Bug 1021324

Summary: qemu-kvm core dump when run system_reset via monitor(after two times of S3 inside guest)
Product: Red Hat Enterprise Linux 7 Reporter: Jun Li <juli>
Component: qemu-kvmAssignee: Gerd Hoffmann <kraxel>
Status: CLOSED WONTFIX QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: amit.shah, hhuang, juli, juzhang, knoel, kraxel, michen, qzhang, rbalakri, rmainz, virt-bugs, virt-maint, xfu
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-04 05:34:31 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 923626    

Comment 2 Gerd Hoffmann 2013-11-05 10:34:06 UTC 
Doesn't reproduce, using qemu-kvm-1.5.3-12.el7.x86_64.
Fixed meanwhile?  Can you retest please?
Comment 3 Jun Li 2013-11-06 05:09:54 UTC 
(In reply to Gerd Hoffmann from comment #2)
> Doesn't reproduce, using qemu-kvm-1.5.3-12.el7.x86_64.
> Fixed meanwhile?  Can you retest please?

This issue is very small probability of encounter. 
Try 8 times, but hit this issue only one time. 
Version:
qemu-kvm-1.5.3-13.el7.x86_64
3.10.0-41.el7.x86_64


<cli>:
# gdb --args /usr/libexec/qemu-kvm -M q35 -cpu SandyBridge -enable-kvm -m 4G -smp 4,sockets=2,cores=2,threads=1 -name juli -uuid 355a2475-4e03-4cdd-bf7b-5d6a59edaa61 -rtc base=localtime,clock=host,driftfix=slew -device pci-bridge,bus=pcie.0,id=bridge1,chassis_nr=1,addr=0x3 -drive file=/mnt/rhel7base.qcow2_v3,if=none,id=drive-system-disk,cache=writeback -device virtio-scsi-pci,id=scsi0,ioeventfd=off -device scsi-hd,bus=scsi0.0,drive=drive-system-disk,id=disk,bootindex=0,physical_block_size=4096,logical_block_size=512  -device virtio-balloon-pci,id=ballooning -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -netdev tap,id=hostnet0,vhost=on,queues=4,script=/etc/qemu-ifup -device virtio-net-pci,mq=on,vectors=17,netdev=hostnet0,id=virtio-net-pci0,mac=24:be:05:14:0d:82,addr=0x17,bootindex=2 -k en-us -boot menu=on,reboot-timeout=-1,strict=on -qmp tcp:0:4445,server,nowait -serial unix:/tmp/ttyS0,server,nowait -vnc :3 -spice port=5932,disable-ticketing -vga qxl -monitor stdio -monitor tcp:0:7445,server,nowait -monitor unix:/tmp/monitor1,server,nowait -drive file=/home/usb-a-a.img,if=none,id=storage1,media=disk,cache=none,format=raw -usb -device usb-storage,drive=storage1 -drive file=/home/usb-a-b.img,if=none,id=storage2,media=disk,cache=none,format=raw -usb -device usb-storage,drive=storage2 -drive file=/home/cdrom1.iso,if=none,media=cdrom,format=raw,id=drive-ide1-0-0 -device ide-drive,drive=drive-ide1-0-0,id=ide1-0-0,bus=ide.0,unit=0 -fda /home/usb-e-c.img -drive file=/home/usb-e-g.img,if=none,id=drive-fdc0-0-0,readonly=on,format=raw -global isa-fdc.driveB=drive-fdc0-0-0
-----

(qemu) qemu-kvm: /builddir/build/BUILD/qemu-1.5.3/hw/display/qxl.c:1114: qxl_check_state: Assertion `!spice_display_running || ((&ram->cmd_ring)->cons == (&ram->cmd_ring)->prod)' failed.
Program received signal SIGABRT, Aborted.
Missing separate debuginfos, use: debuginfo-install alsa-lib-1.0.27.2-1.el7.x86_64 celt051-0.5.1.3-6.el7.x86_64 cyrus-sasl-lib-2.1.26-12.1.el7.x86_64 cyrus-sasl-md5-2.1.26-12.1.el7.x86_64 cyrus-sasl-plain-2.1.26-12.1.el7.x86_64 cyrus-sasl-scram-2.1.26-12.1.el7.x86_64 dbus-libs-1.6.12-5.el7.x86_64 flac-libs-1.3.0-2.el7.x86_64 glib2-2.36.3-2.el7.x86_64 glibc-2.17-33.el7.x86_64 gmp-5.1.1-2.el7.x86_64 gnutls-3.1.13-1.el7.x86_64 gsm-1.0.13-9.el7.x86_64 json-c-0.11-1.el7.x86_64 keyutils-libs-1.5.8-1.el7.x86_64 krb5-libs-1.11.3-23.el7.x86_64 libICE-1.0.8-5.el7.x86_64 libSM-1.2.1-5.el7.x86_64 libX11-1.6.0-1.el7.x86_64 libXau-1.0.8-1.el7.x86_64 libXext-1.3.2-1.el7.x86_64 libXi-1.7.2-1.el7.x86_64 libXtst-1.2.2-1.el7.x86_64 libaio-0.3.109-9.el7.x86_64 libasyncns-0.8-5.el7.x86_64 libattr-2.4.46-10.el7.x86_64 libcap-2.22-6.el7.x86_64 libcom_err-1.42.8-2.el7.x86_64 libdb-5.3.21-11.el7.x86_64 libgcc-4.8.1-11.el7.x86_64 libgcrypt-1.5.3-1.el7.x86_64 libgpg-error-1.12-1.el7.x86_64 libjpeg-turbo-1.2.90-2.el7.x86_64 libogg-1.3.0-5.el7.x86_64 libpng-1.5.13-2.el7.x86_64 libseccomp-2.1.0-0.el7.x86_64 libselinux-2.1.13-21.el7.x86_64 libsndfile-1.0.25-7.el7.x86_64 libtasn1-3.3-1.el7.x86_64 libusbx-1.0.15-2.el7.x86_64 libuuid-2.23.2-6.el7.x86_64 libvorbis-1.3.3-4.el7.x86_64 libxcb-1.9-3.el7.x86_64 nettle-2.6-2.el7.x86_64 nspr-4.10-3.el7.x86_64 nss-3.15.1-3.el7.x86_64 nss-softokn-freebl-3.15.1-2.el7.x86_64 nss-util-3.15.1-2.el7.x86_64 openssl-libs-1.0.1e-21.el7.x86_64 p11-kit-0.18.5-1.el7.x86_64 pcre-8.32-7.el7.x86_64 pixman-0.30.0-1.el7.x86_64 pulseaudio-libs-3.0-10.el7.x86_64 spice-server-0.12.4-2.el7.x86_64 tcp_wrappers-libs-7.6-75.el7.x86_64 usbredir-0.6-5.el7.x86_64 zlib-1.2.7-10.el7.x86_64
---Type <return> to continue, or q <return> to quit---
0x00007ffff30db999 in raise () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ffff30db999 in raise () from /lib64/libc.so.6
#1  0x00007ffff30dd0a8 in abort () from /lib64/libc.so.6
#2  0x00007ffff30d4906 in __assert_fail_base () from /lib64/libc.so.6
#3  0x00007ffff30d49b2 in __assert_fail () from /lib64/libc.so.6
#4  0x000055555579048d in qxl_check_state (d=<optimized out>)
    at /usr/src/debug/qemu-1.5.3/hw/display/qxl.c:1114
#5  0x0000555555790d95 in qxl_reset_state (d=d@entry=0x55555678c070)
    at /usr/src/debug/qemu-1.5.3/hw/display/qxl.c:1122
#6  0x00005555557920cb in qxl_hard_reset (d=0x55555678c070, loadvm=0)
    at /usr/src/debug/qemu-1.5.3/hw/display/qxl.c:1159
#7  0x0000555555679e19 in qdev_reset_one (dev=dev@entry=0x55555678c070, 
    opaque=opaque@entry=0x0) at hw/core/qdev.c:227
#8  0x0000555555679510 in qdev_walk_children (dev=dev@entry=0x55555678c070, 
    devfn=devfn@entry=0x555555679e00 <qdev_reset_one>, 
    busfn=busfn@entry=0x555555677e00 <qbus_reset_one>, opaque=opaque@entry=0x0)
    at hw/core/qdev.c:376
#9  0x00005555556795ad in qdev_reset_all (dev=dev@entry=0x55555678c070)
    at hw/core/qdev.c:243
#10 0x00005555556bb0dd in pci_device_reset (dev=0x55555678c070)
    at hw/pci/pci.c:180
#11 0x00005555556bb292 in pci_bus_reset (bus=0x555556713bc0)
    at hw/pci/pci.c:226
#12 0x00005555556bb2d9 in pcibus_reset (qbus=<optimized out>)
---Type <return> to continue, or q <return> to quit---
    at hw/pci/pci.c:233
#13 0x00005555556795f0 in qbus_walk_children (bus=bus@entry=0x555556713bc0, 
    devfn=devfn@entry=0x555555679e00 <qdev_reset_one>, 
    busfn=busfn@entry=0x555555677e00 <qbus_reset_one>, opaque=opaque@entry=0x0)
    at hw/core/qdev.c:353
#14 0x000055555567953a in qdev_walk_children (dev=<optimized out>, 
    devfn=devfn@entry=0x555555679e00 <qdev_reset_one>, 
    busfn=busfn@entry=0x555555677e00 <qbus_reset_one>, opaque=opaque@entry=0x0)
    at hw/core/qdev.c:383
#15 0x000055555567961a in qbus_walk_children (bus=<optimized out>, 
    devfn=0x555555679e00 <qdev_reset_one>, 
    busfn=0x555555677e00 <qbus_reset_one>, opaque=0x0) at hw/core/qdev.c:360
#16 0x00005555557680dd in qemu_devices_reset () at vl.c:1809
#17 qemu_system_reset (report=report@entry=true) at vl.c:1818
#18 0x00005555555fe8d4 in main_loop_should_exit () at vl.c:1952
#19 main_loop () at vl.c:1990
#20 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>)
    at vl.c:4340
------------------
Maybe could use a shell script to reproduce this issue. If you can not reproduce this issue, I will give a shell script or maybe you can use my machine. Thank you.

Best Regards,
Jun Li
Comment 5 Gerd Hoffmann 2014-02-04 13:26:31 UTC 
Maybe dup of bug 1003819.
Comment 7 Gerd Hoffmann 2014-09-02 11:09:05 UTC 
(In reply to Gerd Hoffmann from comment #5)
> Maybe dup of bug 1003819.

Which in turn is probably a dup of bz1054077

Can you test this scratch build please?
http://brewweb.devel.redhat.com/brew/taskinfo?taskID=7903456
Comment 8 Jun Li 2014-09-03 03:26:48 UTC 
(In reply to Gerd Hoffmann from comment #7)
> (In reply to Gerd Hoffmann from comment #5)
> > Maybe dup of bug 1003819.
> 
> Which in turn is probably a dup of bz1054077
> 
> Can you test this scratch build please?
> http://brewweb.devel.redhat.com/brew/taskinfo?taskID=7903456

Hi Gerd,

  When I retest this issue with build(http://brewweb.devel.redhat.com/brew/taskinfo?taskID=7903456), hit can not resume from s3(do s3 on first time).

  I also search the related bugs:

Bug 949900 - fail to do S3/S4 under Q35 machine type in rhel7 
Bug 929029 - rhel7 guest s3 wake up automatically with q35 

  Above two bugs are all in NEW status. As above bugs, this bz has been blocked.

Best Regards,
Jun Li


Version of components:
Guest kernel:
3.10.0-145.el7.x86_64
Host kernel:
3.10.0-148.el7.x86_64
qemu-kvm:
qemu-kvm-1.5.3-69.el7.bz1054077.1.x86_64

CLI:
gdb --args /usr/libexec/qemu-kvm -M q35 -cpu SandyBridge -enable-kvm -m 4G -smp 4,sockets=2,cores=2,threads=1 -name juli -uuid 355a2475-4e03-4cdd-bf7b-5d6a59edaa61 -rtc base=localtime,clock=host,driftfix=slew -device pci-bridge,bus=pcie.0,id=bridge1,chassis_nr=1,addr=0x3 -drive file=/home/rhel7_1.qcow2,if=none,id=drive-system-disk,cache=writeback,snapshot=on -device virtio-scsi-pci,id=scsi0,ioeventfd=off -device virtio-blk-pci,bus=pcie.0,drive=drive-system-disk,id=disk,bootindex=0,physical_block_size=4096,logical_block_size=512  -device virtio-balloon-pci,id=ballooning -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -netdev tap,id=hostnet0,vhost=on,queues=4,script=/etc/qemu-ifup -device virtio-net-pci,mq=on,vectors=17,netdev=hostnet0,id=virtio-net-pci0,mac=24:be:05:14:0d:82,addr=0x17,bootindex=2 -k en-us -boot menu=on,reboot-timeout=-1,strict=on -qmp tcp:0:4445,server,nowait -serial unix:/tmp/ttyS0,server,nowait -vnc :3 -spice port=5932,disable-ticketing -vga qxl -monitor stdio -monitor tcp:0:7445,server,nowait -monitor unix:/tmp/monitor1,server,nowait -drive file=/home/juli/usb-a-a.img,if=none,id=storage1,media=disk,cache=none,format=raw -usb -device usb-storage,drive=storage1 -drive file=/home/juli/usb-a-b.img,if=none,id=storage2,media=disk,cache=none,format=raw -usb -device usb-storage,drive=storage2 -drive file=/home/juli/cdrom1.iso,if=none,media=cdrom,format=raw,id=drive-ide1-0-0 -device ide-drive,drive=drive-ide1-0-0,id=ide1-0-0,bus=ide.0,unit=0 -fda /home/juli/usb-e-c.img -drive file=/home/juli/usb-e-g.img,if=none,id=drive-fdc0-0-0,readonly=on,format=raw -global isa-fdc.driveB=drive-fdc0-0-0
Comment 9 Gerd Hoffmann 2014-10-27 09:50:11 UTC 
please retest with build qemu-kvm-1.5.3-71.el7 (or newer), which fixes bug bz1054077
Comment 10 juzhang 2014-10-28 00:49:50 UTC 
(In reply to Gerd Hoffmann from comment #9)
> please retest with build qemu-kvm-1.5.3-71.el7 (or newer), which fixes bug
> bz1054077

Hi Juli,

Could you retest it?

Best Regards,
Junyi
Comment 11 Jun Li 2014-10-28 09:56:24 UTC 
(In reply to juzhang from comment #10)
> (In reply to Gerd Hoffmann from comment #9)
> > please retest with build qemu-kvm-1.5.3-71.el7 (or newer), which fixes bug
> > bz1054077
> 
> Hi Juli,
> 
> Could you retest it?
> 
> Best Regards,
> Junyi

Version of components:
qemu-kvm-1.5.3-75.el7.x86_64

When do s3 inside guest, guest can not resume from s3, so this is blocked.

Also the following bz are still in NEW status. 
Bug 949900 - fail to do S3/S4 under Q35 machine type in rhel7 
Bug 929029 - rhel7 guest s3 wake up automatically with q35 

As above show, this bz will be verified at least after above two bz are fixed.