(gdb) bt
#0 0x00003fffb24beff0 in raise () at /lib64/libc.so.6
#1 0x00003fffb24c136c in abort () at /lib64/libc.so.6
#2 0x00003fffb2bcaa04 in g_assertion_message () at /lib64/libglib-2.0.so.0
#3 0x00003fffb2bcab0c in g_assertion_message_expr () at /lib64/libglib-2.0.so.0
#4 0x00000000101b85a0 in spapr_drc_detach (drc=0x2fc31220) at
/home/nasastry/qemu/hw/ppc/spapr_drc.c:417
#5 0x00000000101972e0 in spapr_memory_unplug_request (hotplug_dev=0x2faa60b0,
dev=0x2fb8fb10, errp=0x3fffe92bfa90) at /home/nasastry/qemu/hw/ppc/spapr.c:3084
#6 0x000000001019856c in spapr_machine_device_unplug_request
(hotplug_dev=0x2faa60b0, dev=0x2fb8fb10, errp=0x3fffe92bfa90)
at /home/nasastry/qemu/hw/ppc/spapr.c:3354
#7 0x00000000104461a8 in hotplug_handler_unplug_request
(plug_handler=0x2faa60b0, plugged_dev=0x2fb8fb10, errp=0x3fffe92bfa90) at
hw/core/hotplug.c:45
#8 0x000000001036e15c in qdev_unplug (dev=0x2fb8fb10, errp=0x3fffe92bfa90) at
qdev-monitor.c:878
#9 0x000000001036e1e4 in qmp_device_del (id=0x2fab2880 "dimm0",
errp=0x3fffe92bfa90) at qdev-monitor.c:888
#10 0x000000001038975c in qmp_marshal_device_del (args=0x30658db0,
ret=0x3fffe92bfb50, errp=0x3fffe92bfb48) at qmp-marshal.c:1462
#11 0x000000001081fd98 in do_qmp_dispatch (cmds=0x10c0e078 <qmp_commands>,
request=0x3093ebf0, errp=0x3fffe92bfbc0) at qapi/qmp-dispatch.c:104
#12 0x000000001081ff84 in qmp_dispatch (cmds=0x10c0e078 <qmp_commands>,
request=0x3093ebf0) at qapi/qmp-dispatch.c:131
#13 0x00000000100983dc in handle_qmp_command (parser=0x2fae1e80,
tokens=0x2faa44e0) at /home/nasastry/qemu/monitor.c:3852
#14 0x000000001082aef0 in json_message_process_token (lexer=0x2fae1e88,
input=0x2faa2420, type=JSON_RCURLY, x=70, y=374) at qobject/json-streamer.c:105
#15 0x000000001086d5d0 in json_lexer_feed_char (lexer=0x2fae1e88, ch=125 '}',
flush=false) at qobject/json-lexer.c:323
#16 0x000000001086d7c4 in json_lexer_feed (lexer=0x2fae1e88,
buffer=0x3fffe92bff88 "}", size=1) at qobject/json-lexer.c:373
#17 0x000000001082b004 in json_message_parser_feed (parser=0x2fae1e80,
buffer=0x3fffe92bff88 "}", size=1) at qobject/json-streamer.c:124
#18 0x000000001009863c in monitor_qmp_read (opaque=0x2fae1df0,
buf=0x3fffe92bff88 "}", size=1) at /home/nasastry/qemu/monitor.c:3894
#19 0x000000001078e3c8 in qemu_chr_be_write_impl (s=0x2fab36b0,
buf=0x3fffe92bff88 "}", len=1) at chardev/char.c:167
#20 0x000000001078e484 in qemu_chr_be_write (s=0x2fab36b0, buf=0x3fffe92bff88
"}", len=1) at chardev/char.c:179
#21 0x000000001079a910 in tcp_chr_read (chan=0x2fbfbbc0, cond=G_IO_IN,
opaque=0x2fab36b0) at chardev/char-socket.c:441
#22 0x00000000107be3d4 in qio_channel_fd_source_dispatch (source=0x2fab4770,
callback=0x1079a760 <tcp_chr_read>, user_data=0x2fab36b0) at
io/channel-watch.c:84
#23 0x00003fffb2b93ab0 in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#24 0x0000000010837e9c in glib_pollfds_poll () at util/main-loop.c:213
#25 0x0000000010838064 in os_host_main_loop_wait (timeout=-1) at
util/main-loop.c:261
#26 0x000000001083818c in main_loop_wait (nonblocking=0) at util/main-loop.c:515
#27 0x00000000103771c4 in main_loop () at vl.c:1999
#28 0x0000000010381828 in main (argc=54, argv=0x3fffe92c1988,
envp=0x3fffe92c1b40) at vl.c:4877
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1718118
Title:
qemu crashes with hw/ppc/spapr_drc.c:417:spapr_drc_detach: assertion
failed: (drc->dev)
Status in QEMU:
New
Bug description:
Qemu crashes with error "hw/ppc/spapr_drc.c:417:spapr_drc_detach:
assertion failed: (drc->dev)" when memory hotplug and hotunplug was
done continuously.
Steps to re-produce:
1. git clone (today's i.e 19th Sept)
2. Bring up ppc64le guest with memory hotplug capabilities ( I used libvirt
xml to do this).
3. And do continuous memory hotplug and unplug using the following memory xml
(mem_hp_8g.xml)
<memory model='dimm'>
<target>
<size unit='KiB'>8388608</size>
<node>1</node>
</target>
</memory>
4. Run the following
for i in `seq 1 100`; do virsh attach-device nrs mem_hp_8g.xml --live; virsh
detach-device nrs mem_hp_8g.xml --live; done
5. Guest will crash
6. Following is from qemu log
LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
QEMU_AUDIO_DRV=none /usr/local/bin/qemu-system-ppc64 -name
guest=nrs,debug-threads=on -S -object
secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-19-nrs/master-key.aes
-machine pseries-2.10,accel=kvm,usb=off,dump-guest-core=off -m
size=8388608k,slots=256,maxmem=419430400k -realtime mlock=off -smp
4,sockets=4,cores=1,threads=1 -numa node,nodeid=0,cpus=0-1,mem=4096 -numa
node,nodeid=1,cpus=2-3,mem=4096 -uuid d7987973-2467-43ff-b8d2-acefc6ac59e5
-display none -no-user-config -nodefaults -chardev
socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-19-nrs/monitor.sock,server,nowait
-mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown
-boot strict=on -device qemu-xhci,id=usb,bus=pci.0,addr=0x3 -device
virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x2 -drive
file=/home/nasastry/pegas-1.0-ppc64le.qcow2,format=qcow2,if=none,id=drive-scsi0-0-0-0
-device
scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,drive=drive-scsi0-0-0-0,id=scsi0-0-0-0,bootindex=1
-netdev tap,fd=28,id=hostnet0,vhost=on,vhostfd=30 -device
virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:89:8a:8b,bus=pci.0,addr=0x1
-chardev pty,id=charserial0 -device
spapr-vty,chardev=charserial0,reg=0x30000000 -device
virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x4 -s -msg timestamp=on
2017-09-19 06:59:07.878+0000: Domain id=19 is tainted: custom-argv
2017-09-19T06:59:07.918273Z qemu-system-ppc64: -chardev pty,id=charserial0:
char device redirected to /dev/pts/5 (label charserial0)
**
ERROR:/home/nasastry/qemu/hw/ppc/spapr_drc.c:417:spapr_drc_detach: assertion
failed: (drc->dev)
2017-09-19 06:59:51.428+0000: shutting down, reason=crashed
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1718118/+subscriptions
