What were you trying to do that didn't work?

hotplug-unplug scsi-hd disks, it can not get a response with QMP command device_add sometimes




Please provide the package NVR for which bug is seen:
5.14.0-392.el9.x86_64
qemu-kvm-8.1.0-5.el9.x86_64
seabios-bin-1.16.1-1.el9.noarch
edk2-ovmf-20230524-4.el9_3.noarch
libvirt-9.5.0-7.el9_3.x86_64
virtio-win-prewhql-0.1-240.iso


How reproducible:
30%

Steps to reproduce

1.boot VM
/usr/libexec/qemu-kvm \
     -name 'avocado-vt-vm1'  \
     -sandbox on \
     -machine pc,memory-backend=mem-machine_mem  \
     -nodefaults \
     -device '{"driver": "VGA", "bus": "pci.0", "addr": "0x2"}' \
     -m 30720 \
     -object '{"size": 32212254720, "id": "mem-machine_mem", "qom-type": "memory-backend-ram"}'  \
     -smp 10,maxcpus=10,cores=5,threads=1,dies=1,sockets=2  \
     -cpu 'Cascadelake-Server-noTSX',+kvm_pv_unhalt \
     -device '{"driver": "ich9-usb-ehci1", "id": "usb1", "addr": "0x1d.0x7", "multifunction": true, "bus": "pci.0"}' \
     -device '{"driver": "ich9-usb-uhci1", "id": "usb1.0", "multifunction": true, "masterbus": "usb1.0", "addr": "0x1d.0x0", "firstport": 0, "bus": "pci.0"}' \
     -device '{"driver": "ich9-usb-uhci2", "id": "usb1.1", "multifunction": true, "masterbus": "usb1.0", "addr": "0x1d.0x2", "firstport": 2, "bus": "pci.0"}' \
     -device '{"driver": "ich9-usb-uhci3", "id": "usb1.2", "multifunction": true, "masterbus": "usb1.0", "addr": "0x1d.0x4", "firstport": 4, "bus": "pci.0"}' \
     -device '{"driver": "usb-tablet", "id": "usb-tablet1", "bus": "usb1.0", "port": "1"}' \
     -object '{"qom-type": "iothread", "id": "iothread0"}' \
     -object '{"qom-type": "iothread", "id": "iothread1"}' \
     -device '{"id": "virtio_scsi_pci0", "driver": "virtio-scsi-pci", "bus": "pci.0", "addr": "0x3", "iothread": "iothread0"}' \
     -blockdev '{"node-name": "file_image1", "driver": "file", "auto-read-only": true, "discard": "unmap", "aio": "threads", "filename": "/home/kvm_autotest_root/images/rhel940-64-virtio-scsi.qcow2", "cache": {"direct": true, "no-flush": false}}' \
     -blockdev '{"node-name": "drive_image1", "driver": "qcow2", "read-only": false, "cache": {"direct": true, "no-flush": false}, "file": "file_image1"}' \
     -device '{"driver": "scsi-hd", "id": "image1", "drive": "drive_image1", "write-cache": "on"}' \
     -blockdev '{"node-name": "file_stg0", "driver": "file", "auto-read-only": true, "discard": "unmap", "aio": "threads", "filename": "/home/kvm_autotest_root/images/stg0.qcow2", "cache": {"direct": true, "no-flush": false}}' \
     -blockdev '{"node-name": "drive_stg0", "driver": "qcow2", "read-only": false, "cache": {"direct": true, "no-flush": false}, "file": "file_stg0"}' \
     -device '{"driver": "scsi-hd", "id": "stg0", "bus": "virtio_scsi_pci0.0", "drive": "drive_stg0", "write-cache": "on", "lun": 1}' \
     -blockdev '{"node-name": "file_stg1", "driver": "file", "auto-read-only": true, "discard": "unmap", "aio": "threads", "filename": "/home/kvm_autotest_root/images/stg1.qcow2", "cache": {"direct": true, "no-flush": false}}' \
     -blockdev '{"node-name": "drive_stg1", "driver": "qcow2", "read-only": false, "cache": {"direct": true, "no-flush": false}, "file": "file_stg1"}' \
     -device '{"driver": "scsi-hd", "id": "stg1", "bus": "virtio_scsi_pci0.0", "drive": "drive_stg1", "write-cache": "on", "lun": 2}' \
     -blockdev '{"node-name": "file_stg2", "driver": "file", "auto-read-only": true, "discard": "unmap", "aio": "threads", "filename": "/home/kvm_autotest_root/images/stg2.qcow2", "cache": {"direct": true, "no-flush": false}}' \
     -blockdev '{"node-name": "drive_stg2", "driver": "qcow2", "read-only": false, "cache": {"direct": true, "no-flush": false}, "file": "file_stg2"}' \
     -device '{"driver": "scsi-hd", "id": "stg2", "bus": "virtio_scsi_pci0.0", "drive": "drive_stg2", "write-cache": "on", "lun": 3}' \
     -device '{"driver": "virtio-net-pci", "mac": "9a:5a:d5:32:3c:d8", "id": "idJqhx7Y", "netdev": "idF9pl3j", "bus": "pci.0", "addr": "0x4"}' \
     -netdev  '{"id": "idF9pl3j", "type": "tap", "vhost": true}'  \
     -vnc :5 \
     -monitor stdio \
     -qmp tcp:0:5955,server=on,wait=off \
     -boot menu=on,reboot-timeout=1000,strict=off \
     \
     -chardev socket,id=socket-serial,path=/var/tmp/socket-serial,logfile=/var/tmp/file-serial.log,mux=on,server=on,wait=off \
     -serial chardev:socket-serial \
     -chardev file,path=/var/tmp/file-bios.log,id=file-bios \
     -device isa-debugcon,chardev=file-bios,iobase=0x402 \
     \
     -device '{"id": "pcie_extra_root_port_0", "driver": "pcie-root-port", "multifunction": true, "bus": "pci.0", "addr": "0x5", "chassis": 1}' \
     -device '{"id": "pcie_extra_root_port_1", "driver": "pcie-root-port", "addr": "0x5.0x1", "bus": "pci.0", "chassis": 2}' \
     -device '{"id": "pcie_extra_root_port_2", "driver": "pcie-root-port", "addr": "0x5.0x2", "bus": "pci.0", "chassis": 3}'


2. run sg_luns in guest
trap 'kill $(jobs -p)' EXIT SIGINT

for i in `seq 0 32` ; do
  while true ; do
    sg_luns /dev/sdb > /dev/null 2>&1
  done &
done
echo "wait"
wait


3.unplug disk
  {"execute": "device_del", "arguments": {"id": "stg1"}, "id": "KkcEdLYt"}
  {"execute": "device_del", "arguments": {"id": "stg2"}, "id": "qCg9dZ5m"}


4. hotplug disk again
   {"execute": "device_add", "arguments": {"driver": "scsi-hd", "id": "stg1", "bus": "virtio_scsi_pci0.0", "drive": "drive_stg1", "write-cache": "on", "lun": 2}, "id": "OVcCOxy5"}
    {"execute": "device_add", "arguments": {"driver": "scsi-hd", "id": "stg2", "bus": "virtio_scsi_pci0.0", "drive": "drive_stg2", "write-cache": "on", "lun": 3}, "id": "VJvH9y0O"}

5. repeat steps 3-4 3000 times

Expected results
login guest succeed

Actual results
guest can not login or can not get a response on the device_add command

BT:
(gdb) bt
#0  0x00007f2ca843ee5d in syscall () at /lib64/libc.so.6
#1  0x000055bcb6145d4f in qemu_futex_wait (f=<optimized out>, val=<optimized out>)
    at /usr/src/debug/qemu-kvm-8.1.0-5.el9.x86_64/include/qemu/futex.h:29
#2  qemu_event_wait (ev=0x7f2ca7528f70) at ../util/qemu-thread-posix.c:464
#3  0x000055bcb6153702 in drain_call_rcu () at ../util/rcu.c:364
#4  0x000055bcb5c90888 in qmp_device_add
    (qdict=<optimized out>, ret_data=<optimized out>, errp=<optimized out>)
    at ../softmmu/qdev-monitor.c:866
#5  0x000055bcb6134ebf in do_qmp_dispatch_bh (opaque=0x7f2ca5c24fa8) at ../qapi/qmp-dispatch.c:128
#6  0x000055bcb615d1c1 in aio_bh_call (bh=0x7f2504004e00) at ../util/async.c:169
#7  aio_bh_poll (ctx=0x55bcb70f2e30) at ../util/async.c:216
#8  0x000055bcb6140dd4 in aio_dispatch (ctx=0x55bcb70f2e30) at ../util/aio-posix.c:423
#9  0x000055bcb615e60f in aio_ctx_dispatch
    (source=0x7f2ca7528f70, callback=0x0, user_data=<optimized out>) at ../util/async.c:358
#10 0x00007f2ca8946f4f in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#11 0x000055bcb615f56e in glib_pollfds_poll () at ../util/main-loop.c:290
#12 os_host_main_loop_wait (timeout=<optimized out>) at ../util/main-loop.c:313
#13 main_loop_wait (nonblocking=<optimized out>) at ../util/main-loop.c:592
#14 0x000055bcb5c97637 in qemu_main_loop () at ../softmmu/runstate.c:732
#15 0x000055bcb5ae2cba in qemu_default_main () at ../softmmu/main.c:37
#16 0x00007f2ca843feb0 in __libc_start_call_main () at /lib64/libc.so.6
#17 0x00007f2ca843ff60 in __libc_start_main_impl () at /lib64/libc.so.6
#18 0x000055bcb5ae23d5 in _start ()


It does not hit the issue on
Red Hat Enterprise Linux release 9.3 (Plow)
5.14.0-362.13.1.el9_3.x86_64
qemu-kvm-8.0.0-16.el9_3.1.x86_64
seabios-bin-1.16.1-1.el9.noarch
edk2-ovmf-20230524-4.el9_3.noarch
libvirt-9.5.0-7.el9_3.x86_64
virtio-win-prewhql-0.1-240.iso