Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 912231

Summary: qemu crashed when win2008r2 guest boot/reboot/system_reset when used "-vnc" option
Product: Red Hat Enterprise Linux 7 Reporter: Xu Tian <xutian>
Component: qemu-kvmAssignee: Gerd Hoffmann <kraxel>
Status: CLOSED CURRENTRELEASE QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: acathrow, hhuang, juzhang, mazhang, michen, mrezanin, rhod, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qemu-kvm-1.4.0-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 13:09:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
debug log none

Description Xu Tian 2013-02-18 07:46:58 UTC 
Created attachment 698750 [details]
debug log

Description of problem:

qemu crashed when win2008r2 guest boot up (with qxl drive installed) with "-vnc" option, when changed to 'spice' guest boot up without crash happened ;

Version-Release number of selected component (if applicable):

virtio-win-1.6.3-3.el6
qemu-kvm-1.3.0-5.el7.x86_64
libvncserver-0.9.9-3.el7.x86_64

How reproducible:

>70%

Steps to Reproduce:

1. boot up guest with command:
/usr/libexec/qemu-kvm \
  -name 'vm1' \
  -nodefaults \
  -chardev socket,id=qmp_id_qmpmonitor1,path=/tmp/monitor-qmpmonitor1-20130218-133213-tne4yYwu,server,nowait \
  -mon chardev=qmp_id_qmpmonitor1,mode=control \
  -chardev socket,id=serial_id_serial1,path=/tmp/serial-serial1-20130218-133213-tne4yYwu,server,nowait \
  -device isa-serial,chardev=serial_id_serial1 \
  -chardev socket,id=seabioslog_id_20130218-133213-tne4yYwu,path=/tmp/seabios-20130218-133213-tne4yYwu,server,nowait \
  -device isa-debugcon,chardev=seabioslog_id_20130218-133213-tne4yYwu,iobase=0x402 \
  -device ich9-usb-uhci1,id=usb1,bus=pci.0,addr=0x4 \
  -drive file='/root/autotest-devel/client/tests/kvm/images/win2008r2-64-virtio.qcow2',if=none,id=drive-virtio-disk1,media=disk,cache=writethrough,boot=off,snapshot=off,format=qcow2,aio=native \
  -device virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk1,id=virtio-disk1 \
  -device virtio-net-pci,netdev=idNA8lje,mac=9a:6f:70:71:72:73,bus=pci.0,addr=0x3,id='ideoJBdw' \
  -netdev tap,id=idNA8lje,vhost=on,fd=21 \
  -m 4096 \
  -smp 4,maxcpus=4,cores=2,threads=1,sockets=2 \
  -cpu 'SandyBridge',hv_relaxed \
  -M pc \
  -drive file='/root/autotest-devel/client/tests/kvm/isos/windows/winutils.iso',if=none,id=drive-ide0-0-0,media=cdrom,snapshot=off,format=raw \
  -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 \
  -device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1 \
  -spice port=3000,password=123456,ipv4 \
  -vga qxl \
  -global qxl-vga.vram_size=33554432 \
  -rtc base=localtime,clock=host,driftfix=slew \
  -boot order=cdn,once=c,menu=off \
  -enable-kvm 

2. install qxl drive, then shutdown guest

3. repeat step to boot up guest

bz912218  will reproduced this  in above step
  
Actual results:

qemu crashed

Expected results:

guest boot up successful

Additional info:
Comment 1 Xu Tian 2013-02-18 07:48:49 UTC 
(In reply to comment #0)
> Created attachment 698750 [details]
> debug log
> 
> Description of problem:
> 
> qemu crashed when win2008r2 guest boot up (with qxl drive installed) with
> "-vnc" option, when changed to 'spice' guest boot up without crash happened ;
> 
> Version-Release number of selected component (if applicable):
> 
> virtio-win-1.6.3-3.el6
> qemu-kvm-1.3.0-5.el7.x86_64
> libvncserver-0.9.9-3.el7.x86_64
> 
> How reproducible:
> 
> >70%
> 
> Steps to Reproduce:
> 
> 1. boot up guest with command:
> /usr/libexec/qemu-kvm \
>   -name 'vm1' \
>   -nodefaults \
>   -chardev
> socket,id=qmp_id_qmpmonitor1,path=/tmp/monitor-qmpmonitor1-20130218-133213-
> tne4yYwu,server,nowait \
>   -mon chardev=qmp_id_qmpmonitor1,mode=control \
>   -chardev
> socket,id=serial_id_serial1,path=/tmp/serial-serial1-20130218-133213-
> tne4yYwu,server,nowait \
>   -device isa-serial,chardev=serial_id_serial1 \
>   -chardev
> socket,id=seabioslog_id_20130218-133213-tne4yYwu,path=/tmp/seabios-20130218-
> 133213-tne4yYwu,server,nowait \
>   -device
> isa-debugcon,chardev=seabioslog_id_20130218-133213-tne4yYwu,iobase=0x402 \
>   -device ich9-usb-uhci1,id=usb1,bus=pci.0,addr=0x4 \
>   -drive
> file='/root/autotest-devel/client/tests/kvm/images/win2008r2-64-virtio.
> qcow2',if=none,id=drive-virtio-disk1,media=disk,cache=writethrough,boot=off,
> snapshot=off,format=qcow2,aio=native \
>   -device
> virtio-blk-pci,bus=pci.0,addr=0x5,drive=drive-virtio-disk1,id=virtio-disk1 \
>   -device
> virtio-net-pci,netdev=idNA8lje,mac=9a:6f:70:71:72:73,bus=pci.0,addr=0x3,
> id='ideoJBdw' \
>   -netdev tap,id=idNA8lje,vhost=on,fd=21 \
>   -m 4096 \
>   -smp 4,maxcpus=4,cores=2,threads=1,sockets=2 \
>   -cpu 'SandyBridge',hv_relaxed \
>   -M pc \
>   -drive
> file='/root/autotest-devel/client/tests/kvm/isos/windows/winutils.iso',
> if=none,id=drive-ide0-0-0,media=cdrom,snapshot=off,format=raw \
>   -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 \
>   -device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1 \
>   -spice port=3000,password=123456,ipv4 \
>   -vga qxl \
>   -global qxl-vga.vram_size=33554432 \
>   -rtc base=localtime,clock=host,driftfix=slew \
>   -boot order=cdn,once=c,menu=off \
>   -enable-kvm 
> 
> 2. install qxl drive, then shutdown guest
> 
> 3. repeat step to boot up guest
3. repeat step1 to boot up guest
> 
> bz912218  will reproduced this  in above step
>   
> Actual results:
> 
> qemu crashed
> 
> Expected results:
> 
> guest boot up successful
> 
> Additional info:
Comment 4 Gerd Hoffmann 2013-02-25 08:40:10 UTC 
I think that one is fixed meanwhile, please retest with 1.4.0 once packages are available for rhel-7.
Comment 5 Xu Tian 2013-02-25 09:34:33 UTC 
(In reply to comment #4)
> I think that one is fixed meanwhile, please retest with 1.4.0 once packages
> are available for rhel-7.
Hi  Gerd Hoffmann,

latest qemu-kvm packages is qemu-kvm-1.3.0-6.el7.x86_64, emulator is still qemu v1.3.0; 
I will keep one eyes on brew, and re-retest this defeat when v1.4.0 qemu ready for rhel7;

[root@localhost 306]# qemu-kvm  --version
QEMU emulator version 1.3.0, Copyright (c) 2003-2008 Fabrice Bellard
[root@localhost 306]# rpm -q qemu-kvm
qemu-kvm-1.3.0-6.el7.x86_64

thanks for your reminder;
Xu
Comment 6 Xu Tian 2013-03-11 08:19:26 UTC 
re-test this defeat on qemu-kvm-1.4.0-1.el7.x86_64, found it has be fixed, no crash happened when reboot guest with qxl derive;

Thanks,
Xu
Comment 8 mazhang 2014-01-15 08:11:05 UTC 
Reproduce this bug with tree RHEL-7.0-20130306.0.

Host:
qemu-kvm-1.3.0-6.el7.x86_64
kernel-3.7.0-0.36.el7.x86_64

Guest:
win2008r2-64
qxl-win-0.1-17

steps:
1. start qemu-kvm:
gdb --args /usr/libexec/qemu-kvm \
-name 'vm1' \
-nodefaults \
-chardev socket,id=qmp_id_qmpmonitor1,path=/tmp/monitor-qmpmonitor1-20130218-133213-tne4yYwu,server,nowait \
-mon chardev=qmp_id_qmpmonitor1,mode=control \
-drive file=/home/win2008r2-64.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,werror=stop,rerror=stop,aio=threads \
-device virtio-blk-pci,scsi=off,bus=pci.0,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 \
-netdev tap,id=hostnet0 \
-device e1000,netdev=hostnet0,id=net0,mac=52:54:00:39:13:2c \
-m 4096 \
-smp 4,maxcpus=4,cores=2,threads=1,sockets=2 \
-cpu 'SandyBridge',hv_relaxed \
-M pc \
-rtc base=localtime,clock=host,driftfix=slew \
-boot menu=on \
-enable-kvm \
-monitor stdio \
-vga qxl \
-global qxl-vga.vram_size=33554432 \
-spice port=5900,disable-ticketing \

2. Install qxl driver qxl-win-0.1-17, then shutdown guest , re-boot guest with vnc

Result:
qemu-kvm abort.

(gdb) 
#0  0x00007ffff2af9ba5 in raise () from /lib64/libc.so.6
No symbol table info available.
#1  0x00007ffff2afb358 in abort () from /lib64/libc.so.6
No symbol table info available.
#2  0x00007ffff38829f5 in spice_logv () from /lib64/libspice-server.so.1
No symbol table info available.
#3  0x00007ffff3882b38 in spice_log () from /lib64/libspice-server.so.1
No symbol table info available.
#4  0x00007ffff3860960 in handle_dev_update () from /lib64/libspice-server.so.1
No symbol table info available.
#5  0x00007ffff3842104 in dispatcher_handle_recv_read () from /lib64/libspice-server.so.1
No symbol table info available.
#6  0x00007ffff386302c in red_worker_main () from /lib64/libspice-server.so.1
No symbol table info available.
#7  0x00007ffff6271d15 in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#8  0x00007ffff2bb646d in clone () from /lib64/libc.so.6
No symbol table info available.
Comment 9 mazhang 2014-01-16 07:12:42 UTC 
Verify this bug on RHEL-7.0-20131222.0 with updated latest qemu-kvm and kernel.

Host:
qemu-kvm-1.5.3-36.el7.x86_64
kernel-3.10.0-71.el7.x86_64

Guest:
win2008r2-64
qxl-win-0.1-21

Cli:
gdb --args /usr/libexec/qemu-kvm \
-name 'vm1' \
-nodefaults \
-chardev socket,id=qmp_id_qmpmonitor1,path=/tmp/monitor-qmpmonitor1-20130218-133213-tne4yYwu,server,nowait \
-mon chardev=qmp_id_qmpmonitor1,mode=control \
-drive file=/home/win2008r2-64.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,werror=stop,rerror=stop,aio=threads \
-device virtio-blk-pci,scsi=off,bus=pci.0,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 \
-netdev tap,id=hostnet0 \
-device e1000,netdev=hostnet0,id=net0,mac=52:54:00:39:13:2c \
-m 4096 \
-smp 4,maxcpus=4,cores=2,threads=1,sockets=2 \
-cpu 'SandyBridge',hv_relaxed \
-M pc \
-rtc base=localtime,clock=host,driftfix=slew \
-boot menu=on \
-enable-kvm \
-monitor stdio \
-vga qxl \
-global qxl-vga.vram_size=33554432 \
-spice port=5900,disable-ticketing \

Install qxl driver, shutdown guest, then boot with vnc, guest works well no crash any more.

So this bug has been fixed.
Comment 11 Ludek Smid 2014-06-13 13:09:11 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.