Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 632458

Summary: Guest may core dump when booting with spice and qxl.
Product: Red Hat Enterprise Linux 6 Reporter: YangFeng <fyang>
Component: qemu-kvmAssignee: Gerd Hoffmann <kraxel>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.0CC: akong, lihuang, michen, mkenneth, qzhou, shuang, tburke, virt-maint
Target Milestone: beta   
Target Release: 6.1   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: qemu-kvm-0.12.1.2-2.133.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-05-19 11:29:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 580954    

Description YangFeng 2010-09-10 02:04:31 UTC 
Description of problem:
Sometimes, Guest core dump when booting with spice and qxl.
(qemu) /bin/sh: line 1: 11186 Segmentation fault      (core dumped) /usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/qemu -name 'vm1' -chardev socket,id=human_monitor_3vth,path=/tmp/monitor-humanmonitor1-20100907-165150-LxE6,server,nowait -mon chardev=human_monitor_3vth,mode=readline -chardev socket,id=serial_SSFT,path=/tmp/serial-20100907-165150-LxE6,server,nowait -device isa-serial,chardev=serial_SSFT -drive file='/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/images/RHEL-4.8-64-virtio.raw',index=0,if=none,id=drive-virtio-disk1,media=disk,cache=writethrough,boot=on,format=raw,aio=native -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk1,id=virtio-disk1 -device virtio-net-pci,netdev=idLt8NpY,id=ndev00idLt8NpY,mac='02:C6:F5:F9:0e:cc',bus=pci.0,addr=0x3 -netdev tap,id=idLt8NpY,ifname='virtio_0_8000',script='/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/scripts/qemu-ifup-switch',downscript='no' -m 8192 -smp 4 -cpu cpu64-rhel6,+x2apic -vnc :0 -spice port=8000,disable-ticketing -vga qxl -rtc base=utc,clock=host,driftfix=none -M rhel6.0.0 -usbdevice tablet -no-kvm-pit-reinjection
(qemu) (Process terminated with status 139)



Version-Release number of selected component (if applicable):
Host kernel: 2.6.32-71.el6.x86_64
qemu-kvm version: qemu-kvm-0.12.1.2-2.113.el6.x86_64


How reproducible:
Random issue,rarely reproduce

Steps to Reproduce:
1. Boot up guest with spice and qxl. e.g. /usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/qemu -name 'vm1' -chardev socket,id=human_monitor_3vth,path=/tmp/monitor-humanmonitor1-20100907-165150-LxE6,server,nowait -mon chardev=human_monitor_3vth,mode=readline -chardev socket,id=serial_SSFT,path=/tmp/serial-20100907-165150-LxE6,server,nowait -device isa-serial,chardev=serial_SSFT -drive file='/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/images/RHEL-4.8-64-virtio.raw',index=0,if=none,id=drive-virtio-disk1,media=disk,cache=writethrough,boot=on,format=raw,aio=native -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk1,id=virtio-disk1 -device virtio-net-pci,netdev=idLt8NpY,id=ndev00idLt8NpY,mac='02:C6:F5:F9:0e:cc',bus=pci.0,addr=0x3 -netdev tap,id=idLt8NpY,ifname='virtio_0_8000',script='/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/scripts/qemu-ifup-switch',downscript='no' -m 8192 -smp 4 -cpu cpu64-rhel6,+x2apic -vnc :0 -spice port=8000,disable-ticketing -vga qxl -rtc base=utc,clock=host,driftfix=none -M rhel6.0.0 -usbdevice tablet -no-kvm-pit-reinjection
2. 
3.
  
Actual results:
Guest core dump
(qemu) /bin/sh: line 1: 11186 Segmentation fault      (core dumped) /usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/qemu -name 'vm1' -chardev socket,id=human_monitor_3vth,path=/tmp/monitor-humanmonitor1-20100907-165150-LxE6,server,nowait -mon chardev=human_monitor_3vth,mode=readline -chardev socket,id=serial_SSFT,path=/tmp/serial-20100907-165150-LxE6,server,nowait -device isa-serial,chardev=serial_SSFT -drive file='/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/images/RHEL-4.8-64-virtio.raw',index=0,if=none,id=drive-virtio-disk1,media=disk,cache=writethrough,boot=on,format=raw,aio=native -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk1,id=virtio-disk1 -device virtio-net-pci,netdev=idLt8NpY,id=ndev00idLt8NpY,mac='02:C6:F5:F9:0e:cc',bus=pci.0,addr=0x3 -netdev tap,id=idLt8NpY,ifname='virtio_0_8000',script='/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/scripts/qemu-ifup-switch',downscript='no' -m 8192 -smp 4 -cpu cpu64-rhel6,+x2apic -vnc :0 -spice port=8000,disable-ticketing -vga qxl -rtc base=utc,clock=host,driftfix=none -M rhel6.0.0 -usbdevice tablet -no-kvm-pit-reinjection
(qemu) (Process terminated with status 139)

Expected results:
Guest could boot up successfully.


Additional info:
(gdb) bt
#0  0x00000037ed683ddb in memcpy () from /lib64/libc.so.6
#1  0x0000000000471dd0 in qemu_spice_display_create_update (ds=0x2831c10, dirty=<value optimized out>, unique=<value optimized out>) at /usr/include/bits/string3.h:52
#2  0x0000000000473267 in _qxl_get_command (d=0x50217c0, cmd=0x7f4de61b6290) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl.c:288
#3  0x00000037f8e2deb2 in ?? () from /usr/lib64/libspice-server.so.0
#4  0x00000037f8e2fd81 in red_worker_main () from /usr/lib64/libspice-server.so.0
#5  0x00000037ede077e1 in start_thread () from /lib64/libpthread.so.0
#6  0x00000037ed6e153d in clone () from /lib64/libc.so.6
(gdb)
Comment 2 Amos Kong 2010-10-13 02:17:44 UTC 
can reproduce with qemu-kvm-0.12.1.2-2.113.el6_0.1.x86_64.
Comment 3 YangFeng 2010-10-13 06:31:38 UTC 
(gdb) bt
#0  0x00000033178329a5 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x0000003317834185 in abort () at abort.c:92
#2  0x0000000000471f07 in qemu_spice_display_create_update (ds=0x24c6940, dirty=<value optimized out>, unique=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/spice-display.c:109
#3  0x0000000000473467 in _qxl_get_command (d=0x4cb67c0, cmd=0x7fafc75b8290) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl.c:288
#4  0x000000332242deb2 in red_process_commands (worker=0x7fafc75b83d0, max_pipe_size=50) at red_worker.c:4541
#5  0x000000332242fd81 in red_worker_main (arg=<value optimized out>) at red_worker.c:8864
#6  0x0000003317c077e1 in start_thread (arg=0x7fafc75fe710) at pthread_create.c:301
#7  0x00000033178e153d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
(gdb) 

qemu-kvm: qemu-kvm-0.12.1.2-2.113.el6_0.1.x86_64
kernel: 2.6.32-71.2.1.el6_0.x86_64
Comment 4 Amit Shah 2010-10-13 12:07:42 UTC 
Can you reproduce this with qemu-kvm-0.12.1.2-2.114?
Comment 5 YangFeng 2010-10-14 08:55:11 UTC 
(In reply to comment #4)
> Can you reproduce this with qemu-kvm-0.12.1.2-2.114?

This is a random issue,rarely reproduce on qemu-kvm-0.12.1.2-2.113.el6_0.1.x86_64.

Have tried 60 times on qemu-kvm-0.12.1.2-2.114. Did not reproduce it.

Will try more and update result late.
Comment 13 Qingtang Zhou 2011-02-25 06:14:04 UTC 
This bug reproduced on 

# rpm -q qemu-kvm
qemu-kvm-0.12.1.2-2.113.el6_0.7

It's in 6.0.z stream.
Comment 15 Miya Chen 2011-03-10 05:56:10 UTC 
move to verified based on comment#12, will re-open it if find it again.
Comment 16 Suqin Huang 2011-05-04 02:35:19 UTC 
hi kraxel,
can you clone this bug to rhel6.0z, this bug reproduce on qemu-kvm-0.12.1.2-2.113.el6_0.8.x86_64
Comment 17 errata-xmlrpc 2011-05-19 11:29:20 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0534.html
Comment 18 errata-xmlrpc 2011-05-19 12:48:17 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0534.html