Bug 1179555

Summary: qemu-kvm Segmentation fault when switch runlevel 5 to runlevel 3 inside RHEL6 guest
Product: Red Hat Enterprise Linux 7 Reporter: FuXiangChun <xfu>
Component: qemu-kvm-rhevAssignee: Gerd Hoffmann <kraxel>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: high    
Version: 7.1CC: juzhang, mazhang, michen, mrezanin, virt-maint, xfu
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: qemu 2.3 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-04 16:25:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description FuXiangChun 2015-01-07 05:21:56 UTC 
Description of problem:
Booting RHEL6.4 guest with qxl-vga and spice. switch runlevel 5 to runlevel 3 inside guest.  qemu-kvm will Segmentation fault.  QE is trying 6.6 and 7.1 guest. will update result to bz asap. 

Version-Release number of selected component (if applicable):
host:
3.10.0-220.el7.x86_64
qemu-kvm-rhev-2.1.2-17.el7.x86_64

guest:
RHEL6.4 64bit(GA)

# rpm -qa|grep spice
spice-server-0.12.4-8.el7.x86_64

How reproducible:
50%

Steps to Reproduce:
1.qemu-kvm cli
/usr/libexec/qemu-kvm -name rhel6.4-64 -M pc-i440fx-rhel7.1.0 -m 8G -smp 160,cores=2,threads=2,sockets=40 \

-nodefconfig -monitor stdio -qmp tcp:0:4448,server,nowait -vnc :1 -boot menu=on -usbdevice tablet -cpu SandyBridge,hv_relaxed,hv_vapic,hv_spinlocks=0x1fff,hv_time \

-drive file=/home/rhel64-64-virtio.qcow2,if=none,id=drive-blk0-0-0,format=qcow2,cache=none -device ide-drive,drive=drive-blk0-0-0,id=blk0-0-0,bootindex=1 \

-spice port=5900,disable-ticketing \

-device qxl-vga,id=vga0

2. use spice to connect guest
#remote-viewer spice://host-ip:5900

3.switch runlevel 5 to runlevel 3 inside guest
#init 3

Actual results:
(gdb) 
#0  0x00007ffff0ae21c0 in __memcmp_sse4_1 () from /lib64/libc.so.6
#1  0x00005555557d2569 in qemu_spice_create_update (ssd=0x555556f2a6f8) at ui/spice-display.c:228
#2  qemu_spice_display_refresh (ssd=0x555556f2a6f8) at ui/spice-display.c:464
#3  0x00005555557ca512 in dpy_refresh (s=0x555556f21070) at ui/console.c:1454
#4  gui_update (opaque=0x555556f21070) at ui/console.c:195
#5  0x00005555557f7419 in timerlist_run_timers (timer_list=0x55555613c9d0) at qemu-timer.c:491
#6  0x00005555557f7590 in qemu_clock_run_timers (type=<optimized out>) at qemu-timer.c:502
#7  qemu_clock_run_all_timers () at qemu-timer.c:608
#8  0x00005555557f64bc in main_loop_wait (nonblocking=<optimized out>) at main-loop.c:490
#9  0x00005555555da2ae in main_loop () at vl.c:2020
#10 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4607


Expected results:
guest works well

Additional info:
1.qemu-kvm-1.5.3-84 also hit this issue. so it is not regression bug.

2.maybe qxl-vga and multiple vcpu(smp 160) cause this issue.

3.host info:
#cat /proc/cpuinfo
.....
processor	: 159
vendor_id	: GenuineIntel
cpu family	: 6
model		: 47
model name	: Intel(R) Xeon(R) CPU E7- 2860  @ 2.27GHz
stepping	: 2
microcode	: 0x37
cpu MHz		: 2260.818
cache size	: 24576 KB
physical id	: 7
siblings	: 20
core id		: 9
cpu cores	: 10
apicid		: 243
initial apicid	: 243
fpu		: yes
fpu_exception	: yes
cpuid level	: 11
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid dca sse4_1 sse4_2 popcnt aes lahf_lm ida arat epb dtherm tpr_shadow vnmi flexpriority ept vpid
bogomips	: 4521.89
clflush size	: 64
cache_alignment	: 64
Comment 2 FuXiangChun 2015-01-07 07:37:26 UTC 
RHEL6.6 64 bit guest also hit the same issue(send key ctrl-alt-F2 via spice).  But 7.1 guest works well.
Comment 7 Gerd Hoffmann 2015-04-30 08:57:56 UTC 
Doesn't reproduce.  Please retest with qemu 2.3.
Comment 8 FuXiangChun 2015-05-04 10:05:20 UTC 
(In reply to Gerd Hoffmann from comment #7)
> Doesn't reproduce.  Please retest with qemu 2.3.

Gerd,
As this bug is found on 160 vcpus guest. I need to reserve a host of 160 processors.  Anyway, I will update test result to bz asap.
Comment 9 FuXiangChun 2015-05-07 07:03:40 UTC 
The bug can not be reproduced with qemu-kvm-rhev-2.3.0-1.el7.x86_64.  QE tested two hosts.  still can not reproduce it.
Comment 10 Gerd Hoffmann 2015-05-07 07:48:08 UTC 
Seems the rebase picked up a fix then.
Comment 12 mazhang 2015-07-22 10:57:28 UTC 
1. Test this bug on qemu-kvm-rhev-2.1.2-16.el7.x86_64 with rhel6.4 and rhel6.7 guest, can't reproduce it.

2. Also test on latest qemu-kvm version qemu-kvm-rhev-2.3.0-12.el7.x86_64 with rhel6.4 rhel6.7 guest and rhel7.2 guest.
  a) For rhel6.4 and rhel6.7 guest, qemu-kvm and guest works well.
  b) For rhel7.2 guest test, try switch runlevel from 5 to 3 got black screen, see bug 1245551

Base on above, set this bug as verified, if any problem please let me know.

Thanks,
Mazhang.
Comment 14 errata-xmlrpc 2015-12-04 16:25:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2546.html