Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Created attachment 1281554 [details] xml and all threads' backtrace Description of problem: As subject Version-Release number of selected component (if applicable): libvirt-3.2.0-5.el7.x86_64 qemu-kvm-rhev-2.9.0-6.el7.x86_64 How reproducible: 100% Steps to Reproduce: 1. Start a VM with following xml: # virsh dumpxml V ... <controller type='pci' index='0' model='pci-root'/> <controller type='pci' index='1' model='pci-bridge'> <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/> </controller> <controller type='pci' index='2' model='pci-bridge'> <address type='pci' domain='0x0000' bus='0x01' slot='0x09' function='0x0'/> </controller> <controller type='pci' index='3' model='pci-bridge'> <address type='pci' domain='0x0000' bus='0x02' slot='0x0a' function='0x0'/> </controller> <controller type='pci' index='4' model='pci-bridge'> <address type='pci' domain='0x0000' bus='0x03' slot='0x0b' function='0x0'/> </controller> <controller type='pci' index='5' model='pci-bridge'> <address type='pci' domain='0x0000' bus='0x04' slot='0x0c' function='0x0'/> </controller> <controller type='pci' index='6' model='pci-bridge'> <address type='pci' domain='0x0000' bus='0x05' slot='0x0d' function='0x0'/> </controller> <controller type='pci' index='7' model='pci-bridge'> <address type='pci' domain='0x0000' bus='0x06' slot='0x0e' function='0x0'/> </controller> <controller type='pci' index='8' model='pci-bridge'> <address type='pci' domain='0x0000' bus='0x07' slot='0x0f' function='0x0'/> </controller> ... Qemu cmdline: qemu 20866 107 0.5 1920604 45268 ? Sl 21:19 0:04 /usr/libexec/qemu-kvm -name guest=V,debug-threads=on -S -object secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-42-V/master-key.aes -machine pc-i440fx-rhel7.4.0,accel=kvm,usb=off,vmport=off,dump-guest-core=off -cpu Penryn -m 1024 -realtime mlock=off -smp 1,sockets=1,cores=1,threads=1 -uuid fcb9ca6b-f7f8-413f-8aee-b632712d4f64 -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-42-V/monitor.sock,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=delay -no-hpet -no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot strict=on -device pci-bridge,chassis_nr=1,id=pci.1,bus=pci.0,addr=0x6 -device pci-bridge,chassis_nr=2,id=pci.2,bus=pci.1,addr=0x9 -device pci-bridge,chassis_nr=3,id=pci.3,bus=pci.2,addr=0xa -device pci-bridge,chassis_nr=4,id=pci.4,bus=pci.3,addr=0xb -device pci-bridge,chassis_nr=5,id=pci.5,bus=pci.4,addr=0xc -device pci-bridge,chassis_nr=6,id=pci.6,bus=pci.5,addr=0xd -device pci-bridge,chassis_nr=7,id=pci.7,bus=pci.6,addr=0xe -device pci-bridge,chassis_nr=8,id=pci.8,bus=pci.7,addr=0xf -device ich9-usb-ehci1,id=usb,bus=pci.8,addr=0x5.0x7 -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.8,multifunction=on,addr=0x5 -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.8,addr=0x5.0x1 -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.8,addr=0x5.0x2 -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x1f -drive file=/var/lib/libvirt/images/V.qcow2,format=qcow2,if=none,id=drive-virtio-disk0 -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x7,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 -netdev tap,fd=29,id=hostnet0 -device rtl8139,netdev=hostnet0,id=net0,mac=52:54:00:8c:40:0e,bus=pci.0,addr=0x3 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -chardev spicevmc,id=charchannel0,name=vdagent -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0 -spice port=5900,addr=127.0.0.1,disable-ticketing,image-compression=off,seamless-migration=on -device qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vram64_size_mb=0,vgamem_mb=16,max_outputs=1,bus=pci.0,addr=0x2 -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -chardev spicevmc,id=charredir0,name=usbredir -device usb-redir,chardev=charredir0,id=redir0,bus=usb.0,port=1 -chardev spicevmc,id=charredir1,name=usbredir -device usb-redir,chardev=charredir1,id=redir1,bus=usb.0,port=2 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x8 -msg timestamp=on 2. Attach and detach several devices: # qemu-img create /tmp/raw 100M # virsh attach-device V scsi.xml # virsh detach-device V scsi.xml # virsh attach-device V net.xml # virsh detach-device V net.xml # virsh attach-disk V /tmp/raw vdb --address pci:0000.08.10.0 # virsh detach-disk V vdb 3. qemu will get SIGABRT and coredump at the last step: #0 0x00007f044beba1f7 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 #1 0x00007f044bebb8e8 in __GI_abort () at abort.c:90 #2 0x00007f044d9950c5 in g_assertion_message (domain=domain@entry=0x0, file=file@entry=0x55e840eacfca "qom/object.c", line=line@entry=899, func=func@entry=0x55e840ead3d0 <__FUNCTION__.27025> "object_unref", message=message@entry=0x55e8452c15a0 "assertion failed (obj->ref > 0): (0 > 0)") at gtestutils.c:2432 #3 0x00007f044d995461 in g_assertion_message_cmpnum (domain=domain@entry=0x0, file=file@entry=0x55e840eacfca "qom/object.c", line=line@entry=899, func=func@entry=0x55e840ead3d0 <__FUNCTION__.27025> "object_unref", expr=expr@entry=0x55e840ead08b "obj->ref > 0", arg1=0, arg1@entry=0, cmp=cmp@entry=0x55e840e4a80a ">", arg2=0, arg2@entry=0, numtype=numtype@entry=105 'i') at gtestutils.c:2488 #4 0x000055e840d2d806 in object_unref (obj=0x55e843e8a000) at qom/object.c:899 #5 0x000055e840b31323 in memory_region_unref (mr=mr@entry=0x55e843e8ae20) at /usr/src/debug/qemu-2.9.0/memory.c:1541 #6 0x000055e840adfb26 in address_space_dispatch_free (mr=0x55e843e8ae20) at /usr/src/debug/qemu-2.9.0/exec.c:1150 #7 0x000055e840adfb26 in address_space_dispatch_free (map=0x55e8440d0560) at /usr/src/debug/qemu-2.9.0/exec.c:1163 #8 0x000055e840adfb26 in address_space_dispatch_free (d=0x55e8440d0540) at /usr/src/debug/qemu-2.9.0/exec.c:2515 #9 0x000055e840dfc91e in call_rcu_thread (opaque=<optimized out>) at util/rcu.c:272 #10 0x00007f044c24fe25 in start_thread (arg=0x7f044463a700) at pthread_create.c:308 #11 0x00007f044bf7d34d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113 Actual results: As above Expected results: No SIGABRT Additional info: It works well on RHEL7.3. So it is a regression. All devices xml and all threads' backtrace are in the attachment.