Bug 869982

Summary: qemu crashed when rhel6.3 64 bit guest reboots
Product: Red Hat Enterprise Linux 7 Reporter: Xiaoqing Wei <xwei>
Component: qemu-kvmAssignee: Gerd Hoffmann <kraxel>
Status: CLOSED CURRENTRELEASE QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: high    
Version: 7.0CC: acathrow, alevy, bsarathy, hhuang, juzhang, knoel, michen, mkenneth, mrezanin, qiguo, shuang, virt-maint, xutian
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qemu-kvm-1.3.0-2.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 865767 Environment:
Last Closed: 2014-06-13 10:22:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 865767    
Bug Blocks: 867403    
Attachments:
Description Flags
thread apply all bt full none

Comment 1 Xiaoqing Wei 2012-10-25 09:50:22 UTC 
Created attachment 633258 [details]
thread apply all bt full
Comment 4 Alon Levy 2012-11-13 10:49:51 UTC 
There is a patch waiting on the spice-next queue, will be picked up by qemu-kvm when it rebases on qemu:

 http://cgit.freedesktop.org/spice/qemu/log/?h=spice.v63
  b4e30b87561382f7fc80422f54b472d6d5034ea4

commit b4e30b87561382f7fc80422f54b472d6d5034ea4
Author: Alon Levy <alevy>
Date:   Thu Nov 1 14:56:00 2012 +0200

    hw/qxl: qxl_send_events: nop if stopped
    
    Added a trace point for easy logging.
    
    RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=870972
    
    Signed-off-by: Alon Levy <alevy>
    Signed-off-by: Gerd Hoffmann <kraxel>

870972 is a Fedora bug on qemu.

Should I change this to modified?
Comment 5 Gerd Hoffmann 2012-11-13 14:58:17 UTC 
Ah, this bug was it, thanks Alon.
I think moving to modified should wait until it is actually merged into master.
Comment 8 Gerd Hoffmann 2013-03-20 14:40:08 UTC 
Patch is upstream meanwhile (qemu 1.3+).
Comment 9 Qian Guo 2013-10-31 08:41:01 UTC 
reproduced this bug with qemu-kvm-1.2.0-18.el7.x86_64

Steps:
1.Boot RHEL6.3 64bit  guest with qxl&spice

# /home/autotest/autotest-devel/client/tests/virt/qemu/qemu -S -name virt-tests-vm1 -nodefaults -chardev socket,id=qmp_id_qmpmonitor1,path=/tmp/monitor-qmpmonitor1-20131031-145625-iMeHvEx0,server,nowait -mon chardev=qmp_id_qmpmonitor1,mode=control -chardev socket,id=serial_id_serial1,path=/tmp/serial-serial1-20131031-145625-iMeHvEx0,server,nowait -device isa-serial,chardev=serial_id_serial1 -chardev socket,id=seabioslog_id_20131031-145625-iMeHvEx0,path=/tmp/seabios-20131031-145625-iMeHvEx0,server,nowait -device isa-debugcon,chardev=seabioslog_id_20131031-145625-iMeHvEx0,iobase=0x402 -device ich9-usb-uhci1,id=usb1,bus=pci.0,addr=0x4 -drive file=/home/autotest/autotest-devel/client/tests/virt/shared/data/images/RHEL-Server-6.3-64-virtio.qcow2,index=0,if=none,id=drive-virtio-disk1,media=disk,cache=unsafe,snapshot=off,format=qcow2,aio=native -device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk1,bootindex=0 -device virtio-net-pci,netdev=idLZkZY4,mac=9a:22:23:24:25:26,bus=pci.0,addr=0x3,id=iddocMSy -netdev tap,id=idLZkZY4,vhost=on,vhostfd=25,fd=24 -m 4096 -smp 4,maxcpus=4,cores=2,threads=1,sockets=2 -cpu SandyBridge -M pc -device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1 -spice port=3000,password=123456,addr=0,image-compression=auto_glz,zlib-glz-wan-compression=auto,streaming-video=all,agent-mouse=on,playback-compression=on,ipv4 -vga qxl -global qxl-vga.vram_size=33554432 -rtc base=utc,clock=host,driftfix=slew -boot order=cdn,once=c,menu=off -no-kvm-pit-reinjection -enable-kvm


2.Reboot guest.

qemu coredumpd:
# gdb --core=results/default/virt.qemu.smp_4.4096m.repeat2.Host_RHEL.7.0.spice.qcow2.virtio_blk.up.virtio_net.RHEL.6.3.x86_64.reboot/debug/crash.qemu.9721/core

...

(gdb) bt
#0  0x00007f1a1283f683 in _int_malloc () from /lib64/libc.so.6
#1  0x00007f1a12841443 in malloc () from /lib64/libc.so.6
#2  0x00007f1a17c0fd5d in malloc_and_trace (n_bytes=51200) at /usr/src/debug/qemu-kvm-1.2.0/vl.c:2322
#3  0x00007f1a1717468f in g_malloc () from /lib64/libglib-2.0.so.0
#4  0x00007f1a17c614a2 in qemu_spice_create_one_update (ssd=ssd@entry=0x7f1a18ede270, rect=rect@entry=0x7fff52fbde90)
    at ui/spice-display.c:189
#5  0x00007f1a17c62481 in qemu_spice_create_update (ssd=0x7f1a18ede270) at ui/spice-display.c:306
#6  qemu_spice_display_refresh (ssd=0x7f1a18ede270) at ui/spice-display.c:462
#7  0x00007f1a17c0f53e in dpy_refresh (s=0x7f1a18eefe50) at /usr/src/debug/qemu-kvm-1.2.0/console.h:267
#8  gui_update (opaque=0x7f1a18eefe50) at /usr/src/debug/qemu-kvm-1.2.0/vl.c:1281
#9  0x00007f1a17c41cab in qemu_run_timers (clock=0x7f1a18cd7550) at qemu-timer.c:393
#10 qemu_run_timers (clock=0x7f1a18cd7550) at qemu-timer.c:373
#11 0x00007f1a17c41f0d in qemu_run_all_timers () at qemu-timer.c:450
#12 0x00007f1a17c1330e in main_loop_wait (nonblocking=<optimized out>) at main-loop.c:502
#13 0x00007f1a17af11e3 in main_loop () at /usr/src/debug/qemu-kvm-1.2.0/vl.c:1643
#14 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /usr/src/debug/qemu-kvm-1.2.0/vl.c:3790
(gdb) bt ful
#0  0x00007f1a1283f683 in _int_malloc () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007f1a12841443 in malloc () from /lib64/libc.so.6
No symbol table info available.
#2  0x00007f1a17c0fd5d in malloc_and_trace (n_bytes=51200) at /usr/src/debug/qemu-kvm-1.2.0/vl.c:2322
        ptr = <optimized out>
#3  0x00007f1a1717468f in g_malloc () from /lib64/libglib-2.0.so.0
No symbol table info available.
#4  0x00007f1a17c614a2 in qemu_spice_create_one_update (ssd=ssd@entry=0x7f1a18ede270, rect=rect@entry=0x7fff52fbde90)
    at ui/spice-display.c:189
        update = 0x7f1a1918d310
        drawable = 0x7f1a1918d310
        image = 0x7f1a1918d3cf
        cmd = 0x7f1a1918d3ff
        src = <optimized out>
        mirror = <optimized out>
        dst = <optimized out>
        by = <optimized out>
        bw = 32
        bh = 400
        offset = <optimized out>
        bytes = <optimized out>
        time_space = {tv_sec = 4578, tv_nsec = 972460189}
#5  0x00007f1a17c62481 in qemu_spice_create_update (ssd=0x7f1a18ede270) at ui/spice-display.c:306
        update = {top = 0, left = 160, bottom = 400, right = 192}
        guest = 0x7f1a082da010 "\250\250"
        mirror = 0x7f1a18f61800 "\250\250"
        blocks = <optimized out>
---Type <return> to continue, or q <return> to quit--- 
        x = 160
        xoff = <optimized out>
        bw = 32
        dirty_top = 0x7fff52fbddb0
        y = 400
        yoff = <optimized out>
        blk = 5
        bpp = <optimized out>
#6  qemu_spice_display_refresh (ssd=0x7f1a18ede270) at ui/spice-display.c:462
        __func__ = "qemu_spice_display_refresh"
        __FUNCTION__ = "qemu_spice_display_refresh"
#7  0x00007f1a17c0f53e in dpy_refresh (s=0x7f1a18eefe50) at /usr/src/debug/qemu-kvm-1.2.0/console.h:267
        dcl = 0x7f1a181292a0 <display_listener>
#8  gui_update (opaque=0x7f1a18eefe50) at /usr/src/debug/qemu-kvm-1.2.0/vl.c:1281
        interval = 30
        ds = 0x7f1a18eefe50
        dcl = 0x7f1a181292a0 <display_listener>
#9  0x00007f1a17c41cab in qemu_run_timers (clock=0x7f1a18cd7550) at qemu-timer.c:393
        ptimer_head = 0x7f1a18cd7550
        ts = <optimized out>
        current_time = 4578972017231
#10 qemu_run_timers (clock=0x7f1a18cd7550) at qemu-timer.c:373
No locals.
#11 0x00007f1a17c41f0d in qemu_run_all_timers () at qemu-timer.c:450
No locals.
#12 0x00007f1a17c1330e in main_loop_wait (nonblocking=<optimized out>) at main-loop.c:502
        ret = 1
        timeout = 4294967295
---Type <return> to continue, or q <return> to quit---
#13 0x00007f1a17af11e3 in main_loop () at /usr/src/debug/qemu-kvm-1.2.0/vl.c:1643
        nonblocking = <optimized out>
        last_io = 1
#14 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /usr/src/debug/qemu-kvm-1.2.0/vl.c:3790
        i = <optimized out>
        snapshot = 0
        linux_boot = <optimized out>
        icount_option = 0x0
        initrd_filename = <optimized out>
        kernel_filename = <optimized out>
        kernel_cmdline = <optimized out>
        boot_devices = "c\000n", '\000' <repeats 29 times>
        ds = 0x7f1a18eefe50
        dcl = <optimized out>
        cyls = 0
        heads = 0
        secs = 0
        translation = 0
        hda_opts = <optimized out>
        opts = <optimized out>
        machine_opts = <optimized out>
        olist = <optimized out>
        optind = 49
        optarg = 0x0
        loadvm = 0x0
        machine = 0x7f1a18126e00 <pc_machine_v1_2>
        cpu_model = 0x7fff52fc002e "SandyBridge"
        vga_model = 0x7fff52fc011a "qxl"
---Type <return> to continue, or q <return> to quit---
        pid_file = 0x0
        incoming = 0x0
        defconfig = <optimized out>
        userconfig = <optimized out>
        log_mask = 0x0
        log_file = 0x0
        mem_trace = {malloc = 0x7f1a17c0fd40 <malloc_and_trace>, realloc = 0x7f1a17c0fcf0 <realloc_and_trace>, 
          free = 0x7f1a17c0fcb0 <free_and_trace>, calloc = 0x0, try_malloc = 0x0, try_realloc = 0x0}
        trace_events = 0x0
        trace_file = 0x0


So, according above, this bug is reproduced
Comment 10 Qian Guo 2013-10-31 08:57:42 UTC 
Verify this bug with qemu-kvm-1.5.3-10.el7.x86_64

Steps:
1.Boot RHEL6.3 64bit  guest with qxl&spice
# /home/auto/autotest-devel/client/tests/virt/qemu/qemu -S -name virt-tests-vm1 -nodefaults -chardev socket,id=qmp_id_qmpmonitor1,path=/tmp/monitor-qmpmonitor1-20131031-162509-HjbQ9YxB,server,nowait -mon chardev=qmp_id_qmpmonitor1,mode=control -chardev socket,id=serial_id_serial1,path=/tmp/serial-serial1-20131031-162509-HjbQ9YxB,server,nowait -device isa-serial,chardev=serial_id_serial1 -chardev socket,id=seabioslog_id_20131031-162509-HjbQ9YxB,path=/tmp/seabios-20131031-162509-HjbQ9YxB,server,nowait -device isa-debugcon,chardev=seabioslog_id_20131031-162509-HjbQ9YxB,iobase=0x402 -device ich9-usb-uhci1,id=usb1,bus=pci.0,addr=0x4 -drive file=/home/auto/autotest-devel/client/tests/virt/shared/data/images/RHEL-Server-6.3-64-virtio.qcow2,index=0,if=none,id=drive-virtio-disk1,media=disk,cache=unsafe,snapshot=off,format=qcow2,aio=native -device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk1,bootindex=0 -device virtio-net-pci,netdev=idrVtX0a,mac=9a:0b:0c:0d:0e:0f,bus=pci.0,addr=0x3,id=idAt3Lon -netdev tap,id=idrVtX0a,vhost=on,vhostfd=25,fd=24 -m 4096 -smp 4,maxcpus=4,cores=2,threads=1,sockets=2 -cpu SandyBridge -M pc -device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1 -spice port=3000,password=123456,addr=0,image-compression=auto_glz,zlib-glz-wan-compression=auto,streaming-video=all,agent-mouse=on,playback-compression=on,ipv4 -vga qxl -global qxl-vga.vram_size=33554432 -rtc base=utc,clock=host,driftfix=slew -boot order=cdn,once=c,menu=off -no-kvm-pit-reinjection -enable-kvm

2.Reboot guest for 100 times, after the auto reboot job, guest works well, qemu did not hit error/coredumped.

So according to above, this bug is fixed by qemu-kvm-1.5.3-10.el7.x86_64
Comment 11 juzhang 2013-11-01 04:49:11 UTC 
According to comment10, set this issue as verified.
Comment 12 Ludek Smid 2014-06-13 10:22:03 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.