Bug 876751

Summary: Crash during migration from file in git master
Product: [Fedora] Fedora Reporter: Alexander Larsson <alexl>
Component: qemuAssignee: Fedora Virtualization Maintainers <virt-maint>
Status: CLOSED DEFERRED QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 18CC: amit.shah, berrange, cfergeau, crobinso, dwmw2, gleb, itamar, knoel, pbonzini, rjones, scottt.tw, virt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-12-14 16:40:36 EST Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Alexander Larsson 2012-11-14 16:07:50 EST 
This is not really a F18 bug, as it affects qemu git only, but i found it while  working on bug 867366.

I have a win7 guest and it always crashes when i restore it from a file like "-incoming "exec:gzip -c -d data.gz"

I bisected the bug to 

http://git.qemu.org/?p=qemu.git;a=commit;h=d22b096ef6e0b20810193b68a1d472f3fb8a4f9e

And the crash is:

    #0 0x00007ffff383cba5 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:63
    #1 0x00007ffff383e358 in __GI_abort () at abort.c:90
    #2 0x00005555557aab50 in kvm_mem_ioeventfd_add (listener=<optimized out>, section=0x7fffffffd0a0, match_data=true, data=0, e=<optimized out>)
    at /vcs/spice/qemu/kvm-all.c:775
    #3 0x00005555557ae1a6 in address_space_add_del_ioeventfds (fds_old_nb=0, fds_old=0x0, fds_new_nb=1, fds_new=0x5555568ea0d0, as=<optimized out>)
    at /vcs/spice/qemu/memory.c:616
    #4 address_space_update_ioeventfds (as=0x55555642bbc0 <address_space_io>) at /vcs/spice/qemu/memory.c:649
    #5 address_space_update_topology (as=as@entry=0x55555642bbc0 <address_space_io>) at /vcs/spice/qemu/memory.c:730
    #6 0x00005555557ae68a in memory_region_transaction_commit () at /vcs/spice/qemu/memory.c:750
    #7 0x00005555556d2943 in virtio_pci_set_host_notifier_internal (proxy=proxy@entry=0x555556988250, n=n@entry=0, assign=assign@entry=true, set_handler=set_handler@entry=
    true) at hw/virtio-pci.c:178
    #8 0x00005555556d3453 in virtio_pci_start_ioeventfd (proxy=<optimized out>) at hw/virtio-pci.c:204
    #9 virtio_pci_start_ioeventfd (proxy=0x555556988250) at hw/virtio-pci.c:189
    #10 0x00005555557a4fba in virtio_vmstate_change (opaque=0x555556989bf0, running=<optimized out>, state=<optimized out>) at /vcs/spice/qemu/hw/virtio.c:896
    #11 0x0000555555755650 in vm_state_notify (state=RUN_STATE_RUNNING, running=1) at vl.c:1325
    #12 vm_start () at vl.c:1334
    #13 0x00005555556e3885 in process_incoming_migration (f=f@entry=0x555556a08ec0) at migration.c:103
    #14 0x00005555556e2580 in exec_accept_incoming_migration (opaque=0x555556a08ec0) at migration-exec.c:100
    #15 0x00005555556d9267 in qemu_iohandler_poll (readfds=readfds@entry=0x555556003160 <rfds>, writefds=writefds@entry=0x5555560031e0 <wfds>, xfds=xfds@entry=
    0x555556003260 <xfds>, ret=ret@entry=1) at iohandler.c:124
    #16 0x00005555556e2461 in main_loop_wait (nonblocking=<optimized out>) at main-loop.c:497
    #17 0x00005555555cbf2b in main_loop () at vl.c:1652
    #18 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:3782


kvm_mem_ioeventfd_add calls kvm_set_ioeventfd_mmio which calls kvm_vm_ioctl which returns EEXIST, which leads to the abort.

The exact command line was:
x86_64-softmmu/qemu-system-x86_64 --enable-kvm -m 2G -smp 4 -name win7 -uuid 88406e09-8378-4879-89a7-c99f35855ffd -monitor stdio -rtc base=localtime,driftfix=slew -drive file=/home/alex/.local/share/gnome-boxes/images/win7-2.img,if=none,id=drive-test,format=qcow2,cache=none,werror=stop,rerror=stop -device ide-drive,drive=drive-test,id=test -vga std -device virtio-serial-pci,id=virtio-serial0 -chardev socket,id=chardev0,path=/tmp/guestfs,server,nowait -device virtserialport,id=port0,name=org.windows-kvm.port.1,chardev=chardev0 -incoming "exec:gzip -c -d data.gz"
Comment 1 Cole Robinson 2012-12-14 16:40:36 EST 
Hi Alex,

If you're working off git, and can still reproduce with current upstream, please either fire off an email to qemu-devel@nongnu.org, or file a bug in qemu's upstream bug tracker:

https://bugs.launchpad.net/qemu/+filebug

The audience here is much smaller, you'll have better luck going through upstream channels.