Public bug reported: this is the command line of qemu.
2015-06-30 01:52:59.508+0000: starting up LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin QEMU_AUDIO_DRV=none /usr/bin/qemu-kvm -name rhel7 -S -machine pc-i440fx-2.1,accel=kvm,usb=off -cpu SandyBridge -m 2048 -realtime mlock=off -smp 1,sockets=1,cores=1,threads=1 -uuid 2a3f1d8a-850d-4e37-aecd-65cbf1e4e415 -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/rhel7.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=discard -no-hpet -no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot menu=on,strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x5.0x7 -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x5 -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x5.0x1 -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x5.0x2 -device lsi,id=scsi0,bus=pci.0,addr=0x6 -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x3 -drive file=/var/lib/libvirt/images/rhel7.qcow2,if=none,id=drive-ide0-0-0,format=qcow2 -device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -drive file=/home/jemmy/Downloads/rhel-server-7.1-x86_64-dvd.iso,if=none,id=drive-ide0-0-1,readonly=on,format=raw -device ide-cd,bus=ide.0,unit=1,drive=drive-ide0-0-1,id=ide0-0-1,bootindex=2 -netdev tap,fd=23,id=hostnet0,vhost=on,vhostfd=24 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:b4:7b:bb,bus=pci.0,addr=0x8 -chardev socket,id=charserial0,host=127.0.0.1,port=4555,telnet,server,nowait -device isa-serial,chardev=charserial0,id=serial0 -chardev file,id=charserial1,path=/tmp/log.txt -device isa-serial,chardev=charserial1,id=serial1 -chardev pty,id=charconsole0 -device virtconsole,chardev=charconsole0,id=console0 -vnc 127.0.0.1:0 -device qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,bus=pci.0,addr=0x2 -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x7 -msg timestamp=on char device redirected to /dev/pts/2 (label charconsole0) this is the error log of qemu when crash. id 0, group 0, virt start 0, virt end ffffffffffffffff, generation 0, delta 0 id 1, group 1, virt start 7fbe20000000, virt end 7fbe23ffe000, generation 0, delta 7fbe20000000 id 2, group 1, virt start 7fbe1c000000, virt end 7fbe20000000, generation 0, delta 7fbe1c000000 ((null):16237): Spice-CRITICAL **: red_memslots.c:69:validate_virt: virtual address out of range virt=0x0+0x18 slot_id=0 group_id=1 slot=0x0-0x0 delta=0x0 Thread 4 (Thread 0x7fbeb3a32700 (LWP 16278)): #0 0x00007fbec182d407 in ioctl () at /lib64/libc.so.6 #1 0x00007fbecc80e565 in kvm_vcpu_ioctl () #2 0x00007fbecc80e61c in kvm_cpu_exec () #3 0x00007fbecc7fd0a2 in qemu_kvm_cpu_thread_fn () #4 0x00007fbecb2f652a in start_thread () at /lib64/libpthread.so.0 #5 0x00007fbec183722d in clone () at /lib64/libc.so.6 Thread 3 (Thread 0x7fbeb15ff700 (LWP 16287)): #0 0x00007fbecb2fe1cd in read () at /lib64/libpthread.so.0 #1 0x00007fbec2a50499 in spice_backtrace_gstack () at /lib64/libspice-server.so.1 #2 0x00007fbec2a57dae in spice_logv () at /lib64/libspice-server.so.1 #3 0x00007fbec2a57f05 in spice_log () at /lib64/libspice-server.so.1 #4 0x00007fbec2a177ff in validate_virt () at /lib64/libspice-server.so.1 #5 0x00007fbec2a1791e in get_virt () at /lib64/libspice-server.so.1 #6 0x00007fbec2a17fb9 in red_get_clip_rects () at /lib64/libspice-server.so.1 #7 0x00007fbec2a1976f in red_get_drawable () at /lib64/libspice-server.so.1 #8 0x00007fbec2a30332 in red_process_commands.constprop () at /lib64/libspice-server.so.1 #9 0x00007fbec2a3638a in red_worker_main () at /lib64/libspice-server.so.1 #10 0x00007fbecb2f652a in start_thread () at /lib64/libpthread.so.0 #11 0x00007fbec183722d in clone () at /lib64/libc.so.6 Thread 2 (Thread 0x7fbeb0bff700 (LWP 16289)): #0 0x00007fbecb2fb590 in pthread_cond_wait@@GLIBC_2.3.2 () at /lib64/libpthread.so.0 #1 0x00007fbecca954c9 in qemu_cond_wait () #2 0x00007fbecca3bfe3 in vnc_worker_thread_loop () #3 0x00007fbecca3c3c8 in vnc_worker_thread () #4 0x00007fbecb2f652a in start_thread () at /lib64/libpthread.so.0 #5 0x00007fbec183722d in clone () at /lib64/libc.so.6 Thread 1 (Thread 0x7fbeccd2ca80 (LWP 16237)): #0 0x00007fbec182bd51 in ppoll () at /lib64/libc.so.6 #1 0x00007fbecca4d2ec in qemu_poll_ns () #2 0x00007fbecca4ca94 in main_loop_wait () #3 0x00007fbecc7d58dd in main () ** Affects: qemu Importance: Undecided Status: New -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1469924 Title: qemu-kvm crash when guest os is booting Status in QEMU: New Bug description: this is the command line of qemu. 2015-06-30 01:52:59.508+0000: starting up LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin QEMU_AUDIO_DRV=none /usr/bin/qemu-kvm -name rhel7 -S -machine pc-i440fx-2.1,accel=kvm,usb=off -cpu SandyBridge -m 2048 -realtime mlock=off -smp 1,sockets=1,cores=1,threads=1 -uuid 2a3f1d8a-850d-4e37-aecd-65cbf1e4e415 -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/rhel7.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=discard -no-hpet -no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot menu=on,strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x5.0x7 -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x5 -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x5.0x1 -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x5.0x2 -device lsi,id=scsi0,bus=pci.0,addr=0x6 -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x3 -drive file=/var/lib/libvirt/images/rhel7.qcow2,if=none,id=drive-ide0-0-0,format=qcow2 -device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -drive file=/home/jemmy/Downloads/rhel-server-7.1-x86_64-dvd.iso,if=none,id=drive-ide0-0-1,readonly=on,format=raw -device ide-cd,bus=ide.0,unit=1,drive=drive-ide0-0-1,id=ide0-0-1,bootindex=2 -netdev tap,fd=23,id=hostnet0,vhost=on,vhostfd=24 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:b4:7b:bb,bus=pci.0,addr=0x8 -chardev socket,id=charserial0,host=127.0.0.1,port=4555,telnet,server,nowait -device isa-serial,chardev=charserial0,id=serial0 -chardev file,id=charserial1,path=/tmp/log.txt -device isa-serial,chardev=charserial1,id=serial1 -chardev pty,id=charconsole0 -device virtconsole,chardev=charconsole0,id=console0 -vnc 127.0.0.1:0 -device qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,bus=pci.0,addr=0x2 -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x7 -msg timestamp=on char device redirected to /dev/pts/2 (label charconsole0) this is the error log of qemu when crash. id 0, group 0, virt start 0, virt end ffffffffffffffff, generation 0, delta 0 id 1, group 1, virt start 7fbe20000000, virt end 7fbe23ffe000, generation 0, delta 7fbe20000000 id 2, group 1, virt start 7fbe1c000000, virt end 7fbe20000000, generation 0, delta 7fbe1c000000 ((null):16237): Spice-CRITICAL **: red_memslots.c:69:validate_virt: virtual address out of range virt=0x0+0x18 slot_id=0 group_id=1 slot=0x0-0x0 delta=0x0 Thread 4 (Thread 0x7fbeb3a32700 (LWP 16278)): #0 0x00007fbec182d407 in ioctl () at /lib64/libc.so.6 #1 0x00007fbecc80e565 in kvm_vcpu_ioctl () #2 0x00007fbecc80e61c in kvm_cpu_exec () #3 0x00007fbecc7fd0a2 in qemu_kvm_cpu_thread_fn () #4 0x00007fbecb2f652a in start_thread () at /lib64/libpthread.so.0 #5 0x00007fbec183722d in clone () at /lib64/libc.so.6 Thread 3 (Thread 0x7fbeb15ff700 (LWP 16287)): #0 0x00007fbecb2fe1cd in read () at /lib64/libpthread.so.0 #1 0x00007fbec2a50499 in spice_backtrace_gstack () at /lib64/libspice-server.so.1 #2 0x00007fbec2a57dae in spice_logv () at /lib64/libspice-server.so.1 #3 0x00007fbec2a57f05 in spice_log () at /lib64/libspice-server.so.1 #4 0x00007fbec2a177ff in validate_virt () at /lib64/libspice-server.so.1 #5 0x00007fbec2a1791e in get_virt () at /lib64/libspice-server.so.1 #6 0x00007fbec2a17fb9 in red_get_clip_rects () at /lib64/libspice-server.so.1 #7 0x00007fbec2a1976f in red_get_drawable () at /lib64/libspice-server.so.1 #8 0x00007fbec2a30332 in red_process_commands.constprop () at /lib64/libspice-server.so.1 #9 0x00007fbec2a3638a in red_worker_main () at /lib64/libspice-server.so.1 #10 0x00007fbecb2f652a in start_thread () at /lib64/libpthread.so.0 #11 0x00007fbec183722d in clone () at /lib64/libc.so.6 Thread 2 (Thread 0x7fbeb0bff700 (LWP 16289)): #0 0x00007fbecb2fb590 in pthread_cond_wait@@GLIBC_2.3.2 () at /lib64/libpthread.so.0 #1 0x00007fbecca954c9 in qemu_cond_wait () #2 0x00007fbecca3bfe3 in vnc_worker_thread_loop () #3 0x00007fbecca3c3c8 in vnc_worker_thread () #4 0x00007fbecb2f652a in start_thread () at /lib64/libpthread.so.0 #5 0x00007fbec183722d in clone () at /lib64/libc.so.6 Thread 1 (Thread 0x7fbeccd2ca80 (LWP 16237)): #0 0x00007fbec182bd51 in ppoll () at /lib64/libc.so.6 #1 0x00007fbecca4d2ec in qemu_poll_ns () #2 0x00007fbecca4ca94 in main_loop_wait () #3 0x00007fbecc7d58dd in main () To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1469924/+subscriptions