Bug 1660374 - qemu core dump after unhotplug ahci controller and system_reset
Summary: qemu core dump after unhotplug ahci controller and system_reset
Keywords:
Status: NEW
Alias: None
Product: Red Hat Enterprise Linux Advanced Virtualization
Classification: Red Hat
Component: qemu-kvm
Version: 8.0
Hardware: x86_64
OS: Linux
high
high
Target Milestone: rc
: 8.0
Assignee: Virtualization Maintenance
QA Contact: CongLi
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-12-18 08:54 UTC by FuXiangChun
Modified: 2021-02-13 07:31 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description FuXiangChun 2018-12-18 08:54:49 UTC 
Description of problem:
Boot RHEL8.0 guest, Then unhotplug ahci controller and execute system_reset command. qemu core dump.

Version-Release number of selected component (if applicable):
4.18.0-55.el8.x86_64
qemu-kvm-core-3.1.0-1.module+el8+2538+1516be75.x86_64
seabios-1.11.1-3.module+el8+2538+1516be75.x86_64

How reproducible:
always

Steps to Reproduce:
1.Boot RHEL8.0 guest as below

/usr/libexec/qemu-kvm -M pc -cpu Opteron_G5 -enable-kvm -m 2048 -smp 4,sockets=2,cores=2,threads=1 -usb -device usb-tablet,id=input0 \
-device usb-mouse,id=mouse -name seabios -uuid b03eea94-a502-4142-b541-96f86473a07a \
-drive file=/home/rhel80-1.qcow2,if=none,id=drive-system-disk1,format=qcow2,cache=none,aio=native,werror=stop,rerror=stop -device virtio-scsi-pci,id=scsi0,addr=0x5 -device scsi-hd,bus=scsi0.0,drive=drive-system-disk1,id=system-disk,bootindex=1 \

-device ahci,id=ahci1,addr=0x06 \

-drive file=/home/seabios/u5,if=none,id=drive-sata-disk-0-7,format=raw -device ide-drive,bus=ahci1.1,unit=0,drive=drive-sata-disk-0-7,id=sata-disk-0-7,bootindex=5 \
-drive file=/home/seabios/u6,if=none,id=drive-sata-disk-0-8,format=raw -device ide-drive,bus=ahci1.2,unit=0,drive=drive-sata-disk-0-8,id=sata-disk-0-8,bootindex=6 \
-vnc :1 \
-qmp tcp:0:4444,server,nowait \
-monitor stdio \

2.remove ahci controller 
{"execute":"device_del","arguments":{"id":"ahci1"}}

{"return": {}}
{"timestamp": {"seconds": 1545122817, "microseconds": 555011}, "event": "DEVICE_DELETED", "data": {"device": "sata-disk-0-7", "path": "/machine/peripheral/sata-disk-0-7"}}
{"timestamp": {"seconds": 1545122817, "microseconds": 555475}, "event": "DEVICE_DELETED", "data": {"device": "sata-disk-0-8", "path": "/machine/peripheral/sata-disk-0-8"}}
{"timestamp": {"seconds": 1545122818, "microseconds": 279607}, "event": "DEVICE_DELETED", "data": {"device": "ahci1", "path": "/machine/peripheral/ahci1"}}

3. (qemu) system_reset

Actual results:
Segmentation fault.

(gdb) bt
#0  0x000055577b6a182b in object_class_dynamic_cast ()
#1  0x000055577b6a1955 in object_dynamic_cast ()
#2  0x000055577b5ab3bc in fw_path_provider_try_get_dev_path ()
#3  0x000055577b5543c6 in get_boot_devices_list ()
#4  0x000055577b5fe4e4 in fw_cfg_machine_reset ()
#5  0x000055577b5ab132 in qemu_devices_reset ()
#6  0x000055577b4d66df in pc_machine_reset ()
#7  0x000055577b55a34a in qemu_system_reset ()
#8  0x000055577b55a528 in main_loop ()
#9  0x000055577b41ac24 in main ()


Expected results:
works

Additional info:
Comment 1 FuXiangChun 2018-12-18 09:02:21 UTC 
I also tested seabios-1.11.1-2.el8+2055+38c90e40.x86_64, still can reproduce this bug.
Comment 3 Ademar Reis 2020-02-05 22:52:47 UTC 
QEMU has been recently split into sub-components and as a one-time operation to avoid breakage of tools, we are setting the QEMU sub-component of this BZ to "General". Please review and change the sub-component if necessary the next time you review this BZ. Thanks
Note You need to log in before you can comment on or make changes to this bug.