Description of problem:
When using the command "__com.redhat_spice_migrate_info" but type a wrong port behind it, qemu got a segmentation fault. Please check the steps for details.
And seems it is a regression in qemu-kvm-0.12.1.2-2.194.el6.
Retest with qemu-kvm-195, hit the issue.
Retest with qemu-kvm-193, did not hit the issue.
Version-Release number of selected component (if applicable):
qemu-kvm-0.12.1.2-2.207.el6.x86_64
kernel-2.6.32-214.el6.x86_64
How reproducible:
Always
Steps to Reproduce:
1. Boot a guest in src host A and dst host B with listening mode.
CLI:
Host A:
(gdb) r -M rhel6.2.0 -cpu cpu64-rhel6,+x2apic -enable-kvm -m 2048 -smp 2,sockets=2,cores=1,threads=1 -name RHEL6 -uuid 821af33f-9b98-4580-bd96-1f82f96280a4 -monitor stdio -rtc base=localtime -boot c -device virtio-serial-pci,id=virtio-serial0,max_ports=16,bus=pci.0,addr=0x4 -drive file=/media/rhel6u2.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,werror=stop,rerror=stop -device ide-drive,bus=ide.0,unit=0,drive=drive-virtio-disk0,id=virtio-disk0 -netdev tap,id=hostnet0,vhost=on,script=/etc/qemu-ifup -device virtio-net-pci,netdev=hostnet0,id=net0,mac=00:1a:4a:10:20:3a,bus=pci.0,addr=0x3 -chardev socket,id=charchannel0,path=/tmp/foo,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.rhevm.vdsm -usb -device usb-tablet -spice port=5930,disable-ticketing -vga qxl -global qxl-vga.vram_size=67108864
Host B:
Same command parameters and with "-incoming tcp:0:5800"
2.Host A:
(qemu)migrate -d tcp:$host_B_ip:5800
3.After finish migration.
On host B:
(qemu)__com.redhat_spice_migrate_info 10.66.9.184:5800
(Actually should be "__com.redhat_spice_migrate_info 10.66.9.184 5930", type a wrong string lead to the problem."
Actual results:
Qemu got segmentation fault on host B after input the wrong port number.
Expected results:
No segmentation fault.
Additional info:
Host B segmentation fault logs:
Program received signal SIGSEGV, Segmentation fault.
0x00000037cee751e5 in malloc_consolidate () from /lib64/libc.so.6
(gdb)
(gdb) bt
#0 0x00000037cee751e5 in malloc_consolidate () from /lib64/libc.so.6
#1 0x00000037cee78062 in _int_malloc () from /lib64/libc.so.6
#2 0x00000037cee7948d in malloc () from /lib64/libc.so.6
#3 0x00000037d16b5440 in spice_malloc (n_bytes=4344) at ../common/mem.c:88
#4 0x00000037d16b5a1e in spice_marshaller_new () at ../common/marshaller.c:120
#5 0x00000037d1614f5e in marshaller_new_for_outgoing (state=0x1935ed0, type=102) at reds.c:2262
#6 0x00000037d1618616 in reds_send_keyboard_modifiers (modifiers=0 '\000') at reds.c:2605
#7 0x000000000040c4f8 in qemu_run_timers (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:1309
#8 main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4058
#9 0x000000000042aeaa in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2225
#10 0x000000000040de35 in main_loop (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>)
at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4234
#11 main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>)
at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6470
Yes, test on qemu-kvm-0.12.1.2-2.265.el6.x86_64, the problem is fixed.
After step 3 on bug description:
(qemu) __com.redhat_spice_migrate_info 10.66.9.184:5800
Parameter 'port/tls-port' is missing
(qemu)
(qemu)
(qemu) __com.redhat_spice_migrate_info 10.66.9.184 ?
invalid char in expression
(qemu)
(qemu) __com.redhat_spice_migrate_info ?
Parameter 'port/tls-port' is missing
Guest does not hang and gives prompt. So this issue is fixed.
Description of problem: When using the command "__com.redhat_spice_migrate_info" but type a wrong port behind it, qemu got a segmentation fault. Please check the steps for details. And seems it is a regression in qemu-kvm-0.12.1.2-2.194.el6. Retest with qemu-kvm-195, hit the issue. Retest with qemu-kvm-193, did not hit the issue. Version-Release number of selected component (if applicable): qemu-kvm-0.12.1.2-2.207.el6.x86_64 kernel-2.6.32-214.el6.x86_64 How reproducible: Always Steps to Reproduce: 1. Boot a guest in src host A and dst host B with listening mode. CLI: Host A: (gdb) r -M rhel6.2.0 -cpu cpu64-rhel6,+x2apic -enable-kvm -m 2048 -smp 2,sockets=2,cores=1,threads=1 -name RHEL6 -uuid 821af33f-9b98-4580-bd96-1f82f96280a4 -monitor stdio -rtc base=localtime -boot c -device virtio-serial-pci,id=virtio-serial0,max_ports=16,bus=pci.0,addr=0x4 -drive file=/media/rhel6u2.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,werror=stop,rerror=stop -device ide-drive,bus=ide.0,unit=0,drive=drive-virtio-disk0,id=virtio-disk0 -netdev tap,id=hostnet0,vhost=on,script=/etc/qemu-ifup -device virtio-net-pci,netdev=hostnet0,id=net0,mac=00:1a:4a:10:20:3a,bus=pci.0,addr=0x3 -chardev socket,id=charchannel0,path=/tmp/foo,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.rhevm.vdsm -usb -device usb-tablet -spice port=5930,disable-ticketing -vga qxl -global qxl-vga.vram_size=67108864 Host B: Same command parameters and with "-incoming tcp:0:5800" 2.Host A: (qemu)migrate -d tcp:$host_B_ip:5800 3.After finish migration. On host B: (qemu)__com.redhat_spice_migrate_info 10.66.9.184:5800 (Actually should be "__com.redhat_spice_migrate_info 10.66.9.184 5930", type a wrong string lead to the problem." Actual results: Qemu got segmentation fault on host B after input the wrong port number. Expected results: No segmentation fault. Additional info: Host B segmentation fault logs: Program received signal SIGSEGV, Segmentation fault. 0x00000037cee751e5 in malloc_consolidate () from /lib64/libc.so.6 (gdb) (gdb) bt #0 0x00000037cee751e5 in malloc_consolidate () from /lib64/libc.so.6 #1 0x00000037cee78062 in _int_malloc () from /lib64/libc.so.6 #2 0x00000037cee7948d in malloc () from /lib64/libc.so.6 #3 0x00000037d16b5440 in spice_malloc (n_bytes=4344) at ../common/mem.c:88 #4 0x00000037d16b5a1e in spice_marshaller_new () at ../common/marshaller.c:120 #5 0x00000037d1614f5e in marshaller_new_for_outgoing (state=0x1935ed0, type=102) at reds.c:2262 #6 0x00000037d1618616 in reds_send_keyboard_modifiers (modifiers=0 '\000') at reds.c:2605 #7 0x000000000040c4f8 in qemu_run_timers (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:1309 #8 main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4058 #9 0x000000000042aeaa in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2225 #10 0x000000000040de35 in main_loop (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4234 #11 main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6470