Bug 739480 – qemu-kvm core dumps when migration with reboot

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 739480 - qemu-kvm core dumps when migration with reboot

Summary:	qemu-kvm core dumps when migration with reboot

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	qemu-kvm (Show other bugs)
Sub Component:
Version:	6.2
Hardware:	Unspecified Unspecified

Priority	medium Severity medium
Target Milestone:	rc
Target Release:	---
Assigned To:	Paolo Bonzini
QA Contact:	Virtualization Bugs
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2011-09-19 04:24 EDT by Xiaoqing Wei
Modified:	2013-01-09 19:21 EST (History)
CC List:	11 users (show)

See Also:
Fixed In Version:	qemu-kvm-0.12.1.2-2.206.el6
Doc Type:	Bug Fix
Doc Text:	Due to wrong initialization order for some data structures, in rare cases migration could fail and the instance of QEMU on the receiving host would crash with a segmentation fault. The initialization code has been fixed, and the crashes should not happen anymore.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2011-12-06 11:03:44 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
gdb-output detail (7.70 KB, text/plain) 2011-09-19 04:26 EDT, Xiaoqing Wei	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2011:1531	normal	SHIPPED_LIVE	Moderate: qemu-kvm security, bug fix, and enhancement update	2011-12-05 20:23:30 EST

Groups: None (edit)

Description Xiaoqing Wei 2011-09-19 04:24:46 EDT

Description of problem:

qemu-kvm core dumps when migration with reboot
Version-Release number of selected component (if applicable):
qemu-kvm-0.12.1.2-2.190.el6.x86_64

How reproducible:
1 / 20

Steps to Reproduce:
1. boot a guest with cmd as below:

qemu-kvm -name win7-64 -monitor stdio -chardev socket,id=serial_id_20110919-102955-S9kt,path=/tmp/serial-20110919-102955-S9kt,server,nowait \
-device isa-serial,chardev=serial_id_20110919-102955-S9kt \
-drive file='/win7-64-virtio.qcow2',index=0,if=none,id=drive-virtio-disk1,media=disk,cache=none,format=qcow2,aio=native \
-device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk1,id=virtio-disk1 \
-device virtio-net-pci,netdev=idAuejnN,mac=9a:54:0d:18:83:7e,id=ndev00idAuejnN,bus=pci.0,addr=0x3 \
-netdev tap,id=idAuejnN,vhost=on -m 2048 -smp 4,cores=2,threads=1,sockets=2 \
-drive file='/winutils.iso',index=1,if=none,id=drive-ide0-0-0,media=cdrom,readonly=on,format=raw \
-device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -cpu cpu64-rhel6,+sse2,+x2apic \
-spice port=8000,disable-ticketing \
-vga qxl -rtc base=localtime,clock=host,driftfix=none \
-boot order=cdn,once=c,menu=off   \
-usbdevice tablet  -M rhel6.2.0 -enable-kvm

2. login guest and reboot it 
3. on qemu-monitor "migrate -d tcp:0:5200"
  
Actual results:
qemu-kvm sometimes core dump

Expected results:
guest works well, qemu-kvm not core dump

Additional info:
Guest info : win7-64(qxl 0.1-10)

detail gdb output will be attached
(gdb) bt
#0  0x000000000043e0a7 in ide_bmdma_post_load (opaque=<value optimized out>, version_id=3)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/ide/pci.c:179
#1  ide_pci_post_load (opaque=<value optimized out>, version_id=3)
    at /usr/src/debug/qemu-kvm-0.12.1.2/hw/ide/pci.c:247
#2  0x00000000004c1009 in vmstate_load_state (f=0x300c010, vmsd=0x5b56e0, opaque=0x305b010, 
    version_id=3) at savevm.c:1354
#3  0x00000000004c13d9 in qemu_loadvm_state (f=0x300c010) at savevm.c:1784
#4  0x00000000004b9af9 in process_incoming_migration (f=<value optimized out>) at migration.c:73
#5  0x00000000004b9e0f in tcp_accept_incoming_migration (opaque=<value optimized out>)
    at migration-tcp.c:165
#6  0x000000000040c1ff in main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:3854
#7  0x0000000000429fca in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2204
#8  0x000000000040db05 in main_loop (argc=<value optimized out>, argv=<value optimized out>, 
    envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4064
#9  main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6284

Comment 1 Xiaoqing Wei 2011-09-19 04:26:37 EDT

Created attachment 523804 [details]
gdb-output detail

Comment 2 Paolo Bonzini 2011-09-19 10:25:20 EDT

Can I have the invocation command line for qemu-kvm on the incoming side, too?

Comment 3 Xiaoqing Wei 2011-09-19 10:47:52 EDT

(In reply to comment #2)
> Can I have the invocation command line for qemu-kvm on the incoming side, too?

Hi Paolo,
The incoming side cmd is similar to above , just adding a "-incoming tcp:0:5200"

Comment 5 Paolo Bonzini 2011-09-19 11:38:28 EDT

That's what I was doing and I could not reproduce it (as evident from comment 2 :)) but it looks like it was fixed upstream by commit 61d9d6b0.

Test brew build available at

    https://brewweb.devel.redhat.com/taskinfo?taskID=3646955

Comment 6 Xiaoqing Wei 2011-09-19 12:07:55 EDT

(In reply to comment #5)
> That's what I was doing and I could not reproduce it (as evident from comment 2
I also can not reproduce since I met it, :)
tried 40+ rounds of reproducing.

> :)) but it looks like it was fixed upstream by commit 61d9d6b0.
> 
> Test brew build available at
> 
>     https://brewweb.devel.redhat.com/taskinfo?taskID=3646955


ok , will test it ,then.

Thanks and Best Regards,
Xiaoqing.

Comment 7 Paolo Bonzini 2011-09-20 12:03:59 EDT

Do you remember at which phase of the reboot you started migration when it failed?

Comment 11 Mike Cao 2011-10-21 06:17:47 EDT

Verified on qemu-kvm-0.12.1.2-2.199.el6.x86_64

steps:
1.use autotest scripts to run job "migration with reboot" 214 times

Actual Results:
segfault 25 times ,review all the core files ,all triggered Bug https://bugzilla.redhat.com/show_bug.cgi?id=736631 ,none of the core file's back-trace is as same as the original one of this Bug .

Based on above ,this issue has been fixed ald.

Comment 14 Eduardo Habkost 2011-10-28 14:01:08 EDT

Moving to ON_QA because Errata Tool did not do it

Comment 16 Paolo Bonzini 2011-11-17 12:39:06 EST

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Due to wrong initialization order for some data structures, in rare cases migration could fail and the instance of QEMU on the receiving host would crash with a segmentation fault.  The initialization code has been fixed, and the crashes should not happen anymore.

Comment 17 errata-xmlrpc 2011-12-06 11:03:44 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1531.html

Note You need to log in before you can comment on or make changes to this bug.