1013478 – -device usb-storage,serial=... crashes with SCSI generic drive

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1013478 - -device usb-storage,serial=... crashes with SCSI generic drive

Summary: -device usb-storage,serial=... crashes with SCSI generic drive

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	6.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Markus Armbruster
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:	1009285
Blocks:
TreeView+	depends on / blocked

Reported:	2013-09-30 07:52 UTC by Sibiao Luo
Modified:	2013-11-21 06:03 UTC (History)
CC List:	10 users (show)
Fixed In Version:	qemu-kvm-0.12.1.2-2.409.el6
Doc Type:	Bug Fix
Doc Text:
Clone Of:	1009285
Environment:
Last Closed:	2013-11-21 06:03:12 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2013:1553	0	normal	SHIPPED_LIVE	Important: qemu-kvm security, bug fix, and enhancement update	2013-11-20 21:40:29 UTC

Comment 1 Sibiao Luo 2013-09-30 07:54:18 UTC

host info:
# uname -r && rpm -q qemu-kvm
2.6.32-420.el6.x86_64
qemu-kvm-0.12.1.2-2.407.el6.x86_64

e.g: # /usr/libexec/qemu-kvm -nodefaults -vga qxl -S -usb -drive if=none,file=/dev/sg2,id=usb-drv0 -device usb-storage,id=usb-msd0,drive=usb-drv0,serial=0x123 -monitor stdio

(gdb) bt
#0  0x00007ffff4c9b925 in raise () from /lib64/libc.so.6
#1  0x00007ffff4c9d105 in abort () from /lib64/libc.so.6
#2  0x00007ffff7e5cfe1 in qdev_prop_set (dev=0x7ffff8708490, name=0x7ffff7f722fc "serial", src=0x7fffffffcfd8, 
    type=PROP_TYPE_STRING) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev-properties.c:688
#3  0x00007ffff7e5d188 in qdev_prop_set_string (dev=<value optimized out>, name=<value optimized out>, 
    value=0x7ffff8745fc0 "0x123") at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev-properties.c:725
#4  0x00007ffff7e4a25e in scsi_bus_legacy_add_drive (bus=<value optimized out>, bdrv=0x7ffff86e3580, unit=0, 
    removable=false, bootindex=-1, serial=0x7ffff8745fc0 "0x123") at /usr/src/debug/qemu-kvm-0.12.1.2/hw/scsi-bus.c:205
#5  0x00007ffff7e47de2 in usb_msd_initfn (dev=0x7ffff87072c0) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-msd.c:588
#6  0x00007ffff7e466c2 in usb_qdev_init (qdev=0x7ffff87072c0, base=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-bus.c:96
#7  0x00007ffff7e5b3a8 in qdev_init (dev=0x7ffff87072c0) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev.c:284
#8  0x00007ffff7e5b7bf in qdev_device_add (opts=0x7ffff86e0b60) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev.c:259
#9  0x00007ffff7dc5ce9 in device_init_func (opts=<value optimized out>, opaque=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4784
#10 0x00007ffff7dfddda in qemu_opts_foreach (list=<value optimized out>, func=0x7ffff7dc5ce0 <device_init_func>, 
    opaque=0x0, abort_on_failure=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-option.c:1035
#11 0x00007ffff7dca58c in main (argc=12, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6447
(gdb) bt full
#0  0x00007ffff4c9b925 in raise () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007ffff4c9d105 in abort () from /lib64/libc.so.6
No symbol table info available.
#2  0x00007ffff7e5cfe1 in qdev_prop_set (dev=0x7ffff8708490, name=0x7ffff7f722fc "serial", src=0x7fffffffcfd8, 
    type=PROP_TYPE_STRING) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev-properties.c:688
        prop = <value optimized out>
        __FUNCTION__ = "qdev_prop_set"
#3  0x00007ffff7e5d188 in qdev_prop_set_string (dev=<value optimized out>, name=<value optimized out>, 
    value=0x7ffff8745fc0 "0x123") at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev-properties.c:725
No locals.
#4  0x00007ffff7e4a25e in scsi_bus_legacy_add_drive (bus=<value optimized out>, bdrv=0x7ffff86e3580, unit=0, 
    removable=false, bootindex=-1, serial=0x7ffff8745fc0 "0x123") at /usr/src/debug/qemu-kvm-0.12.1.2/hw/scsi-bus.c:205
        driver = <value optimized out>
        dev = 0x7ffff8708490
#5  0x00007ffff7e47de2 in usb_msd_initfn (dev=0x7ffff87072c0) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-msd.c:588
        s = 0x7ffff87072c0
        bs = 0x7ffff86e3580
        dinfo = <value optimized out>
#6  0x00007ffff7e466c2 in usb_qdev_init (qdev=0x7ffff87072c0, base=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/usb-bus.c:96
        dev = 0x7ffff87072c0
        info = <value optimized out>
        rc = 0
#7  0x00007ffff7e5b3a8 in qdev_init (dev=0x7ffff87072c0) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev.c:284
        rc = <value optimized out>
        __PRETTY_FUNCTION__ = "qdev_init"
#8  0x00007ffff7e5b7bf in qdev_device_add (opts=0x7ffff86e0b60) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qdev.c:259
        driver = 0x7ffff86e0c30 "usb-storage"
        path = 0x0
        id = <value optimized out>
        info = 0x7ffff82d3f00
        qdev = 0x7ffff87072c0
        bus = <value optimized out>
        __func__ = "qdev_device_add"
#9  0x00007ffff7dc5ce9 in device_init_func (opts=<value optimized out>, opaque=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4784
        dev = <value optimized out>
#10 0x00007ffff7dfddda in qemu_opts_foreach (list=<value optimized out>, func=0x7ffff7dc5ce0 <device_init_func>, 
    opaque=0x0, abort_on_failure=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-option.c:1035
        loc = {kind = LOC_CMDLINE, num = 2, ptr = 0x7fffffffe588, prev = 0x7ffff82f3e60}
        opts = 0x7ffff86e0b60
        rc = <value optimized out>
#11 0x00007ffff7dca58c in main (argc=12, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6447
        gdbstub_dev = 0x0
        i = <value optimized out>
        snapshot = 0
        linux_boot = 0
        initrd_filename = 0x0
        kernel_filename = 0x0
        kernel_cmdline = 0x7ffff7f8fa6f ""
        boot_devices = "cad", '\000' <repeats 29 times>
        ds = <value optimized out>
        dcl = <value optimized out>
        cyls = 0
        heads = 0
        secs = 0
        translation = 0
        hda_opts = 0x7ffff82ef270
        opts = <value optimized out>
        olist = <value optimized out>
        optind = 12
        optarg = 0x7fffffffe88d "stdio"
        loadvm = 0x0
        machine = 0x7ffff82e8780
        cpu_model = 0x0
        fds = {0, 0}
        tb_size = 0
        pid_file = 0x0
        incoming = 0x0
        fd = 0
        pwd = 0x0
        chroot_dir = 0x0
        run_as = 0x0
        env = <value optimized out>
        show_vnc_port = 0
        defconfig = <value optimized out>
        defconfig_verbose = <value optimized out>
(gdb)

Comment 6 Sibiao Luo 2013-10-08 02:59:05 UTC

Verify this issue on qemu-kvm-0.12.1.2-2.410.el6.x86_64 with the same steps as comment #0.

host info:
# uname -r && rpm -q qemu-kvm
2.6.32-420.el6.x86_64
qemu-kvm-0.12.1.2-2.410.el6.x86_64

Steps:
1.insert a USB stick to host and get the displays mapping between Linux sg and other SCSI devices.
# sg_map
/dev/sg0  /dev/sda
/dev/sg1  /dev/sr0
/dev/sg2  /dev/sdb
2.boot guest with setting usb-storage property serial when property drive refers to a SCSI generic device.
# # /usr/libexec/qemu-kvm -M pc -S -cpu SandyBridge -nodefaults -enable-kvm -m 2048 -smp 2,sockets=2,cores=1,threads=1 -no-kvm-pit-reinjection -usb -device usb-tablet,id=input0 -name sluo -uuid 990ea161-6b67-47b2-b803-19fb01d30d30 -rtc base=localtime,clock=host,driftfix=slew -drive file=/home/Qemu-ga-RHEL-Server-6.5-64bit.qcow2,if=none,id=drive-virtio-disk,format=qcow2,cache=none,aio=native,werror=stop,rerror=stop -device virtio-blk-pci,vectors=0,bus=pci.0,addr=0x4,scsi=off,drive=drive-virtio-disk,id=virtio-disk,bootindex=1 -netdev tap,id=hostnet0,vhost=on,script=/etc/qemu-ifup -device virtio-net-pci,netdev=hostnet0,id=virtio-net-pci0,mac=2C:41:38:B6:40:21,bus=pci.0,addr=0x5 -device virtio-balloon-pci,id=ballooning,bus=pci.0,addr=0x6 -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -k en-us -boot menu=on -qmp tcp:0:4444,server,nowait -serial unix:/tmp/ttyS0,server,nowait -vnc :1 -spice disable-ticketing,port=5931 -vga qxl -monitor stdio -usb -drive if=none,file=/dev/sg2,id=usb-drv0 -device usb-storage,id=usb-msd0,drive=usb-drv0,serial=0x123

Results:
after step 2, attempting to set usb-storage property serial successfully when property drive refers to a SCSI generic device, no any crash and the ust stick worked well(e.g: format, dd..) in guest correctly.
(qemu) info usb
  Device 0.2, Port 1, Speed 12 Mb/s, Product QEMU USB Tablet
  Device 0.3, Port 2, Speed 12 Mb/s, Product QEMU USB Hub
  Device 0.4, Port 2.1, Speed 12 Mb/s, Product QEMU USB MSD
(qemu)

Base on above, this issue has been fixed correctly, move to VERIFIED status. please correct me if any mistake.

Best Regards,
sluo

Comment 7 errata-xmlrpc 2013-11-21 06:03:12 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-1553.html

Note You need to log in before you can comment on or make changes to this bug.