Bug 718713

Summary: VM (spice-server) crash during migration (at destination)
Product: Red Hat Enterprise Linux 6 Reporter: Yonit Halperin <yhalperi>
Component: spice-serverAssignee: Yonit Halperin <yhalperi>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.1CC: cmeadors, dblechte, djasa, mkenneth, uril
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: spice-server-0.8.2-2.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-06 15:21:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
proposed solution none

Description Yonit Halperin 2011-07-04 11:41:03 UTC 
Description of problem:
sometimes, while migrating to server x, server x crashes

qxl-0: qxl_pre_load: start
qxl-0: qxl_hard_reset: start (loadvm)
qxl-0: qxl_reset_surfaces:
handle_dev_destroy_surfaces:
id 0, group 0, virt start 0, virt end ffffffffffffffff, generation 0, delta 0
validate_virt: panic: virtual address out of range
virt=0x175f99c+0xbf slot_id=1 group_id=1
slot=0x0-0x0 delta=0x0


This happens since in handle_dev_destroy_surface, flush_all_qxl_commands is called. Then, there is an attempt to read the qxl command ring. The command ring appears not to be empty. However, the device hasn't been fully loaded yet and the attempt to process a command and access the pci memory leads to the crash.
Comment 2 Yonit Halperin 2011-07-04 12:32:49 UTC 
Created attachment 511183 [details]
proposed solution
Comment 6 errata-xmlrpc 2011-12-06 15:21:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1634.html