1454537 – [Q35] qemu core dump when hotplug scsi disk three times

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1454537 - [Q35] qemu core dump when hotplug scsi disk three times

Summary: [Q35] qemu core dump when hotplug scsi disk three times

Keywords:
Status:	CLOSED DUPLICATE of bug 1449031
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	qemu-kvm-rhev
Sub Component:
Version:	7.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Fam Zheng
QA Contact:	jingzhao
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-05-23 01:51 UTC by jinchen
Modified:	2017-10-09 11:19 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-06-14 03:06:53 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description jinchen 2017-05-23 01:51:57 UTC

Description of problem:
qemu core dump when hotplug scsi disk three times

Version-Release number of selected component (if applicable):
[root@ibm-x3850x5-09 dir]# uname -r
3.10.0-668.el7.x86_64
[root@ibm-x3850x5-09 dir]# rpm -qa |grep qemu-kvm-rhev
qemu-kvm-rhev-2.9.0-5.el7.x86_64
qemu-kvm-rhev-debuginfo-2.9.0-5.el7.x86_64
[root@ibm-x3850x5-09 dir]# rpm -qa |grep OVMF
OVMF-20170228-5.gitc325e41585e3.el7.noarch


How reproducible:
3/3

Steps to Reproduce:
1. Boot guest with qemu command line [1]

2. Hot-plug virtio-scsi disk with qmp 

{"execute":"__com.redhat_drive_add", "arguments": {"file":"/home/test/win/win7/block.qcow2","format":"qcow2","id":"drive_datadisk0"}}
{"return": {}}

{"execute":"device_add","arguments":{"driver":"virtio-scsi-pci","id":"scsi2","bus":"root2"}}
{"return": {}}

{"execute":"device_add","arguments":{"driver":"scsi-hd","drive":"drive_datadisk0","id":"device_datadisk0","bus":"scsi2.0"}}
{"return": {}}

3. un plug virtio scsi with qmp

{"execute":"device_del","arguments":{"id":"device_datadisk0"}}
{"timestamp": {"seconds": 1495503229, "microseconds": 237752}, "event": "DEVICE_DELETED", "data": {"device": "device_datadisk0", "path": "/machine/peripheral/device_datadisk0"}}
{"return": {}}

{"execute":"device_del","arguments":{"id":"scsi2"}}
{"return": {}}
{"timestamp": {"seconds": 1495503240, "microseconds": 245602}, "event": "DEVICE_DELETED", "data": {"path": "/machine/peripheral/scsi2/virtio-backend"}}
{"timestamp": {"seconds": 1495503240, "microseconds": 245672}, "event": "DEVICE_DELETED", "data": {"device": "scsi2", "path": "/machine/peripheral/scsi2"}}

4. repeat step2 and step3 for 3 times 

Actual results:
qemu core dump when hotplug virtio scsi disk at 3rd times

Expected results:
Hot-plug successfully and no core dump
(gdb) bt
#0  0x00005606d5c69451 in memory_listener_register (listener=listener@entry=0x5606dad3a260, as=as@entry=0x5606dad3a210)
    at /usr/src/debug/qemu-2.9.0/memory.c:2381
#1  0x00005606d5c19e57 in address_space_init_dispatch (as=as@entry=0x5606dad3a210) at /usr/src/debug/qemu-2.9.0/exec.c:2561
#2  0x00005606d5c69677 in address_space_init (as=0x5606dad3a210, root=0x5606dad3a320, name=0x5606dad3a0b8 "")
    at /usr/src/debug/qemu-2.9.0/memory.c:2425
#3  0x00005606d5ddb39f in pci_qdev_realize (errp=0x7ffd1b7fa960, devfn=<optimized out>, name=0x5606d73e3c70 "virtio-scsi-pci", bus=0x5606d95e59f0, pci_dev=0x5606dad3a000) at hw/pci/pci.c:1006
#4  0x00005606d5ddb39f in pci_qdev_realize (qdev=0x5606dad3a000, errp=0x7ffd1b7fa960) at hw/pci/pci.c:1994
#5  0x00005606d5d7f861 in device_set_realized (obj=<optimized out>, value=<optimized out>, errp=0x7ffd1b7faa98) at hw/core/qdev.c:939
#6  0x00005606d5e65e2e in property_set_bool (obj=0x5606dad3a000, v=<optimized out>, name=<optimized out>, opaque=0x5606d7925e80, errp=0x7ffd1b7faa98)
    at qom/object.c:1860
#7  0x00005606d5e69aef in object_property_set_qobject (obj=0x5606dad3a000, value=<optimized out>, name=0x5606d5f9010b "realized", errp=0x7ffd1b7faa98) at qom/qom-qobject.c:27
#8  0x00005606d5e67960 in object_property_set_bool (obj=0x5606dad3a000, value=<optimized out>, name=0x5606d5f9010b "realized", errp=0x7ffd1b7faa98)
    at qom/object.c:1163
#9  0x00005606d5d2ae43 in qdev_device_add (opts=opts@entry=0x5606d73e87b0, errp=errp@entry=0x7ffd1b7fab70) at qdev-monitor.c:623
#10 0x00005606d5d2b3d3 in qmp_device_add (qdict=<optimized out>, ret_data=ret_data@entry=0x0, errp=errp@entry=0x7ffd1b7faba0) at qdev-monitor.c:800
#11 0x00005606d5d4405a in hmp_device_add (mon=<optimized out>, qdict=<optimized out>) at hmp.c:1720
#12 0x00005606d5c5711e in handle_hmp_command (mon=mon@entry=0x5606d73c0100, cmdline=0x5606d789400b "virtio-scsi-pci,id=scsi2,bus=root2")
    at /usr/src/debug/qemu-2.9.0/monitor.c:3111
#13 0x00005606d5c587a7 in monitor_command_cb (opaque=0x5606d73c0100, cmdline=<optimized out>, readline_opaque=<optimized out>)
    at /usr/src/debug/qemu-2.9.0/monitor.c:3909
#14 0x00005606d5f35338 in readline_handle_byte (rs=0x5606d7894000, ch=<optimized out>) at util/readline.c:393
#15 0x00005606d5c57327 in monitor_read (opaque=<optimized out>, buf=<optimized out>, size=<optimized out>)
    at /usr/src/debug/qemu-2.9.0/monitor.c:3892
#16 0x00005606d5ed0abf in fd_chr_read (chan=0x5606d73dc040, cond=<optimized out>, opaque=0x5606d7488bb0) at chardev/char-fd.c:66
#17 0x00007fdc1ef884c9 in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#18 0x00005606d5f2308c in main_loop_wait () at util/main-loop.c:213
#19 0x00005606d5f2308c in main_loop_wait (timeout=<optimized out>) at util/main-loop.c:261
#20 0x00005606d5f2308c in main_loop_wait (nonblocking=nonblocking@entry=0) at util/main-loop.c:517
#21 0x00005606d5c12a1c in main () at vl.c:1898
#22 0x00005606d5c12a1c in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4720



Additional info:
can reproduce the issue with rhel7.4 guest on ovmf and seabios


[1]
/usr/libexec/qemu-kvm \
-M q35 \
-cpu Penryn \
-nodefaults -rtc base=utc \
-m 2G \
-smp 2,sockets=1,cores=2,threads=1 \
-enable-kvm \
-name rhel7.4 \
-uuid 990ea161-6b67-47b2-b803-19fb01d30d12 \
-smbios type=1,manufacturer='Red Hat',product='RHEV Hypervisor',version=el6,serial=koTUXQrb,uuid=feebc8fd-f8b0-4e75-abc3-e63fcdb67170 \
-drive file=/usr/share/OVMF/OVMF_CODE.secboot.fd,if=pflash,format=raw,unit=0 \
-drive file=/usr/share/OVMF/OVMF_VARS.fd,if=pflash,format=raw,unit=1 \
-k en-us \
-serial unix:/tmp/console,server,nowait \
-boot menu=on -qmp tcp::4446,server,nowait \
-spice port=5906,disable-ticketing \
-vga qxl \
-device pcie-root-port,id=root1,slot=1 \
-drive file=/home/jinchen/demo/test/win7.ovmf,if=none,id=drive0,format=qcow2,cache=none,werror=stop,rerror=stop,aio=threads \
-device virtio-scsi-pci,id=scsi1,bus=root1 \
-device scsi-hd,id=virtio-disk0,drive=drive0,bus=scsi1.0,bootindex=1 \
-device pcie-root-port,id=root2,slot=2 \
-device pcie-root-port,id=root3,slot=3,multifunction=on,addr=0xa.0 \
-netdev tap,vhost=on,id=dev1 \
-device virtio-net-pci,netdev=dev1,id=net1,mac=9a:6a:6b:6c:6d:6a \
-monitor stdio \
-cdrom /home/jinchen/en_windows_7_ultimate_with_sp1_x64_dvd_u_677332.iso \
-device ahci,id=ahci0,bus=pcie.0 \
-drive file=/usr/share/virtio-win/virtio-win-1.9.0.iso,if=none,media=cdrom,id=drive-ide1,format=raw \
-device ide-drive,bus=ahci0.0,drive=drive-ide1,id=ahci1 \
-usb -device usb-tablet \

Comment 2 jinchen 2017-05-23 02:43:47 UTC

didn't reproduce the issue with virtio blk  on win7+ovmf and win7+seabios

can reproduce the issue with virtio blk on win7+seabios

Comment 3 jinchen 2017-05-23 02:46:21 UTC

please ignore comment 2

didn't reproduce the issue with virtio blk  on win7+ovmf and win7+seabios

can reproduce the issue with virtio scsi disk on win7+seabios

Comment 4 Ademar Reis 2017-05-24 17:55:24 UTC

May be related to Bug 1449031.

Note You need to log in before you can comment on or make changes to this bug.