Bug 1185750
| Summary: | qemu crash when try to save a vm have 2097152M vgamem | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Luyao Huang <lhuang> |
| Component: | qemu-kvm-rhev | Assignee: | Radim Krčmář <rkrcmar> |
| Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> |
| Severity: | high | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.1 | CC: | dyuan, hhuang, huding, juzhang, mazhang, mrezanin, mzhan, virt-maint, xfu, xwei |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | qemu 2.3 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-12-04 16:25:49 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
sometimes coredump file like this:
Core was generated by `/usr/libexec/qemu-kvm -name r7 -S -machine pc-i440fx-rhel7.1.0,accel=kvm,usb=of'.
Program terminated with signal 11, Segmentation fault.
#0 int128_add (b=..., a=...) at /usr/src/debug/qemu-2.1.2/include/qemu/int128.h:75
75 return (Int128) { lo, (uint64_t)a.hi + b.hi + (lo < a.lo) };
Missing separate debuginfos, use: debuginfo-install alsa-lib-1.0.28-2.el7.x86_64 celt051-0.5.1.3-8.el7.x86_64 flac-libs-1.3.0-4.el7.x86_64 glibc-2.17-75.el7.x86_64 gsm-1.0.13-11.el7.x86_64 json-c-0.11-4.el7_0.x86_64 libICE-1.0.8-7.el7.x86_64 libSM-1.2.1-7.el7.x86_64 libX11-1.6.0-2.1.el7.x86_64 libXau-1.0.8-2.1.el7.x86_64 libXext-1.3.2-2.1.el7.x86_64 libXi-1.7.2-2.1.el7.x86_64 libXtst-1.2.2-2.1.el7.x86_64 libaio-0.3.109-12.el7.x86_64 libasyncns-0.8-7.el7.x86_64 libattr-2.4.46-12.el7.x86_64 libffi-3.0.13-11.el7.x86_64 libibverbs-1.1.8-5.el7.x86_64 libiscsi-1.9.0-6.el7.x86_64 libjpeg-turbo-1.2.90-5.el7.x86_64 libogg-1.3.0-7.el7.x86_64 libpng-1.5.13-5.el7.x86_64 librdmacm-1.0.19.1-1.el7.x86_64 libsndfile-1.0.25-9.el7.x86_64 libtasn1-3.8-2.el7.x86_64 libusbx-1.0.15-4.el7.x86_64 libvorbis-1.3.3-8.el7.x86_64 libxcb-1.9-5.el7.x86_64 lzo-2.06-6.el7_0.2.x86_64 pixman-0.32.4-3.el7.x86_64 pulseaudio-libs-3.0-30.el7.x86_64 snappy-1.1.0-3.el7.x86_64 tcp_wrappers-libs-7.6-77.el7.x86_64 trousers-0.3.11.2-3.el7.x86_64 usbredir-0.6-7.el7.x86_64
(gdb) bt
#0 int128_add (b=..., a=...) at /usr/src/debug/qemu-2.1.2/include/qemu/int128.h:75
#1 int128_addto (b=..., a=<optimized out>) at /usr/src/debug/qemu-2.1.2/include/qemu/int128.h:141
#2 addrrange_shift (delta=..., range=<error reading variable: Cannot access memory at address 0xffffffffffffffff>) at /usr/src/debug/qemu-2.1.2/memory.c:85
#3 address_space_update_ioeventfds (as=as@entry=0x7f2771ba3260 <address_space_io>) at /usr/src/debug/qemu-2.1.2/memory.c:677
#4 0x00007f2771548777 in memory_region_transaction_commit () at /usr/src/debug/qemu-2.1.2/memory.c:815
#5 0x00007f2771549bc2 in memory_region_del_eventfd (mr=mr@entry=0x7f2772a4d428, addr=addr@entry=16, size=size@entry=2, match_data=match_data@entry=true, data=data@entry=0, e=e@entry=0x7f27729cbcf0)
at /usr/src/debug/qemu-2.1.2/memory.c:1621
#6 0x00007f27716e27f9 in virtio_pci_set_host_notifier_internal (proxy=0x7f2772a4cbe0, n=0, assign=<optimized out>, set_handler=<optimized out>) at hw/virtio/virtio-pci.c:202
#7 0x00007f2771571f11 in vhost_dev_disable_notifiers (hdev=hdev@entry=0x7f27728bd700, vdev=vdev@entry=0x7f2772a4d5b8) at /usr/src/debug/qemu-2.1.2/hw/virtio/vhost.c:964
#8 0x00007f27715691bc in vhost_net_stop_one (net=0x7f27728bd700, dev=0x7f2772a4d5b8) at /usr/src/debug/qemu-2.1.2/hw/net/vhost_net.c:279
#9 0x00007f2771569a3b in vhost_net_stop (dev=dev@entry=0x7f2772a4d5b8, ncs=<optimized out>, total_queues=total_queues@entry=8) at /usr/src/debug/qemu-2.1.2/hw/net/vhost_net.c:357
#10 0x00007f2771565c35 in virtio_net_vhost_status (status=7 '\a', n=0x7f2772a4d5b8) at /usr/src/debug/qemu-2.1.2/hw/net/virtio-net.c:153
#11 virtio_net_set_status (vdev=<optimized out>, status=<optimized out>) at /usr/src/debug/qemu-2.1.2/hw/net/virtio-net.c:165
#12 0x00007f277156dcd8 in virtio_set_status (vdev=0x7f2772a4d5b8, val=<optimized out>) at /usr/src/debug/qemu-2.1.2/hw/virtio/virtio.c:550
#13 0x00007f2771614f2b in vm_state_notify (running=running@entry=0, state=state@entry=RUN_STATE_PAUSED) at vl.c:1714
#14 0x00007f2771535882 in do_vm_stop (state=RUN_STATE_PAUSED) at /usr/src/debug/qemu-2.1.2/cpus.c:543
#15 vm_stop (state=state@entry=RUN_STATE_PAUSED) at /usr/src/debug/qemu-2.1.2/cpus.c:1230
#16 0x00007f27716246d6 in qmp_stop (errp=errp@entry=0x7fff22183bc0) at qmp.c:98
#17 0x00007f277161f994 in qmp_marshal_input_stop (mon=<optimized out>, qdict=<optimized out>, ret=<optimized out>) at qmp-marshal.c:2806
#18 0x00007f27715388a7 in qmp_call_cmd (cmd=<optimized out>, params=0x7f2772a14f90, mon=0x7f27729651c0) at /usr/src/debug/qemu-2.1.2/monitor.c:5038
#19 handle_qmp_command (parser=<optimized out>, tokens=<optimized out>) at /usr/src/debug/qemu-2.1.2/monitor.c:5104
#20 0x00007f277176ef22 in json_message_process_token (lexer=0x7f2772966850, token=0x7f27729e7870, type=JSON_OPERATOR, x=36, y=93) at qobject/json-streamer.c:87
#21 0x00007f2771780cdf in json_lexer_feed_char (lexer=lexer@entry=0x7f2772966850, ch=<optimized out>, flush=flush@entry=false) at qobject/json-lexer.c:303
#22 0x00007f2771780dae in json_lexer_feed (lexer=0x7f2772966850, buffer=<optimized out>, size=<optimized out>) at qobject/json-lexer.c:356
#23 0x00007f277176f0b9 in json_message_parser_feed (parser=<optimized out>, buffer=<optimized out>, size=<optimized out>) at qobject/json-streamer.c:110
#24 0x00007f277153683f in monitor_control_read (opaque=<optimized out>, buf=<optimized out>, size=<optimized out>) at /usr/src/debug/qemu-2.1.2/monitor.c:5125
#25 0x00007f277160be30 in qemu_chr_be_write (len=<optimized out>, buf=0x7fff22183d30 "}\350\212r'\177", s=0x7f27728ae510) at qemu-char.c:213
#26 tcp_chr_read (chan=<optimized out>, cond=<optimized out>, opaque=0x7f27728ae510) at qemu-char.c:2729
#27 0x00007f276f9319ba in g_main_dispatch (context=0x7f27728a1f90) at gmain.c:3061
#28 g_main_context_dispatch (context=context@entry=0x7f27728a1f90) at gmain.c:3660
#29 0x00007f277172a2d8 in glib_pollfds_poll () at main-loop.c:190
#30 os_host_main_loop_wait (timeout=<optimized out>) at main-loop.c:235
#31 main_loop_wait (nonblocking=<optimized out>) at main-loop.c:484
#32 0x00007f277150e0fe in main_loop () at vl.c:2017
#33 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4606
Fixed by rebase in qemu-kvm-rhev-2.3.0-1.el7. kernel-3.10.0-300.el7.x86_64
qemu-kvm-rhev-2.3.0-13.el7.x86_64 - fixed
qemu-kvm-rhev-2.2.0-9.el7.x86_64 - buggy
spice-server-0.12.4-13.el7.x86_64
----------------------------------------------
qemu-kvm-rhev-2.2.0-9.el7.x86_64 - buggy
[root@dhcp-11-50 ~]# virsh edit fstrim
Domain fstrim XML configuration not changed.
[root@dhcp-11-50 ~]# virsh managedsave fstrim
error: Failed to save domain fstrim state
error: Unable to read from monitor: Connection reset by peer
[root@dhcp-11-50 ~]# echo $?
1
==============================================
qemu-kvm-rhev-2.3.0-13.el7.x86_64 - fixed
[root@dhcp-11-50 ~]# virsh start fstrim
Domain fstrim started
[root@dhcp-11-50 ~]# virsh managedsave fstrim
Domain fstrim state saved by libvirt
[root@dhcp-11-50 ~]# echo $?
0
###############################################
xml snip
<graphics type='spice' port='5900' autoport='yes' listen='0.0.0.0'>
<listen type='address' address='0.0.0.0'/>
</graphics>
<sound model='ich6'>
<alias name='sound0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</sound>
<video>
<model type='qxl' ram='524288' vram='65536' vgamem='262144' heads='1'/>
<alias name='video0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
Based on above, move to VERIFIED.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2546.html |
Description of problem: qemu crash when try to save a vm have 2097152M vgamem Version-Release number of selected component (if applicable): libvirt-1.2.8-15.el7.x86_64 qemu-kvm-rhev-2.1.2-20.el7.x86_64 How reproducible: 100% Steps to Reproduce: 1.prepare a guest have 2T vgamem and have GUI: # virsh dumpxml r7 <graphics type='spice' autoport='yes' listen='127.0.0.1'> <listen type='address' address='127.0.0.1'/> </graphics> <video> <model type='qxl' ram='65536' vram='65536' vgamem='2147483648' heads='1'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/> </video> 2.start it: # virsh start r7 Domain r7 started 3.after guest os boot up, managedsave vm and qemu will crash: # virsh managedsave r7 error: Failed to save domain r7 state error: operation failed: domain is no longer running Actual results: qemu crash when try to save a vm have 2097152M vgamem Expected results: no crash Additional info: Core was generated by `/usr/libexec/qemu-kvm -name r7 -S -machine pc-i440fx-rhel7.0.0,accel=kvm,usb=of'. Program terminated with signal 11, Segmentation fault. #0 vm_state_notify (running=running@entry=0, state=state@entry=RUN_STATE_PAUSED) at vl.c:1714 1714 e->cb(e->opaque, running, state); Missing separate debuginfos, use: debuginfo-install alsa-lib-1.0.28-2.el7.x86_64 celt051-0.5.1.3-8.el7.x86_64 flac-libs-1.3.0-4.el7.x86_64 glibc-2.17-75.el7.x86_64 gsm-1.0.13-11.el7.x86_64 json-c-0.11-4.el7_0.x86_64 libICE-1.0.8-7.el7.x86_64 libSM-1.2.1-7.el7.x86_64 libX11-1.6.0-2.1.el7.x86_64 libXau-1.0.8-2.1.el7.x86_64 libXext-1.3.2-2.1.el7.x86_64 libXi-1.7.2-2.1.el7.x86_64 libXtst-1.2.2-2.1.el7.x86_64 libaio-0.3.109-12.el7.x86_64 libasyncns-0.8-7.el7.x86_64 libattr-2.4.46-12.el7.x86_64 libffi-3.0.13-11.el7.x86_64 libibverbs-1.1.8-5.el7.x86_64 libiscsi-1.9.0-6.el7.x86_64 libjpeg-turbo-1.2.90-5.el7.x86_64 libogg-1.3.0-7.el7.x86_64 libpng-1.5.13-5.el7.x86_64 librdmacm-1.0.19.1-1.el7.x86_64 libsndfile-1.0.25-9.el7.x86_64 libtasn1-3.8-2.el7.x86_64 libusbx-1.0.15-4.el7.x86_64 libvorbis-1.3.3-8.el7.x86_64 libxcb-1.9-5.el7.x86_64 lzo-2.06-6.el7_0.2.x86_64 pixman-0.32.4-3.el7.x86_64 pulseaudio-libs-3.0-30.el7.x86_64 snappy-1.1.0-3.el7.x86_64 tcp_wrappers-libs-7.6-77.el7.x86_64 trousers-0.3.11.2-3.el7.x86_64 usbredir-0.6-7.el7.x86_64 (gdb) bt #0 vm_state_notify (running=running@entry=0, state=state@entry=RUN_STATE_PAUSED) at vl.c:1714 #1 0x00007f1570a9d882 in do_vm_stop (state=RUN_STATE_PAUSED) at /usr/src/debug/qemu-2.1.2/cpus.c:543 #2 vm_stop (state=state@entry=RUN_STATE_PAUSED) at /usr/src/debug/qemu-2.1.2/cpus.c:1230 #3 0x00007f1570b8c6d6 in qmp_stop (errp=errp@entry=0x7fffeb8263c0) at qmp.c:98 #4 0x00007f1570b87994 in qmp_marshal_input_stop (mon=<optimized out>, qdict=<optimized out>, ret=<optimized out>) at qmp-marshal.c:2806 #5 0x00007f1570aa08a7 in qmp_call_cmd (cmd=<optimized out>, params=0x7f15722ed2a0, mon=0x7f1572251240) at /usr/src/debug/qemu-2.1.2/monitor.c:5038 #6 handle_qmp_command (parser=<optimized out>, tokens=<optimized out>) at /usr/src/debug/qemu-2.1.2/monitor.c:5104 #7 0x00007f1570cd6f22 in json_message_process_token (lexer=0x7f15722528d0, token=0x7f1572361080, type=JSON_OPERATOR, x=36, y=93) at qobject/json-streamer.c:87 #8 0x00007f1570ce8cdf in json_lexer_feed_char (lexer=lexer@entry=0x7f15722528d0, ch=<optimized out>, flush=flush@entry=false) at qobject/json-lexer.c:303 #9 0x00007f1570ce8dae in json_lexer_feed (lexer=0x7f15722528d0, buffer=<optimized out>, size=<optimized out>) at qobject/json-lexer.c:356 #10 0x00007f1570cd70b9 in json_message_parser_feed (parser=<optimized out>, buffer=<optimized out>, size=<optimized out>) at qobject/json-streamer.c:110 #11 0x00007f1570a9e83f in monitor_control_read (opaque=<optimized out>, buf=<optimized out>, size=<optimized out>) at /usr/src/debug/qemu-2.1.2/monitor.c:5125 #12 0x00007f1570b73e30 in qemu_chr_be_write (len=<optimized out>, buf=0x7fffeb826530 "}\341\030r\025\177", s=0x7f157219a590) at qemu-char.c:213 #13 tcp_chr_read (chan=<optimized out>, cond=<optimized out>, opaque=0x7f157219a590) at qemu-char.c:2729 #14 0x00007f156ee999ba in g_main_dispatch (context=0x7f157218e030) at gmain.c:3061 #15 g_main_context_dispatch (context=context@entry=0x7f157218e030) at gmain.c:3660 #16 0x00007f1570c922d8 in glib_pollfds_poll () at main-loop.c:190 #17 os_host_main_loop_wait (timeout=<optimized out>) at main-loop.c:235 #18 main_loop_wait (nonblocking=<optimized out>) at main-loop.c:484 #19 0x00007f1570a760fe in main_loop () at vl.c:2017 #20 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4606