reproduce:
1.start windows 7 bit guest with ide disk.
2.in the qemu add the newest version virtio-win.iso by using then install virtio disk drivers in the guest
3.in the qemu,hot add a virtio disk by using :(qemu)  pci_add pci_addr=auto storage file=/Images/test3.qcow2,if=virtio
  
Actual results:
VM crashed.
in the host It shows following err msg:

(qemu) pci_add pci_addr=auto storage file=/Images/test3.qcow2,if=virtio
OK domain 0, bus 0, slot 7, function 0
(qemu) qemu: hardware error: register_ioport_write: invalid opaque
CPU #0:
RAX=000007fffffde800 RBX=fffff900c01c9c30 RCX=fffff880045d1b68 RDX=0000000000000000
RSI=0000000000000000 RDI=0000000000000000 RBP=fffff880045d1ca0 RSP=fffff880045d1a00
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000
R12=0000000000000001 R13=fffff880045d1b68 R14=0000000000000000 R15=0000000000000000
RIP=fffff96000199411 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0053 00000000fffe0000 00003c00 0040f300 DPL=3 DS   [-WA]
GS =002b fffff800027f4d00 ffffffff 00c0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00000000
TR =0040 fffff80000b96080 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffff80000b95000 0000007f
IDT=     fffff80000b95080 00000fff
CR0=80050031 CR2=fffff8a001850c90 CR3=00000001030e3000 CR4=000006f8
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
FCW=027f FSW=0000 [ST=0] FTW=00 MXCSR=00000000
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
CPU #1:
RAX=0000000000000407 RBX=0000000000000002 RCX=fffff88003132460 RDX=0000000000000cfc
RSI=fffff88003132620 RDI=0000000000000004 RBP=fffff88003132460 RSP=fffff880031323a8
R8 =0000000000000000 R9 =fffff88003132620 R10=0000000000000000 R11=0000000000000006
R12=fffff80002c0b890 R13=fffff88000e1d200 R14=fffff80002c111d0 R15=0000000000000001
RIP=fffff80002bf44bb RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 00000000 00209b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0053 00000000ffef4000 00007c00 0040f300 DPL=3 DS   [-WA]
GS =002b fffff880009e6000 ffffffff 00c0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00000000
TR =0040 fffff880009eaec0 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffff880009f14c0 0000007f
IDT=     fffff880009f1540 00000fff
CR0=80050031 CR2=0000000077275360 CR3=0000000000187000 CR4=000006f8
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
FCW=027f FSW=3800 [ST=7] FTW=80 MXCSR=00000000
FPR0=9fc0000000000000 4008 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=fffff80002981e80fffff8a0000a0008 XMM01=00000000000000000000000000000000
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000
XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000
XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
Aborted (core dumped)


Expected results:
the disk can be added successfully.


Additional info:
Comment 2 RHEL Program Management 2010-05-28 10:36:10 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.
Comment 3 Markus Armbruster 2010-06-10 08:10:43 UTC 
A couple of questions:

Just to make sure: it doesn't happen with a Linux guest, does it?

Does the problem exist with device_add instead of pci_add as well?  To test, start qemu with "-drive if=none,file=/Images/test3.qcow2,id=foo", then give monitor command "device_add virtio-blk-pci"

Could you capture a stack backtrace?
Comment 4 Mike Cao 2010-06-11 10:16:28 UTC 
(In reply to comment #3)
> A couple of questions:
> 
> Just to make sure: it doesn't happen with a Linux guest, does it?

yup,I test with RHEL5 ,it will NOT trigger this issue.

> Does the problem exist with device_add instead of pci_add as well?  To test,
> start qemu with "-drive if=none,file=/Images/test3.qcow2,id=foo", then give
> monitor command "device_add virtio-blk-pci"

(qemu)device_add virtio-blk-pci,drive=foo
I tried 2 times ,It does NOT trigger this issue.

> Could you capture a stack backtrace?  

(gdb)bt
0x000000366e8329c5 in raise () from /lib64/libc.so.6
#1  0x000000366e8341a5 in abort () from /lib64/libc.so.6
#2  0x000000000040cee8 in hw_error (fmt=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:355
#3  0x00000000004a013b in register_ioport_write (start=<value optimized out>, 
    length=<value optimized out>, size=6, func=0xffffffffffffffff, 
    opaque=0x7f03efe44710) at ioport.c:170
#4  0x0000000000420248 in virtio_map (pci_dev=0x1882920, 
    region_num=<value optimized out>, addr=65408, size=<value optimized out>, 
    type=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-pci.c:363
#5  0x000000000041840b in pci_update_mappings (d=0x1882920)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/pci.c:1002
#6  0x00000000004209d0 in virtio_write_config (pci_dev=0x1882920, address=4, 
    val=1031, len=2) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/virtio-pci.c:386
#7  0x000000000042a551 in kvm_handle_io (env=0x17c04c0)
    at /usr/src/debug/qemu-kvm-0.12.1.2/kvm-all.c:538
#8  kvm_run (env=0x17c04c0) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:969
#9  0x000000000042a5f9 in kvm_cpu_exec (env=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1652
#10 0x000000000042b21f in kvm_main_loop_cpu (_env=0x17c04c0)
    at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1894
#11 ap_main_loop (_env=0x17c04c0)
#12 0x000000366f007761 in start_thread () from /lib64/libpthread.so.0
#13 0x000000366e8e14fd in clone () from /lib64/libc.so.6

  
Additional info :
The issue was found in qemu-kvm-0.12.1.2-2.62.el6
Comment 6 Markus Armbruster 2010-07-08 17:10:59 UTC 
pci_add is gone since qemu-kvm-0.12.1.2-2.76.el6 (bug 602590). According to comment#4, device_add is not affected.  Therefore, I'm going to close as NOTABUG.

Please reopen if you can reproduce it with device_add.