Bug 1019757 - Qemu core dumpd during shutdown guest after hotunplug > hotplug scsi-block
Summary: Qemu core dumpd during shutdown guest after hotunplug > hotplug scsi-block
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: qemu-kvm
Version: 7.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Fam Zheng
QA Contact: Virtualization Bugs
URL:
Whiteboard:
: 1019759 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-10-16 11:08 UTC by Qian Guo
Modified: 2014-04-28 06:45 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-04-28 06:45:29 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Qian Guo 2013-10-16 11:08:47 UTC 
Description of problem:
Test this issue with libiscsi backend scsi-block, hot unplug the scsi-block, then try to hot plug it, it failed with the error "Property 'scsi-block.drive' can't find value 'drive-disk' ", which is expected, but after that, if try to shutdown guest, qemu coredumpd

Version-Release number of selected component (if applicable):
# rpm -q qemu-kvm-rhev
qemu-kvm-rhev-1.5.3-9.el7.x86_64
# uname -r
3.10.0-34.el7.x86_64

Guest is  windows 8.1 32 bit, and with virtio-win-prewhql-0.1-72 installed

How reproducible:
100%

Steps to Reproduce:
1.Boot guest with libiscsi backend scsi-block device (a remote iscsi lun)
# /usr/libexec/qemu-kvm -M pc -cpu Opteron_G3 -enable-kvm -m 4096 -smp 4,sockets=1,cores=4,threads=1 -usb -device usb-tablet,id=input0 -name rhel7 -rtc base=localtime,clock=host,driftfix=slew -monitor stdio -vnc :10 -vga std -netdev tap,id=netdev0,vhost=on,script=/etc/qemu-ifup -device virtio-net-pci,mac=00:1b:21:7a:16:10,netdev=netdev0 -drive file=windows8u1cp1.raw,if=none,format=raw,id=virtio-disk0 -device virtio-blk-pci,drive=virtio-disk0,scsi=off,bootindex=0 -drive file=iscsi://10.66.90.100:3260/iqn.2001-05.com.equallogic:0-8a0906-6751f7d03-039f49b41f3525ca-s2-sluo-259030/0,if=none,id=drive-disk -iscsi initiator-name=iqn.1994-05.com.redhat:sluo,id=iqn -device virtio-scsi-pci,id=scsi1,bus=pci.0,addr=0x6 -device scsi-block,drive=drive-disk,bus=scsi1.0,id=iscsi-disk -boot menu=on

2.After boot up, hot unplug the scsi block via hmp
(qemu) device_del iscsi-disk

3.try to hot added
(qemu) device_add scsi-block,drive=drive-disk,bus=scsi1.0,id=iscsi-disk
Property 'scsi-block.drive' can't find value 'drive-disk'

4.Inside guest, shutdown

Actual results:
qemu-kvm coredumpd
from gdb:
...
Program received signal SIGSEGV, Segmentation fault.
bdrv_getlength (bs=0x0) at block.c:2765
2765	    BlockDriver *drv = bs->drv;
...
(gdb) bt
#0  bdrv_getlength (bs=0x0) at block.c:2765
#1  0x00005555555daacd in bdrv_get_geometry (bs=<optimized out>, nb_sectors_ptr=nb_sectors_ptr@entry=0x7fffebb14990)
    at block.c:2781
#2  0x0000555555689436 in scsi_disk_reset (dev=0x5555564c0390) at hw/scsi/scsi-disk.c:1982
#3  0x000055555563d839 in qdev_reset_one (dev=dev@entry=0x5555564c0390, opaque=opaque@entry=0x0) at hw/core/qdev.c:227
#4  0x000055555563cf30 in qdev_walk_children (dev=0x5555564c0390, devfn=devfn@entry=0x55555563d820 <qdev_reset_one>, 
    busfn=busfn@entry=0x55555563b820 <qbus_reset_one>, opaque=opaque@entry=0x0) at hw/core/qdev.c:376
#5  0x000055555563d03a in qbus_walk_children (bus=bus@entry=0x5555565abad0, 
    devfn=devfn@entry=0x55555563d820 <qdev_reset_one>, busfn=busfn@entry=0x55555563b820 <qbus_reset_one>, 
    opaque=opaque@entry=0x0) at hw/core/qdev.c:360
#6  0x000055555563d0ad in qbus_reset_all (bus=bus@entry=0x5555565abad0) at hw/core/qdev.c:248
#7  0x0000555555777de3 in virtio_scsi_reset (vdev=<optimized out>)
    at /usr/src/debug/qemu-1.5.3/hw/scsi/virtio-scsi.c:451
#8  0x000055555577f9ae in virtio_reset (opaque=0x5555565ab9b8) at /usr/src/debug/qemu-1.5.3/hw/virtio/virtio.c:543
#9  0x00005555556b6a80 in virtio_ioport_write (val=0, addr=<optimized out>, opaque=0x5555565ab1c0)
    at hw/virtio/virtio-pci.c:307
#10 virtio_pci_config_write (opaque=0x5555565ab1c0, addr=<optimized out>, val=0, size=<optimized out>)
    at hw/virtio/virtio-pci.c:422
#11 0x00005555557860c2 in access_with_adjusted_size (addr=addr@entry=18, value=value@entry=0x7fffebb14b58, size=1, 
    access_size_min=<optimized out>, access_size_max=<optimized out>, 
    access=access@entry=0x555555786680 <memory_region_write_accessor>, opaque=opaque@entry=0x5555565ab870)
    at /usr/src/debug/qemu-1.5.3/memory.c:364
#12 0x0000555555787597 in memory_region_iorange_write (iorange=<optimized out>, offset=18, width=1, data=0)
    at /usr/src/debug/qemu-1.5.3/memory.c:439
#13 0x0000555555784c62 in kvm_handle_io (count=1, size=1, direction=1, data=<optimized out>, port=49234)
    at /usr/src/debug/qemu-1.5.3/kvm-all.c:1497
#14 kvm_cpu_exec (env=env@entry=0x55555651bdc0) at /usr/src/debug/qemu-1.5.3/kvm-all.c:1649
#15 0x00005555557302a5 in qemu_kvm_cpu_thread_fn (arg=0x55555651bdc0) at /usr/src/debug/qemu-1.5.3/cpus.c:793
#16 0x00007ffff625ade3 in start_thread () from /lib64/libpthread.so.0
#17 0x00007ffff33a01ad in clone () from /lib64/libc.so.6


Expected results:
Can shutdown successfully and no coredumpd

Additional info:
Comment 1 Hai Huang 2013-10-16 11:18:02 UTC 
*** Bug 1019759 has been marked as a duplicate of this bug. ***
Comment 3 Qian Guo 2013-10-17 06:57:28 UTC 
This issue is not related with libiscsi, I test with the options like this

/usr/libexec/qemu-kvm ... -drive file=test.qcow2,if=none,id=drive-disk -device virtio-scsi-pci,id=scsi1,bus=pci.0,addr=0x6 -device scsi-hd,drive=drive-disk,bus=scsi1.0,id=iscsi-disk,serial=abcde -boot menu=on

and hit this issue too.
Comment 5 Qian Guo 2014-04-28 06:45:29 UTC 
Reproduced this by qemu-kvm-1.5.3-9.el7.x86_64
Steps as comment #0
cli:
#  /usr/libexec/qemu-kvm -cpu Penryn -m 4G -smp 4,sockets=1,cores=4,threads=1 -M pc -enable-kvm  -name rhel7 -nodefaults -nodefconfig  -device virtio-balloon-pci,id=balloon0  -vnc :10 -vga std -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0   -monitor stdio     -drive file=iscsi://10.66.9.10:3260/iqn.2013-11.com.example:storage.disk1.juli.xyz/4,if=none,media=disk,format=raw,rerror=stop,werror=stop,aio=native,id=scsi-disk0 -device virtio-scsi-pci,id=bus2 -device scsi-hd,bus=bus2.0,drive=scsi-disk0,id=disk0 -netdev tap,id=netdev0,vhost=on,script=/etc/ovs-ifup,downscript=/etc/ovs-ifdown -device virtio-net,netdev=netdev0,id=vn1,mac=52:54:00:12:34:0a  -drive file=test.qcow2,if=none,id=drive-disk -device virtio-scsi-pci,id=scsi1,bus=pci.0,addr=0x6 -device scsi-hd,drive=drive-disk,bus=scsi1.0,id=iscsi-disk,serial=abcde -boot menu=on


and During shutdown guest, qemu coredumpd

(qemu) device_del iscsi-disk
(qemu) [Thread 0x7fffec46f700 (LWP 6628) exited]
device_add scsi-block,drive=drive-disk,bus=scsi1.0,id=iscsi-disk
Property 'scsi-block.drive' can't find value 'drive-disk'
(qemu) 
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffeb26c700 (LWP 6662)]
bdrv_getlength (bs=0x0) at block.c:2765
2765	    BlockDriver *drv = bs->drv;
Missing separate debuginfos, use: debuginfo-install cyrus-sasl-md5-2.1.26-17.el7.x86_64 cyrus-sasl-plain-2.1.26-17.el7.x86_64 cyrus-sasl-scram-2.1.26-17.el7.x86_64 libdb-5.3.21-17.el7.x86_64
(gdb) bt
#0  bdrv_getlength (bs=0x0) at block.c:2765
#1  0x00005555555daacd in bdrv_get_geometry (bs=<optimized out>, nb_sectors_ptr=nb_sectors_ptr@entry=0x7fffeb26b990)
    at block.c:2781
#2  0x0000555555689436 in scsi_disk_reset (dev=0x5555566bf030) at hw/scsi/scsi-disk.c:1982
#3  0x000055555563d839 in qdev_reset_one (dev=dev@entry=0x5555566bf030, opaque=opaque@entry=0x0) at hw/core/qdev.c:227
#4  0x000055555563cf30 in qdev_walk_children (dev=0x5555566bf030, devfn=devfn@entry=0x55555563d820 <qdev_reset_one>, 
    busfn=busfn@entry=0x55555563b820 <qbus_reset_one>, opaque=opaque@entry=0x0) at hw/core/qdev.c:376
#5  0x000055555563d03a in qbus_walk_children (bus=bus@entry=0x5555566e6dc0, 
    devfn=devfn@entry=0x55555563d820 <qdev_reset_one>, busfn=busfn@entry=0x55555563b820 <qbus_reset_one>, 
    opaque=opaque@entry=0x0) at hw/core/qdev.c:360
#6  0x000055555563d0ad in qbus_reset_all (bus=bus@entry=0x5555566e6dc0) at hw/core/qdev.c:248
#7  0x0000555555777de3 in virtio_scsi_reset (vdev=<optimized out>) at /usr/src/debug/qemu-1.5.3/hw/scsi/virtio-scsi.c:451
#8  0x000055555577f9ae in virtio_reset (opaque=0x5555566e6ca8) at /usr/src/debug/qemu-1.5.3/hw/virtio/virtio.c:543
#9  0x00005555556b6a80 in virtio_ioport_write (val=0, addr=<optimized out>, opaque=0x5555566e64b0)
    at hw/virtio/virtio-pci.c:307
#10 virtio_pci_config_write (opaque=0x5555566e64b0, addr=<optimized out>, val=0, size=<optimized out>)
    at hw/virtio/virtio-pci.c:422
#11 0x00005555557860c2 in access_with_adjusted_size (addr=addr@entry=18, value=value@entry=0x7fffeb26bb58, size=1, 
    access_size_min=<optimized out>, access_size_max=<optimized out>, 
    access=access@entry=0x555555786680 <memory_region_write_accessor>, opaque=opaque@entry=0x5555566e6b60)
    at /usr/src/debug/qemu-1.5.3/memory.c:364
#12 0x0000555555787597 in memory_region_iorange_write (iorange=<optimized out>, offset=18, width=1, data=0)
    at /usr/src/debug/qemu-1.5.3/memory.c:439
#13 0x0000555555784c62 in kvm_handle_io (count=1, size=1, direction=1, data=<optimized out>, port=49234)
    at /usr/src/debug/qemu-1.5.3/kvm-all.c:1497
#14 kvm_cpu_exec (env=env@entry=0x555556676f50) at /usr/src/debug/qemu-1.5.3/kvm-all.c:1649
#15 0x00005555557302a5 in qemu_kvm_cpu_thread_fn (arg=0x555556676f50) at /usr/src/debug/qemu-1.5.3/cpus.c:793
#16 0x00007ffff6251df3 in start_thread () from /lib64/libpthread.so.0
#17 0x00007ffff33843dd in clone () from /lib64/libc.so.6
(gdb) 



So this bug is reproduced by  qemu-kvm-1.5.3-9.el7.x86_64.

Retest this bug by qemu-kvm-1.5.3-60.el7.x86_64.

Same steps as above, qemu does not hit coredumpd, and qemu can exited normally, so this bug has gone.

I will close this bug as CURRENTRELEASE according to above, if anything wrong I made, please feel free to fix,

Thanks,
Note You need to log in before you can comment on or make changes to this bug.