Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 928251

Summary: guest call trace on haswell host when disable 'tsc' cpu flag via '-cpu model_name,-flag'
Product: Red Hat Enterprise Linux 7 Reporter: Sibiao Luo <sluo>
Component: qemu-kvmAssignee: Hai Huang <hhuang>
Status: CLOSED NOTABUG QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: acathrow, chayang, ehabkost, hhuang, juzhang, michen, shuang, virt-maint, xfu
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-28 12:36:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sibiao Luo 2013-03-27 09:18:14 UTC 
Description of problem:
boot guest with disable 'tsc' cpu flag via '-cpu model_name,-tsc' on haswell host, but it will call trace and fail to boot up.
BTW, if disable 'EPT' cpu flag, guest can boot up successfully without such issue.

Version-Release number of selected component (if applicable):
host info:
kernel-3.9.0-0.rc4.45.el7.x86_64
qemu-kvm-1.4.0-1.el7.x86_64
seabios-1.7.2-0.2.gita810e4e7.el7.x86_64
seabios-bin-1.7.2-0.2.gita810e4e7.el7.noarch
guest info:
kernel-3.9.0-0.rc4.45.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1.reserve Haswell host.
2.boot guest with disable 'tsc' cpu flag via '-cpu model_name,-tsc' on haswell host.
e.g:/usr/libexec/qemu-kvm -S -M q35 -cpu Haswell,-tsc -enable-kvm -m 4096 -smp 8,cores=2,threads=4,sockets=1,maxcpus=10 -no-kvm-pit-reinjection -usb -device usb-tablet,id=input0 -name sluo-test -uuid b03eea94-a502-4142-b541-96f86473a07a -rtc base=localtime,clock=host,driftfix=slew -device virtio-serial-pci,id=virtio-serial0,max_ports=16,vectors=0,bus=pcie.0,addr=0x4 -chardev socket,id=channel1,path=/tmp/helloworld1,server,nowait -device virtserialport,chardev=channel1,name=com.redhat.rhevm.vdsm,bus=virtio-serial0.0,id=port1 -chardev socket,id=channel2,path=/tmp/helloworld2,server,nowait -device virtserialport,chardev=channel2,name=com.redhat.rhevm.vdsm,bus=virtio-serial0.0,id=port2 -drive file=/home/RHEL-Server-7.0-64-ahci.qcow2,if=none,id=drive-system-disk,format=qcow2,cache=none,aio=native,werror=stop,rerror=stop,serial=QEMU-DISK1 -device ide-hd,bus=ide.0,unit=0,drive=drive-system-disk,id=system-disk,bootindex=0 -device virtio-balloon-pci,id=ballooning,bus=pcie.0,addr=0x5 -drive file=/home/my-data-disk.qcow2,if=none,id=drive-data-disk,format=qcow2,cache=none,aio=native,werror=stop,rerror=stop,serial=QEMU-DISK2 -device ide-hd,bus=ide.1,unit=0,drive=drive-data-disk,id=data-disk -global PIIX4_PM.disable_s3=0 -global PIIX4_PM.disable_s4=0 -serial unix:/tmp/ttyS0,server,nowait -qmp tcp:0:4444,server,nowait -k en-us -boot menu=on -vnc :1 -spice disable-ticketing,port=5931 -monitor stdio
  
Actual results:
after step 2, guest call trace and fail to boot up, i will paste the call trace log later.

Expected results:
guest should not call trace and can boot up successfully.

Additional info:
Comment 1 Sibiao Luo 2013-03-27 09:21:45 UTC 
# nc -U /tmp/ttyS0 
[    0.011612] divide error: 0000 [#1] SMP 
[    0.012000] Modules linked in:
[    0.012000] CPU 0 
[    0.012000] Pid: 1, comm: swapper/0 Tainted: G        W   --------------   3.9.0-0.rc4.45.el7.x86_64 #1 Bochs Bochs
[    0.012000] RIP: 0010:[<ffffffff810b7a70>]  [<ffffffff810b7a70>] clockevents_config.part.1+0x20/0x90
[    0.012000] RSP: 0000:ffff880140e97dd8  EFLAGS: 00010246
[    0.012000] RAX: ffffffffffffffff RBX: ffff880142a0dc00 RCX: 0000000000000000
[    0.012000] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffffff
[    0.012000] RBP: ffff880140e97de0 R08: 0000000000000001 R09: 00000000000000cb
[    0.012000] R10: 00000000000000ca R11: 0000000000000003 R12: 000000000000b008
[    0.012000] R13: 000000000000b010 R14: 000000000000000a R15: 0000000000000009
[    0.012000] FS:  0000000000000000(0000) GS:ffff880142a00000(0000) knlGS:0000000000000000
[    0.012000] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    0.012000] CR2: 00000000ffffffff CR3: 00000000018ea000 CR4: 00000000001406f0
[    0.012000] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    0.012000] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[    0.012000] Process swapper/0 (pid: 1, threadinfo ffff880140e96000, task ffff880140f18000)
[    0.012000] Stack:
[    0.012000]  ffff880142a0dc00 ffff880140e97df8 ffffffff810b7b00 ffff880142a0dc00
[    0.012000]  ffff880140e97e08 ffffffff815ee7f7 ffff880140e97e48 ffffffff81a232f5
[    0.012000]  00000000000006b6 0000000000000000 000000000000b008 000000000000b010
[    0.012000] Call Trace:
[    0.012000]  [<ffffffff810b7b00>] clockevents_config_and_register+0x20/0x30
[    0.012000]  [<ffffffff815ee7f7>] setup_APIC_timer+0xe6/0xf2
[    0.012000]  [<ffffffff81a232f5>] setup_boot_APIC_clock+0x4d8/0x4e4
[    0.012000]  [<ffffffff81a2161d>] native_smp_prepare_cpus+0x33d/0x35d
[    0.012000]  [<ffffffff81a12fa7>] kernel_init_freeable+0xc4/0x207
[    0.012000]  [<ffffffff815e1ba0>] ? rest_init+0x80/0x80
[    0.012000]  [<ffffffff815e1bae>] kernel_init+0xe/0x180
[    0.012000]  [<ffffffff8160c82c>] ret_from_fork+0x7c/0xb0
[    0.012000]  [<ffffffff815e1ba0>] ? rest_init+0x80/0x80
[    0.012000] Code: ff eb bb 0f 0b 66 0f 1f 44 00 00 0f 1f 44 00 00 55 31 d2 89 f1 89 f6 41 b8 01 00 00 00 48 89 e5 53 48 89 fb 48 8b 7f 70 48 89 f8 <48> f7 f6 48 85 c0 74 0b 48 3d 58 02 00 00 41 89 c0 77 3d 48 8d 
[    0.012000] RIP  [<ffffffff810b7a70>] clockevents_config.part.1+0x20/0x90
[    0.012000]  RSP <ffff880140e97dd8>
[    0.012003] ---[ end trace d3dcfda080ddfc5e ]---
[    0.013012] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
[    0.013012]
Comment 2 Sibiao Luo 2013-03-27 09:23:52 UTC 
processor	: 3
vendor_id	: GenuineIntel
cpu family	: 6
model		: 60
model name	: Intel(R) Core(TM) i5-4670T CPU @ 2.30GHz
stepping	: 3
microcode	: 0x6
cpu MHz		: 2301.000
cache size	: 6144 KB
physical id	: 0
siblings	: 4
core id		: 3
cpu cores	: 4
apicid		: 6
initial apicid	: 6
fpu		: yes
fpu_exception	: yes
cpuid level	: 13
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 fma cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm ida arat epb xsaveopt pln pts dtherm tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm
bogomips	: 4589.57
clflush size	: 64
cache_alignment	: 64
address sizes	: 39 bits physical, 48 bits virtual
power management:
Comment 3 Sibiao Luo 2013-03-27 09:31:26 UTC 
I met anther issue, but not sure whether the same as this one.
when i disable the 'nx' flag via '-cpu model_name,-flag' when boot up guest, it will hang at 'Loading initial ramdisk...' and fail to boot up, it cann't continue and have no any call trace. btw, if i disable the 'kvmclock' flag, it can boot up guest sucessfully and verify the 'kvmclock' flag not existing in /sys/devices/system/clocksource/clocksource0/available_clocksource.

Does this issue(disable the 'nx' flag cause guest hang and fail to boot) the same as 'tsc' issue ? Should i need to open a new bug to tracing this ?
Comment 4 Eduardo Habkost 2013-03-27 14:18:59 UTC 
Both issues are completely different. Different flags can trigger different kinds of guest behavior.

About the specific "-tsc" issue: guests are very likely to not be able to handle weird configurations, such as a modern CPU without the TSC feature. There are many different ways you can make a guest misbehave by presenting a combination of CPU features that doesn't exist on real hardware.

About the "-nx" issue: this is unexpected, as having NX disabled is very common on real hardware. Please open a separate bug for it.
Comment 6 Hai Huang 2013-03-28 12:36:41 UTC 
Per Eduardo's feedback above, closing this BZ as not a bug.
The issue with disabled "nx" is being addressed separately by BZ 928583.