869982 – qemu crashed when rhel6.3 64 bit guest reboots

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 869982 - qemu crashed when rhel6.3 64 bit guest reboots

Summary: qemu crashed when rhel6.3 64 bit guest reboots

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Gerd Hoffmann
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:	865767
Blocks:	867403
TreeView+	depends on / blocked

Reported:	2012-10-25 09:46 UTC by Xiaoqing Wei
Modified:	2014-06-18 03:18 UTC (History)
CC List:	13 users (show)
Fixed In Version:	qemu-kvm-1.3.0-2.el7
Doc Type:	Bug Fix
Doc Text:
Clone Of:	865767
Environment:
Last Closed:	2014-06-13 10:22:03 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
thread apply all bt full (11.00 KB, text/plain) 2012-10-25 09:50 UTC, Xiaoqing Wei	no flags	Details
View All

Comment 1 Xiaoqing Wei 2012-10-25 09:50:22 UTC

Created attachment 633258 [details]
thread apply all bt full

Comment 4 Alon Levy 2012-11-13 10:49:51 UTC

There is a patch waiting on the spice-next queue, will be picked up by qemu-kvm when it rebases on qemu:

 http://cgit.freedesktop.org/spice/qemu/log/?h=spice.v63
  b4e30b87561382f7fc80422f54b472d6d5034ea4

commit b4e30b87561382f7fc80422f54b472d6d5034ea4
Author: Alon Levy <alevy>
Date:   Thu Nov 1 14:56:00 2012 +0200

    hw/qxl: qxl_send_events: nop if stopped
    
    Added a trace point for easy logging.
    
    RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=870972
    
    Signed-off-by: Alon Levy <alevy>
    Signed-off-by: Gerd Hoffmann <kraxel>

870972 is a Fedora bug on qemu.

Should I change this to modified?

Comment 5 Gerd Hoffmann 2012-11-13 14:58:17 UTC

Ah, this bug was it, thanks Alon.
I think moving to modified should wait until it is actually merged into master.

Comment 8 Gerd Hoffmann 2013-03-20 14:40:08 UTC

Patch is upstream meanwhile (qemu 1.3+).

Comment 9 Qian Guo 2013-10-31 08:41:01 UTC

reproduced this bug with qemu-kvm-1.2.0-18.el7.x86_64

Steps:
1.Boot RHEL6.3 64bit  guest with qxl&spice

# /home/autotest/autotest-devel/client/tests/virt/qemu/qemu -S -name virt-tests-vm1 -nodefaults -chardev socket,id=qmp_id_qmpmonitor1,path=/tmp/monitor-qmpmonitor1-20131031-145625-iMeHvEx0,server,nowait -mon chardev=qmp_id_qmpmonitor1,mode=control -chardev socket,id=serial_id_serial1,path=/tmp/serial-serial1-20131031-145625-iMeHvEx0,server,nowait -device isa-serial,chardev=serial_id_serial1 -chardev socket,id=seabioslog_id_20131031-145625-iMeHvEx0,path=/tmp/seabios-20131031-145625-iMeHvEx0,server,nowait -device isa-debugcon,chardev=seabioslog_id_20131031-145625-iMeHvEx0,iobase=0x402 -device ich9-usb-uhci1,id=usb1,bus=pci.0,addr=0x4 -drive file=/home/autotest/autotest-devel/client/tests/virt/shared/data/images/RHEL-Server-6.3-64-virtio.qcow2,index=0,if=none,id=drive-virtio-disk1,media=disk,cache=unsafe,snapshot=off,format=qcow2,aio=native -device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk1,bootindex=0 -device virtio-net-pci,netdev=idLZkZY4,mac=9a:22:23:24:25:26,bus=pci.0,addr=0x3,id=iddocMSy -netdev tap,id=idLZkZY4,vhost=on,vhostfd=25,fd=24 -m 4096 -smp 4,maxcpus=4,cores=2,threads=1,sockets=2 -cpu SandyBridge -M pc -device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1 -spice port=3000,password=123456,addr=0,image-compression=auto_glz,zlib-glz-wan-compression=auto,streaming-video=all,agent-mouse=on,playback-compression=on,ipv4 -vga qxl -global qxl-vga.vram_size=33554432 -rtc base=utc,clock=host,driftfix=slew -boot order=cdn,once=c,menu=off -no-kvm-pit-reinjection -enable-kvm


2.Reboot guest.

qemu coredumpd:
# gdb --core=results/default/virt.qemu.smp_4.4096m.repeat2.Host_RHEL.7.0.spice.qcow2.virtio_blk.up.virtio_net.RHEL.6.3.x86_64.reboot/debug/crash.qemu.9721/core

...

(gdb) bt
#0  0x00007f1a1283f683 in _int_malloc () from /lib64/libc.so.6
#1  0x00007f1a12841443 in malloc () from /lib64/libc.so.6
#2  0x00007f1a17c0fd5d in malloc_and_trace (n_bytes=51200) at /usr/src/debug/qemu-kvm-1.2.0/vl.c:2322
#3  0x00007f1a1717468f in g_malloc () from /lib64/libglib-2.0.so.0
#4  0x00007f1a17c614a2 in qemu_spice_create_one_update (ssd=ssd@entry=0x7f1a18ede270, rect=rect@entry=0x7fff52fbde90)
    at ui/spice-display.c:189
#5  0x00007f1a17c62481 in qemu_spice_create_update (ssd=0x7f1a18ede270) at ui/spice-display.c:306
#6  qemu_spice_display_refresh (ssd=0x7f1a18ede270) at ui/spice-display.c:462
#7  0x00007f1a17c0f53e in dpy_refresh (s=0x7f1a18eefe50) at /usr/src/debug/qemu-kvm-1.2.0/console.h:267
#8  gui_update (opaque=0x7f1a18eefe50) at /usr/src/debug/qemu-kvm-1.2.0/vl.c:1281
#9  0x00007f1a17c41cab in qemu_run_timers (clock=0x7f1a18cd7550) at qemu-timer.c:393
#10 qemu_run_timers (clock=0x7f1a18cd7550) at qemu-timer.c:373
#11 0x00007f1a17c41f0d in qemu_run_all_timers () at qemu-timer.c:450
#12 0x00007f1a17c1330e in main_loop_wait (nonblocking=<optimized out>) at main-loop.c:502
#13 0x00007f1a17af11e3 in main_loop () at /usr/src/debug/qemu-kvm-1.2.0/vl.c:1643
#14 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /usr/src/debug/qemu-kvm-1.2.0/vl.c:3790
(gdb) bt ful
#0  0x00007f1a1283f683 in _int_malloc () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007f1a12841443 in malloc () from /lib64/libc.so.6
No symbol table info available.
#2  0x00007f1a17c0fd5d in malloc_and_trace (n_bytes=51200) at /usr/src/debug/qemu-kvm-1.2.0/vl.c:2322
        ptr = <optimized out>
#3  0x00007f1a1717468f in g_malloc () from /lib64/libglib-2.0.so.0
No symbol table info available.
#4  0x00007f1a17c614a2 in qemu_spice_create_one_update (ssd=ssd@entry=0x7f1a18ede270, rect=rect@entry=0x7fff52fbde90)
    at ui/spice-display.c:189
        update = 0x7f1a1918d310
        drawable = 0x7f1a1918d310
        image = 0x7f1a1918d3cf
        cmd = 0x7f1a1918d3ff
        src = <optimized out>
        mirror = <optimized out>
        dst = <optimized out>
        by = <optimized out>
        bw = 32
        bh = 400
        offset = <optimized out>
        bytes = <optimized out>
        time_space = {tv_sec = 4578, tv_nsec = 972460189}
#5  0x00007f1a17c62481 in qemu_spice_create_update (ssd=0x7f1a18ede270) at ui/spice-display.c:306
        update = {top = 0, left = 160, bottom = 400, right = 192}
        guest = 0x7f1a082da010 "\250\250"
        mirror = 0x7f1a18f61800 "\250\250"
        blocks = <optimized out>
---Type <return> to continue, or q <return> to quit--- 
        x = 160
        xoff = <optimized out>
        bw = 32
        dirty_top = 0x7fff52fbddb0
        y = 400
        yoff = <optimized out>
        blk = 5
        bpp = <optimized out>
#6  qemu_spice_display_refresh (ssd=0x7f1a18ede270) at ui/spice-display.c:462
        __func__ = "qemu_spice_display_refresh"
        __FUNCTION__ = "qemu_spice_display_refresh"
#7  0x00007f1a17c0f53e in dpy_refresh (s=0x7f1a18eefe50) at /usr/src/debug/qemu-kvm-1.2.0/console.h:267
        dcl = 0x7f1a181292a0 <display_listener>
#8  gui_update (opaque=0x7f1a18eefe50) at /usr/src/debug/qemu-kvm-1.2.0/vl.c:1281
        interval = 30
        ds = 0x7f1a18eefe50
        dcl = 0x7f1a181292a0 <display_listener>
#9  0x00007f1a17c41cab in qemu_run_timers (clock=0x7f1a18cd7550) at qemu-timer.c:393
        ptimer_head = 0x7f1a18cd7550
        ts = <optimized out>
        current_time = 4578972017231
#10 qemu_run_timers (clock=0x7f1a18cd7550) at qemu-timer.c:373
No locals.
#11 0x00007f1a17c41f0d in qemu_run_all_timers () at qemu-timer.c:450
No locals.
#12 0x00007f1a17c1330e in main_loop_wait (nonblocking=<optimized out>) at main-loop.c:502
        ret = 1
        timeout = 4294967295
---Type <return> to continue, or q <return> to quit---
#13 0x00007f1a17af11e3 in main_loop () at /usr/src/debug/qemu-kvm-1.2.0/vl.c:1643
        nonblocking = <optimized out>
        last_io = 1
#14 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /usr/src/debug/qemu-kvm-1.2.0/vl.c:3790
        i = <optimized out>
        snapshot = 0
        linux_boot = <optimized out>
        icount_option = 0x0
        initrd_filename = <optimized out>
        kernel_filename = <optimized out>
        kernel_cmdline = <optimized out>
        boot_devices = "c\000n", '\000' <repeats 29 times>
        ds = 0x7f1a18eefe50
        dcl = <optimized out>
        cyls = 0
        heads = 0
        secs = 0
        translation = 0
        hda_opts = <optimized out>
        opts = <optimized out>
        machine_opts = <optimized out>
        olist = <optimized out>
        optind = 49
        optarg = 0x0
        loadvm = 0x0
        machine = 0x7f1a18126e00 <pc_machine_v1_2>
        cpu_model = 0x7fff52fc002e "SandyBridge"
        vga_model = 0x7fff52fc011a "qxl"
---Type <return> to continue, or q <return> to quit---
        pid_file = 0x0
        incoming = 0x0
        defconfig = <optimized out>
        userconfig = <optimized out>
        log_mask = 0x0
        log_file = 0x0
        mem_trace = {malloc = 0x7f1a17c0fd40 <malloc_and_trace>, realloc = 0x7f1a17c0fcf0 <realloc_and_trace>, 
          free = 0x7f1a17c0fcb0 <free_and_trace>, calloc = 0x0, try_malloc = 0x0, try_realloc = 0x0}
        trace_events = 0x0
        trace_file = 0x0


So, according above, this bug is reproduced

Comment 10 Qian Guo 2013-10-31 08:57:42 UTC

Verify this bug with qemu-kvm-1.5.3-10.el7.x86_64

Steps:
1.Boot RHEL6.3 64bit  guest with qxl&spice
# /home/auto/autotest-devel/client/tests/virt/qemu/qemu -S -name virt-tests-vm1 -nodefaults -chardev socket,id=qmp_id_qmpmonitor1,path=/tmp/monitor-qmpmonitor1-20131031-162509-HjbQ9YxB,server,nowait -mon chardev=qmp_id_qmpmonitor1,mode=control -chardev socket,id=serial_id_serial1,path=/tmp/serial-serial1-20131031-162509-HjbQ9YxB,server,nowait -device isa-serial,chardev=serial_id_serial1 -chardev socket,id=seabioslog_id_20131031-162509-HjbQ9YxB,path=/tmp/seabios-20131031-162509-HjbQ9YxB,server,nowait -device isa-debugcon,chardev=seabioslog_id_20131031-162509-HjbQ9YxB,iobase=0x402 -device ich9-usb-uhci1,id=usb1,bus=pci.0,addr=0x4 -drive file=/home/auto/autotest-devel/client/tests/virt/shared/data/images/RHEL-Server-6.3-64-virtio.qcow2,index=0,if=none,id=drive-virtio-disk1,media=disk,cache=unsafe,snapshot=off,format=qcow2,aio=native -device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk1,bootindex=0 -device virtio-net-pci,netdev=idrVtX0a,mac=9a:0b:0c:0d:0e:0f,bus=pci.0,addr=0x3,id=idAt3Lon -netdev tap,id=idrVtX0a,vhost=on,vhostfd=25,fd=24 -m 4096 -smp 4,maxcpus=4,cores=2,threads=1,sockets=2 -cpu SandyBridge -M pc -device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1 -spice port=3000,password=123456,addr=0,image-compression=auto_glz,zlib-glz-wan-compression=auto,streaming-video=all,agent-mouse=on,playback-compression=on,ipv4 -vga qxl -global qxl-vga.vram_size=33554432 -rtc base=utc,clock=host,driftfix=slew -boot order=cdn,once=c,menu=off -no-kvm-pit-reinjection -enable-kvm

2.Reboot guest for 100 times, after the auto reboot job, guest works well, qemu did not hit error/coredumped.

So according to above, this bug is fixed by qemu-kvm-1.5.3-10.el7.x86_64

Comment 11 juzhang 2013-11-01 04:49:11 UTC

According to comment10, set this issue as verified.

Comment 12 Ludek Smid 2014-06-13 10:22:03 UTC

This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.