Bug 600205

Summary: Live migration cause qemu-kvm Segmentation fault (core dumped)by using "-vga std"
Product: Red Hat Enterprise Linux 6 Reporter: Mike Cao <bcao>
Component: qemu-kvmAssignee: Gerd Hoffmann <kraxel>
Status: CLOSED CURRENTRELEASE QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.0CC: gyue, lihuang, michen, mjenner, mkenneth, ndai, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: qemu-kvm-0.12.1.2-2.87.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-07-08 07:14:39 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mike Cao 2010-06-04 06:56:47 UTC 
Description of problem:
Live migration cause qemu-kvm Segmentation fault (core dumped)by using "-vga std"

Version-Release number of selected component (if applicable):


How reproducible:
100%

Steps to Reproduce:
1.in the source host start VM by using 
#/usr/libexec/qemu-kvm -rtc-td-hack -no-hpet -usbdevice tablet -drive file=win7-64.raw,if=ide,cache=none,werror=stop,rerror=stop -net nic,macaddr=20:aa:30:aa:40:aa,model=virtio,vlan=0 -net tap,script=/etc/qemu-ifup,vlan=0 -uuid `uuidgen` -boot c -cpu qemu64,+sse2 -smp 2 -m 4G -spice port=5920,disable-ticketing -vga std -balloon none -monitor stdio
2.in the dest host,start VM by using
#/usr/libexec/qemu-kvm -rtc-td-hack -no-hpet -usbdevice tablet -drive file=win7-64.raw,if=ide,cache=none,werror=stop,rerror=stop -net nic,macaddr=20:aa:30:aa:40:aa,model=virtio,vlan=0 -net tap,script=/etc/qemu-ifup,vlan=0 -uuid `uuidgen` -boot c -cpu qemu64,+sse2 -smp 2 -m 4G -spice port=5900,disable-ticketing -vga std -balloon none -monitor stdio -incoming tcp:0:5888
3.connet the guest in the source host :./spicec <source host ip> 5920&
4.connet the guest in the dest host:./spicec <dest host ip> 5900&
5.do live migration (qemu)migrate -d tcp:<ip>:5888


Actual results:
qemu-kvm in the dest host will be core dumped.

(gdb) bt
#0  0x00007f956a5f4e8b in memcpy () from /lib64/libc.so.6
#1  0x00007f956c9ebea3 in quic_usr_more_lines_unstable (usr=0x7f9561dcd680, 
    out_lines=0x7f9561d8ae78) at /usr/include/bits/string3.h:52
#2  0x00007f956ca3d3a3 in quic_encode (quic=0x7f95580008c0, 
    type=<value optimized out>, width=640, height=480, line=0x7f955803e4e0 "", 
    num_lines=<value optimized out>, stride=2560, io_ptr=0x7f955801e210, 
    num_io_words=16384) at /usr/src/spice-common/quic.c:1288
#3  0x00007f956c9ef5e0 in red_quic_compress_image (
    display_channel=0x7f95580087f0, dest=0x7f955800be3c, src=0x7f955802eaa2, 
    o_comp_data=0x7f9561d8afa0) at red_worker.c:5491
#4  0x00007f956c9f67c3 in red_compress_image (display_channel=0x7f95580087f0, 
    in_bitmap=<value optimized out>, drawable=0x7f9561dc9b58)
    at red_worker.c:5571
#5  fill_bits (display_channel=0x7f95580087f0, 
    in_bitmap=<value optimized out>, drawable=0x7f9561dc9b58)
    at red_worker.c:5672
#6  0x00007f956c9f6f07 in red_send_qxl_drawable (worker=<value optimized out>, 
    display_channel=0x7f95580087f0, item=0x7f9561dc9b58) at red_worker.c:5859
#7  0x00007f956c9f7f37 in send_qxl_drawable (worker=<value optimized out>)
    at red_worker.c:6344
#8  display_channel_push (worker=<value optimized out>) at red_worker.c:6786
#9  0x00007f956c9fc6be in red_push (arg=<value optimized out>)
    at red_worker.c:6913
---Type <return> to continue, or q <return> to quit---
#10 red_worker_main (arg=<value optimized out>) at red_worker.c:8506
#11 0x00007f956ce7a761 in start_thread () from /lib64/libpthread.so.0
#12 0x00007f956a6524fd in clone () from /lib64/libc.so.6


Expected results:
Guest should work on well in the dest host.


Additional info:
repeat the steps WITHOUT step4 ,will not hit the issue.
using -vnc instead of "-spice" ,repeat the steps above will not hit the issue.
Comment 2 RHEL Program Management 2010-06-04 09:23:13 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.
Comment 3 Gerd Hoffmann 2010-06-04 11:59:29 UTC 
FYI: Instead of step (4) you should use the
'__com.redhat_spice_migrate_info $desthostname 5900' monitor command on the source host.  spicec will automatically reconnect to the destination host then after successful migration.
Comment 4 Gerd Hoffmann 2010-06-08 12:58:55 UTC 
Patches for bug #597198 (already posted) happen to fix this one too.
Comment 5 Gerd Hoffmann 2010-06-21 11:52:56 UTC 
*** Bug 606279 has been marked as a duplicate of this bug. ***
Comment 10 Mike Cao 2010-07-08 05:00:24 UTC 
#uname -r
2.6.32-42.el6.x86_64

Reproduced it in qemu-kvm-0.12.1.2-2.77.el6,Verified it in qemu-kvm-0.12.1.2-2.90.el6. following steps in comment #0.

Actual Results: After migration,No core dumped and VM can be used successfully.

According to comment #5,Reproduced bug #606279 in qemu-kvm-0.12.1.2-2.77.el6,Verified it in qemu-kvm-0.12.1.2-2.90.el6 following steps in the bug #606279's description.

Actual Results: no Segmentation fault and the rhel 4u8 64bit guest can be used successfully,

Based on the above ,the bug has already been fixed already.
Comment 11 Mike Cao 2010-07-08 07:13:39 UTC 
According to comment #10 ,close this bug.