RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1074944 - Qemu core dumped when system_reset after do S3 during migration
Summary: Qemu core dumped when system_reset after do S3 during migration
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: qemu-kvm
Version: 7.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Amit Shah
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks: Virt-S3/S4-7.0
TreeView+ depends on / blocked
 
Reported: 2014-03-11 09:29 UTC by Sibiao Luo
Modified: 2015-09-19 06:35 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-09-19 06:35:24 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Sibiao Luo 2014-03-11 09:29:21 UTC 
Description of problem:
this issue was found during bug 1074906 and bug 1074901.
do S3 during migration then system_reset in dest qemu monitor, qemu core dumped occur.

Version-Release number of selected component (if applicable):
host info:
# uname -r && rpm -q qemu-kvm-rhev && rpm -q seabios
3.10.0-100.el7.x86_64
qemu-kvm-rhev-1.5.3-50.el7.x86_64
seabios-1.7.2.2-11.el7.x86_64
guest info:
3.10.0-100.el7.x86_64

How reproducible:
only hit once

Steps to Reproduce:
1.boot a guest in src with "-spice port=5931,disable-ticketing,seamless-migration=off -vga qxl -global qxl-vga.vram_size=67108864".
2.boot the dest VM with the same CML as src appending with "-incoming tcp:0:5888,server,nowait"
3.do S3 in guest.
# pm-suspend
4.migrate from src to dest.
5.do system_reset via dest monitor.
(qemu) system_reset

Actual results:
after step 4, migration successfully, but VM will comeback(wakup) automatically after migration(bug 1074901).
after step 5, qemu core dumped, I will attach the core dumped log later.
(qemu) info status 
VM status: running
(qemu) system_reset 
(qemu) qemu-kvm: /builddir/build/BUILD/qemu-1.5.3/hw/display/qxl.c:1115: qxl_check_state: Assertion `!spice_display_running || ((&ram->cmd_ring)->cons == (&ram->cmd_ring)->prod)' failed.
Aborted (core dumped)

Expected results:
it should no any qemu core dumped.

Additional info:
# /usr/libexec/qemu-kvm -M pc -cpu SandyBridge -enable-kvm -m 4096 -smp 4,sockets=2,cores=2,threads=1 -usb -device usb-tablet,id=input0 -name sluo_migration -uuid 990ea161-6b67-47b2-b803-19fb01d30d30 -rtc base=localtime,clock=host,driftfix=slew -device virtio-serial-pci,id=virtio-serial0,max_ports=16,vectors=0,bus=pci.0,addr=0x3 -chardev socket,id=channel1,path=/tmp/helloworld1,server,nowait -device virtserialport,chardev=channel1,name=com.redhat.rhevm.vdsm,bus=virtio-serial0.0,id=port1 -drive file=/mnt/RHEL-7.0-20140226.0-compose-Server-x86_64.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,werror=stop,rerror=stop -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 -netdev tap,id=hostnet0,vhost=on,script=/etc/qemu-ifup -device virtio-net-pci,netdev=hostnet0,id=virtio-net-pci0,mac=08:2E:5F:0A:0D:B1,bus=pci.0,addr=0x5 -spice port=5931,disable-ticketing,seamless-migration=off -vga qxl -global qxl-vga.vram_size=67108864 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x8 -nodefaults -serial unix:/tmp/ttyS0,server,nowait -boot menu=on -monitor stdio -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0
Comment 1 Sibiao Luo 2014-03-11 09:29:56 UTC 
(qemu) qemu-kvm: /builddir/build/BUILD/qemu-1.5.3/hw/display/qxl.c:1115: qxl_check_state: Assertion `!spice_display_running || ((&ram->cmd_ring)->cons == (&ram->cmd_ring)->prod)' failed.
Aborted (core dumped)

Core was generated by `/usr/libexec/qemu-kvm -M pc -cpu SandyBridge -enable-kvm -m 4096 -smp 4,sockets'.
Program terminated with signal 6, Aborted.
#0  0x00007f6bcf738989 in raise () from /lib64/libc.so.6

(gdb) bt
#0  0x00007f6bcf738989 in raise () from /lib64/libc.so.6
#1  0x00007f6bcf73a098 in abort () from /lib64/libc.so.6
#2  0x00007f6bcf7318f6 in __assert_fail_base () from /lib64/libc.so.6
#3  0x00007f6bcf7319a2 in __assert_fail () from /lib64/libc.so.6
#4  0x00007f6bd4cb5c54 in qxl_check_state (d=<optimized out>) at /usr/src/debug/qemu-1.5.3/hw/display/qxl.c:1115
#5  0x00007f6bd4cb6425 in qxl_reset_state (d=d@entry=0x7f6bd722e4e0) at /usr/src/debug/qemu-1.5.3/hw/display/qxl.c:1123
#6  0x00007f6bd4cb73eb in qxl_hard_reset (d=0x7f6bd722e4e0, loadvm=0) at /usr/src/debug/qemu-1.5.3/hw/display/qxl.c:1160
#7  0x00007f6bd4bbfc89 in qdev_reset_one (dev=dev@entry=0x7f6bd722e4e0, opaque=opaque@entry=0x0) at hw/core/qdev.c:227
#8  0x00007f6bd4bbf580 in qdev_walk_children (dev=dev@entry=0x7f6bd722e4e0, 
    devfn=devfn@entry=0x7f6bd4bbfc80 <qdev_reset_one>, busfn=busfn@entry=0x7f6bd4bbe4a0 <qbus_reset_one>, 
    opaque=opaque@entry=0x0) at hw/core/qdev.c:370
#9  0x00007f6bd4bbf5e5 in qdev_reset_all (dev=dev@entry=0x7f6bd722e4e0) at hw/core/qdev.c:243
#10 0x00007f6bd4bf5399 in pci_device_reset (dev=0x7f6bd722e4e0) at hw/pci/pci.c:180
#11 0x00007f6bd4bf5522 in pci_bus_reset (bus=0x7f6bd71d3260) at hw/pci/pci.c:226
#12 0x00007f6bd4bf5549 in pcibus_reset (qbus=<optimized out>) at hw/pci/pci.c:233
#13 0x00007f6bd4bbf610 in qbus_walk_children (bus=bus@entry=0x7f6bd71d3260, 
    devfn=devfn@entry=0x7f6bd4bbfc80 <qdev_reset_one>, busfn=busfn@entry=0x7f6bd4bbe4a0 <qbus_reset_one>, 
    opaque=opaque@entry=0x0) at hw/core/qdev.c:347
#14 0x00007f6bd4bbf5aa in qdev_walk_children (dev=<optimized out>, devfn=devfn@entry=0x7f6bd4bbfc80 <qdev_reset_one>, 
    busfn=busfn@entry=0x7f6bd4bbe4a0 <qbus_reset_one>, opaque=opaque@entry=0x0) at hw/core/qdev.c:377
#15 0x00007f6bd4bbf63a in qbus_walk_children (bus=<optimized out>, devfn=0x7f6bd4bbfc80 <qdev_reset_one>, 
    busfn=0x7f6bd4bbe4a0 <qbus_reset_one>, opaque=0x0) at hw/core/qdev.c:354
#16 0x00007f6bd4c9386d in qemu_devices_reset () at vl.c:1811
#17 qemu_system_reset (report=report@entry=true) at vl.c:1820
#18 0x00007f6bd4b4d524 in main_loop_should_exit () at vl.c:1954
#19 main_loop () at vl.c:1992
#20 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4357
(gdb) bt full
#0  0x00007f6bcf738989 in raise () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007f6bcf73a098 in abort () from /lib64/libc.so.6
No symbol table info available.
#2  0x00007f6bcf7318f6 in __assert_fail_base () from /lib64/libc.so.6
No symbol table info available.
#3  0x00007f6bcf7319a2 in __assert_fail () from /lib64/libc.so.6
No symbol table info available.
#4  0x00007f6bd4cb5c54 in qxl_check_state (d=<optimized out>) at /usr/src/debug/qemu-1.5.3/hw/display/qxl.c:1115
        d = <optimized out>
        ram = 0x7f6aafffe000
        spice_display_running = <optimized out>
#5  0x00007f6bd4cb6425 in qxl_reset_state (d=d@entry=0x7f6bd722e4e0) at /usr/src/debug/qemu-1.5.3/hw/display/qxl.c:1123
        rom = 0x7f6bc4800000
#6  0x00007f6bd4cb73eb in qxl_hard_reset (d=0x7f6bd722e4e0, loadvm=0) at /usr/src/debug/qemu-1.5.3/hw/display/qxl.c:1160
No locals.
#7  0x00007f6bd4bbfc89 in qdev_reset_one (dev=dev@entry=0x7f6bd722e4e0, opaque=opaque@entry=0x0) at hw/core/qdev.c:227
No locals.
#8  0x00007f6bd4bbf580 in qdev_walk_children (dev=dev@entry=0x7f6bd722e4e0, 
    devfn=devfn@entry=0x7f6bd4bbfc80 <qdev_reset_one>, busfn=busfn@entry=0x7f6bd4bbe4a0 <qbus_reset_one>, 
    opaque=opaque@entry=0x0) at hw/core/qdev.c:370
        bus = <optimized out>
        err = <optimized out>
#9  0x00007f6bd4bbf5e5 in qdev_reset_all (dev=dev@entry=0x7f6bd722e4e0) at hw/core/qdev.c:243
No locals.
#10 0x00007f6bd4bf5399 in pci_device_reset (dev=0x7f6bd722e4e0) at hw/pci/pci.c:180
        r = <optimized out>
#11 0x00007f6bd4bf5522 in pci_bus_reset (bus=0x7f6bd71d3260) at hw/pci/pci.c:226
        i = <optimized out>
#12 0x00007f6bd4bf5549 in pcibus_reset (qbus=<optimized out>) at hw/pci/pci.c:233
No locals.
#13 0x00007f6bd4bbf610 in qbus_walk_children (bus=bus@entry=0x7f6bd71d3260, 
    devfn=devfn@entry=0x7f6bd4bbfc80 <qdev_reset_one>, busfn=busfn@entry=0x7f6bd4bbe4a0 <qbus_reset_one>, 
    opaque=opaque@entry=0x0) at hw/core/qdev.c:347
        kid = <optimized out>
        err = <optimized out>
#14 0x00007f6bd4bbf5aa in qdev_walk_children (dev=<optimized out>, devfn=devfn@entry=0x7f6bd4bbfc80 <qdev_reset_one>, 
    busfn=busfn@entry=0x7f6bd4bbe4a0 <qbus_reset_one>, opaque=opaque@entry=0x0) at hw/core/qdev.c:377
        bus = 0x7f6bd71d3260
        err = <optimized out>
#15 0x00007f6bd4bbf63a in qbus_walk_children (bus=<optimized out>, devfn=0x7f6bd4bbfc80 <qdev_reset_one>, 
    busfn=0x7f6bd4bbe4a0 <qbus_reset_one>, opaque=0x0) at hw/core/qdev.c:354
        kid = 0x7f6bd71c96d0
        err = <optimized out>
#16 0x00007f6bd4c9386d in qemu_devices_reset () at vl.c:1811
        re = <optimized out>
        nre = 0x7f6bd7254c30
#17 qemu_system_reset (report=report@entry=true) at vl.c:1820
No locals.
#18 0x00007f6bd4b4d524 in main_loop_should_exit () at vl.c:1954
        r = <optimized out>
#19 main_loop () at vl.c:1992
        nonblocking = <optimized out>
        last_io = 1
#20 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4357
        i = <optimized out>
        snapshot = 0
        linux_boot = 0
        icount_option = 0x0
        initrd_filename = 0x0
        kernel_filename = 0x0
        kernel_cmdline = 0x7f6bd4dfef20 ""
        boot_order = 0x7f6bd4db6b66 "cad"
        ds = <optimized out>
        cyls = 0
        heads = 0
        secs = 0
        translation = 0
        hda_opts = <optimized out>
        opts = 0x7f6bd70152b0
        machine_opts = <optimized out>
        olist = <optimized out>
        optind = 54
        optarg = 0x7fff920547ec "tcp:0:5888,server,nowait"
        loadvm = 0x0
        machine = 0x7f6bd518b160 <pc_machine_rhel700>
        cpu_model = 0x7fff92054366 "SandyBridge"
        vga_model = 0x7fff920546f6 "qxl"
        pid_file = 0x0
        incoming = 0x7fff920547ec "tcp:0:5888,server,nowait"
        show_vnc_port = 0
        defconfig = <optimized out>
        userconfig = 102
        log_mask = <optimized out>
        log_file = 0x0
        mem_trace = {malloc = 0x7f6bd4c92090 <malloc_and_trace>, realloc = 0x7f6bd4c92070 <realloc_and_trace>, 
          free = 0x7f6bd4c92060 <free_and_trace>, calloc = 0x0, try_malloc = 0x0, try_realloc = 0x0}
        trace_events = 0x0
        trace_file = 0x0
        __PRETTY_FUNCTION__ = "main"
        args = {machine = 0x7f6bd518b160 <pc_machine_rhel700>, ram_size = 4294967296, 
          boot_device = 0x7f6bd4db6b66 "cad", kernel_filename = 0x0, kernel_cmdline = 0x7f6bd4dfef20 "", 
          initrd_filename = 0x0, cpu_model = 0x7fff92054366 "SandyBridge"}
(gdb)
Comment 2 Sibiao Luo 2014-03-12 05:37:44 UTC 
append my host spice info:
virt-viewer-0.5.7-7.el7.x86_64
spice-server-0.12.4-5.el7.x86_64
spice-glib-0.20-8.el7.x86_64
spice-vdagent-0.14.0-7.el7.x86_64
spice-debuginfo-0.12.4-5.el7.x86_64
spice-gtk3-0.20-8.el7.x86_64
spice-xpi-2.8-5.el7.x86_64
Note You need to log in before you can comment on or make changes to this bug.