750439 – Got Segmentation fault when using the command "__com.redhat_spice_migrate_info"

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 750439 - Got Segmentation fault when using the command "__com.redhat_spice_migrate_info"

Summary: Got Segmentation fault when using the command "__com.redhat_spice_migrate_info"

Keywords:
Status:	CLOSED DUPLICATE of bug 795652
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	6.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Yonit Halperin
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-11-01 06:23 UTC by Qunfang Zhang
Modified:	2014-01-21 00:00 UTC (History)
CC List:	13 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-03-29 05:36:58 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Qunfang Zhang 2011-11-01 06:23:59 UTC

Description of problem:
When using the command "__com.redhat_spice_migrate_info" but type a wrong port behind it, qemu got a segmentation fault. Please check the steps for details.
And seems it is a regression in qemu-kvm-0.12.1.2-2.194.el6.
Retest with qemu-kvm-195, hit the issue.
Retest with qemu-kvm-193, did not hit the issue.

Version-Release number of selected component (if applicable):
qemu-kvm-0.12.1.2-2.207.el6.x86_64
kernel-2.6.32-214.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Boot a guest in src host A and dst host B with listening mode.
CLI:
Host A:
(gdb) r -M rhel6.2.0 -cpu cpu64-rhel6,+x2apic  -enable-kvm -m 2048 -smp 2,sockets=2,cores=1,threads=1 -name RHEL6 -uuid 821af33f-9b98-4580-bd96-1f82f96280a4 -monitor stdio -rtc base=localtime -boot c -device virtio-serial-pci,id=virtio-serial0,max_ports=16,bus=pci.0,addr=0x4 -drive file=/media/rhel6u2.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,werror=stop,rerror=stop -device ide-drive,bus=ide.0,unit=0,drive=drive-virtio-disk0,id=virtio-disk0 -netdev tap,id=hostnet0,vhost=on,script=/etc/qemu-ifup -device virtio-net-pci,netdev=hostnet0,id=net0,mac=00:1a:4a:10:20:3a,bus=pci.0,addr=0x3 -chardev socket,id=charchannel0,path=/tmp/foo,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.rhevm.vdsm -usb -device usb-tablet -spice port=5930,disable-ticketing -vga qxl -global qxl-vga.vram_size=67108864

Host B:
Same command parameters and with "-incoming tcp:0:5800"

2.Host A:
(qemu)migrate -d tcp:$host_B_ip:5800

3.After finish migration.
On host B:
(qemu)__com.redhat_spice_migrate_info 10.66.9.184:5800

(Actually should be "__com.redhat_spice_migrate_info 10.66.9.184 5930", type a wrong string lead to the problem."
  
Actual results:
Qemu got segmentation fault on host B after input the wrong port number.

Expected results:
No segmentation fault.

Additional info:

Host B segmentation fault logs:

Program received signal SIGSEGV, Segmentation fault.
0x00000037cee751e5 in malloc_consolidate () from /lib64/libc.so.6

(gdb) 
(gdb) bt
#0  0x00000037cee751e5 in malloc_consolidate () from /lib64/libc.so.6
#1  0x00000037cee78062 in _int_malloc () from /lib64/libc.so.6
#2  0x00000037cee7948d in malloc () from /lib64/libc.so.6
#3  0x00000037d16b5440 in spice_malloc (n_bytes=4344) at ../common/mem.c:88
#4  0x00000037d16b5a1e in spice_marshaller_new () at ../common/marshaller.c:120
#5  0x00000037d1614f5e in marshaller_new_for_outgoing (state=0x1935ed0, type=102) at reds.c:2262
#6  0x00000037d1618616 in reds_send_keyboard_modifiers (modifiers=0 '\000') at reds.c:2605
#7  0x000000000040c4f8 in qemu_run_timers (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:1309
#8  main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4058
#9  0x000000000042aeaa in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2225
#10 0x000000000040de35 in main_loop (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4234
#11 main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6470

Comment 8 Yonit Halperin 2012-03-27 06:24:17 UTC

This bug should be unreproducible after the fix for bug 795652 (qemu-kvm-0.12.1.2-2.250.el6)

Comment 9 Qunfang Zhang 2012-03-29 04:35:58 UTC

Yes, test on qemu-kvm-0.12.1.2-2.265.el6.x86_64, the problem is fixed. 
After step 3 on bug description: 

(qemu) __com.redhat_spice_migrate_info 10.66.9.184:5800
Parameter 'port/tls-port' is missing
(qemu) 
(qemu) 
(qemu) __com.redhat_spice_migrate_info 10.66.9.184 ?
invalid char in expression
(qemu) 
(qemu) __com.redhat_spice_migrate_info ?
Parameter 'port/tls-port' is missing

Guest does not hang and gives prompt. So this issue is fixed.

Comment 10 Miya Chen 2012-03-29 05:36:58 UTC

Based on comment#8 and comment#9, close this bug as duplicate.

*** This bug has been marked as a duplicate of bug 795652 ***

Note You need to log in before you can comment on or make changes to this bug.