1335480 – qemu coredump after hot unplug the disk drive

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1335480 - qemu coredump after hot unplug the disk drive

Summary: qemu coredump after hot unplug the disk drive

Keywords:
Status:	CLOSED DUPLICATE of bug 1341531
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	qemu-kvm-rhev
Sub Component:
Version:	7.3
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Markus Armbruster
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-05-12 09:55 UTC by Ping Li
Modified:	2016-07-25 06:05 UTC (History)
CC List:	15 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-07-25 06:05:46 UTC
Target Upstream Version:
Embargoed:
Flags:	pingl: needinfo-

Attachments	(Terms of Use)
script to run qemu-kvm (4.09 KB, application/x-shellscript) 2016-05-12 09:55 UTC, Ping Li	no flags	Details
View All

Description Ping Li 2016-05-12 09:55:30 UTC

Created attachment 1156619 [details]
script to run qemu-kvm

Description of problem:
qemu-kvm exited after issue command __com.redhat_drive_del to remove the drive. It is ok  when test the same scenario on RHEL7.2Z-3.10.0-327.18.2 with qemu-kvm-1.5.3-105.el7_2.4

Version-Release number of selected component (if applicable):
[root@hp-dl385g7-07 ~]# uname -r
3.10.0-394.el7.x86_64
[root@hp-dl385g7-07 ~]# rpm -qa | grep qemu-kvm
qemu-kvm-rhev-2.5.0-4.el7.x86_64

How reproducible:
3/3

Steps to Reproduce:
1. Create disk image.
#qemu-img create -f raw vm1.img 20G
#qemu-img create -f raw data.img 10G
2. Start guest with data disk.
  -device virtio-scsi-pci,id=virtio_scsi_pci0,bus=pci.0,addr=03 \ 
  -drive                                                        id=drive_image1,if=none,cache=none,snapshot=off,aio=native,format=raw,file=vm1.img,werror=stop,rerror=stop \
  -device scsi-hd,id=image1,drive=drive_image1 \
  -drive file=../diskfile/data.img,if=none,id=drive-virtio-disk0,format=raw,cache=none \
  -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x6,drive=drive-virtio-disk0,id=virtio-disk0
3. Check the data disk via hmp and fdisk.
(qemu) info block
drive-virtio-disk0 (#block340): ../diskfile/data.img (raw)
    Cache mode:       writeback, direct
[root@dhcp-10-224 ~]# fdisk -l
Disk /dev/vda: 10.7 GB, 10737418240 bytes, 20971520 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
4. Hot unplug data disk via qmp
{"execute": "qmp_capabilities"}
{"execute":"__com.redhat_drive_del","arguments":{"id":"drive-virtio-disk0"}}
{"execute":"device_del","arguments":{"id":"virtio-disk0"}}

Actual results:
After issue command __com.redhat_drive_del, qemu-kvm exited.

Expected results:
data disk should be unpluged. 

Additional info:

Comment 2 Ping Li 2016-05-16 05:22:25 UTC

The backtrace:
(gdb) bt full
#0  qstring_get_str (qstring=0x0) at qobject/qstring.c:128
No locals.
#1  0x00007f171204698d in qdict_get_str (qdict=<optimized out>, 
    key=key@entry=0x7f17120da7d2 "id") at qobject/qdict.c:279
No locals.
#2  0x00007f1711e80ef5 in hmp_drive_del (mon=<optimized out>, 
    qdict=<optimized out>) at blockdev.c:2843
        id = <optimized out>
        blk = <optimized out>
        bs = <optimized out>
        aio_context = <optimized out>
        local_err = 0x7f1712504728 <qmp_cmds+168>
#3  0x00007f1711db73e5 in handle_qmp_command (parser=<optimized out>, 
    tokens=<optimized out>) at /usr/src/debug/qemu-2.6.0/monitor.c:3922
        local_err = 0x0
        obj = <optimized out>
        data = 0x0
        input = <optimized out>
        args = 0x7f171483b200
        cmd_name = <optimized out>
        mon = 0x7f17147c63e0
        __func__ = "handle_qmp_command"
#4  0x00007f1712048450 in json_message_process_token (lexer=0x7f17147c6448, 
---Type <return> to continue, or q <return> to quit---
    input=0x7f1714778d40, type=JSON_RCURLY, x=76, y=1)
    at qobject/json-streamer.c:94
        parser = 0x7f17147c6440
        token = 0x7f1716513a40
#5  0x00007f171205cc1b in json_lexer_feed_char (
    lexer=lexer@entry=0x7f17147c6448, ch=125 '}', flush=flush@entry=false)
    at qobject/json-lexer.c:310
        new_state = <optimized out>
        __PRETTY_FUNCTION__ = "json_lexer_feed_char"
#6  0x00007f171205ccde in json_lexer_feed (lexer=0x7f17147c6448, 
    buffer=<optimized out>, size=<optimized out>) at qobject/json-lexer.c:360
        err = <optimized out>
        i = <optimized out>
#7  0x00007f1712048549 in json_message_parser_feed (parser=<optimized out>, 
    buffer=<optimized out>, size=<optimized out>)
    at qobject/json-streamer.c:114
No locals.
#8  0x00007f1711db5a0b in monitor_qmp_read (opaque=<optimized out>, 
    buf=<optimized out>, size=<optimized out>)
    at /usr/src/debug/qemu-2.6.0/monitor.c:3938
        old_mon = 0x0
#9  0x00007f1711e88351 in tcp_chr_read (chan=<optimized out>, 
    cond=<optimized out>, opaque=0x7f17147ddc20) at qemu-char.c:2895
---Type <return> to continue, or q <return> to quit---
        chr = 0x7f17147ddc20
        s = 0x7f1714753000
        buf = "}\340}\024\027\177\000\000 \253u\024\027\177\000\000\300ou\024\027\177\000\000_\200\350\021\027\177\000\000\r\000\000\000\060\000\000\000\260\230\a\317\377\177\000\000\360\227\a\317\377\177\000\000\001", '\000' <repeats 15 times>, "\001", '\000' <repeats 15 times>, "\001", '\000' <repeats 15 times>, "\001", '\000' <repeats 15 times>, "\001", '\000' <repeats 15 times>, "\001", '\000' <repeats 15 times>, "\b", '\000' <repeats 15 times>, "\006\000\000\000\000\000\000\000\b\311u\026\027\177\000\000\000\310\177\024\027\177\000\000\200\060u\024\027\177\000\000"...
        len = <optimized out>
        size = <optimized out>
#10 0x00007f170a84e79a in g_main_context_dispatch ()
   from /lib64/libglib-2.0.so.0
No symbol table info available.
#11 0x00007f1711fbb440 in glib_pollfds_poll () at main-loop.c:213
        context = 0x7f1714756fc0
        pfds = <optimized out>
#12 os_host_main_loop_wait (timeout=<optimized out>) at main-loop.c:258
        ret = 2
        spin_counter = 0

#13 main_loop_wait (nonblocking=<optimized out>) at main-loop.c:506
        ret = 2
---Type <return> to continue, or q <return> to quit---
        timeout = 4294967295
        timeout_ns = <optimized out>
#14 0x00007f1711d8555f in main_loop () at vl.c:1934
        nonblocking = <optimized out>
        last_io = 2
#15 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>)
    at vl.c:4667
        i = <optimized out>
        snapshot = <optimized out>
        linux_boot = <optimized out>
        initrd_filename = <optimized out>
        kernel_filename = <optimized out>
        kernel_cmdline = <optimized out>
        boot_order = 0x7f17147169a8 "cdn"
        boot_once = 0x7f17147169b8 "c"
        cyls = <optimized out>
        heads = <optimized out>
        secs = <optimized out>
        translation = <optimized out>
        hda_opts = <optimized out>
        opts = <optimized out>
        machine_opts = <optimized out>
        icount_opts = <optimized out>
---Type <return> to continue, or q <return> to quit---
        olist = <optimized out>
        optind = 67
        optarg = 0x7fffcf07c45a "stdio"
        loadvm = <optimized out>
        machine_class = 0x0
        cpu_model = <optimized out>
        vga_model = 0x7fffcf07bd4c "cirrus"
        qtest_chrdev = <optimized out>
        qtest_log = <optimized out>
        pid_file = <optimized out>
        incoming = <optimized out>
        show_vnc_port = <optimized out>
        defconfig = <optimized out>
        userconfig = <optimized out>
        log_mask = <optimized out>
        log_file = <optimized out>
        trace_file = <optimized out>
        maxram_size = <optimized out>
        ram_slots = <optimized out>
        vmstate_dump_file = <optimized out>
        main_loop_err = 0x0
        err = 0x0
        __func__ = "main"

Comment 3 Ping Li 2016-05-16 05:36:29 UTC

The issue can be reproduced with below component:
[root@hp-dl385g7-01 diskfile]# uname -r
3.10.0-400.el7.x86_64
[root@hp-dl385g7-01 diskfile]# rpm -qa | grep qemu-kvm-rhev
qemu-kvm-rhev-2.6.0-1.el7.x86_64

Comment 4 Ping Li 2016-05-16 05:37:12 UTC

maybe a duplicate of bug 1327377

Comment 5 Ping Li 2016-05-16 05:42:47 UTC

The issue cannot be reproduced on RHEL 7.2Z

Comment 6 Ademar Reis 2016-05-17 18:00:24 UTC

(In reply to pingl from comment #5)
> The issue cannot be reproduced on RHEL 7.2Z

Adding Regression keyword then.


(In reply to pingl from comment #4)
> maybe a duplicate of bug 1327377

Which might be a duplicate of Bug 1318181 itself. :-)

Anyway, Markus is the assignee of all of them now.

Comment 8 Ademar Reis 2016-06-21 19:24:34 UTC

(In reply to Ademar Reis from comment #6)
> (In reply to pingl from comment #5)
> > The issue cannot be reproduced on RHEL 7.2Z
> 
> Adding Regression keyword then.
> 
> 
> (In reply to pingl from comment #4)
> > maybe a duplicate of bug 1327377
> 
> Which might be a duplicate of Bug 1318181 itself. :-)
> 
> Anyway, Markus is the assignee of all of them now.

For some reason I missed the reassign. Fixing now.

Comment 9 Markus Armbruster 2016-07-22 07:59:58 UTC

I suspect this is duplicate of bug 1341531.  We fixed that one in
qemu-kvm-rhev-2.6.0-12.el7.  Could you please retest this bug with that
version?  If it appears to be fixed there, also testing the version before
would be nice.

Comment 10 Ping Li 2016-07-25 03:28:51 UTC

Reproduced the issue with qemu-kvm-rhev-2.6.0-11.el7.x86_64. Test steps is the same as the steps in comment 0.

Verify the issue with qemu-kvm-rhev-2.6.0-12.el7.x86_64. data disk can be hot unplugged and hot plugged successfully with step 4 and step 5. After step 5, data disk can be checked correctly via hmp or fdisk.
Step 5 as below.
5. Hot plug data disk via qmp
{ "execute": "__com.redhat_drive_add", "arguments": { "id":"drive-virtio-disk0","file":"../diskfile/data.img","format":"raw"} }
{ "execute": "device_add", "arguments": { "driver": "virtio-blk-pci","drive":"drive-virtio-disk0","id": "virtio-disk0" } }

Comment 11 Markus Armbruster 2016-07-25 06:05:46 UTC

Thank you very much for your prompt testing.

*** This bug has been marked as a duplicate of bug 1341531 ***

Note You need to log in before you can comment on or make changes to this bug.