Red Hat Bugzilla – Bug 1368040
Qemu-kvm coredump in repeating hotplug/hot remove virtio-gpu device
Last modified: 2017-08-01 23:29:59 EDT
Description of problem: Qemu-kvm coredump in repeating hotplug/hot remove virtio-gpu device Version-Release number of selected component (if applicable): qemu-kvm-rhev package:qemu-kvm-rhev-2.6.0-21.el7.x86_64 host kernel: 3.10.0-489.el7.x86_64 How reproducible: 100% reproduce Steps to Reproduce: 1.Boot Windows10 guest use qemu cli: /usr/libexec/qemu-kvm -name rhel7.3 -m 2048 \ -cpu Haswell-noTSX \ -smp 6,threads=2,cores=1,sockets=3,maxcpus=6 \ -device virtio-vga\ -device virtio-gpu\ -spice port=5901,disable-ticketing \ -device virtio-serial -chardev spicevmc,id=vdagent,debug=0,name=vdagent \ -serial unix:/tmp/m,server,nowait \ -device virtserialport,chardev=vdagent,name=com.redhat.spice.0 \ -drive file=rhel73.qcow2,if=none,id=drive-scsi-disk0,format=qcow2,cache=none,werror=stop,rerror=stop -device virtio-scsi-pci,id=scsi0,disable-modern=off,disable-legacy=off -device scsi-hd,drive=drive-scsi-disk0,bus=scsi0.0,scsi-id=0,lun=0,id=scsi-disk0,bootindex=1 \ -monitor stdio \ -usb -device usb-kbd,id=input0 \ -netdev tap,id=idinWyYp -device virtio-net-pci,mac=42:ce:a9:d2:4d:d7,id=idlbq7eA,netdev=idinWyYp \ -qmp tcp:localhost:4444,server,nowait \ -device ich9-intel-hda -device hda-duplex \ 2.Hot plug a new virtio-gpu into guest via qmp: { "execute": "device_add","arguments":{"driver":"virtio-gpu","id":"gpu1"}} 3.Hot remove this this virtio-gpu from guest: { "execute": "device_del","arguments":{"id":"gpu1"}} 4.Hot plug virtio-gpu again into guest via qmp: { "execute": "device_add","arguments":{"driver":"virtio-gpu","id":"gpu1"}} Actual results: qemu-kvm crash with: (gdb) bt #0 0x00007f6f329ae1d7 in raise () from /lib64/libc.so.6 #1 0x00007f6f329af8c8 in abort () from /lib64/libc.so.6 #2 0x00007f6f329a7146 in __assert_fail_base () from /lib64/libc.so.6 #3 0x00007f6f329a71f2 in __assert_fail () from /lib64/libc.so.6 #4 0x00007f6f3e6e706d in vmstate_register_with_alias_id (dev=<optimized out>, instance_id=<optimized out>, vmsd=0x7f6f3ece1ba0 <vmstate_virtio_gpu_unmigratable>, opaque=0x7f6f43074340, alias_id=<optimized out>, required_for_version=<optimized out>) at /usr/src/debug/qemu-2.6.0/migration/savevm.c:622 #5 0x00007f6f3e70c9db in virtio_device_realize (dev=0x7f6f43074340, errp=0x7ffd85b045f0) at /usr/src/debug/qemu-2.6.0/hw/virtio/virtio.c:1877 #6 0x00007f6f3e7e0a56 in device_set_realized (obj=<optimized out>, value=<optimized out>, errp=0x7ffd85b047d0) at hw/core/qdev.c:1076 #7 0x00007f6f3e8b503e in property_set_bool (obj=0x7f6f43074340, v=<optimized out>, name=<optimized out>, opaque=0x7f6f49d81000, errp=0x7ffd85b047d0) at qom/object.c:1861 #8 0x00007f6f3e8b8d07 in object_property_set_qobject (obj=0x7f6f43074340, value=<optimized out>, name=0x7f6f3e9b1ead "realized", errp=0x7ffd85b047d0) at qom/qom-qobject.c:26 #9 0x00007f6f3e8b6b80 in object_property_set_bool (obj=0x7f6f43074340, value=<optimized out>, name=0x7f6f3e9b1ead "realized", errp=0x7ffd85b047d0) at qom/object.c:1158 #10 0x00007f6f3e6f4e6e in virtio_gpu_pci_realize (vpci_dev=0x7f6f4306c000, errp=0x7ffd85b047d0) at /usr/src/debug/qemu-2.6.0/hw/display/virtio-gpu-pci.c:34 #11 0x00007f6f3e867255 in virtio_pci_realize (pci_dev=0x7f6f4306c000, errp=0x7ffd85b047d0) at hw/virtio/virtio-pci.c:1847 #12 0x00007f6f3e831e7c in pci_qdev_realize (qdev=0x7f6f4306c000, errp=0x7ffd85b04860) at hw/pci/pci.c:1966 #13 0x00007f6f3e7e0a56 in device_set_realized (obj=<optimized out>, value=<optimized out>, errp=0x7ffd85b04998) at hw/core/qdev.c:1076 #14 0x00007f6f3e8b503e in property_set_bool (obj=0x7f6f4306c000, v=<optimized out>, name=<optimized out>, opaque=0x7f6f49d81180, errp=0x7ffd85b04998) at qom/object.c:1861 #15 0x00007f6f3e8b8d07 in object_property_set_qobject (obj=0x7f6f4306c000, value=<optimized out>, name=0x7f6f3e9b1ead "realized", errp=0x7ffd85b04998) at qom/qom-qobject.c:26 #16 0x00007f6f3e8b6b80 in object_property_set_bool (obj=0x7f6f4306c000, value=<optimized out>, name=0x7f6f3e9b1ead "realized", errp=0x7ffd85b04998) ---Type <return> to continue, or q <return> to quit--- at qom/object.c:1158 #17 0x00007f6f3e78f3cc in qdev_device_add (opts=opts@entry=0x7f6f40ff0f50, errp=errp@entry=0x7ffd85b04a70) at qdev-monitor.c:617 #18 0x00007f6f3e78f9b3 in qmp_device_add (qdict=<optimized out>, ret_data=<optimized out>, errp=0x7ffd85b04ad0) at qdev-monitor.c:794 #19 0x00007f6f3e6c2d15 in handle_qmp_command (parser=<optimized out>, tokens=<optimized out>) at /usr/src/debug/qemu-2.6.0/monitor.c:3929 #20 0x00007f6f3e9504a8 in json_message_process_token (lexer=0x7f6f40fe9f08, input=0x7f6f40fd9680, type=JSON_RCURLY, x=74, y=5) at qobject/json-streamer.c:105 #21 0x00007f6f3e964f4b in json_lexer_feed_char (lexer=lexer@entry=0x7f6f40fe9f08, ch=125 '}', flush=flush@entry=false) at qobject/json-lexer.c:310 #22 0x00007f6f3e96500e in json_lexer_feed (lexer=0x7f6f40fe9f08, buffer=<optimized out>, size=<optimized out>) at qobject/json-lexer.c:360 #23 0x00007f6f3e950569 in json_message_parser_feed (parser=<optimized out>, buffer=<optimized out>, size=<optimized out>) at qobject/json-streamer.c:124 #24 0x00007f6f3e6c12cb in monitor_qmp_read (opaque=<optimized out>, buf=<optimized out>, size=<optimized out>) at /usr/src/debug/qemu-2.6.0/monitor.c:3945 #25 0x00007f6f3e794bd1 in tcp_chr_read (chan=<optimized out>, cond=<optimized out>, opaque=0x7f6f41097e60) at qemu-char.c:2895 #26 0x00007f6f337abd7a in g_main_context_dispatch () from /lib64/libglib-2.0.so.0 #27 0x00007f6f3e8c1d70 in glib_pollfds_poll () at main-loop.c:213 #28 os_host_main_loop_wait (timeout=<optimized out>) at main-loop.c:258 #29 main_loop_wait (nonblocking=<optimized out>) at main-loop.c:506 #30 0x00007f6f3e690d2f in main_loop () at vl.c:1936 #31 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4679 Expected results: qemu & guest alive Additional info: Issue also can be reproduced against rhel7.3 guest with kernel 3.10.0-489.el7.x86_64, hot unplug from rhel guest will trigger "Bug 1368032 - kernel crash after hot remove virtio-gpu device" and re hot unplug will cause qemu crash too
https://patchwork.ozlabs.org/patch/712720/
upstream commit a2056e09b02745e5d000351a8a7938fa8a292ba7
Reproduce the bz on qemu-kvm-rhev-2.6.0-22.el7.x86_64 Verified the bz on qemu-kvm-rhev-2.9.0-2.el7.x86_64 Following are the detailed 1. Boot guest with qemu cli [1] 2. Hot-plug virtio gpu device throug qmp { "execute": "device_add","arguments":{"driver":"virtio-gpu-device","id":"gpu1"}} {"error": {"class": "GenericError", "desc": "Parameter 'driver' expects pluggable device type"}} { "execute": "device_add","arguments":{"driver":"virtio-gpu-pci","id":"gpu1"}} {"error": {"class": "GenericError", "desc": "Parameter 'driver' expects pluggable device type"}} [1] /usr/libexec/qemu-kvm -name rhel7.3 -m 2048 \ -cpu Haswell-noTSX \ -smp 6,threads=2,cores=1,sockets=3,maxcpus=6 \ -device virtio-vga\ -device virtio-gpu\ -spice port=5901,disable-ticketing \ -device virtio-serial -chardev spicevmc,id=vdagent,debug=0,name=vdagent \ -serial unix:/tmp/m,server,nowait \ -device virtserialport,chardev=vdagent,name=com.redhat.spice.0 \ -drive file=/home/test/rhel/rhel74.qcow2,if=none,id=drive-scsi-disk0,format=qcow2,cache=none,werror=stop,rerror=stop -device virtio-scsi-pci,id=scsi0,disable-modern=off,disable-legacy=off -device scsi-hd,drive=drive-scsi-disk0,bus=scsi0.0,scsi-id=0,lun=0,id=scsi-disk0,bootindex=1 \ -monitor stdio \ -usb -device usb-kbd,id=input0 \ -netdev tap,id=idinWyYp -device virtio-net-pci,mac=42:ce:a9:d2:4d:d7,id=idlbq7eA,netdev=idinWyYp \ -qmp tcp:localhost:4444,server,nowait \ -device ich9-intel-hda -device hda-duplex \ Thanks Jing
According to comment5 and comment2, move it to verified
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:2392