Bug 739480 - qemu-kvm core dumps when migration with reboot
Summary: qemu-kvm core dumps when migration with reboot
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: qemu-kvm
Version: 6.2
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Paolo Bonzini
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-09-19 08:24 UTC by Xiaoqing Wei
Modified: 2013-01-10 00:21 UTC (History)
11 users (show)

Fixed In Version: qemu-kvm-0.12.1.2-2.206.el6
Doc Type: Bug Fix
Doc Text:
Due to wrong initialization order for some data structures, in rare cases migration could fail and the instance of QEMU on the receiving host would crash with a segmentation fault. The initialization code has been fixed, and the crashes should not happen anymore.
Clone Of:
Environment:
Last Closed: 2011-12-06 16:03:44 UTC

Attachments (Terms of Use)
gdb-output detail (7.70 KB, text/plain)
2011-09-19 08:26 UTC, Xiaoqing Wei 		no flags Details
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1531 normal SHIPPED_LIVE Moderate: qemu-kvm security, bug fix, and enhancement update 2011-12-06 01:23:30 UTC

Description Xiaoqing Wei 2011-09-19 08:24:46 UTC 
Description of problem:

qemu-kvm core dumps when migration with reboot
Version-Release number of selected component (if applicable):
qemu-kvm-0.12.1.2-2.190.el6.x86_64

How reproducible:
1 / 20

Steps to Reproduce:
1. boot a guest with cmd as below:

qemu-kvm -name win7-64 -monitor stdio -chardev socket,id=serial_id_20110919-102955-S9kt,path=/tmp/serial-20110919-102955-S9kt,server,nowait \
-device isa-serial,chardev=serial_id_20110919-102955-S9kt \
-drive file='/win7-64-virtio.qcow2',index=0,if=none,id=drive-virtio-disk1,media=disk,cache=none,format=qcow2,aio=native \
-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk1,id=virtio-disk1 \
-device virtio-net-pci,netdev=idAuejnN,mac=9a:54:0d:18:83:7e,id=ndev00idAuejnN,bus=pci.0,addr=0x3 \
-netdev tap,id=idAuejnN,vhost=on -m 2048 -smp 4,cores=2,threads=1,sockets=2 \
-drive file='/winutils.iso',index=1,if=none,id=drive-ide0-0-0,media=cdrom,readonly=on,format=raw \
-device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -cpu cpu64-rhel6,+sse2,+x2apic \
-spice port=8000,disable-ticketing \
-vga qxl -rtc base=localtime,clock=host,driftfix=none \
-boot order=cdn,once=c,menu=off   \
-usbdevice tablet  -M rhel6.2.0 -enable-kvm

2. login guest and reboot it 
3. on qemu-monitor "migrate -d tcp:0:5200"
  
Actual results:
qemu-kvm sometimes core dump

Expected results:
guest works well, qemu-kvm not core dump

Additional info:
Guest info : win7-64(qxl 0.1-10)

detail gdb output will be attached
(gdb) bt
#0  0x000000000043e0a7 in ide_bmdma_post_load (opaque=<value optimized out>, version_id=3)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/ide/pci.c:179
#1  ide_pci_post_load (opaque=<value optimized out>, version_id=3)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/ide/pci.c:247
#2  0x00000000004c1009 in vmstate_load_state (f=0x300c010, vmsd=0x5b56e0, opaque=0x305b010, 
    version_id=3) at savevm.c:1354
#3  0x00000000004c13d9 in qemu_loadvm_state (f=0x300c010) at savevm.c:1784
#4  0x00000000004b9af9 in process_incoming_migration (f=<value optimized out>) at migration.c:73
#5  0x00000000004b9e0f in tcp_accept_incoming_migration (opaque=<value optimized out>)
    at migration-tcp.c:165
#6  0x000000000040c1ff in main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:3854
#7  0x0000000000429fca in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2204
#8  0x000000000040db05 in main_loop (argc=<value optimized out>, argv=<value optimized out>, 
    envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4064
#9  main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6284
Comment 1 Xiaoqing Wei 2011-09-19 08:26:37 UTC 
Created attachment 523804 [details]
gdb-output detail
Comment 2 Paolo Bonzini 2011-09-19 14:25:20 UTC 
Can I have the invocation command line for qemu-kvm on the incoming side, too?
Comment 3 Xiaoqing Wei 2011-09-19 14:47:52 UTC 
(In reply to comment #2)
> Can I have the invocation command line for qemu-kvm on the incoming side, too?

Hi Paolo,
The incoming side cmd is similar to above , just adding a "-incoming tcp:0:5200"
Comment 5 Paolo Bonzini 2011-09-19 15:38:28 UTC 
That's what I was doing and I could not reproduce it (as evident from comment 2 :)) but it looks like it was fixed upstream by commit 61d9d6b0.

Test brew build available at

    https://brewweb.devel.redhat.com/taskinfo?taskID=3646955
Comment 6 Xiaoqing Wei 2011-09-19 16:07:55 UTC 
(In reply to comment #5)
> That's what I was doing and I could not reproduce it (as evident from comment 2
I also can not reproduce since I met it, :)
tried 40+ rounds of reproducing.

> :)) but it looks like it was fixed upstream by commit 61d9d6b0.
> 
> Test brew build available at
> 
>     https://brewweb.devel.redhat.com/taskinfo?taskID=3646955


ok , will test it ,then.

Thanks and Best Regards,
Xiaoqing.
Comment 7 Paolo Bonzini 2011-09-20 16:03:59 UTC 
Do you remember at which phase of the reboot you started migration when it failed?
Comment 11 Mike Cao 2011-10-21 10:17:47 UTC 
Verified on qemu-kvm-0.12.1.2-2.199.el6.x86_64

steps:
1.use autotest scripts to run job "migration with reboot" 214 times

Actual Results:
segfault 25 times ,review all the core files ,all triggered Bug https://bugzilla.redhat.com/show_bug.cgi?id=736631 ,none of the core file's back-trace is as same as the original one of this Bug .

Based on above ,this issue has been fixed ald.
Comment 14 Eduardo Habkost 2011-10-28 18:01:08 UTC 
Moving to ON_QA because Errata Tool did not do it
Comment 16 Paolo Bonzini 2011-11-17 17:39:06 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Due to wrong initialization order for some data structures, in rare cases migration could fail and the instance of QEMU on the receiving host would crash with a segmentation fault.  The initialization code has been fixed, and the crashes should not happen anymore.
Comment 17 errata-xmlrpc 2011-12-06 16:03:44 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1531.html
Note You need to log in before you can comment on or make changes to this bug.