1021324 – qemu-kvm core dump when run system_reset via monitor(after two times of S3 inside guest)

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1021324 - qemu-kvm core dump when run system_reset via monitor(after two times of S3 inside guest)

Summary: qemu-kvm core dump when run system_reset via monitor(after two times of S3 in...

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	7.0
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Gerd Hoffmann
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	Virt-S3/S4-7.0
TreeView+	depends on / blocked

Reported:	2013-10-21 05:32 UTC by Jun Li
Modified:	2015-03-04 05:34 UTC (History)
CC List:	13 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-03-04 05:34:31 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Comment 2 Gerd Hoffmann 2013-11-05 10:34:06 UTC

Doesn't reproduce, using qemu-kvm-1.5.3-12.el7.x86_64.
Fixed meanwhile?  Can you retest please?

Comment 3 Jun Li 2013-11-06 05:09:54 UTC

(In reply to Gerd Hoffmann from comment #2)
> Doesn't reproduce, using qemu-kvm-1.5.3-12.el7.x86_64.
> Fixed meanwhile?  Can you retest please?

This issue is very small probability of encounter. 
Try 8 times, but hit this issue only one time. 
Version:
qemu-kvm-1.5.3-13.el7.x86_64
3.10.0-41.el7.x86_64


<cli>:
# gdb --args /usr/libexec/qemu-kvm -M q35 -cpu SandyBridge -enable-kvm -m 4G -smp 4,sockets=2,cores=2,threads=1 -name juli -uuid 355a2475-4e03-4cdd-bf7b-5d6a59edaa61 -rtc base=localtime,clock=host,driftfix=slew -device pci-bridge,bus=pcie.0,id=bridge1,chassis_nr=1,addr=0x3 -drive file=/mnt/rhel7base.qcow2_v3,if=none,id=drive-system-disk,cache=writeback -device virtio-scsi-pci,id=scsi0,ioeventfd=off -device scsi-hd,bus=scsi0.0,drive=drive-system-disk,id=disk,bootindex=0,physical_block_size=4096,logical_block_size=512  -device virtio-balloon-pci,id=ballooning -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -netdev tap,id=hostnet0,vhost=on,queues=4,script=/etc/qemu-ifup -device virtio-net-pci,mq=on,vectors=17,netdev=hostnet0,id=virtio-net-pci0,mac=24:be:05:14:0d:82,addr=0x17,bootindex=2 -k en-us -boot menu=on,reboot-timeout=-1,strict=on -qmp tcp:0:4445,server,nowait -serial unix:/tmp/ttyS0,server,nowait -vnc :3 -spice port=5932,disable-ticketing -vga qxl -monitor stdio -monitor tcp:0:7445,server,nowait -monitor unix:/tmp/monitor1,server,nowait -drive file=/home/usb-a-a.img,if=none,id=storage1,media=disk,cache=none,format=raw -usb -device usb-storage,drive=storage1 -drive file=/home/usb-a-b.img,if=none,id=storage2,media=disk,cache=none,format=raw -usb -device usb-storage,drive=storage2 -drive file=/home/cdrom1.iso,if=none,media=cdrom,format=raw,id=drive-ide1-0-0 -device ide-drive,drive=drive-ide1-0-0,id=ide1-0-0,bus=ide.0,unit=0 -fda /home/usb-e-c.img -drive file=/home/usb-e-g.img,if=none,id=drive-fdc0-0-0,readonly=on,format=raw -global isa-fdc.driveB=drive-fdc0-0-0
-----

(qemu) qemu-kvm: /builddir/build/BUILD/qemu-1.5.3/hw/display/qxl.c:1114: qxl_check_state: Assertion `!spice_display_running || ((&ram->cmd_ring)->cons == (&ram->cmd_ring)->prod)' failed.
Program received signal SIGABRT, Aborted.
Missing separate debuginfos, use: debuginfo-install alsa-lib-1.0.27.2-1.el7.x86_64 celt051-0.5.1.3-6.el7.x86_64 cyrus-sasl-lib-2.1.26-12.1.el7.x86_64 cyrus-sasl-md5-2.1.26-12.1.el7.x86_64 cyrus-sasl-plain-2.1.26-12.1.el7.x86_64 cyrus-sasl-scram-2.1.26-12.1.el7.x86_64 dbus-libs-1.6.12-5.el7.x86_64 flac-libs-1.3.0-2.el7.x86_64 glib2-2.36.3-2.el7.x86_64 glibc-2.17-33.el7.x86_64 gmp-5.1.1-2.el7.x86_64 gnutls-3.1.13-1.el7.x86_64 gsm-1.0.13-9.el7.x86_64 json-c-0.11-1.el7.x86_64 keyutils-libs-1.5.8-1.el7.x86_64 krb5-libs-1.11.3-23.el7.x86_64 libICE-1.0.8-5.el7.x86_64 libSM-1.2.1-5.el7.x86_64 libX11-1.6.0-1.el7.x86_64 libXau-1.0.8-1.el7.x86_64 libXext-1.3.2-1.el7.x86_64 libXi-1.7.2-1.el7.x86_64 libXtst-1.2.2-1.el7.x86_64 libaio-0.3.109-9.el7.x86_64 libasyncns-0.8-5.el7.x86_64 libattr-2.4.46-10.el7.x86_64 libcap-2.22-6.el7.x86_64 libcom_err-1.42.8-2.el7.x86_64 libdb-5.3.21-11.el7.x86_64 libgcc-4.8.1-11.el7.x86_64 libgcrypt-1.5.3-1.el7.x86_64 libgpg-error-1.12-1.el7.x86_64 libjpeg-turbo-1.2.90-2.el7.x86_64 libogg-1.3.0-5.el7.x86_64 libpng-1.5.13-2.el7.x86_64 libseccomp-2.1.0-0.el7.x86_64 libselinux-2.1.13-21.el7.x86_64 libsndfile-1.0.25-7.el7.x86_64 libtasn1-3.3-1.el7.x86_64 libusbx-1.0.15-2.el7.x86_64 libuuid-2.23.2-6.el7.x86_64 libvorbis-1.3.3-4.el7.x86_64 libxcb-1.9-3.el7.x86_64 nettle-2.6-2.el7.x86_64 nspr-4.10-3.el7.x86_64 nss-3.15.1-3.el7.x86_64 nss-softokn-freebl-3.15.1-2.el7.x86_64 nss-util-3.15.1-2.el7.x86_64 openssl-libs-1.0.1e-21.el7.x86_64 p11-kit-0.18.5-1.el7.x86_64 pcre-8.32-7.el7.x86_64 pixman-0.30.0-1.el7.x86_64 pulseaudio-libs-3.0-10.el7.x86_64 spice-server-0.12.4-2.el7.x86_64 tcp_wrappers-libs-7.6-75.el7.x86_64 usbredir-0.6-5.el7.x86_64 zlib-1.2.7-10.el7.x86_64
---Type <return> to continue, or q <return> to quit---
0x00007ffff30db999 in raise () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ffff30db999 in raise () from /lib64/libc.so.6
#1  0x00007ffff30dd0a8 in abort () from /lib64/libc.so.6
#2  0x00007ffff30d4906 in __assert_fail_base () from /lib64/libc.so.6
#3  0x00007ffff30d49b2 in __assert_fail () from /lib64/libc.so.6
#4  0x000055555579048d in qxl_check_state (d=<optimized out>)
    at /usr/src/debug/qemu-1.5.3/hw/display/qxl.c:1114
#5  0x0000555555790d95 in qxl_reset_state (d=d@entry=0x55555678c070)
    at /usr/src/debug/qemu-1.5.3/hw/display/qxl.c:1122
#6  0x00005555557920cb in qxl_hard_reset (d=0x55555678c070, loadvm=0)
    at /usr/src/debug/qemu-1.5.3/hw/display/qxl.c:1159
#7  0x0000555555679e19 in qdev_reset_one (dev=dev@entry=0x55555678c070, 
    opaque=opaque@entry=0x0) at hw/core/qdev.c:227
#8  0x0000555555679510 in qdev_walk_children (dev=dev@entry=0x55555678c070, 
    devfn=devfn@entry=0x555555679e00 <qdev_reset_one>, 
    busfn=busfn@entry=0x555555677e00 <qbus_reset_one>, opaque=opaque@entry=0x0)
    at hw/core/qdev.c:376
#9  0x00005555556795ad in qdev_reset_all (dev=dev@entry=0x55555678c070)
    at hw/core/qdev.c:243
#10 0x00005555556bb0dd in pci_device_reset (dev=0x55555678c070)
    at hw/pci/pci.c:180
#11 0x00005555556bb292 in pci_bus_reset (bus=0x555556713bc0)
    at hw/pci/pci.c:226
#12 0x00005555556bb2d9 in pcibus_reset (qbus=<optimized out>)
---Type <return> to continue, or q <return> to quit---
    at hw/pci/pci.c:233
#13 0x00005555556795f0 in qbus_walk_children (bus=bus@entry=0x555556713bc0, 
    devfn=devfn@entry=0x555555679e00 <qdev_reset_one>, 
    busfn=busfn@entry=0x555555677e00 <qbus_reset_one>, opaque=opaque@entry=0x0)
    at hw/core/qdev.c:353
#14 0x000055555567953a in qdev_walk_children (dev=<optimized out>, 
    devfn=devfn@entry=0x555555679e00 <qdev_reset_one>, 
    busfn=busfn@entry=0x555555677e00 <qbus_reset_one>, opaque=opaque@entry=0x0)
    at hw/core/qdev.c:383
#15 0x000055555567961a in qbus_walk_children (bus=<optimized out>, 
    devfn=0x555555679e00 <qdev_reset_one>, 
    busfn=0x555555677e00 <qbus_reset_one>, opaque=0x0) at hw/core/qdev.c:360
#16 0x00005555557680dd in qemu_devices_reset () at vl.c:1809
#17 qemu_system_reset (report=report@entry=true) at vl.c:1818
#18 0x00005555555fe8d4 in main_loop_should_exit () at vl.c:1952
#19 main_loop () at vl.c:1990
#20 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>)
    at vl.c:4340
------------------
Maybe could use a shell script to reproduce this issue. If you can not reproduce this issue, I will give a shell script or maybe you can use my machine. Thank you.

Best Regards,
Jun Li

Comment 5 Gerd Hoffmann 2014-02-04 13:26:31 UTC

Maybe dup of bug 1003819.

Comment 7 Gerd Hoffmann 2014-09-02 11:09:05 UTC

(In reply to Gerd Hoffmann from comment #5)
> Maybe dup of bug 1003819.

Which in turn is probably a dup of bz1054077

Can you test this scratch build please?
http://brewweb.devel.redhat.com/brew/taskinfo?taskID=7903456

Comment 8 Jun Li 2014-09-03 03:26:48 UTC

(In reply to Gerd Hoffmann from comment #7)
> (In reply to Gerd Hoffmann from comment #5)
> > Maybe dup of bug 1003819.
> 
> Which in turn is probably a dup of bz1054077
> 
> Can you test this scratch build please?
> http://brewweb.devel.redhat.com/brew/taskinfo?taskID=7903456

Hi Gerd,

  When I retest this issue with build(http://brewweb.devel.redhat.com/brew/taskinfo?taskID=7903456), hit can not resume from s3(do s3 on first time).

  I also search the related bugs:

Bug 949900 - fail to do S3/S4 under Q35 machine type in rhel7 
Bug 929029 - rhel7 guest s3 wake up automatically with q35 

  Above two bugs are all in NEW status. As above bugs, this bz has been blocked.

Best Regards,
Jun Li


Version of components:
Guest kernel:
3.10.0-145.el7.x86_64
Host kernel:
3.10.0-148.el7.x86_64
qemu-kvm:
qemu-kvm-1.5.3-69.el7.bz1054077.1.x86_64

CLI:
gdb --args /usr/libexec/qemu-kvm -M q35 -cpu SandyBridge -enable-kvm -m 4G -smp 4,sockets=2,cores=2,threads=1 -name juli -uuid 355a2475-4e03-4cdd-bf7b-5d6a59edaa61 -rtc base=localtime,clock=host,driftfix=slew -device pci-bridge,bus=pcie.0,id=bridge1,chassis_nr=1,addr=0x3 -drive file=/home/rhel7_1.qcow2,if=none,id=drive-system-disk,cache=writeback,snapshot=on -device virtio-scsi-pci,id=scsi0,ioeventfd=off -device virtio-blk-pci,bus=pcie.0,drive=drive-system-disk,id=disk,bootindex=0,physical_block_size=4096,logical_block_size=512  -device virtio-balloon-pci,id=ballooning -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -netdev tap,id=hostnet0,vhost=on,queues=4,script=/etc/qemu-ifup -device virtio-net-pci,mq=on,vectors=17,netdev=hostnet0,id=virtio-net-pci0,mac=24:be:05:14:0d:82,addr=0x17,bootindex=2 -k en-us -boot menu=on,reboot-timeout=-1,strict=on -qmp tcp:0:4445,server,nowait -serial unix:/tmp/ttyS0,server,nowait -vnc :3 -spice port=5932,disable-ticketing -vga qxl -monitor stdio -monitor tcp:0:7445,server,nowait -monitor unix:/tmp/monitor1,server,nowait -drive file=/home/juli/usb-a-a.img,if=none,id=storage1,media=disk,cache=none,format=raw -usb -device usb-storage,drive=storage1 -drive file=/home/juli/usb-a-b.img,if=none,id=storage2,media=disk,cache=none,format=raw -usb -device usb-storage,drive=storage2 -drive file=/home/juli/cdrom1.iso,if=none,media=cdrom,format=raw,id=drive-ide1-0-0 -device ide-drive,drive=drive-ide1-0-0,id=ide1-0-0,bus=ide.0,unit=0 -fda /home/juli/usb-e-c.img -drive file=/home/juli/usb-e-g.img,if=none,id=drive-fdc0-0-0,readonly=on,format=raw -global isa-fdc.driveB=drive-fdc0-0-0

Comment 9 Gerd Hoffmann 2014-10-27 09:50:11 UTC

please retest with build qemu-kvm-1.5.3-71.el7 (or newer), which fixes bug bz1054077

Comment 10 juzhang 2014-10-28 00:49:50 UTC

(In reply to Gerd Hoffmann from comment #9)
> please retest with build qemu-kvm-1.5.3-71.el7 (or newer), which fixes bug
> bz1054077

Hi Juli,

Could you retest it?

Best Regards,
Junyi

Comment 11 Jun Li 2014-10-28 09:56:24 UTC

(In reply to juzhang from comment #10)
> (In reply to Gerd Hoffmann from comment #9)
> > please retest with build qemu-kvm-1.5.3-71.el7 (or newer), which fixes bug
> > bz1054077
> 
> Hi Juli,
> 
> Could you retest it?
> 
> Best Regards,
> Junyi

Version of components:
qemu-kvm-1.5.3-75.el7.x86_64

When do s3 inside guest, guest can not resume from s3, so this is blocked.

Also the following bz are still in NEW status. 
Bug 949900 - fail to do S3/S4 under Q35 machine type in rhel7 
Bug 929029 - rhel7 guest s3 wake up automatically with q35 

As above show, this bz will be verified at least after above two bz are fixed.

Note You need to log in before you can comment on or make changes to this bug.