1730560 – QEMU core dumped if hotplug memory to a negative slot

Bug 1730560 - QEMU core dumped if hotplug memory to a negative slot

Summary: QEMU core dumped if hotplug memory to a negative slot

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux Advanced Virtualization
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	8.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Igor Mammedov
QA Contact:	Yumei Huang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1730561
TreeView+	depends on / blocked

Reported:	2019-07-17 06:52 UTC by Yumei Huang
Modified:	2021-03-19 03:48 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1730561 (view as bug list)
Environment:
Last Closed:	2021-03-15 07:37:34 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Yumei Huang 2019-07-17 06:52:07 UTC

Description of problem:
Hotplug memory to a negative slot, qemu core dumped.


Version-Release number of selected component (if applicable):
qemu-kvm-4.0.0-5.module+el8.1.0+3622+5812d9bf
kernel-4.18.0-112.el8.x86_64

How reproducible:
always

Steps to Reproduce:
1. Start qemu process 
# /usr/libexec/qemu-kvm -m 1G,maxmem=20G,slots=256 -monitor stdio

2. Hotplug memory to slot '-2'
(qemu) object_add memory-backend-ram,id=mem1,size=1G
(qemu) device_add pc-dimm,id=dimm1,memdev=mem1,slot=-2


Actual results:
(qemu) object_add memory-backend-ram,id=mem1,size=1G
(qemu) device_add pc-dimm,id=dimm1,memdev=mem1,slot=-2
Bus error (core dumped)


Expected results:
QEMU should print some error message instead of core dump. 

Additional info:
Backtrace:
(gdb) bt
#0  0x000055608482ad17 in test_bit (addr=<optimized out>, nr=<optimized out>)
    at /usr/src/debug/qemu-kvm-4.0.0-5.module+el8.1.0+3622+5812d9bf.x86_64/include/qemu/bitops.h:134
#1  0x000055608482ad17 in pc_dimm_get_free_slot (errp=0x7ffd86fde7f0, max_slots=256, hint=<optimized out>)
    at hw/mem/pc-dimm.c:110
#2  0x000055608482ad17 in pc_dimm_pre_plug
    (dimm=0x556086f63160, machine=machine@entry=0x556086b70c00, legacy_align=legacy_align@entry=0x0, errp=errp@entry=0x7ffd86fde8c0) at hw/mem/pc-dimm.c:40
#3  0x0000556084720c30 in pc_memory_pre_plug
    (errp=0x7ffd86fde8c0, dev=0x556086f63160, hotplug_dev=<optimized out>)
    at /usr/src/debug/qemu-kvm-4.0.0-5.module+el8.1.0+3622+5812d9bf.x86_64/hw/i386/pc.c:2748
#4  0x0000556084720c30 in pc_machine_device_pre_plug_cb
    (hotplug_dev=<optimized out>, dev=0x556086f63160, errp=0x7ffd86fde8c0)
    at /usr/src/debug/qemu-kvm-4.0.0-5.module+el8.1.0+3622+5812d9bf.x86_64/hw/i386/pc.c:3045
#5  0x00005560847e4cf6 in device_set_realized
    (obj=<optimized out>, value=<optimized out>, errp=0x7ffd86fde9e8) at hw/core/qdev.c:827
#6  0x00005560848e3a5b in property_set_bool
    (obj=0x556086f63160, v=<optimized out>, name=<optimized out>, opaque=0x556087063020, errp=0x7ffd86fde9e8) at qom/object.c:2074
#7  0x00005560848e7f53 in object_property_set_qobject
    (obj=0x556086f63160, value=<optimized out>, name=0x556084a95e9d "realized", errp=0x7ffd86fde9e8)
    at qom/qom-qobject.c:27
#8  0x00005560848e57c9 in object_property_set_bool
    (obj=0x556086f63160, value=<optimized out>, name=0x556084a95e9d "realized", errp=0x7ffd86fde9e8)
    at qom/object.c:1332
#9  0x00005560847a2e74 in qdev_device_add (opts=opts@entry=0x556086c799b0, errp=errp@entry=0x7ffd86fdeac0)
    at qdev-monitor.c:642
#10 0x00005560847a335b in qmp_device_add
    (qdict=<optimized out>, ret_data=ret_data@entry=0x0, errp=errp@entry=0x7ffd86fdeaf0)
    at qdev-monitor.c:822
#11 0x00005560847ae77d in hmp_device_add (mon=<optimized out>, qdict=<optimized out>) at hmp.c:2169
#12 0x00005560846abdb9 in handle_hmp_command (mon=mon@entry=0x556086b70400, cmdline=<optimized out>, 
    cmdline@entry=0x556086be8c00 " device_add pc-dimm,id=dimm1,memdev=mem1,slot=-2")
    at /usr/src/debug/qemu-kvm-4.0.0-5.module+el8.1.0+3622+5812d9bf.x86_64/monitor.c:3458
--Type <RET> for more, q to quit, c to continue without paging-- c
#13 0x00005560846ad330 in monitor_command_cb (opaque=0x556086b70400, cmdline=0x556086be8c00 " device_add pc-dimm,id=dimm1,memdev=mem1,slot=-2", readline_opaque=<optimized out>) at /usr/src/debug/qemu-kvm-4.0.0-5.module+el8.1.0+3622+5812d9bf.x86_64/monitor.c:4319
#14 0x00005560849c5ee5 in readline_handle_byte (rs=0x556086be8c00, ch=<optimized out>) at util/readline.c:393
#15 0x00005560846abeb9 in monitor_read (opaque=<optimized out>, buf=<optimized out>, size=<optimized out>) at /usr/src/debug/qemu-kvm-4.0.0-5.module+el8.1.0+3622+5812d9bf.x86_64/monitor.c:4302
#16 0x000055608494cccd in fd_chr_read (chan=0x556086bc3da0, cond=<optimized out>, opaque=<optimized out>) at chardev/char-fd.c:66
#17 0x00007f5497aab67d in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#18 0x00005560849b1ec8 in glib_pollfds_poll () at util/main-loop.c:213
#19 0x00005560849b1ec8 in os_host_main_loop_wait (timeout=<optimized out>) at util/main-loop.c:236
#20 0x00005560849b1ec8 in main_loop_wait (nonblocking=<optimized out>) at util/main-loop.c:512
#21 0x00005560847a6839 in main_loop () at vl.c:1988
#22 0x000055608465b328 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4642

Comment 1 Yumei Huang 2019-07-17 06:55:44 UTC

Strangely, QEMU would take 'slot=-1' as slot 0.

#  /usr/libexec/qemu-kvm -m 1G,maxmem=20G,slots=256 -monitor stdio -numa node
(qemu) object_add memory-backend-ram,id=mem1,size=1G
(qemu) device_add pc-dimm,id=dimm1,memdev=mem1,slot=-1
(qemu) info memory-devices 
Memory device [dimm]: "dimm1"
  addr: 0x100000000
  slot: 0
  node: 0
  size: 1073741824
  memdev: /objects/mem1
  hotplugged: true
  hotpluggable: true

Comment 4 Ademar Reis 2020-02-05 23:00:50 UTC

QEMU has been recently split into sub-components and as a one-time operation to avoid breakage of tools, we are setting the QEMU sub-component of this BZ to "General". Please review and change the sub-component if necessary the next time you review this BZ. Thanks

Comment 7 RHEL Program Management 2021-03-15 07:37:34 UTC

After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.

Comment 8 Yumei Huang 2021-03-19 03:48:40 UTC

It's not reproducible with qemu-kvm-5.2.0-13.module+el8.4.0+10397+65cef07b. Instead of core dump, an error message is printed.

# /usr/libexec/qemu-kvm -m 1G,maxmem=20G,slots=256 -monitor stdio
(qemu) object_add memory-backend-ram,id=mem1,size=1G
(qemu)  device_add pc-dimm,id=dimm1,memdev=mem1,slot=-2
Error: invalid slot number -2, valid range is [0-255]

So change Resolution to CURRENTRELEASE.

Note You need to log in before you can comment on or make changes to this bug.