RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 632458 - Guest may core dump when booting with spice and qxl.
Summary: Guest may core dump when booting with spice and qxl.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: qemu-kvm
Version: 6.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: beta
: 6.1
Assignee: Gerd Hoffmann
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks: 580954
TreeView+ depends on / blocked
 
Reported: 2010-09-10 02:04 UTC by YangFeng
Modified: 2013-01-09 23:06 UTC (History)
8 users (show)

Fixed In Version: qemu-kvm-0.12.1.2-2.133.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-05-19 11:29:20 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:0534 0 normal SHIPPED_LIVE Important: qemu-kvm security, bug fix, and enhancement update 2011-05-19 11:20:36 UTC

Description YangFeng 2010-09-10 02:04:31 UTC 
Description of problem:
Sometimes, Guest core dump when booting with spice and qxl.
(qemu) /bin/sh: line 1: 11186 Segmentation fault      (core dumped) /usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/qemu -name 'vm1' -chardev socket,id=human_monitor_3vth,path=/tmp/monitor-humanmonitor1-20100907-165150-LxE6,server,nowait -mon chardev=human_monitor_3vth,mode=readline -chardev socket,id=serial_SSFT,path=/tmp/serial-20100907-165150-LxE6,server,nowait -device isa-serial,chardev=serial_SSFT -drive file='/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/images/RHEL-4.8-64-virtio.raw',index=0,if=none,id=drive-virtio-disk1,media=disk,cache=writethrough,boot=on,format=raw,aio=native -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk1,id=virtio-disk1 -device virtio-net-pci,netdev=idLt8NpY,id=ndev00idLt8NpY,mac='02:C6:F5:F9:0e:cc',bus=pci.0,addr=0x3 -netdev tap,id=idLt8NpY,ifname='virtio_0_8000',script='/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/scripts/qemu-ifup-switch',downscript='no' -m 8192 -smp 4 -cpu cpu64-rhel6,+x2apic -vnc :0 -spice port=8000,disable-ticketing -vga qxl -rtc base=utc,clock=host,driftfix=none -M rhel6.0.0 -usbdevice tablet -no-kvm-pit-reinjection
(qemu) (Process terminated with status 139)



Version-Release number of selected component (if applicable):
Host kernel: 2.6.32-71.el6.x86_64
qemu-kvm version: qemu-kvm-0.12.1.2-2.113.el6.x86_64


How reproducible:
Random issue,rarely reproduce

Steps to Reproduce:
1. Boot up guest with spice and qxl. e.g. /usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/qemu -name 'vm1' -chardev socket,id=human_monitor_3vth,path=/tmp/monitor-humanmonitor1-20100907-165150-LxE6,server,nowait -mon chardev=human_monitor_3vth,mode=readline -chardev socket,id=serial_SSFT,path=/tmp/serial-20100907-165150-LxE6,server,nowait -device isa-serial,chardev=serial_SSFT -drive file='/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/images/RHEL-4.8-64-virtio.raw',index=0,if=none,id=drive-virtio-disk1,media=disk,cache=writethrough,boot=on,format=raw,aio=native -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk1,id=virtio-disk1 -device virtio-net-pci,netdev=idLt8NpY,id=ndev00idLt8NpY,mac='02:C6:F5:F9:0e:cc',bus=pci.0,addr=0x3 -netdev tap,id=idLt8NpY,ifname='virtio_0_8000',script='/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/scripts/qemu-ifup-switch',downscript='no' -m 8192 -smp 4 -cpu cpu64-rhel6,+x2apic -vnc :0 -spice port=8000,disable-ticketing -vga qxl -rtc base=utc,clock=host,driftfix=none -M rhel6.0.0 -usbdevice tablet -no-kvm-pit-reinjection
2. 
3.
  
Actual results:
Guest core dump
(qemu) /bin/sh: line 1: 11186 Segmentation fault      (core dumped) /usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/qemu -name 'vm1' -chardev socket,id=human_monitor_3vth,path=/tmp/monitor-humanmonitor1-20100907-165150-LxE6,server,nowait -mon chardev=human_monitor_3vth,mode=readline -chardev socket,id=serial_SSFT,path=/tmp/serial-20100907-165150-LxE6,server,nowait -device isa-serial,chardev=serial_SSFT -drive file='/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/images/RHEL-4.8-64-virtio.raw',index=0,if=none,id=drive-virtio-disk1,media=disk,cache=writethrough,boot=on,format=raw,aio=native -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk1,id=virtio-disk1 -device virtio-net-pci,netdev=idLt8NpY,id=ndev00idLt8NpY,mac='02:C6:F5:F9:0e:cc',bus=pci.0,addr=0x3 -netdev tap,id=idLt8NpY,ifname='virtio_0_8000',script='/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/scripts/qemu-ifup-switch',downscript='no' -m 8192 -smp 4 -cpu cpu64-rhel6,+x2apic -vnc :0 -spice port=8000,disable-ticketing -vga qxl -rtc base=utc,clock=host,driftfix=none -M rhel6.0.0 -usbdevice tablet -no-kvm-pit-reinjection
(qemu) (Process terminated with status 139)

Expected results:
Guest could boot up successfully.


Additional info:
(gdb) bt
#0  0x00000037ed683ddb in memcpy () from /lib64/libc.so.6
#1  0x0000000000471dd0 in qemu_spice_display_create_update (ds=0x2831c10, dirty=<value optimized out>, unique=<value optimized out>) at /usr/include/bits/string3.h:52
#2  0x0000000000473267 in _qxl_get_command (d=0x50217c0, cmd=0x7f4de61b6290) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl.c:288
#3  0x00000037f8e2deb2 in ?? () from /usr/lib64/libspice-server.so.0
#4  0x00000037f8e2fd81 in red_worker_main () from /usr/lib64/libspice-server.so.0
#5  0x00000037ede077e1 in start_thread () from /lib64/libpthread.so.0
#6  0x00000037ed6e153d in clone () from /lib64/libc.so.6
(gdb)
Comment 2 Amos Kong 2010-10-13 02:17:44 UTC 
can reproduce with qemu-kvm-0.12.1.2-2.113.el6_0.1.x86_64.
Comment 3 YangFeng 2010-10-13 06:31:38 UTC 
(gdb) bt
#0  0x00000033178329a5 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x0000003317834185 in abort () at abort.c:92
#2  0x0000000000471f07 in qemu_spice_display_create_update (ds=0x24c6940, dirty=<value optimized out>, unique=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/spice-display.c:109
#3  0x0000000000473467 in _qxl_get_command (d=0x4cb67c0, cmd=0x7fafc75b8290) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl.c:288
#4  0x000000332242deb2 in red_process_commands (worker=0x7fafc75b83d0, max_pipe_size=50) at red_worker.c:4541
#5  0x000000332242fd81 in red_worker_main (arg=<value optimized out>) at red_worker.c:8864
#6  0x0000003317c077e1 in start_thread (arg=0x7fafc75fe710) at pthread_create.c:301
#7  0x00000033178e153d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
(gdb) 

qemu-kvm: qemu-kvm-0.12.1.2-2.113.el6_0.1.x86_64
kernel: 2.6.32-71.2.1.el6_0.x86_64
Comment 4 Amit Shah 2010-10-13 12:07:42 UTC 
Can you reproduce this with qemu-kvm-0.12.1.2-2.114?
Comment 5 YangFeng 2010-10-14 08:55:11 UTC 
(In reply to comment #4)
> Can you reproduce this with qemu-kvm-0.12.1.2-2.114?

This is a random issue,rarely reproduce on qemu-kvm-0.12.1.2-2.113.el6_0.1.x86_64.

Have tried 60 times on qemu-kvm-0.12.1.2-2.114. Did not reproduce it.

Will try more and update result late.
Comment 13 Qingtang Zhou 2011-02-25 06:14:04 UTC 
This bug reproduced on 

# rpm -q qemu-kvm
qemu-kvm-0.12.1.2-2.113.el6_0.7

It's in 6.0.z stream.
Comment 15 Miya Chen 2011-03-10 05:56:10 UTC 
move to verified based on comment#12, will re-open it if find it again.
Comment 16 Suqin Huang 2011-05-04 02:35:19 UTC 
hi kraxel,
can you clone this bug to rhel6.0z, this bug reproduce on qemu-kvm-0.12.1.2-2.113.el6_0.8.x86_64
Comment 17 errata-xmlrpc 2011-05-19 11:29:20 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0534.html
Comment 18 errata-xmlrpc 2011-05-19 12:48:17 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0534.html
Note You need to log in before you can comment on or make changes to this bug.