Bug 1743506

Summary: sometimes qemu dump when booting win2019 and win2016 guest with vtpm
Product: Red Hat Enterprise Linux Advanced Virtualization Reporter: FuXiangChun <xfu>
Component: qemu-kvmAssignee: Marc-Andre Lureau <marcandre.lureau>
qemu-kvm sub component: General QA Contact: Qinghua Cheng <qcheng>
Status: CLOSED CURRENTRELEASE Docs Contact:
Severity: high    
Priority: high CC: areis, chayang, coli, jinzhao, juzhang, knoel, marcandre.lureau, pbonzini, qcheng, virt-maint
Version: 8.1Keywords: TestOnly
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Windows   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-01-06 19:59:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1771318    

Description FuXiangChun 2019-08-20 07:14:07 UTC 
Description of problem:
Booting win2019 guest with vtpm. sometimes qemu coredump.  without vtpm device. qemu process works well. 

Version-Release number of selected component (if applicable):

qemu-kvm-core-4.1.0-1.module+el8.1.0+3966+4a23dca1.x86_64
4.18.0-135.el8.x86_64

How reproducible:
1/3

Steps to Reproduce:
1.Boot win2019 guest with xml
....
    <tpm model='tpm-crb'>
      <backend type='emulator' version='2.0'/>
    </tpm>
....
2.
3.

Actual results:
2019-08-20T06:28:03.089813Z qemu-kvm: terminating on signal 15 from pid 1662 (/usr/sbin/libvirtd)
2019-08-20 06:28:03.290+0000: shutting down, reason=destroyed
2019-08-20 06:28:05.493+0000: Starting external device: TPM Emulator
/usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/var/run/libvirt/qemu/swtpm/13-vtpm-win2019-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/6524a01f-1ffd-4afd-a59f-2c4eca29be77/tpm2,mode=0600 --log file=/var/log/swtpm/libvirt/qemu/vtpm-win2019-swtpm.log --tpm2 --pid file=/var/run/libvirt/qemu/swtpm/13-vtpm-win2019-swtpm.pid
2019-08-20 06:28:05.588+0000: starting up libvirt version: 4.5.0, package: 24.3.module+el8.0.0+3748+44021654 (Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>, 2019-07-24-16:05:02, ), qemu version: 4.0.94qemu-kvm-4.1.0-1.module+el8.1.0+3966+4a23dca1, kernel: 4.18.0-135.el8.x86_64, hostname: dell-per740-13.lab.eng.pek2.redhat.com
LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin QEMU_AUDIO_DRV=none /usr/libexec/qemu-kvm -name guest=vtpm-win2019,debug-threads=on -S -object secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-13-vtpm-win2019/master-key.aes -machine pc-q35-rhel8.0.0,accel=kvm,usb=off,smm=on,dump-guest-core=off -cpu Haswell-noTSX-IBRS,vme=on,ss=on,vmx=on,f16c=on,rdrand=on,hypervisor=on,arat=on,tsc_adjust=on,umip=on,stibp=on,ssbd=on,xsaveopt=on,pdpe1gb=on,abm=on -global driver=cfi.pflash01,property=secure,value=on -drive file=/usr/share/OVMF/OVMF_CODE.secboot.fd,if=pflash,format=raw,unit=0,readonly=on -drive file=/var/lib/libvirt/qemu/nvram/vtpm1_VARS.fd,if=pflash,format=raw,unit=1 -m 4002 -realtime mlock=off -smp 4,sockets=4,cores=1,threads=1 -uuid 6524a01f-1ffd-4afd-a59f-2c4eca29be77 -no-user-config -nodefaults -chardev socket,id=charmonitor,fd=29,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=delay -no-hpet -no-shutdown -global ICH9-LPC.disable_s3=1 -global ICH9-LPC.disable_s4=1 -boot strict=on -device pcie-root-port,port=0x10,chassis=1,id=pci.1,bus=pcie.0,multifunction=on,addr=0x2 -device pcie-root-port,port=0x11,chassis=2,id=pci.2,bus=pcie.0,addr=0x2.0x1 -device pcie-root-port,port=0x12,chassis=3,id=pci.3,bus=pcie.0,addr=0x2.0x2 -device ich9-usb-ehci1,id=usb,bus=pcie.0,addr=0x1d.0x7 -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pcie.0,multifunction=on,addr=0x1d -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pcie.0,addr=0x1d.0x1 -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pcie.0,addr=0x1d.0x2 -drive file=/home/win2019-1809/win2019-64-ide-new.qcow2,format=qcow2,if=none,id=drive-sata0-0-0 -device ide-hd,bus=ide.0,drive=drive-sata0-0-0,id=sata0-0-0,bootindex=1 -netdev tap,fd=31,id=hostnet0 -device rtl8139,netdev=hostnet0,id=net0,mac=20:04:0f:f3:a7:1b,bus=pci.1,addr=0x0 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -tpmdev emulator,id=tpm-tpm0,chardev=chrtpm -chardev socket,id=chrtpm,path=/var/run/libvirt/qemu/swtpm/13-vtpm-win2019-swtpm.sock -device tpm-crb,tpmdev=tpm-tpm0,id=tpm0 -device usb-tablet,id=input0,bus=usb.0,port=1 -vnc 10.73.224.62:0 -device qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vram64_size_mb=0,vgamem_mb=16,max_outputs=1,bus=pcie.0,addr=0x1 -device virtio-balloon-pci,id=balloon0,bus=pci.2,addr=0x0 -global isa-debugcon.iobase=0x402 -debugcon file:/tmp/GUEST_NAME.log -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny -msg timestamp=on
2019-08-20 06:28:05.588+0000: Domain id=13 is tainted: custom-argv
qemu-kvm: -realtime mlock=off: warning: '-realtime mlock=...' is deprecated, please use '-overcommit mem-lock=...' instead
char device redirected to /dev/pts/1 (label charserial0)
qemu_madvise: Invalid argument
madvise doesn't support MADV_DONTDUMP, but dump_guest_core=off specified
KVM internal error. Suberror: 1
emulation failure
RAX=000000000b000100 RBX=0000000000000000 RCX=00000000ffffffff RDX=ffffbe008e089090
RSI=ffff968d647b6e00 RDI=000000000000018c RBP=00000000c0000186 RSP=ffffd30ec7ef2918
R8 =ffffa702ceea8e70 R9 =000000000000018c R10=0000000000000000 R11=000000000000005f
R12=ffffa702ceea8e60 R13=ffff968d647b6e80 R14=ffffd30ec7ef29f4 R15=fffff801503394c0
RIP=fffff80150359bd7 RFL=00010207 [-----PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 00000000 00209b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0053 0000000000000000 0000bc00 0040f300 DPL=3 DS   [-WA]
GS =002b ffffbe008e198000 ffffffff 00c0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 000fffff 00000000
TR =0040 ffffbe008e1aa000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     ffffbe008e1abfb0 00000057
IDT=     ffffbe008e1a9000 00000fff
CR0=80050033 CR2=ffffa702ceea8e60 CR3=00000000001ad002 CR4=00170678
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
Code=?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? <??> ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??


Expected results:
works

Additional info:
without vtpm device. It works.
Comment 1 Marc-Andre Lureau 2019-08-20 07:36:18 UTC 
I have never encountered such crash with other windows version.

Are you only able to reproduce on win2019? just to be sure, you are 100% confident this is related to vtpm?
Comment 4 Marc-Andre Lureau 2019-10-14 17:11:43 UTC 
Paolo, could you investigate or give me some hints about "KVM internal error. Suberror: 1" and how to exploit the perf trace?
Comment 5 Marc-Andre Lureau 2019-10-30 21:39:51 UTC 
moving the bug to qemu-kvm for now
Comment 9 Qinghua Cheng 2019-12-02 05:31:05 UTC 
I tested this bug on rhel 8.2, 

kernel: kernel-4.18.0-151.el8.x86_64
qemu: qemu-kvm-4.2.0-1.module+el8.2.0+4759+66ed47b0.x86_64
libvirt: libvirt-daemon-kvm-5.9.0-2.module+el8.2.0+4759+66ed47b0.x86_64

Guests: win2016 and win2019 

Tried about 20 times to start two guests, separately, did not see qemu dump.
Comment 11 Qinghua Cheng 2019-12-13 06:49:20 UTC 
I changed this bug to verified, and added TestOnly keyword. We will file new bugs if this kind of problem is reproduced in later testing.
Comment 12 Ademar Reis 2020-02-05 23:03:29 UTC 
QEMU has been recently split into sub-components and as a one-time operation to avoid breakage of tools, we are setting the QEMU sub-component of this BZ to "General". Please review and change the sub-component if necessary the next time you review this BZ. Thanks