Bug 679659

Summary: Segfault occurred when migrate with spice
Product: Red Hat Enterprise Linux 6 Reporter: Amos Kong <akong>
Component: qemu-kvmAssignee: Virtualization Maintenance <virt-maint>
Status: CLOSED DUPLICATE QA Contact: Virtualization Bugs <virt-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.1CC: ailan, mkenneth, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-02-23 06:25:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 580954    

Description Amos Kong 2011-02-23 06:03:50 UTC 
Description of problem:
I try to do internal migration, guests use spice, but segfault always occur during migration.

Version-Release number of selected component (if applicable):
# rpm -qa |grep qemu
qemu-kvm-0.12.1.2-2.147.el6.x86_64
qemu-img-0.12.1.2-2.147.el6.x86_64
qemu-kvm-tools-0.12.1.2-2.147.el6.x86_64
gpxe-roms-qemu-0.9.7-6.4.el6.noarch
qemu-kvm-debuginfo-0.12.1.2-2.147.el6.x86_64
# rpm -qa |grep spice
spice-server-0.7.2-4.el6.x86_64
spice-server-debuginfo-0.7.2-4.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. boot up src and dest vm (using spice)
2. do internal migration
  
Actual results:
segfualt occurred.

Expected results:
internal migration completed.


Additional info:
1. qemu cmdline:
# qemu-kvm -name vm1 -chardev socket,id=human_monitor_id_20110223-085318-bfFr,path=/tmp/monitor-humanmonitor1-20110223-085318-bfFr,server,nowait -mon chardev=human_monitor_id_20110223-085318-bfFr,mode=readline -chardev socket,id=serial_id_20110223-085318-bfFr,path=/tmp/serial-20110223-085318-bfFr,server,nowait -device isa-serial,chardev=serial_id_20110223-085318-bfFr -drive file=/home/devel/autotest-devel/client/tests/kvm/images/RHEL-Server-6.0-64-virtio.qcow2,index=0,if=none,id=drive-virtio-disk1,media=disk,cache=none,format=qcow2,aio=native -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk1,id=virtio-disk1 -device virtio-net-pci,netdev=idi86uSe,mac=9a:3e:14:01:86:56,netdev=idi86uSe,id=ndev00idi86uSe,bus=pci.0,addr=0x3 -netdev tap,id=idi86uSe,vhost=on,ifname=t0-085318-bfFr,script=/home/devel/autotest-devel/client/tests/kvm/scripts/qemu-ifup-switch,downscript=no -m 1024 -smp 2,cores=1,threads=1,sockets=2 -cpu cpu64-rhel6,+sse2,+x2apic -spice port=8001,disable-ticketing -vga qxl -rtc base=utc,clock=host,driftfix=none -boot order=cdn,once=c,menu=off -usbdevice tablet -no-kvm-pit-reinjection -enable-kvm -incoming tcp:0:5200

2. CoreTrace:
Program terminated with signal 11, Segmentation fault.
#0  reds_mig_switch (s=<value optimized out>) at reds.c:3379
3379        migrate.port = s->port;
(gdb) bt
#0  reds_mig_switch (s=<value optimized out>) at reds.c:3379
#1  spice_server_migrate_switch (s=<value optimized out>) at reds.c:4184
#2  0x00000000004df239 in notifier_list_notify (list=<value optimized out>) at notify.c:37
#3  0x00000000004b9472 in buffered_put_buffer (opaque=0x23a40f0, buf=0x0, pos=0, size=0) at buffered_file.c:163
#4  0x000000000040bb56 in main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4429
#5  0x000000000042b2fa in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2165
#6  0x000000000040ef0f in main_loop (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4634
#7  main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6848
(gdb) info threads
  5 Thread 0x7f078339e700 (LWP 32315)  0x00000037c9a33add in do_sigtimedwait (set=<value optimized out>, info=0x7f078339da20, timeout=<value optimized out>)
    at ../sysdeps/unix/sysv/linux/sigtimedwait.c:56
  4 Thread 0x7f0783da3700 (LWP 32314)  0x00000037c9a33add in do_sigtimedwait (set=<value optimized out>, info=0x7f0783da2a20, timeout=<value optimized out>)
    at ../sysdeps/unix/sysv/linux/sigtimedwait.c:56
  3 Thread 0x7f0780c00700 (LWP 32414)  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:216
  2 Thread 0x7f0781601700 (LWP 32321)  0x00000037c9ae63c3 in epoll_wait () at ../sysdeps/unix/syscall-template.S:82
* 1 Thread 0x7f078a9dd940 (LWP 32302)  reds_mig_switch (s=<value optimized out>) at reds.c:3379

(gdb) bt full
#0  reds_mig_switch (s=<value optimized out>) at reds.c:3379
        s = 0x0
        migrate = {port = 0, sport = 0, host_size = 0, host_data = 0x4b973a "\205\300u:H\307C(", cert_subject_size = 1, cert_subject_data = 0x2372ce0 "ЗK"}
        item = 0x23d6fd0
#1  spice_server_migrate_switch (s=<value optimized out>) at reds.c:4184
        __FUNCTION__ = "spice_server_migrate_switch"
#2  0x00000000004df239 in notifier_list_notify (list=<value optimized out>) at notify.c:37
        notifier = <value optimized out>
        next = 0x0
#3  0x00000000004b9472 in buffered_put_buffer (opaque=0x23a40f0, buf=0x0, pos=0, size=0) at buffered_file.c:163
        s = 0x23a40f0
        offset = 0
        ret = <value optimized out>
#4  0x000000000040bb56 in main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4429
        pioh = <value optimized out>
        ioh = 0x2259dd0
        rfds = {fds_bits = {562949953421312, 0 <repeats 15 times>}}
        wfds = {fds_bits = {288230376151711744, 0 <repeats 15 times>}}
        xfds = {fds_bits = {0 <repeats 16 times>}}
        ret = 2
        nfds = <value optimized out>
        tv = {tv_sec = 0, tv_usec = 999986}
#5  0x000000000042b2fa in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2165
        fds = {47, 48}
        mask = {__val = {268443712, 0 <repeats 15 times>}}
        sigfd = <value optimized out>
#6  0x000000000040ef0f in main_loop (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4634
        r = <value optimized out>
#7  main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6848
        gdbstub_dev = 0x0
        i = <value optimized out>
        snapshot = 0
        linux_boot = 0
        initrd_filename = 0x0
        kernel_filename = 0x0
        kernel_cmdline = 0x63bd42 ""
        boot_devices = "c\000n", '\000' <repeats 29 times>
        ds = <value optimized out>
        dcl = <value optimized out>
        cyls = 0
        heads = 0
        secs = 0
        translation = 0
        hda_opts = <value optimized out>
        opts = <value optimized out>
        olist = <value optimized out>
        optind = 37
        optarg = 0x0
        loadvm = 0x0
---Type <return> to continue, or q <return> to quit---
        machine = <value optimized out>
        cpu_model = 0x7fffc3d70bfd "cpu64-rhel6,+sse2,+x2apic"
        fds = {269549568, 134219936}
        tb_size = 0
        pid_file = 0x0
        incoming = 0x0
        fd = 0
        pwd = 0x0
        chroot_dir = 0x0
        run_as = 0x0
        env = <value optimized out>
        show_vnc_port = <value optimized out>
        defconfig = <value optimized out>
        defconfig_verbose = <value optimized out>
Comment 2 Amos Kong 2011-02-23 06:25:42 UTC 

*** This bug has been marked as a duplicate of bug 674451 ***