1404564 – qemu-kvm process core dump by signal 11 or signal 6

Bug 1404564 - qemu-kvm process core dump by signal 11 or signal 6

Summary: qemu-kvm process core dump by signal 11 or signal 6

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	7.3
Hardware:	x86_64
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Ademar Reis
QA Contact:	Yiqian Wei
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-12-14 06:47 UTC by FuXiangChun
Modified:	2017-10-05 17:12 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-10-05 17:12:28 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description FuXiangChun 2016-12-14 06:47:54 UTC

Description of problem:
Start a qemu-kvm process. Then execute command #kill -11 `pidof qemu-kvm` or kill -6 `pidof qemu-kvm` as [1]. If try to kill the other process via this command.It also shows "core dumped". So QE is not sure it is a valid qemu-kvm bug. QE tested 7.3 & 7.3.z & 7.4. All encountered this issue. 

[1]Segmentation fault (core dumped) or Aborted (core dumped)

Version-Release number of selected component (if applicable):
qemu-kvm-1.5.3-126.el7.x86_64 or qemu-kvm-1.5.3-126.el7_3.2.x86_64 or qemu-kvm-rhev-2.6.0-28.el7_3.1.x86_64

3.10.0-327.44.2.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1./usr/libexec/qemu-kvm -name avocado-vt-vm1 -sandbox off -machine pc -nodefaults -vga cirrus -chardev socket,id=qmp_id_qmpmonitor1,path=/var/tmp/avocado_Er_X8h/monitor-qmpmonitor1-20161214-141118-oqsbZ1M9,server,nowait -mon chardev=qmp_id_qmpmonitor1,mode=control -chardev socket,id=qmp_id_catch_monitor,path=/var/tmp/avocado_Er_X8h/monitor-catch_monitor-20161214-141118-oqsbZ1M9,server,nowait -mon chardev=qmp_id_catch_monitor,mode=control -device pvpanic,ioport=0x505,id=idYGnY9P -chardev socket,id=serial_id_serial0,path=/var/tmp/avocado_Er_X8h/serial-serial0-20161214-141118-oqsbZ1M9,server,nowait -device isa-serial,chardev=serial_id_serial0 -chardev socket,id=seabioslog_id_20161214-141118-oqsbZ1M9,path=/var/tmp/avocado_Er_X8h/seabios-20161214-141118-oqsbZ1M9,server,nowait -device isa-debugcon,chardev=seabioslog_id_20161214-141118-oqsbZ1M9,iobase=0x402 -device ich9-usb-ehci1,id=usb1,addr=1d.7,multifunction=on,bus=pci.0 -device ich9-usb-uhci1,id=usb1.0,multifunction=on,masterbus=usb1.0,addr=1d.0,firstport=0,bus=pci.0 -device ich9-usb-uhci2,id=usb1.1,multifunction=on,masterbus=usb1.0,addr=1d.2,firstport=2,bus=pci.0 -device ich9-usb-uhci3,id=usb1.2,multifunction=on,masterbus=usb1.0,addr=1d.4,firstport=4,bus=pci.0 -drive id=drive_image1,if=none,snapshot=off,aio=native,cache=none,format=qcow2,file=/usr/share/avocado/data/avocado-vt/images/RHEL-Server-7.3-64-virtio.qcow2 -device virtio-blk-pci,id=image1,drive=drive_image1,bootindex=1,bus=pci.0,addr=03 -device virtio-net-pci,mac=9a:06:07:08:09:0a,id=id81ddrn,vectors=4,netdev=id9jTHrO,bus=pci.0,addr=04 -netdev tap,id=id9jTHrO,vhost=on,vhostfd=21,fd=20 -m 4096 -smp 4,maxcpus=4,cores=2,threads=1,sockets=2 -cpu Haswell-noTSX,+kvm_pv_unhalt -drive id=drive_cd1,if=none,snapshot=off,aio=native,cache=none,media=cdrom,file=/usr/share/avocado/data/avocado-vt/isos/linux/RHEL7.3-Server-x86_64.iso -device ide-cd,id=cd1,drive=drive_cd1,bootindex=2,bus=ide.0,unit=0 -drive id=drive_unattended,if=none,snapshot=off,aio=native,cache=none,media=cdrom,file=/usr/share/avocado/data/avocado-vt/images/rhel73-64/ks.iso -device ide-cd,id=unattended,drive=drive_unattended,bootindex=3,bus=ide.0,unit=1 -device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1 -kernel /usr/share/avocado/data/avocado-vt/images/rhel73-64/vmlinuz -append ksdevice=link inst.repo=cdrom:/dev/sr0 inst.ks=cdrom:/dev/sr1:/ks.cfg nicdelay=60 console=ttyS0,115200 console=tty0 biosdevname=0 net.ifnames=0 -initrd /usr/share/avocado/data/avocado-vt/images/rhel73-64/initrd.img -vnc :0 -rtc base=utc,clock=host,driftfix=slew -boot order=cdn,once=d,menu=off,strict=off -no-shutdown -enable-kvm

2.#kill -11 `pidof qemu-kvm`
3.

Actual results:
(qemu) 
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff1193b7d in poll () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install alsa-lib-1.0.28-2.el7.x86_64 boost-system-1.53.0-25.el7.x86_64 boost-thread-1.53.0-25.el7.x86_64 bzip2-libs-1.0.6-13.el7.x86_64 celt051-0.5.1.3-8.el7.x86_64 cyrus-sasl-lib-2.1.26-19.2.el7.x86_64 cyrus-sasl-md5-2.1.26-19.2.el7.x86_64 cyrus-sasl-plain-2.1.26-19.2.el7.x86_64 dbus-libs-1.6.12-13.el7.x86_64 elfutils-libelf-0.163-3.el7.x86_64 elfutils-libs-0.163-3.el7.x86_64 flac-libs-1.3.0-5.el7_1.x86_64 glib2-2.42.2-5.el7.x86_64 glibc-2.17-105.el7.x86_64 glusterfs-api-3.7.1-16.el7.x86_64 glusterfs-libs-3.7.1-16.el7.x86_64 gmp-6.0.0-11.el7.x86_64 gnutls-3.3.8-12.el7_1.1.x86_64 gperftools-libs-2.4-7.el7.x86_64 gsm-1.0.13-11.el7.x86_64 json-c-0.11-4.el7_0.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.13.2-10.el7.x86_64 libICE-1.0.9-2.el7.x86_64 libSM-1.2.2-2.el7.x86_64 libX11-1.6.3-2.el7.x86_64 libXau-1.0.8-2.1.el7.x86_64 libXext-1.3.3-3.el7.x86_64 libXi-1.7.4-2.el7.x86_64 libXtst-1.2.2-2.1.el7.x86_64 libacl-2.2.51-12.el7.x86_64 libaio-0.3.109-13.el7.x86_64 libasyncns-0.8-7.el7.x86_64 libattr-2.4.46-12.el7.x86_64 libcap-2.22-8.el7.x86_64 libcom_err-1.42.9-7.el7.x86_64 libcurl-7.29.0-25.el7.x86_64 libdb-5.3.21-19.el7.x86_64 libffi-3.0.13-16.el7.x86_64 libgcc-4.8.5-4.el7.x86_64 libgcrypt-1.5.3-12.el7_1.1.x86_64 libgpg-error-1.12-3.el7.x86_64 libibverbs-1.1.8-8.el7.x86_64 libidn-1.28-4.el7.x86_64 libiscsi-1.9.0-6.el7.x86_64 libjpeg-turbo-1.2.90-5.el7.x86_64 libnl3-3.2.21-10.el7.x86_64 libogg-1.3.0-7.el7.x86_64 libpng-1.5.13-5.el7.x86_64 librados2-0.80.7-3.el7.x86_64 librbd1-0.80.7-3.el7.x86_64 librdmacm-1.0.21-1.el7.x86_64 libseccomp-2.2.1-1.el7.x86_64 libselinux-2.2.2-6.el7.x86_64 libsndfile-1.0.25-10.el7.x86_64 libssh2-1.4.3-10.el7.x86_64 libstdc++-4.8.5-4.el7.x86_64 libtasn1-3.8-2.el7.x86_64 libunwind-1.1-5.el7.x86_64 libusbx-1.0.20-1.el7.x86_64 libuuid-2.23.2-26.el7.x86_64 libvorbis-1.3.3-8.el7.x86_64 libxcb-1.11-4.el7.x86_64 lzo-2.06-8.el7.x86_64 nettle-2.7.1-4.el7.x86_64 nspr-4.10.8-2.el7_1.x86_64 nss-3.19.1-18.el7.x86_64 nss-softokn-freebl-3.16.2.3-13.el7_1.x86_64 nss-util-3.19.1-4.el7_1.x86_64 openldap-2.4.40-8.el7.x86_64 openssl-libs-1.0.1e-42.el7_1.9.x86_64 p11-kit-0.20.7-3.el7.x86_64 pcre-8.32-15.el7.x86_64 pixman-0.32.6-3.el7.x86_64 pulseaudio-libs-6.0-7.el7.x86_64 snappy-1.1.0-3.el7.x86_64 spice-server-0.12.4-15.el7.x86_64 systemd-libs-219-19.el7.x86_64 tcp_wrappers-libs-7.6-77.el7.x86_64 trousers-0.3.13-1.el7.x86_64 usbredir-0.6-7.el7.x86_64 xz-libs-5.1.2-12alpha.el7.x86_64 zlib-1.2.7-15.el7.x86_64
(gdb) bt full
#0  0x00007ffff1193b7d in poll () from /lib64/libc.so.6
No symbol table info available.
#1  0x00005555556aac66 in os_host_main_loop_wait (timeout=<optimized out>) at main-loop.c:226
        ret = <optimized out>
        spin_counter = 0
#2  main_loop_wait (nonblocking=<optimized out>) at main-loop.c:464
        ret = 1456414912
        timeout = 4294967295
#3  0x00005555555ca3e0 in main_loop () at vl.c:1989
        nonblocking = <optimized out>
        last_io = 1
#4  main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4355
        i = <optimized out>
        snapshot = 0
        linux_boot = 0
        icount_option = 0x0
        initrd_filename = 0x0
        kernel_filename = 0x0
        kernel_cmdline = 0x55555588ab16 ""
        boot_order = 0x55555583ffe6 "cad"
        ds = <optimized out>
        cyls = 0
        heads = 0
        secs = 0
        translation = 0
        hda_opts = <optimized out>
        opts = <optimized out>
        machine_opts = <optimized out>
        olist = <optimized out>
        optind = 101
        optarg = 0x7fffffffe6d7 ":2"
        loadvm = 0x0
---Type <return> to continue, or q <return> to quit---
        machine = <optimized out>
        cpu_model = 0x7fffffffde1b "Skylake-Client"
        vga_model = 0x7fffffffe42f "qxl"
        pid_file = 0x0
        incoming = 0x0
        show_vnc_port = 0
        defconfig = <optimized out>
        userconfig = 27
        log_mask = <optimized out>
        log_file = 0x0
        trace_events = 0x0
        trace_file = 0x0
        vmstate_dump_file = 0x0
        __FUNCTION__ = "main"
        args = {machine = 0x555555c17a00 <pc_machine_rhel700>, ram_size = 1073741824, boot_device = 0x55555583ffe6 "cad", 
          kernel_filename = 0x0, kernel_cmdline = 0x55555588ab16 "", initrd_filename = 0x0, 
          cpu_model = 0x7fffffffde1b "Skylake-Client"}


Expected results:
exit qemu-kvm process normally

Additional info:
If use kill -6 `pidof qemu-kvm`

(qemu) 
Program received signal SIGABRT, Aborted.
0x00007ffff1193b7d in poll () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install alsa-lib-1.0.28-2.el7.x86_64 boost-system-1.53.0-25.el7.x86_64 boost-thread-1.53.0-25.el7.x86_64 bzip2-libs-1.0.6-13.el7.x86_64 celt051-0.5.1.3-8.el7.x86_64 cyrus-sasl-lib-2.1.26-19.2.el7.x86_64 cyrus-sasl-md5-2.1.26-19.2.el7.x86_64 cyrus-sasl-plain-2.1.26-19.2.el7.x86_64 dbus-libs-1.6.12-13.el7.x86_64 elfutils-libelf-0.163-3.el7.x86_64 elfutils-libs-0.163-3.el7.x86_64 flac-libs-1.3.0-5.el7_1.x86_64 glib2-2.42.2-5.el7.x86_64 glibc-2.17-105.el7.x86_64 glusterfs-api-3.7.1-16.el7.x86_64 glusterfs-libs-3.7.1-16.el7.x86_64 gmp-6.0.0-11.el7.x86_64 gnutls-3.3.8-12.el7_1.1.x86_64 gperftools-libs-2.4-7.el7.x86_64 gsm-1.0.13-11.el7.x86_64 json-c-0.11-4.el7_0.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.13.2-10.el7.x86_64 libICE-1.0.9-2.el7.x86_64 libSM-1.2.2-2.el7.x86_64 libX11-1.6.3-2.el7.x86_64 libXau-1.0.8-2.1.el7.x86_64 libXext-1.3.3-3.el7.x86_64 libXi-1.7.4-2.el7.x86_64 libXtst-1.2.2-2.1.el7.x86_64 libacl-2.2.51-12.el7.x86_64 libaio-0.3.109-13.el7.x86_64 libasyncns-0.8-7.el7.x86_64 libattr-2.4.46-12.el7.x86_64 libcap-2.22-8.el7.x86_64 libcom_err-1.42.9-7.el7.x86_64 libcurl-7.29.0-25.el7.x86_64 libdb-5.3.21-19.el7.x86_64 libffi-3.0.13-16.el7.x86_64 libgcc-4.8.5-4.el7.x86_64 libgcrypt-1.5.3-12.el7_1.1.x86_64 libgpg-error-1.12-3.el7.x86_64 libibverbs-1.1.8-8.el7.x86_64 libidn-1.28-4.el7.x86_64 libiscsi-1.9.0-6.el7.x86_64 libjpeg-turbo-1.2.90-5.el7.x86_64 libnl3-3.2.21-10.el7.x86_64 libogg-1.3.0-7.el7.x86_64 libpng-1.5.13-5.el7.x86_64 librados2-0.80.7-3.el7.x86_64 librbd1-0.80.7-3.el7.x86_64 librdmacm-1.0.21-1.el7.x86_64 libseccomp-2.2.1-1.el7.x86_64 libselinux-2.2.2-6.el7.x86_64 libsndfile-1.0.25-10.el7.x86_64 libssh2-1.4.3-10.el7.x86_64 libstdc++-4.8.5-4.el7.x86_64 libtasn1-3.8-2.el7.x86_64 libunwind-1.1-5.el7.x86_64 libusbx-1.0.20-1.el7.x86_64 libuuid-2.23.2-26.el7.x86_64 libvorbis-1.3.3-8.el7.x86_64 libxcb-1.11-4.el7.x86_64 lzo-2.06-8.el7.x86_64 nettle-2.7.1-4.el7.x86_64 nspr-4.10.8-2.el7_1.x86_64 nss-3.19.1-18.el7.x86_64 nss-softokn-freebl-3.16.2.3-13.el7_1.x86_64 nss-util-3.19.1-4.el7_1.x86_64 openldap-2.4.40-8.el7.x86_64 openssl-libs-1.0.1e-42.el7_1.9.x86_64 p11-kit-0.20.7-3.el7.x86_64 pcre-8.32-15.el7.x86_64 pixman-0.32.6-3.el7.x86_64 pulseaudio-libs-6.0-7.el7.x86_64 snappy-1.1.0-3.el7.x86_64 spice-server-0.12.4-15.el7.x86_64 systemd-libs-219-19.el7.x86_64 tcp_wrappers-libs-7.6-77.el7.x86_64 trousers-0.3.13-1.el7.x86_64 usbredir-0.6-7.el7.x86_64 xz-libs-5.1.2-12alpha.el7.x86_64 zlib-1.2.7-15.el7.x86_64
(gdb) bt full
#0  0x00007ffff1193b7d in poll () from /lib64/libc.so.6
No symbol table info available.
#1  0x00005555556aac66 in os_host_main_loop_wait (timeout=<optimized out>) at main-loop.c:226
        ret = <optimized out>
        spin_counter = 0
#2  main_loop_wait (nonblocking=<optimized out>) at main-loop.c:464
        ret = 1456414912
        timeout = 4294967295
#3  0x00005555555ca3e0 in main_loop () at vl.c:1989
        nonblocking = <optimized out>
        last_io = 1
#4  main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4355
        i = <optimized out>
        snapshot = 0
        linux_boot = 0
        icount_option = 0x0
        initrd_filename = 0x0
        kernel_filename = 0x0
        kernel_cmdline = 0x55555588ab16 ""
        boot_order = 0x55555583ffe6 "cad"
        ds = <optimized out>
        cyls = 0
        heads = 0
        secs = 0
        translation = 0
        hda_opts = <optimized out>
        opts = <optimized out>
        machine_opts = <optimized out>
        olist = <optimized out>
        optind = 101
        optarg = 0x7fffffffe6d7 ":2"
        loadvm = 0x0
---Type <return> to continue, or q <return> to quit---
        machine = <optimized out>
        cpu_model = 0x7fffffffde1b "Skylake-Client"
        vga_model = 0x7fffffffe42f "qxl"
        pid_file = 0x0
        incoming = 0x0
        show_vnc_port = 0
        defconfig = <optimized out>
        userconfig = 27
        log_mask = <optimized out>
        log_file = 0x0
        trace_events = 0x0
        trace_file = 0x0
        vmstate_dump_file = 0x0
        __FUNCTION__ = "main"
        args = {machine = 0x555555c17a00 <pc_machine_rhel700>, ram_size = 1073741824, boot_device = 0x55555583ffe6 "cad", 
          kernel_filename = 0x0, kernel_cmdline = 0x55555588ab16 "", initrd_filename = 0x0, 
          cpu_model = 0x7fffffffde1b "Skylake-Client"}

Comment 3 Martin Kyral 2016-12-14 16:15:02 UTC

I checked with desktop-qe guys (it's their test where the crash occurs) and ensured they don't kill qemu-kvm intentionally in the tests using the SIGIOT nor SIGSEGV signals.

Comment 9 FuXiangChun 2017-02-04 09:25:35 UTC

According to comment8. I used gnome_boxes tool to install a fresh Rhel7.3 guest. and did some general operations with gnome_boxes tool. examples: internal snapshot,reboot guest, force shutdown.....  But still cann't produce this bug yet. The test is still in progress.  Once the bug is reproduced. I will update result & steps to bz at once.

Comment 10 FuXiangChun 2017-02-04 09:29:24 UTC

At the same time, I have reserved a related host. I will try to reproduce it with special host(mentioned in log)

Comment 11 Ademar Reis 2017-04-11 18:11:42 UTC

(In reply to FuXiangChun from comment #10)
> At the same time, I have reserved a related host. I will try to reproduce it
> with special host(mentioned in log)

Any progress yet in reproducing it? Otherwise we might close this BZ.

Comment 12 FuXiangChun 2017-06-12 06:47:26 UTC

(In reply to Ademar Reis from comment #11)
> (In reply to FuXiangChun from comment #10)
> > At the same time, I have reserved a related host. I will try to reproduce it
> > with special host(mentioned in log)
> 
> Any progress yet in reproducing it? Otherwise we might close this BZ.

I'm sorry for replying this bug so later. QE analyzed part of the test suit. and according to test steps in test suit tested it by manually.But still can not reproduce it yet. The test environment or other factors also may cause this problem. If similar problem is triggered again by this test tool/suit. Then QE will take more time to investigate it. Ademar, Do you have any ideas?  Thanks.

Comment 14 Ademar Reis 2017-10-05 17:12:28 UTC

I'm closing this BZ because there are no reproduction steps and the title and comment #0 (said to be ignored later in comment #1) are both misleading.

In case it's not clear, sending signal 11 (SIGSEGV) or signal 6 (SIGABRT) to a process forces it to exit with a core dump, so what is described in comment #0 and in the BZ title is expected behavior.

If this can ever be reproduced, please open a new BZ to avoid confusion.

Note You need to log in before you can comment on or make changes to this bug.