Bug 1013300

Summary: Guest coredump while boot guest with " MALLOC_PERTURB_=234 ....--vnc :10,acl,sasl -vga qxl"
Product: Red Hat Enterprise Linux 6 Reporter: langfang <flang>
Component: qemu-kvmAssignee: Gerd Hoffmann <kraxel>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.5CC: areis, bsarathy, flang, juzhang, mazhang, mkenneth, qiguo, qzhang, rbalakri, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qemu-kvm-0.12.1.2-2.419.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-10-14 06:51:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
guest boot up log
none
qemu log none

Description langfang 2013-09-29 07:23:38 UTC 
Description of problem:

Guest coredump while boot guest with " MALLOC_PERTURB_=234 ....-vnc :10,acl,sasl-vga qxl"

Version-Release number of selected component (if applicable):
# uname -r
2.6.32-420.el6.x86_64
# rpm -q qemu-kvm
qemu-kvm-0.12.1.2-2.406.el6.x86_64
# rpm -q seabios
seabios-0.6.1.2-28.el6.x86_64

How reproducible:

100%

Steps to Reproduce:
1.Boot guest with" MALLOC_PERTURB_=234 ....-vnc :10,acl,sasl -vga qxl"

#MALLOC_PERTURB_=234 /usr/libexec/qemu-kvm -M rhel6.5.0 -cpu Penryn -m 4G -smp 2,sockets=2,cores=2,threads=1 -enable-kvm -usb -device usb-tablet,id=input0 -name RHEL-Server-6.5-64 -uuid `uuidgen` -rtc base=localtime,clock=host,driftfix=slew  -drive file=/home/RHEL-Server-6.5-64.qcow2,format=qcow2,if=none,id=drive-ide0-0-0,werror=stop,rerror=stop,cache=none  -device virtio-blk-pci,scsi=off,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=0 -netdev tap,id=hostnet0,vhost=on,script=/etc/qemu-ifup -device virtio-net-pci,netdev=hostnet0,id=virtio-net-pci0,mac=92:31:61:E0:31:26,bus=pci.0,addr=0x6,bootindex=1 -vnc :10,acl,sasl -vga qxl -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -serial unix:/tmp/ttyS0,server,nowait -qmp tcp:0:4444,server,nowait -monitor stdio -device virtio-balloon-pci,bus=pci.0,id=balloon0 -drive file=/home/RHEL6.5-20130925.2-Server-x86_64-DVD1.iso,if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw -device ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0

2.After guest boot up ,then coredump


Actual results:

(qemu) id 0, group 0, virt start 0, virt end ffffffffffffffff, generation 0, delta 0
id 1, group 1, virt start 7f1d27c00000, virt end 7f1d2bbfe000, generation 0, delta 7f1d27c00000
id 2, group 1, virt start 7f1d23a00000, virt end 7f1d27a00000, generation 0, delta 7f1d23a00000
(/usr/libexec/qemu-kvm:29456): Spice-CRITICAL **: red_memslots.c:123:get_virt: slot_id 21 too big, addr=1515151515151515
Thread 10 (Thread 0x7f1e3c349700 (LWP 29465)):
#0  0x00007f1e4458198e in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f1e44c8c0c7 in cond_timedwait (unused=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/posix-aio-compat.c:102
#2  aio_thread (unused=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/posix-aio-compat.c:329
#3  0x00007f1e4457d9d1 in start_thread () from /lib64/libpthread.so.0
#4  0x00007f1e41bceb3d in clone () from /lib64/libc.so.6
Thread 9 (Thread 0x7f1e3b747700 (LWP 29467)):
#0  0x00007f1e41bc6b07 in ioctl () from /lib64/libc.so.6
#1  0x00007f1e44c69c0a in kvm_run (env=0x7f1e460d07b0) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1015
#2  0x00007f1e44c6a0c9 in kvm_cpu_exec (env=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1744
#3  0x00007f1e44c6afad in kvm_main_loop_cpu (_env=0x7f1e460d07b0) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2005
#4  ap_main_loop (_env=0x7f1e460d07b0) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2061
#5  0x00007f1e4457d9d1 in start_thread () from /lib64/libpthread.so.0
#6  0x00007f1e41bceb3d in clone () from /lib64/libc.so.6
Thread 8 (Thread 0x7f1e3ad46700 (LWP 29468)):
#0  0x00007f1e41bc6b07 in ioctl () from /lib64/libc.so.6
#1  0x00007f1e44c69c0a in kvm_run (env=0x7f1e460ea010) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1015
#2  0x00007f1e44c6a0c9 in kvm_cpu_exec (env=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1744
#3  0x00007f1e44c6afad in kvm_main_loop_cpu (_env=0x7f1e460ea010) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2005
#4  ap_main_loop (_env=0x7f1e460ea010) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2061
#5  0x00007f1e4457d9d1 in start_thread () from /lib64/libpthread.so.0
#6  0x00007f1e41bceb3d in clone () from /lib64/libc.so.6
Thread 7 (Thread 0x7f1d237f6700 (LWP 29475)):
#0  0x00007f1e4458475d in read () from /lib64/libpthread.so.0
#1  0x00007f1e42372740 in ?? () from /usr/lib64/libspice-server.so.1
#2  0x00007f1e4237a870 in ?? () from /usr/lib64/libspice-server.so.1
#3  0x00007f1e4237a9aa in ?? () from /usr/lib64/libspice-server.so.1
#4  0x00007f1e42338100 in ?? () from /usr/lib64/libspice-server.so.1
#5  0x00007f1e423413ba in ?? () from /usr/lib64/libspice-server.so.1
#6  0x00007f1e42335607 in ?? () from /usr/lib64/libspice-server.so.1
#7  0x00007f1e42351226 in ?? () from /usr/lib64/libspice-server.so.1
#8  0x00007f1e4457d9d1 in start_thread () from /lib64/libpthread.so.0
#9  0x00007f1e41bceb3d in clone () from /lib64/libc.so.6
Thread 6 (Thread 0x7f1d22df5700 (LWP 29491)):
#0  0x00007f1e4458198e in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f1e44c8c0c7 in cond_timedwait (unused=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/posix-aio-compat.c:102
#2  aio_thread (unused=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/posix-aio-compat.c:329
#3  0x00007f1e4457d9d1 in start_thread () from /lib64/libpthread.so.0
#4  0x00007f1e41bceb3d in clone () from /lib64/libc.so.6
Thread 5 (Thread 0x7f1d223f4700 (LWP 29506)):
#0  0x00007f1e4458198e in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f1e44c8c0c7 in cond_timedwait (unused=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/posix-aio-compat.c:102
#2  aio_thread (unused=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/posix-aio-compat.c:329
#3  0x00007f1e4457d9d1 in start_thread () from /lib64/libpthread.so.0
#4  0x00007f1e41bceb3d in clone () from /lib64/libc.so.6
Thread 4 (Thread 0x7f1d219f3700 (LWP 29507)):
#0  0x00007f1e4458198e in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f1e44c8c0c7 in cond_timedwait (unused=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/posix-aio-compat.c:102
#2  aio_thread (unused=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/posix-aio-compat.c:329
#3  0x00007f1e4457d9d1 in start_thread () from /lib64/libpthread.so.0
#4  0x00007f1e41bceb3d in clone () from /lib64/libc.so.6

...
Aborted

Expected results:

Guest should work well

Additional info:
1)If change to "-vga std " or "-vga cirrue" work well,not hit coredump

2)If boot guest without " MALLOC_PERTURB_=234",guest work well

3)The entire log of boot guest and qemu log ,please see attachment
Comment 1 langfang 2013-09-29 07:29:34 UTC 
Created attachment 804627 [details]
guest boot up log
Comment 2 langfang 2013-09-29 07:30:25 UTC 
Created attachment 804628 [details]
qemu log
Comment 4 Gerd Hoffmann 2013-10-02 10:02:40 UTC 
Upstream commit 329f97fc4ff4b533fcd2d8f4eab6c9c2568aed27
Simple enough fix that we can do it for 6.5.
Comment 6 Gerd Hoffmann 2013-10-02 10:17:37 UTC 
patch posted.
Comment 10 mazhang 2014-06-23 02:24:05 UTC 
Reproduced this bug.

Host:
qemu-kvm-debuginfo-0.12.1.2-2.402.el6.x86_64
gpxe-roms-qemu-0.9.7-6.10.el6.noarch
qemu-kvm-0.12.1.2-2.402.el6.x86_64
qemu-img-0.12.1.2-2.402.el6.x86_64
qemu-kvm-tools-0.12.1.2-2.402.el6.x86_64
kernel-2.6.32-477.el6.x86_64

Guest:
RHEL6.5-64
kernel-2.6.32-431.el6.x86_64

Steps:
1. boot guest with follow command line:
MALLOC_PERTURB_=234 /usr/libexec/qemu-kvm \
-M pc \
-cpu SandyBridge \
-m 4G \
-smp 4,sockets=2,cores=2,threads=1,maxcpus=160 \
-enable-kvm \
-name rhel6.6 \
-uuid 990ea161-6b67-47b2-b803-19fb01d30d12 \
-smbios type=1,manufacturer='Red Hat',product='RHEV Hypervisor',version=el6,serial=koTUXQrb,uuid=feebc8fd-f8b0-4e75-abc3-e63fcdb67170 \
-k en-us \
-rtc base=localtime,clock=host,driftfix=slew \
-nodefaults \
-monitor stdio \
-qmp tcp:0:6666,server,nowait \
-boot menu=on,strict=on \
-bios /usr/share/seabios/bios.bin \
-chardev socket,id=seabios,path=/tmp/seabios,server,nowait \
-device isa-debugcon,chardev=seabios,iobase=0x402 \
-monitor unix:/tmp/guest-sock,server,nowait \
-drive file=/home/rhel6.5-64-backup.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,werror=stop,rerror=stop,aio=threads \
-device virtio-blk-pci,scsi=off,bus=pci.0,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 \
-vnc :10,acl,sasl \
-vga qxl \


Result:
Qemu-kvm aborted.
(qemu) id 0, group 0, virt start 0, virt end ffffffffffffffff, generation 0, delta 0
id 1, group 1, virt start 7f9ba3c00000, virt end 7f9ba7bfe000, generation 0, delta 7f9ba3c00000
id 2, group 1, virt start 7f9b9fa00000, virt end 7f9ba3a00000, generation 0, delta 7f9b9fa00000
(/usr/libexec/qemu-kvm:12261): Spice-CRITICAL **: red_memslots.c:123:get_virt: slot_id 21 too big, addr=1515151515151515
Thread 14 (Thread 0x7f9cc169c700 (LWP 12266)):
#0  0x00007f9cc98fc98e in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f9cca006cd7 in cond_timedwait (unused=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/posix-aio-compat.c:102
#2  aio_thread (unused=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/posix-aio-compat.c:329
#3  0x00007f9cc98f89d1 in start_thread () from /lib64/libpthread.so.0
#4  0x00007f9cc6f3bb6d in clone () from /lib64/libc.so.6
Thread 13 (Thread 0x7f9cc0a9a700 (LWP 12267)):
#0  0x00007f9cc6f33b37 in ioctl () from /lib64/libc.so.6
#1  0x00007f9cc9fe497a in kvm_run (env=0x7f9ccc0ad630) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1015
#2  0x00007f9cc9fe4e39 in kvm_cpu_exec (env=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1744
#3  0x00007f9cc9fe5d1d in kvm_main_loop_cpu (_env=0x7f9ccc0ad630) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2005
#4  ap_main_loop (_env=0x7f9ccc0ad630) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2061
#5  0x00007f9cc98f89d1 in start_thread () from /lib64/libpthread.so.0
#6  0x00007f9cc6f3bb6d in clone () from /lib64/libc.so.6
Thread 12 (Thread 0x7f9cbbfff700 (LWP 12268)):
#0  0x00007f9cc6f33b37 in ioctl () from /lib64/libc.so.6
#1  0x00007f9cc9fe497a in kvm_run (env=0x7f9ccc0c7010) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1015
#2  0x00007f9cc9fe4e39 in kvm_cpu_exec (env=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1744
#3  0x00007f9cc9fe5d1d in kvm_main_loop_cpu (_env=0x7f9ccc0c7010) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2005
#4  ap_main_loop (_env=0x7f9ccc0c7010) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2061
#5  0x00007f9cc98f89d1 in start_thread () from /lib64/libpthread.so.0
#6  0x00007f9cc6f3bb6d in clone () from /lib64/libc.so.6
Thread 11 (Thread 0x7f9cbb5fe700 (LWP 12269)):
#0  0x00007f9cc6f33b37 in ioctl () from /lib64/libc.so.6
#1  0x00007f9cc9fe497a in kvm_run (env=0x7f9ccc0d4ee0) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1015
#2  0x00007f9cc9fe4e39 in kvm_cpu_exec (env=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1744
#3  0x00007f9cc9fe5d1d in kvm_main_loop_cpu (_env=0x7f9ccc0d4ee0) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2005
#4  ap_main_loop (_env=0x7f9ccc0d4ee0) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2061
#5  0x00007f9cc98f89d1 in start_thread () from /lib64/libpthread.so.0
#6  0x00007f9cc6f3bb6d in clone () from /lib64/libc.so.6
Thread 10 (Thread 0x7f9cbabfd700 (LWP 12270)):
#0  0x00007f9cc6f33b37 in ioctl () from /lib64/libc.so.6
#1  0x00007f9cc9fe497a in kvm_run (env=0x7f9ccc0e2db0) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1015
#2  0x00007f9cc9fe4e39 in kvm_cpu_exec (env=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1744
#3  0x00007f9cc9fe5d1d in kvm_main_loop_cpu (_env=0x7f9ccc0e2db0) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2005
#4  ap_main_loop (_env=0x7f9ccc0e2db0) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2061
#5  0x00007f9cc98f89d1 in start_thread () from /lib64/libpthread.so.0
#6  0x00007f9cc6f3bb6d in clone () from /lib64/libc.so.6
Thread 9 (Thread 0x7f9b9f688700 (LWP 12271)):
#0  0x00007f9cc98ff75d in read () from /lib64/libpthread.so.0
#1  0x00007f9cc76df930 in ?? () from /usr/lib64/libspice-server.so.1
#2  0x00007f9cc76e7a60 in ?? () from /usr/lib64/libspice-server.so.1
#3  0x00007f9cc76e7b9a in ?? () from /usr/lib64/libspice-server.so.1
#4  0x00007f9cc76a5270 in ?? () from /usr/lib64/libspice-server.so.1
#5  0x00007f9cc76ae52a in ?? () from /usr/lib64/libspice-server.so.1
#6  0x00007f9cc76a2777 in ?? () from /usr/lib64/libspice-server.so.1
#7  0x00007f9cc76be396 in ?? () from /usr/lib64/libspice-server.so.1
#8  0x00007f9cc98f89d1 in start_thread () from /lib64/libpthread.so.0
#9  0x00007f9cc6f3bb6d in clone () from /lib64/libc.so.6
Thread 8 (Thread 0x7f9b9ec87700 (LWP 12272)):
#0  0x00007f9cc98fc98e in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f9cca006cd7 in cond_timedwait (unused=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/posix-aio-compat.c:102
#2  aio_thread (unused=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/posix-aio-compat.c:329
#3  0x00007f9cc98f89d1 in start_thread () from /lib64/libpthread.so.0
#4  0x00007f9cc6f3bb6d in clone () from /lib64/libc.so.6
Thread 7 (Thread 0x7f9b9e286700 (LWP 12273)):
#0  0x00007f9cc98fc98e in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f9cca006cd7 in cond_timedwait (unused=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/posix-aio-compat.c:102
#2  aio_thread (unused=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/posix-aio-compat.c:329
#3  0x00007f9cc98f89d1 in start_thread () from /lib64/libpthread.so.0
#4  0x00007f9cc6f3bb6d in clone () from /lib64/libc.so.6
Thread 6 (Thread 0x7f9b9d885700 (LWP 12274)):
#0  0x00007f9cc98fc98e in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f9cca006cd7 in cond_timedwait (unused=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/posix-aio-compat.c:102
#2  aio_thread (unused=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/posix-aio-compat.c:329
#3  0x00007f9cc98f89d1 in start_thread () from /lib64/libpthread.so.0
#4  0x00007f9cc6f3bb6d in clone () from /lib64/libc.so.6
Thread 5 (Thread 0x7f9b9ce84700 (LWP 12284)):
#0  0x00007f9cc98fc98e in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f9cca006cd7 in cond_timedwait (unused=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/posix-aio-compat.c:102
#2  aio_thread (unused=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/posix-aio-compat.c:329
#3  0x00007f9cc98f89d1 in start_thread () from /lib64/libpthread.so.0
#4  0x00007f9cc6f3bb6d in clone () from /lib64/libc.so.6
Thread 4 (Thread 0x7f9b97fff700 (LWP 12285)):
#0  0x00007f9cc98fc98e in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f9cca006cd7 in cond_timedwait (unused=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/posix-aio-compat.c:102
#2  aio_thread (unused=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/posix-aio-compat.c:329
#3  0x00007f9cc98f89d1 in start_thread () from /lib64/libpthread.so.0
#4  0x00007f9cc6f3bb6d in clone () from /lib64/libc.so.6
Thread 3 (Thread 0x7f9b975fe700 (LWP 12286)):
#0  0x00007f9cc98fc98e in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f9cca006cd7 in cond_timedwait (unused=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/posix-aio-compat.c:102
#2  aio_thread (unused=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/posix-aio-compat.c:329
#3  0x00007f9cc98f89d1 in start_thread () from /lib64/libpthread.so.0
#4  0x00007f9cc6f3bb6d in clone () from /lib64/libc.so.6
Thread 2 (Thread 0x7f9b96bfd700 (LWP 12287)):
#0  0x00007f9cc98fc98e in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007f9cca006cd7 in cond_timedwait (unused=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/posix-aio-compat.c:102
#2  aio_thread (unused=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/posix-aio-compat.c:329
#3  0x00007f9cc98f89d1 in start_thread () from /lib64/libpthread.so.0
#4  0x00007f9cc6f3bb6d in clone () from /lib64/libc.so.6
Thread 1 (Thread 0x7f9cc9f0d980 (LWP 12261)):
#0  0x00007f9cc6f345e3 in select () from /lib64/libc.so.6
#1  0x00007f9cc9fbff28 in main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4046
#2  0x00007f9cc9fe2eba in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2245
#3  0x00007f9cc9fc2e79 in main_loop (argc=43, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4266
#4  main (argc=43, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6644
cmd.sh: line 24: 12261 Aborted                 (core dumped) MALLOC_PERTURB_=234 /usr/libexec/qemu-kvm -M pc -cpu SandyBridge -m 4G -smp 4,sockets=2,cores=2,threads=1,maxcpus=160 -enable-kvm -name rhel6.6 -uuid 990ea161-6b67-47b2-b803-19fb01d30d12 -smbios type=1,manufacturer='Red Hat',product='RHEV Hypervisor',version=el6,serial=koTUXQrb,uuid=feebc8fd-f8b0-4e75-abc3-e63fcdb67170 -k en-us -rtc base=localtime,clock=host,driftfix=slew -nodefaults -monitor stdio -qmp tcp:0:6666,server,nowait -boot menu=on,strict=on -bios /usr/share/seabios/bios.bin -chardev socket,id=seabios,path=/tmp/seabios,server,nowait -device isa-debugcon,chardev=seabios,iobase=0x402 -monitor unix:/tmp/guest-sock,server,nowait -drive file=/home/rhel6.5-64-backup.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,werror=stop,rerror=stop,aio=threads -device virtio-blk-pci,scsi=off,bus=pci.0,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 -vnc :10,acl,sasl -vga qxl
Comment 11 mazhang 2014-06-23 06:00:31 UTC 
Verified this bug on qemu-kvm-0.12.1.2-2.428.el6.x86_64.

Host:
qemu-kvm-tools-0.12.1.2-2.428.el6.x86_64
gpxe-roms-qemu-0.9.7-6.10.el6.noarch
qemu-kvm-0.12.1.2-2.428.el6.x86_64
qemu-img-0.12.1.2-2.428.el6.x86_64
qemu-kvm-debuginfo-0.12.1.2-2.428.el6.x86_64
kernel-2.6.32-477.el6.x86_64

Guest:
RHEL6.5-64
kernel-2.6.32-431.el6.x86_64

Result:
Qemu-kvm works well, not found core dumped.
Comment 12 errata-xmlrpc 2014-10-14 06:51:45 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-1490.html