Bug 674451

Summary: spice segfault on migration
Product: Red Hat Enterprise Linux 6 Reporter: Alex Williamson <alex.williamson>
Component: spice-serverAssignee: Gerd Hoffmann <kraxel>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: high Docs Contact:
Priority: high    
Version: 6.1CC: akong, alex.williamson, dblechte, jialiu, lkocman, mkenneth, szhou, uril, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: spice-server-0.7.3-2.el6 Doc Type: Bug Fix
Doc Text:
spice-server tried to use migration information even when it was not provided or required. This resulted in a segmentation fault in the client machine (the source of the migration operation). A check now determines whether the client has provided or is required to provide migration information. (BZ#674451)
 Story Points: ---
Clone Of: Environment:
Last Closed: 2011-05-19 14:07:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 580951    

Description Alex Williamson 2011-02-01 22:51:08 UTC 
Description of problem:
After migration, migration source qemu-kvm segfaults:

Program received signal SIGSEGV, Segmentation fault.
reds_mig_switch (s=<value optimized out>) at reds.c:3379
3379	    migrate.port = s->port;
(gdb) bt
#0  reds_mig_switch (s=<value optimized out>) at reds.c:3379
#1  spice_server_migrate_switch (s=<value optimized out>) at reds.c:4184
#2  0x00000000004dc5a9 in notifier_list_notify (list=<value optimized out>)
    at notify.c:37
#3  0x000000000040b7d8 in qemu_run_timers (timeout=1000)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:1203
#4  main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4296
#5  0x000000000042a15a in kvm_main_loop ()
    at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2165
#6  0x000000000040e9fb in main_loop (argc=<value optimized out>, 
    argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4472
#7  main (argc=<value optimized out>, argv=<value optimized out>, 
    envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6644
(gdb) p s
$1 = (RedsMigSpice *) 0x0


Version-Release number of selected component (if applicable):
qemu-kvm-0.12.1.2-2.134.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1. migrate w/ -vga qxl
2.
3.
  
Actual results:
migration finishes, but source VM seg faults

Expected results:
no segfault

Additional info:

source cmdline:

/usr/libexec/qemu-kvm -enable-kvm -m 4G -smp 2 -name rhel6vm -uuid 1e3f234d-338f-e438-1d43-14393856409c -nodefconfig -nodefaults -rtc base=utc -boot c -drive file=/var/lib/libvirt/images/VMs/rhel6vm.img,if=ide,cache=off,id=drive-virtio-disk0,format=raw -usb -netdev tap,script=/home/alwillia/bin/br0-ifup,id=hostnet0 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:5f:78:73,bus=pci.0,addr=0x3 -mem-path /hugepages/ -vga qxl -monitor tcp::5678,server,nowait -vnc :0 -spice port=8000,disable-ticketing

target cmdline:

/usr/libexec/qemu-kvm -enable-kvm -m 4G -smp 2 -name rhel6vm -uuid 1e3f234d-338f-e438-1d43-14393856409c -nodefconfig -nodefaults -rtc base=utc -boot c -drive file=/var/lib/libvirt/images/VMs/rhel6vm.img,if=ide,cache=off,id=drive-virtio-disk0,format=raw -usb -netdev tap,script=/home/alwillia/bin/br0-ifup,id=hostnet0 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:5f:78:73,bus=pci.0,addr=0x3 -mem-path /hugepages/ -vga qxl -monitor tcp::5679,server,nowait -vnc :1 -spice port=8001,disable-ticketing -incoming tcp::4444

migrated with: migrate tcp::4444

only connected via vnc
Comment 2 Gerd Hoffmann 2011-02-15 09:27:24 UTC 
*** Bug 676558 has been marked as a duplicate of this bug. ***
Comment 3 Amos Kong 2011-02-23 06:25:42 UTC 
*** Bug 679659 has been marked as a duplicate of this bug. ***
Comment 4 Uri Lublin 2011-02-23 23:23:08 UTC 
*** Bug 679006 has been marked as a duplicate of this bug. ***
Comment 11 Laura Bailey 2011-04-27 02:42:07 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
spice-server tried to use migration information even when it was not provided or required. This resulted in a segmentation fault in the client machine (the source of the migration operation). A check now determines whether the client has provided or is required to provide migration information. (BZ#674451)
Comment 12 Gerd Hoffmann 2011-04-28 10:24:40 UTC 
Looks good to me.
Comment 13 errata-xmlrpc 2011-05-19 14:07:48 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0705.html