Bug 1095612
| Summary: | Machine type rhel6.0.0 & -vga qxl & vnc cause qemu-kvm core dump | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | FuXiangChun <xfu> | |
| Component: | qemu-kvm | Assignee: | Gerd Hoffmann <kraxel> | |
| Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> | |
| Severity: | high | Docs Contact: | ||
| Priority: | high | |||
| Version: | 6.6 | CC: | bsarathy, chayang, djasa, huding, jen, juzhang, kraxel, lmiksik, mazhang, michen, mkenneth, qzhang, rbalakri, shu, virt-maint | |
| Target Milestone: | rc | |||
| Target Release: | --- | |||
| Hardware: | x86_64 | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | qemu-kvm-0.12.1-2.2.444.el6 | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1135372 (view as bug list) | Environment: | ||
| Last Closed: | 2014-10-14 06:58:39 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
upstream commit 788fbf042fc6d5aaeab56757e6dad622ac5f0c21 patches posted. Fix included in qemu-kvm-0.12.1.2-2.430.el6 [root@localhost ~]# rpm -q qemu-kvm qemu-kvm-0.12.1.2-2.429.el6.x86_64 [root@localhost ~]# /usr/libexec/qemu-kvm -M rhel6.0.0 -cpu SandyBridge -enable-kvm -m 4096 -realtime mlock=off -smp 4,sockets=2,cores=2,threads=1,maxcpus=160 -nodefconfig -nodefaults -monitor stdio -name test-all-qemu-kvm -drive file=nfs/RHEL-Server-6.6-64-virtio.qcow2,if=none,id=drive-scsi-disk,format=qcow2,cache=none,werror=stop,rerror=stop -device virtio-blk-pci,drive=drive-scsi-disk,id=disk -vnc :12 -vga qxl QEMU 0.12.1 monitor - type 'help' for more information (qemu) Segmentation fault (core dumped) Verified on qemu-kvm-0.12.1.2-2.430.el6.x86_64, no crash. During the bug re-verification work for rhel6.6, I still could reproduce the bug on the following version: kernel-2.6.32-498.el6.x86_64 qemu-kvm-rhev-0.12.1.2-2.441.el6.x86_64 spice-server-0.12.4-11.el6.x86_64 And also I tried the following version, all could reproduce the bug. qemu-kvm-rhev-0.12.1.2-2.428.el6.x86_64 qemu-kvm-rhev-0.12.1.2-2.430.el6.x86_64 Re-test with "-M rhel6.1.0", could not reproduce. The issue still happens on "-M rhel6.0.0". Command line: Same as comment 8. (gdb) r -M rhel6.0.0 -cpu SandyBridge -enable-kvm -m 4096 -realtime mlock=off -smp 4,sockets=2,cores=2,threads=1,maxcpus=160 -nodefconfig -nodefaults -monitor stdio -name test-all-qemu-kvm -drive file=/root/RHEL-Server-6.6-64-virtio.qcow2,if=none,id=drive-scsi-disk,format=qcow2,cache=none,werror=stop,rerror=stop -device virtio-blk-pci,drive=drive-scsi-disk,id=disk -vnc :12 -vga qxl Starting program: /usr/libexec/qemu-kvm -M rhel6.0.0 -cpu SandyBridge -enable-kvm -m 4096 -realtime mlock=off -smp 4,sockets=2,cores=2,threads=1,maxcpus=160 -nodefconfig -nodefaults -monitor stdio -name test-all-qemu-kvm -drive file=/root/RHEL-Server-6.6-64-virtio.qcow2,if=none,id=drive-scsi-disk,format=qcow2,cache=none,werror=stop,rerror=stop -device virtio-blk-pci,drive=drive-scsi-disk,id=disk -vnc :12 -vga qxl [Thread debugging using libthread_db enabled] [New Thread 0x7fffeeb6c700 (LWP 13540)] QEMU 0.12.1 monitor - type 'help' for more information (qemu) (qemu) (qemu) [New Thread 0x7ffecfbfd700 (LWP 13547)] (qemu) (qemu) Program received signal SIGSEGV, Segmentation fault. 0x00007ffff48ad9b7 in memcpy () from /lib64/libc.so.6 (gdb) bt #0 0x00007ffff48ad9b7 in memcpy () from /lib64/libc.so.6 #1 0x00007ffff7f6abac in qxl_blit (qxl=0x7ffff9c9d840) at /usr/include/bits/string3.h:52 #2 qxl_render_update_area_unlocked (qxl=0x7ffff9c9d840) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl-render.c:146 #3 0x00007ffff7f6adb8 in qxl_render_update_area_bh (opaque=0x7ffff9c9d840) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl-render.c:188 #4 0x00007ffff7de7101 in qemu_bh_poll () at /usr/src/debug/qemu-kvm-0.12.1.2/async.c:70 #5 0x00007ffff7daecb9 in main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4098 #6 0x00007ffff7dd24ea in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2258 #7 0x00007ffff7db3767 in main_loop (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4268 #8 main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6725 (gdb) According to comment 9, re-assign this bug. :( In the unfixed version qemu-kvm-rhev-0.12.1.2-2.428.el6.x86_64: Guest core dump at once after guest boot up. (Have not login guest) In the fixed or latest version: Guest core dump after login guest and wait for a few seconds. (I wait for about 5s ~ 10s). (gdb) up
#1 0x00007f437ce7a016 in memcpy (__len=16, __src=0x7f43183d3cb4, __dest=<optimized out>)
at /usr/include/bits/string3.h:51
51 return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
(gdb) up
#2 qxl_blit (rect=0x7f437e23b310, qxl=0x7f437e2299b0)
at /home/kraxel/rhel/7/qemu-kvm/hw/display/qxl-render.c:51
51 memcpy(dst, src, len);
(gdb) print *rect
$1 = {top = -7, left = 1069, bottom = 0, right = 1073}
We get dirty rectangles with negative values from spice-server. Oops.
Oops, patch screwed up. New one: http://patchwork.ozlabs.org/patch/384079/ Hi, Ademar and Gerd Thanks for replying this bug so quick. Do you think we still have a chance to include this fix in rhel6.6? Thanks, Qunfang (In reply to Qunfang Zhang from comment #15) > Hi, Ademar and Gerd > > Thanks for replying this bug so quick. Do you think we still have a chance > to include this fix in rhel6.6? > Yes, I think we should try it, at least fix the segfault in qemu-kvm (it's a small patch) Thanks for the reply. pull request sent, upstream commit id will most likely be 503b3b33feca818baa4459aba286e54a528e5567 patches posted. Fix included in qemu-kvm-0.12.1.2-2.443.el6 Fix included in qemu-kvm-0.12.1.2-2.444.el6 Reproduce this bug on qemu-kvm-0.12.1.2-2.429.el6.x86_64.
Host:
qemu-kvm-debuginfo-0.12.1.2-2.429.el6.x86_64
qemu-img-0.12.1.2-2.429.el6.x86_64
qemu-kvm-0.12.1.2-2.429.el6.x86_64
gpxe-roms-qemu-0.9.7-6.11.el6.noarch
qemu-kvm-tools-0.12.1.2-2.429.el6.x86_64
kernel-2.6.32-500.el6.x86_64
Guest:
RHEL-6.5 GA (RHEL6.6 guest can't reproduce this bug)
Cli:
/usr/libexec/qemu-kvm -M rhel6.0.0 -cpu SandyBridge -enable-kvm -m 4096 -realtime mlock=off -smp 4,sockets=2,cores=2,threads=1,maxcpus=160 -nodefconfig -nodefaults -monitor stdio -name test-all-qemu-kvm -drive file=/home/RHEL-Server-6.6-64-1.qcow2,if=none,id=drive-scsi-disk,format=qcow2,cache=none,werror=stop,rerror=stop -device ide-drive,drive=drive-scsi-disk,id=disk -vnc :0 -vga qxl
Result:
qemu-kvm segmentation fault.
#0 0x00007ffff489aa41 in memcpy () from /lib64/libc.so.6
#1 0x00007ffff7f6d532 in qxl_blit (qxl=0x7ffff9c9b840) at /usr/include/bits/string3.h:52
#2 qxl_render_update_area_unlocked (qxl=0x7ffff9c9b840) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl-render.c:144
#3 0x00007ffff7f6d6f8 in qxl_render_update_area_bh (opaque=0x7ffff9c9b840)
at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl-render.c:186
#4 0x00007ffff7df1f11 in qemu_bh_poll () at /usr/src/debug/qemu-kvm-0.12.1.2/async.c:70
#5 0x00007ffff7dba039 in main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4098
#6 0x00007ffff7ddd2fa in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2258
#7 0x00007ffff7dbccf0 in main_loop (argc=26, argv=<value optimized out>, envp=<value optimized out>)
at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4268
#8 main (argc=26, argv=<value optimized out>, envp=<value optimized out>)
at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6711
Verify this bug on qemu-kvm-0.12.1.2-2.444.el6.x86_64.
Host:
qemu-kvm-tools-0.12.1.2-2.444.el6.x86_64
qemu-img-0.12.1.2-2.444.el6.x86_64
qemu-kvm-0.12.1.2-2.444.el6.x86_64
gpxe-roms-qemu-0.9.7-6.11.el6.noarch
qemu-kvm-debuginfo-0.12.1.2-2.444.el6.x86_64
kernel-2.6.32-500.el6.x86_64
Guest:
RHEL-6.5 GA
Cli:
/usr/libexec/qemu-kvm -M rhel6.0.0 -cpu SandyBridge -enable-kvm -m 4096 -realtime mlock=off -smp 4,sockets=2,cores=2,threads=1,maxcpus=160 -nodefconfig -nodefaults -monitor stdio -name test-all-qemu-kvm -drive file=/home/RHEL-Server-6.6-64-1.qcow2,if=none,id=drive-scsi-disk,format=qcow2,cache=none,werror=stop,rerror=stop -device ide-drive,drive=drive-scsi-disk,id=disk -vnc :0 -vga qxl
Result:
1. Qemu-kvm works well.
2. Guest works well except mouse missing, (since qxl + vnc not support officially, so will not file bug).
So this bug has been fixed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-1490.html |
Description of problem: Boot RHEL6.5 guest with machine type rhel6.0.0 & -vga qxl & vnc. qemu-kvm core dump when guest load GUI(run level 5). Notes: 1.Machine type rhel6.1.0 ~ rhel6.5.0 don't hit this issue(rhel6.0.0 only). 2.runlevel 3 don't hit this bug(runlevel 5 only) 3.rhel6.0.0 & -vga qxl & spice don't this issue(rhel6.0.0 & -vga qxl & vnc only). Question: For windows guest. Fail to load qxl driver when booting guest with machine type rhel6.0.0. Are they the same issue? If not, Do QE need to file another bug to track it? Version-Release number of selected component (if applicable): kernel: 2.6.32-459.el6.x86_64 qemu-kvm qemu-kvm-0.12.1.2-2.424.el6.x86_64 How reproducible: 100% Steps to Reproduce: 1.Boot rhel6.5 guest /usr/libexec/qemu-kvm -M rhel6.0.0 -cpu SandyBridge -enable-kvm -m 4096 -realtime mlock=off -smp 4,sockets=2,cores=2,threads=1,maxcpus=160 -nodefconfig -nodefaults -monitor stdio -name test-all-qemu-kvm -drive file=/home/juli/RHEL-Server-6.5-64-virtio.qcow2,if=none,id=drive-scsi-disk,format=qcow2,cache=none,werror=stop,rerror=stop -device ide-drive,drive=drive-scsi-disk,id=disk -vnc :12 -vga qxl 2. 3. Actual results: (gdb) bt #0 0x00007ffff4ce9a31 in memcpy () from /lib64/libc.so.6 #1 0x00007ffff7f70bbb in qxl_blit (qxl=0x7ffff9c98840) at /usr/include/bits/string3.h:52 #2 qxl_render_update_area_unlocked (qxl=0x7ffff9c98840) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl-render.c:139 #3 0x00007ffff7f70e0b in qxl_render_update (qxl=0x7ffff9c98840) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl-render.c:161 #4 0x00007ffff7e78af4 in vnc_refresh (opaque=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vnc.c:2513 #5 0x00007ffff7e78e35 in vnc_init_timer (vd=0x7ffff9cd12a0, csock=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vnc.c:2544 #6 vnc_connect (vd=0x7ffff9cd12a0, csock=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vnc.c:2595 #7 0x00007ffff7e79626 in vnc_listen_read (opaque=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vnc.c:2611 #8 0x00007ffff7dc741b in main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4053 #9 0x00007ffff7dea44a in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2245 #10 0x00007ffff7dca2d9 in main_loop (argc=26, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4266 #11 main (argc=26, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6644 Expected results: Additional info: I tested qemu-kvm-0.12.1.2-2.424.el6.x86_64 and qemu-kvm-0.12.1.2-2.415.el6.x86_64. Both hit this issue. so may not be a regression bug.