Bug 1153951

Summary: Qemu core dumped when guest reboot through guest-agent command [via isa-serial].
Product: Red Hat Enterprise Linux 7 Reporter: Yang Xue <yaxue>
Component: qemu-kvm-rhevAssignee: Gerd Hoffmann <kraxel>
Status: CLOSED ERRATA QA Contact: Xueqiang Wei <xuwei>
Severity: low Docs Contact:
Priority: low    
Version: 7.1CC: chayang, coli, hhuang, huding, jen, juzhang, knoel, michen, mrezanin, ngu, shuang, virt-bugs, virt-maint, weliao, xfu, xiagao, xuhan, xutian, ypu
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: qemu-2.5.0 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-07 20:15:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Yang Xue 2014-10-17 07:53:42 UTC 
Description of problem:
When try to guest-reboot through guest-agent command during the moment that the screen is adjusting the resolution ,qemu-kvm core dumpd.

Version-Release number of selected component (if applicable):
Host machine :AMD
Host kernel:kernel-3.10.0-187.el7.x86_64
Qemu-kvm-rhev:qemu-kvm-rhev-2.1.2-3.el7.x86_64
spice-glib-0.22-2.el7.x86_64
spice-server-0.12.4-7.el7.x86_64


How reproducible:
<10%

Steps to Reproduce:
1.Install rhel6.6 guest with following command.
/bin/qemu-kvm \
    -S  \
    -name 'virt-tests-vm1'  \
    -sandbox off  \
    -M pc  \
    -nodefaults  \
    -vga qxl  \
    -global qxl-vga.vram_size=33554432  \
    -chardev socket,id=qmp_id_qmpmonitor1,path=/tmp/monitor-qmpmonitor1-20141015-171359-5DnBKPzm,server,nowait \
    -mon chardev=qmp_id_qmpmonitor1,mode=control  \
    -chardev socket,id=serial_id_serial0,path=/tmp/serial-serial0-20141015-171359-5DnBKPzm,server,nowait \
    -device isa-serial,chardev=serial_id_serial0  \
    -chardev socket,id=serial_id_org.qemu.guest_agent.0,path=/tmp/serial-org.qemu.guest_agent.0-20141015-171359-5DnBKPzm,server,nowait \
    -device isa-serial,chardev=serial_id_org.qemu.guest_agent.0  \
    -chardev socket,id=seabioslog_id_20141015-171359-5DnBKPzm,path=/tmp/seabios-20141015-171359-5DnBKPzm,server,nowait \
    -device isa-debugcon,chardev=seabioslog_id_20141015-171359-5DnBKPzm,iobase=0x402 \
    -device ich9-usb-uhci1,id=usb1,bus=pci.0,addr=03 \
    -drive id=drive_image1,if=none,cache=none,snapshot=off,aio=native,file=/dev/sdb \
    -device virtio-blk-pci,id=image1,drive=drive_image1,bootindex=0,bus=pci.0,addr=04 \
    -device virtio-net-pci,mac=9a:a7:a8:a9:aa:ab,id=idFKpPah,vectors=4,netdev=idZAZMUM,bus=pci.0,addr=05  \
    -netdev tap,id=idZAZMUM,vhost=on,vhostfd=25,fd=21  \
    -m 16384  \
    -smp 8,cores=4,threads=1,sockets=2  \
    -cpu 'Opteron_G3',+kvm_pv_unhalt \
    -device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1  \
    -spice port=3000,password=123456,addr=0,image-compression=auto_glz,zlib-glz-wan-compression=auto,streaming-video=all,agent-mouse=on,playback-compression=on,ipv4  \
    -rtc base=utc,clock=host,driftfix=slew  \
    -boot order=cdn,once=c,menu=off  \
    -no-kvm-pit-reinjection \
    -enable-kvm
2.(guest) login guest and install 'qemu-guest-agent' package
  rpm -q qemu-guest-agent || yum install -y qemu-guest-agent
3.(guest)Try to start 'qemu-guest-agent'
  pgrep qemu-ga || qemu-ga -d -m isa-serial -p /dev/ttyS1
4.Reboot guest with guest-agent command
  (host)  nc  -U /tmp/serial-org.qemu.guest_agent.0-20141015-171359-5DnBKPzm
   {"execute": "guest-sync", "arguments": {"id": 8891}}
   {"execute": "guest-info"}
   {"execute": "guest-ping"}
   {"execute": "guest-info"}
   {"execute": "guest-shutdown", "arguments": {"mode": "reboot"}}
   

Actual results:
qemu-kvm coredumped after execute  guest-agent command  '{"execute":
"guest-shutdown", "arguments": {"mode": "reboot"}'

Expected results:
guest reboot suceessful and qemu-kvm not codedump.

Additional info:
(gdb) bt
#0  0x00007f30d7b65028 in __memcmp_sse2 () from /usr/lib64/libc.so.6
#1  0x00007f30de3a8019 in qemu_spice_create_update (ssd=0x7f30df67efb8) at ui/spice-display.c:228
#2  qemu_spice_display_refresh (ssd=0x7f30df67efb8) at ui/spice-display.c:464
#3  0x00007f30de3a0012 in dpy_refresh (s=0x7f30df6696f0) at ui/console.c:1454
#4  gui_update (opaque=0x7f30df6696f0) at ui/console.c:195
#5  0x00007f30de3ccdd9 in timerlist_run_timers (timer_list=0x7f30df566b10) at qemu-timer.c:491
#6  0x00007f30de3ccf50 in qemu_clock_run_timers (type=<optimized out>) at qemu-timer.c:502
#7  qemu_clock_run_all_timers () at qemu-timer.c:608
#8  0x00007f30de3cbe7c in main_loop_wait (nonblocking=<optimized out>) at main-loop.c:490
#9  0x00007f30de1af77e in main_loop () at vl.c:2010
#10 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4552

see more infos in attachment (include cpuinfo and serial port log. full
backtrace)
Comment 2 Gerd Hoffmann 2014-10-27 09:24:19 UTC 
More than 50 reboots by now, didn't reproduce locally yet.

Any specific reason you use isa-serial instead of virtio for the agent?
Does this also happen when using virtio?
Do you have a spice client connected while running the test?
Comment 3 Yang Xue 2014-10-27 11:28:53 UTC 
(In reply to Gerd Hoffmann from comment #2)
> More than 50 reboots by now, didn't reproduce locally yet.
> 
> Any specific reason you use isa-serial instead of virtio for the agent?
> Does this also happen when using virtio?
> Do you have a spice client connected while running the test?

Hi Gerd Hoffmann,
I have tried with virtio for the agent and did not hit this problem.
BTW ,there is no spice client connected while running the test.
Comment 7 Xu Tian 2015-09-01 08:25:51 UTC 
(In reply to Yang Xue from comment #3)
> (In reply to Gerd Hoffmann from comment #2)
> > More than 50 reboots by now, didn't reproduce locally yet.
> > 
> > Any specific reason you use isa-serial instead of virtio for the agent?
> > Does this also happen when using virtio?
> > Do you have a spice client connected while running the test?
> 
> Hi Gerd Hoffmann,
> I have tried with virtio for the agent and did not hit this problem.
> BTW ,there is no spice client connected while running the test.

We have another qmp monitor and we loop execute screendump command in the qmp monitor.

thanks,
Xu
Comment 9 Gerd Hoffmann 2016-04-19 13:28:31 UTC 
Can you retest with a qemu 2.5.0 build and see whenever it still happens?
There have been a few spice display fixes meanwhile ...
Comment 10 juzhang 2016-04-19 13:49:16 UTC 
(In reply to Gerd Hoffmann from comment #9)
> Can you retest with a qemu 2.5.0 build and see whenever it still happens?
> There have been a few spice display fixes meanwhile ...

Hi Wei,

Could you reply it?

Best Regards,
Junyi
Comment 11 weliao 2016-04-20 07:20:41 UTC 
QE retested use the same command with below versions:
Host:AMD
3.10.0-327.3.1.el7.x86_64
spice-server-0.12.4-15.el7.x86_64
qemu-kvm-rhev-2.5.0-4.el7.x86_64.rpm/qemu-kvm-rhev-2.1.2-23.el7.x86_64.rpm/qemu-kvm-rhev-2.3.0-31.el7.x86_64.rpm


Guest:
2.6.32-615.el6.x86_64
qemu-guest-agent-0.12.1.2-2.488.el6.x86_64

Three qemu-kvm-rhev versions of each test 20 times,Can't reproduce this issue.
Comment 13 Xueqiang Wei 2016-08-16 09:36:40 UTC 
retested with below versions 20 times, can't reproduce this issue.

Host:
kernel-3.10.0-461.el7.x86_64
spice-server-0.12.4-18.el7.x86_64
qemu-kvm-rhev-2.6.0-12.el7


Guest:
kernel-3.10.0-442.el7.x86_64
qemu-guest-agent-2.5.0-2.el7.x86_64
Comment 14 Xueqiang Wei 2016-08-19 06:42:25 UTC 
according to Comment 11 and Comment 13, change to verified.
Comment 16 errata-xmlrpc 2016-11-07 20:15:58 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2673.html