Bug 1160503

Summary:	qemu core dumped when do stop/cont after resuming from S3 and reboot guest
Product:	Red Hat Enterprise Linux 7	Reporter:	Sibiao Luo <sluo>
Component:	qemu-kvm-rhev	Assignee:	Marcelo Tosatti <mtosatti>
Status:	CLOSED CANTFIX	QA Contact:	Virtualization Bugs <virt-bugs>
Severity:	medium	Docs Contact:
Priority:	medium
Version:	7.1	CC:	chayang, famz, hhuang, juzhang, kwolf, michen, pbonzini, qzhang, virt-maint, xfu
Target Milestone:	rc
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:
Clones:	1190558 (view as bug list)		Environment:
Last Closed:	2016-09-21 00:59:13 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	923626, 1190558

Description Sibiao Luo 2014-11-05 03:00:36 UTC

Description of problem:
use auto-test script launch a KVM guest with a IDE cdrom, do resuming from S3 and then reboot it, and do stop/cont, qemu will core dumped at that time.

Version-Release number of selected component (if applicable):
host info:
# uname -r && rpm -q qemu-kvm-rhev
3.10.0-183.el7.x86_64
qemu-kvm-rhev-2.1.2-5.el7.x86_64

How reproducible:
4/4

Steps to Reproduce:
1.use auto-test script launch a KVM guest with a IDE cdrom.

2.start suspend [echo mem > /sys/power/state]

3.sleep a while before resuming guest.

4.reboot guest and wait for guest to go down.

5.logging in after reboot.

6.sending command 'stop'/'cont'.

Actual results:
after step 5, it can logging to VM successfully.
...
11/04 18:42:47 DEBUG|    remote:0242| Login command: 'ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o PreferredAuthentications=password -p 22 root.9.195'

after step 6, qemu core dumped ater cont the VM.
...
11/04 18:42:50 DEBUG|qemu_monit:0267| (monitor qmpmonitor1) Sending command 'cont' 
11/04 18:42:50 DEBUG|qemu_monit:1373| Send command: {'execute': 'cont', 'id': 'dIAHimAR'}
11/04 18:42:50 INFO |   aexpect:0968| [qemu output] qemu-kvm: /builddir/build/BUILD/qemu-2.1.2/hw/i386/kvm/clock.c:69: kvmclock_current_nsec: Assertion `time.tsc_timestamp <= migration_tsc' failed.
11/04 18:43:14 WARNI|env_proces:1093| virt-tests-vm1 is not alive. Can not query the register status
11/04 18:44:43 ERROR|env_proces:0720| Could not receive data from monitor    ([Errno 104] Connection reset by peer)
11/04 18:44:43 INFO |   aexpect:0968| [qemu output] /tmp/aexpect/hWIRjcmZ/aexpect-TwK037.sh: line 1: 14824 Aborted                 (core dumped)
...

Expected results:
It should no any core dumped.

Additional info:
/bin/qemu-kvm \
    -S  \
    -name 'virt-tests-vm1'  \
    -sandbox off  \
    -M pc  \
    -nodefaults  \
    -vga cirrus  \
    -chardev socket,id=qmp_id_qmpmonitor1,path=/tmp/monitor-qmpmonitor1-20141104-183850-xv81uiU4,server,nowait \
    -mon chardev=qmp_id_qmpmonitor1,mode=control  \
    -chardev socket,id=serial_id_serial0,path=/tmp/serial-serial0-20141104-183850-xv81uiU4,server,nowait \
    -device isa-serial,chardev=serial_id_serial0  \
    -chardev socket,id=seabioslog_id_20141104-183850-xv81uiU4,path=/tmp/seabios-20141104-183850-xv81uiU4,server,nowait \
    -device isa-debugcon,chardev=seabioslog_id_20141104-183850-xv81uiU4,iobase=0x402 \
    -device ich9-usb-uhci1,id=usb1,bus=pci.0,addr=03 \
    -drive id=drive_image1,if=none,cache=none,snapshot=off,aio=native,file=/root/test/autotest-devel/client/tests/virt/shared/data/images/RHEL-Server-7.1-64-virtio.qcow2 \
    -device virtio-blk-pci,id=image1,drive=drive_image1,bootindex=0,bus=pci.0,addr=04 \
    -device virtio-net-pci,mac=9a:48:49:4a:4b:4c,id=iduD6fJo,vectors=4,netdev=idSwoouV,bus=pci.0,addr=05  \
    -netdev tap,id=idSwoouV,vhost=on,vhostfd=23,fd=22  \
    -m 4096  \
    -smp 4,cores=2,threads=1,sockets=2  \
    -cpu 'SandyBridge',+kvm_pv_unhalt \
    -drive id=drive_cd1,if=none,snapshot=off,aio=native,media=cdrom,file=/root/test/autotest-devel/client/tests/virt/shared/data/images/orig.iso \
    -device ide-cd,id=cd1,drive=drive_cd1,bootindex=1,bus=ide.0,unit=0 \
    -device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1  \
    -vnc :0  \
    -rtc base=utc,clock=host,driftfix=slew  \
    -boot order=cdn,once=c,menu=off  \
    -global PIIX4_PM.disable_s3=0 \
    -no-kvm-pit-reinjection \
    -enable-kvm

Comment 1 Sibiao Luo 2014-11-05 03:02:06 UTC

Core was generated by `/bin/qemu-kvm -S -name virt-tests-vm1 -sandbox off -M pc -nodefaults -vga cirru'.
Program terminated with signal 6, Aborted.
#0  0x00007faf49a71989 in raise () from /lib64/libc.so.6

(gdb) bt
#0  0x00007faf49a71989 in raise () from /lib64/libc.so.6
#1  0x00007faf49a73098 in abort () from /lib64/libc.so.6
#2  0x00007faf49a6a8f6 in __assert_fail_base () from /lib64/libc.so.6
#3  0x00007faf49a6a9a2 in __assert_fail () from /lib64/libc.so.6
#4  0x00007faf5019aa4d in kvmclock_current_nsec (s=0x7faf50e17140) at /usr/src/debug/qemu-2.1.2/hw/i386/kvm/clock.c:69
#5  kvmclock_vm_state_change (opaque=0x7faf50e17140, running=<optimized out>, state=<optimized out>)
    at /usr/src/debug/qemu-2.1.2/hw/i386/kvm/clock.c:92
#6  0x00007faf502301db in vm_state_notify (running=running@entry=1, state=state@entry=RUN_STATE_RUNNING) at vl.c:1713
#7  0x00007faf50230240 in vm_start () at vl.c:747
#8  0x00007faf5023fb49 in qmp_cont (errp=errp@entry=0x7fffd7c84fe0) at qmp.c:177
#9  0x00007faf5023b3b4 in qmp_marshal_input_cont (mon=<optimized out>, qdict=<optimized out>, ret=<optimized out>)
    at qmp-marshal.c:3025
#10 0x00007faf501530d7 in qmp_call_cmd (cmd=<optimized out>, params=0x7faf55d353c0, mon=0x7faf50e347a0)
    at /usr/src/debug/qemu-2.1.2/monitor.c:5038
#11 handle_qmp_command (parser=<optimized out>, tokens=<optimized out>) at /usr/src/debug/qemu-2.1.2/monitor.c:5104
#12 0x00007faf5038ab72 in json_message_process_token (lexer=0x7faf50e215f0, token=0x7faf524b1bf0, type=JSON_OPERATOR, 
    x=37, y=175) at qobject/json-streamer.c:87
#13 0x00007faf5039c92f in json_lexer_feed_char (lexer=lexer@entry=0x7faf50e215f0, ch=<optimized out>, 
    flush=flush@entry=false) at qobject/json-lexer.c:303
#14 0x00007faf5039c9fe in json_lexer_feed (lexer=0x7faf50e215f0, buffer=<optimized out>, size=<optimized out>)
    at qobject/json-lexer.c:356
#15 0x00007faf5038ad09 in json_message_parser_feed (parser=<optimized out>, buffer=<optimized out>, size=<optimized out>)
    at qobject/json-streamer.c:110
#16 0x00007faf5015106f in monitor_control_read (opaque=<optimized out>, buf=<optimized out>, size=<optimized out>)
    at /usr/src/debug/qemu-2.1.2/monitor.c:5125
#17 0x00007faf50227190 in qemu_chr_be_write (len=<optimized out>, buf=0x7fffd7c85150 "}\020", s=0x7faf50e1e440)
    at qemu-char.c:213
#18 tcp_chr_read (chan=<optimized out>, cond=<optimized out>, opaque=0x7faf50e1e440) at qemu-char.c:2729
#19 0x00007faf4e512ac6 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#20 0x00007faf50345388 in glib_pollfds_poll () at main-loop.c:190
#21 os_host_main_loop_wait (timeout=<optimized out>) at main-loop.c:235
#22 main_loop_wait (nonblocking=<optimized out>) at main-loop.c:484
#23 0x00007faf5012899e in main_loop () at vl.c:2016
#24 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4568
(gdb)