Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1449143

Summary: [Q35] qemu core dump when hotplug/unplug virtio scsi disk after stop& cont VM
Product: Red Hat Enterprise Linux 7 Reporter: jingzhao <jinzhao>
Component: qemu-kvm-rhevAssignee: Fam Zheng <famz>
Status: CLOSED DUPLICATE QA Contact: jingzhao <jinzhao>
Severity: high Docs Contact:
Priority: high    
Version: 7.4CC: chayang, jinchen, jinzhao, juzhang, knoel, pbonzini, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-06-14 07:47:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description jingzhao 2017-05-09 09:41:43 UTC 
Description of problem:
qemu core dump when hotplug/unplug virtio scsi disk after stop& cont VM

Version-Release number of selected component (if applicable):
kernel-3.10.0-663.el7.x86_64
qemu-kvm-rhev-2.9.0-3.el7.x86_64

guest: win7

How reproducible:
2/2

Steps to Reproduce:
1.Boot guest with qemu command line [1]

2.stop and continue VM through hmp
(qemu) stop
(qemu) info status
VM status: paused
(qemu) cont
(qemu) info status
VM status: running

3.Hot-plug virtio scsi disk through qmp
{"execute":"__com.redhat_drive_add", "arguments": {"file":"/home/test/rhel/block1.qcow2","format":"qcow2","id":"drive_datadisk0"}}
{"return": {}}
{"execute":"device_add","arguments":{"driver":"virtio-scsi-pci","id":"scsi1","bus":"root2"}}
{"return": {}}
{"execute":"device_add","arguments":{"driver":"scsi-hd","drive":"drive_datadisk0","id":"device_datadisk0","bus":"scsi1.0"}}
{"return": {}}
{"execute":"__com.redhat_drive_add", "arguments": {"file":"/home/test/rhel/block2.qcow2","format":"qcow2","id":"drive_datadisk1"}}
{"return": {}}
{"execute":"device_add","arguments":{"driver":"virtio-scsi-pci","id":"scsi2","bus":"root1"}}
{"return": {}}
{"execute":"device_add","arguments":{"driver":"scsi-hd","drive":"drive_datadisk1","id":"device_datadisk1","bus":"scsi2.0"}}

4.Stop and continue VM after hotplug disk
(qemu) info block
drive-virtio-disk0 (#block108): /home/test/win/win7/win7.qcow2 (qcow2)
    Cache mode:       writeback, direct

ide1-cd0 (#block334): /home/test/win/win7/en_windows_7_ultimate_with_sp1_x64_dvd_u_677332.iso (raw, read-only)
    Removable device: not locked, tray closed
    Cache mode:       writeback

drive-virtio-disk1 (#block526): /usr/share/virtio-win/virtio-win-1.9.0.iso (raw)
    Removable device: not locked, tray closed
    Cache mode:       writeback

drive_datadisk0 (#block705): /home/test/rhel/block1.qcow2 (qcow2)
    Cache mode:       writeback

drive_datadisk1 (#block983): /home/test/rhel/block2.qcow2 (qcow2)
    Cache mode:       writeback
(qemu) stop
(qemu) info status
VM status: paused
(qemu) cont
(qemu) info status
VM status: running

5.Then unplug virtio scsi disk and virtio scsi controller
(qemu) device_del device_datadisk1
(qemu) device_del device_datadisk0
    
(qemu) device_del scsi1
(qemu) device_del scsi2

6. Then "system_reset" in hmp

Actual results:
qemu core dump after step 6

(gdb) bt
#0  0x000055efeca8c4e0 in address_space_io ()
#1  0x000055efec203d0c in memory_region_transaction_commit () at /usr/src/debug/qemu-2.9.0/memory.c:919
#2  0x000055efec3758b6 in pci_update_mappings (d=0x55eff0575000) at hw/pci/pci.c:1292
#3  0x000055efec375a4e in pci_do_device_reset (dev=0x55eff0575000) at hw/pci/pci.c:278
#4  0x000055efec375b12 in pcibus_reset (qbus=0x55efeeb36000) at hw/pci/pci.c:306
#5  0x000055efec31a669 in qbus_reset_one (bus=0x55efeeb36000, opaque=<optimized out>) at hw/core/qdev.c:319
#6  0x000055efec31b868 in qdev_walk_children (dev=0x55efeead2000, pre_devfn=0x0, pre_busfn=0x0, post_devfn=0x55efec31bef0 <qdev_reset_one>, post_busfn=0x55efec31a630 <qbus_reset_one>, opaque=0x0) at hw/core/qdev.c:617
#7  0x000055efec31ecf8 in qbus_walk_children (bus=0x55efee36c310, pre_devfn=0x0, pre_busfn=0x0, post_devfn=0x55efec31bef0 <qdev_reset_one>, post_busfn=0x55efec31a630 <qbus_reset_one>, opaque=0x0) at hw/core/bus.c:59
#8  0x000055efec31ee8d in qemu_devices_reset () at hw/core/reset.c:69
#9  0x000055efec24be96 in pc_machine_reset () at /usr/src/debug/qemu-2.9.0/hw/i386/pc.c:2236
#10 0x000055efec2cccd6 in qemu_system_reset (report=report@entry=true) at vl.c:1697
#11 0x000055efec1b0305 in main () at vl.c:1865
#12 0x000055efec1b0305 in main () at vl.c:1902
#13 0x000055efec1b0305 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4720



Expected results

scsi controller and scsi disk unplug successfully and no core dump 

Additional info:
Comment 2 jingzhao 2017-05-09 09:57:59 UTC 
/usr/libexec/qemu-kvm \
-machine q35,smm=on,accel=kvm \
-cpu Haswell-noTSX \
-nodefaults -rtc base=utc \
-m 2G \
-smp 2,sockets=2,cores=1,threads=1 \
-enable-kvm \
-uuid 990ea161-6b67-47b2-b803-19fb01d30d12 \
-k en-us \
-nodefaults \
-serial unix:/tmp/console,server,nowait \
-boot menu=on \
-qmp tcp:0:6666,server,nowait \
-vga qxl \
-chardev file,path=/home/seabios.log,id=seabios -device isa-debugcon,chardev=seabios,iobase=0x402 \
-device pcie-root-port,bus=pcie.0,id=root3 \
-drive file=/home/test/win/win7/win7.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,werror=stop,rerror=stop \
-device virtio-blk-pci,drive=drive-virtio-disk0,id=virtio-disk0,bus=root3,bootindex=0 \
-device pcie-root-port,bus=pcie.0,id=root0,multifunction=on,chassis=1,addr=0xa.0 \
-device virtio-net-pci,netdev=tap10,mac=9a:6a:6b:6c:6d:6e,bus=root0 -netdev tap,id=tap10 \
-device pcie-root-port,bus=pcie.0,id=root1,multifunction=on,chassis=2,addr=0xa.1 \
-device pcie-root-port,bus=pcie.0,id=root2,slot=2 \
-cdrom /home/test/win/win7/en_windows_7_ultimate_with_sp1_x64_dvd_u_677332.iso \
-device ahci,id=ahci0 \
-drive file=/usr/share/virtio-win/virtio-win-1.9.0.iso,if=none,id=drive-virtio-disk1,format=raw \
-device ide-cd,drive=drive-virtio-disk1,id=virtio-disk1,bus=ahci0.0 \
-monitor stdio \
-vnc :0 \


BTW: didn't hit the issue on rhel7.4 guest (tried 2 times)

Thanks
Jing