Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 922466

Summary: src qemu-kvm crashed after migration finished(dest qemu-kvm work well)
Product: Red Hat Enterprise Linux 7 Reporter: Xiaoqing Wei <xwei>
Component: spiceAssignee: Uri Lublin <uril>
Status: CLOSED DUPLICATE QA Contact: Desktop QE <desktop-qa-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: acathrow, juzhang, michen, qzhang, shuang
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-18 05:30:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
thread apply all bt full none

Description Xiaoqing Wei 2013-03-17 08:46:45 UTC 
Created attachment 711285 [details]
thread apply all bt full

Description of problem:

src qemu-kvm crashed after migration finished(dest qemu-kvm work well)

Version-Release number of selected component (if applicable):

kernel-3.8.0-0.40.el7.x86_64
spice-server-0.12.2-1.el7.x86_64
qemu-kvm-1.4.0-1.el7.x86_64


guest qxl driver: xorg-x11-drv-qxl-0.1.0-2.el7.x86_64

How reproducible:

1/1

Steps to Reproduce:
1. boot a vm
qemu-kvm -S -name 'vm1' -nodefaults -monitor stdio -chardev socket,id=serial_id_serial1,path=/tmp/serial-serial1-20130311-205143-YkA59xdE,server,nowait -device isa-serial,chardev=serial_id_serial1 -chardev socket,id=seabioslog_id_20130311-205143-YkA59xdE,path=/tmp/seabios-20130311-205143-YkA59xdE,server,nowait -device isa-debugcon,chardev=seabioslog_id_20130311-205143-YkA59xdE,iobase=0x402 -device ich9-usb-uhci1,id=usb1,bus=pci.0,addr=0x4 -device virtio-scsi-pci,id=virtio_scsi_pci0,addr=0x5 -drive file='/home/staf-kvm-devel/autotest-devel/client/tests/kvm/images/RHEL-Server-7.0-64-virtio.qcow2',if=none,id=virtio-scsi-id0,media=disk,cache=none,snapshot=off,format=qcow2,aio=native -device scsi-hd,drive=virtio-scsi-id0 -drive file='/home/10G.raw',if=none,id=virtio-scsi-id1,media=disk,cache=none,snapshot=off,format=raw,aio=native -device scsi-hd,drive=virtio-scsi-id1 -m 4096 -smp 4,maxcpus=4,cores=2,threads=1,sockets=2 -cpu 'SandyBridge' -M pc -device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1 -spice port=3000,password=123456,addr=0,image-compression=auto_glz,jpeg-wan-compression=auto,zlib-glz-wan-compression=auto,streaming-video=all,agent-mouse=on,playback-compression=on,ipv4 -vga qxl -global qxl-vga.vram_size=33554432 -boot order=cdn,once=c,menu=off -enable-kvm -rtc base=utc,clock=host,driftfix=slew -no-kvm-pit-reinjection -device virtio-net-pci,netdev=idv9YpRF,mac=9a:43:44:45:46:47,bus=pci.0,addr=0x3,id='idWW7z7a',vectors=2 -netdev tap,id=idv9YpRF,vhost=on,script="/etc/ovs-ifup",downscript="/etc/ovs-ifdown",queues=2
2. boot a incoming vm, waiting for migration
qemu-kvm -S -name vm1 -nodefaults -monitor stdio -chardev socket,id=serial_id_serial1,path=/tmp/serial-serial1-20130311-205143-YkA59xdE,server,nowait -device isa-serial,chardev=serial_id_serial1 -chardev socket,id=seabioslog_id_20130311-205143-YkA59xdE,path=/tmp/seabios-20130311-205143-YkA59xdE,server,nowait -device isa-debugcon,chardev=seabioslog_id_20130311-205143-YkA59xdE,iobase=0x402 -device ich9-usb-uhci1,id=usb1,bus=pci.0,addr=0x4 -device virtio-scsi-pci,id=virtio_scsi_pci0,addr=0x5 -drive file=/home/staf-kvm-devel/autotest-devel/client/tests/kvm/images/RHEL-Server-7.0-64-virtio.qcow2,if=none,id=virtio-scsi-id0,media=disk,cache=none,snapshot=off,format=qcow2,aio=native -device scsi-hd,drive=virtio-scsi-id0 -drive file=/home/10G.raw,if=none,id=virtio-scsi-id1,media=disk,cache=none,snapshot=off,format=raw,aio=native -device scsi-hd,drive=virtio-scsi-id1 -m 4096 -smp 4,maxcpus=4,cores=2,threads=1,sockets=2 -cpu SandyBridge -M pc -device usb-tablet,id=usb-tablet1,bus=usb1.0,port=1 -spice port=3010,password=123456,addr=0,image-compression=auto_glz,jpeg-wan-compression=auto,zlib-glz-wan-compression=auto,streaming-video=all,agent-mouse=on,playback-compression=on,ipv4 -vga qxl -global qxl-vga.vram_size=33554432 -boot order=cdn,once=c,menu=off -enable-kvm -rtc base=utc,clock=host,driftfix=slew -no-kvm-pit-reinjection -device virtio-net-pci,netdev=idv9YpRF,mac=9a:43:44:45:46:47,bus=pci.0,addr=0x3,id=idWW7z7a,vectors=2 -netdev tap,id=idv9YpRF,vhost=on,script=/etc/ovs-ifup,downscript=/etc/ovs-ifdown,queues=2   \
\
 -incoming tcp:0:8010
3. guest # scp file IP_of_host:/tmp

4. when migration finishes:
(qemu) info migrate
capabilities: xbzrle: off 
Migration status: active
total time: 10800 milliseconds
expected downtime: 0 milliseconds
transferred ram: 355116 kbytes
remaining ram: 0 kbytes
total ram: 4293000 kbytes
duplicate: 986808 pages
normal: 86442 pages
normal bytes: 345768 kbytes
(qemu) info(/usr/bin/qemu-kvm:17190): Spice-Warning **: reds.c:4399:spice_server_migrate_end: spice_server_migrate_info was not called, disconnecting clients
red_client_destroy: destroy client with #channels 4
(/usr/bin/qemu-kvm:17190): Spice-ERROR **: red_channel.c:1711:red_client_destroy: assertion `pthread_equal(pthread_self(), client->thread_id)' failed
Thread 8 (Thread 0x7fc2ef777700 (LWP 17201)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:165
#1  0x00007fc2fcaf4159 in qemu_cond_wait (cond=<optimized out>, mutex=mutex@entry=0x7fc2fd30a820 <qemu_global_mutex>) at util/qemu-thread-posix.c:116
#2  0x00007fc2fc9eb83b in qemu_kvm_wait_io_event (env=0x7fc2fea84890) at /usr/src/debug/qemu-1.4.0/cpus.c:727
#3  qemu_kvm_cpu_thread_fn (arg=0x7fc2fea84890) at /usr/src/debug/qemu-1.4.0/cpus.c:764
#4  0x00007fc2fac5dd15 in start_thread (arg=0x7fc2ef777700) at pthread_create.c:308
#5  0x00007fc2f738d46d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:114
Thread 7 (Thread 0x7fc2eef76700 (LWP 17202)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:165
#1  0x00007fc2fcaf4159 in qemu_cond_wait (cond=<optimized out>, mutex=mutex@entry=0x7fc2fd30a820 <qemu_global_mutex>) at util/qemu-thread-posix.c:116
#2  0x00007fc2fc9eb83b in qemu_kvm_wait_io_event (env=0x7fc2feab0480) at /usr/src/debug/qemu-1.4.0/cpus.c:727
#3  qemu_kvm_cpu_thread_fn (arg=0x7fc2feab0480) at /usr/src/debug/qemu-1.4.0/cpus.c:764
#4  0x00007fc2fac5dd15 in start_thread (arg=0x7fc2eef76700) at pthread_create.c:308
#5  0x00007fc2f738d46d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:114
Thread 6 (Thread 0x7fc2ee775700 (LWP 17203)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:165
#1  0x00007fc2fcaf4159 in qemu_cond_wait (cond=<optimized out>, mutex=mutex@entry=0x7fc2fd30a820 <qemu_global_mutex>) at util/qemu-thread-posix.c:116
#2  0x00007fc2fc9eb83b in qemu_kvm_wait_io_event (env=0x7fc2feac0c00) at /usr/src/debug/qemu-1.4.0/cpus.c:727
#3  qemu_kvm_cpu_thread_fn (arg=0x7fc2feac0c00) at /usr/src/debug/qemu-1.4.0/cpus.c:764
#4  0x00007fc2fac5dd15 in start_thread (arg=0x7fc2ee775700) at pthread_create.c:308
#5  0x00007fc2f738d46d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:114
Thread 5 (Thread 0x7fc2edf74700 (LWP 17204)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:165
#1  0x00007fc2fcaf4159 in qemu_cond_wait (cond=<optimized out>, mutex=mutex@entry=0x7fc2fd30a820 <qemu_global_mutex>) at util/qemu-thread-posix.c:116
#2  0x00007fc2fc9eb83b in qemu_kvm_wait_io_event (env=0x7fc2fead1380) at /usr/src/debug/qemu-1.4.0/cpus.c:727
#3  qemu_kvm_cpu_thread_fn (arg=0x7fc2fead1380) at /usr/src/debug/qemu-1.4.0/cpus.c:764
#4  0x00007fc2fac5dd15 in start_thread (arg=0x7fc2edf74700) at pthread_create.c:308
#5  0x00007fc2f738d46d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:114
Thread 4 (Thread 0x7fc1d19fc700 (LWP 17205)):
#0  0x00007fc2f738498d in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007fc2f8039bd9 in poll (__timeout=<optimized out>, __nfds=20, __fds=0x7fc1cc0008f8) at /usr/include/bits/poll2.h:46
#2  red_worker_main (arg=<optimized out>) at red_worker.c:11831
#3  0x00007fc2fac5dd15 in start_thread (arg=0x7fc1d19fc700) at pthread_create.c:308
#4  0x00007fc2f738d46d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:114
Thread 3 (Thread 0x7fc2f0179700 (LWP 17342)):
#0  0x00007fc2fac6412d in read () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007fc2f8051e93 in read (__nbytes=255, __buf=0x7fc2f0178820, __fd=<optimized out>) at /usr/include/bits/unistd.h:44
#2  spice_backtrace_gstack () at backtrace.c:100
#3  0x00007fc2f8051fc9 in spice_backtrace () at backtrace.c:131
#4  0x00007fc2f80599ef in spice_logv (log_domain=0x7fc2f80d00c6 "Spice", log_level=SPICE_LOG_LEVEL_ERROR, strloc=0x7fc2f80d2e70 "red_channel.c:1711", function=0x7fc2f80d3520 <__FUNCTION__.22504> "red_client_destroy", format=0x7fc2f80d009e "assertion `%s' failed", args=args@entry=0x7fc2f01789a8) at log.c:108
#5  0x00007fc2f8059b38 in spice_log (log_domain=log_domain@entry=0x7fc2f80d00c6 "Spice", log_level=log_level@entry=SPICE_LOG_LEVEL_ERROR, strloc=strloc@entry=0x7fc2f80d2e70 "red_channel.c:1711", function=function@entry=0x7fc2f80d3520 <__FUNCTION__.22504> "red_client_destroy", format=format@entry=0x7fc2f80d009e "assertion `%s' failed") at log.c:123
#6  0x00007fc2f8018570 in red_client_destroy (client=client@entry=0x7fc2fee037c0) at red_channel.c:1711
#7  0x00007fc2f803d352 in reds_client_disconnect (client=0x7fc2fee037c0) at reds.c:561
#8  reds_client_disconnect (client=0x7fc2fee037c0) at reds.c:518
#9  0x00007fc2f803d8c1 in reds_disconnect () at reds.c:589
#10 0x00007fc2f8042207 in spice_server_migrate_end (s=<optimized out>, completed=1) at reds.c:4400
#11 0x00007fc2fcaff404 in notifier_list_notify (list=list@entry=0x7fc2fd2e9268 <migration_state_notifiers>, data=data@entry=0x7fc2fced0400 <current_migration.19506>) at util/notify.c:39
#12 0x00007fc2fc97e684 in migrate_fd_completed (s=0x7fc2fced0400 <current_migration.19506>) at migration.c:294
#13 buffered_file_thread (opaque=0x7fc2fced0400 <current_migration.19506>) at migration.c:716
#14 0x00007fc2fac5dd15 in start_thread (arg=0x7fc2f0179700) at pthread_create.c:308
#15 0x00007fc2f738d46d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:114
Thread 2 (Thread 0x7fc1d09fa700 (LWP 17343)):
#0  sem_timedwait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_timedwait.S:101
#1  0x00007fc2fcaf431b in qemu_sem_timedwait (sem=sem@entry=0x7fc2fd2ea940 <sem>, ms=ms@entry=10000) at util/qemu-thread-posix.c:237
#2  0x00007fc2fc9bf4fe in worker_thread (unused=<optimized out>) at thread-pool.c:88
#3  0x00007fc2fac5dd15 in start_thread (arg=0x7fc1d09fa700) at pthread_create.c:308
#4  0x00007fc2f738d46d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:114
Thread 1 (Thread 0x7fc2fc7a2a00 (LWP 17190)):
#0  __lll_lock_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:135
#1  0x00007fc2fac5fca6 in _L_lock_836 () from /lib64/libpthread.so.0
#2  0x00007fc2fac5fba8 in __GI___pthread_mutex_lock (mutex=mutex@entry=0x7fc2fd30a820 <qemu_global_mutex>) at pthread_mutex_lock.c:64
#3  0x00007fc2fcaf3f39 in qemu_mutex_lock (mutex=mutex@entry=0x7fc2fd30a820 <qemu_global_mutex>) at util/qemu-thread-posix.c:57
#4  0x00007fc2fc9ecdc0 in qemu_mutex_lock_iothread () at /usr/src/debug/qemu-1.4.0/cpus.c:909
#5  0x00007fc2fc97caaa in os_host_main_loop_wait (timeout=1) at main-loop.c:233
#6  main_loop_wait (nonblocking=<optimized out>) at main-loop.c:416
#7  0x00007fc2fc856385 in main_loop () at vl.c:2001
#8  main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4326


  
Actual results:
Core was generated by `qemu-kvm -S -name vm1 -nodefaults -monitor stdio -chardev socket,id=serial_id_s'.
Program terminated with signal 6, Aborted.
#0  0x00007fc2f72d0ba5 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:63
63	  return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
(gdb) bt
#0  0x00007fc2f72d0ba5 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:63
#1  0x00007fc2f72d2358 in __GI_abort () at abort.c:90
#2  0x00007fc2f80599f5 in spice_logv (log_domain=0x7fc2f80d00c6 "Spice", log_level=SPICE_LOG_LEVEL_ERROR, strloc=0x7fc2f80d2e70 "red_channel.c:1711", 
    function=0x7fc2f80d3520 <__FUNCTION__.22504> "red_client_destroy", format=0x7fc2f80d009e "assertion `%s' failed", args=args@entry=0x7fc2f01789a8)
    at log.c:109
#3  0x00007fc2f8059b38 in spice_log (log_domain=log_domain@entry=0x7fc2f80d00c6 "Spice", log_level=log_level@entry=SPICE_LOG_LEVEL_ERROR, 
    strloc=strloc@entry=0x7fc2f80d2e70 "red_channel.c:1711", function=function@entry=0x7fc2f80d3520 <__FUNCTION__.22504> "red_client_destroy", 
    format=format@entry=0x7fc2f80d009e "assertion `%s' failed") at log.c:123
#4  0x00007fc2f8018570 in red_client_destroy (client=client@entry=0x7fc2fee037c0) at red_channel.c:1711
#5  0x00007fc2f803d352 in reds_client_disconnect (client=0x7fc2fee037c0) at reds.c:561
#6  reds_client_disconnect (client=0x7fc2fee037c0) at reds.c:518
#7  0x00007fc2f803d8c1 in reds_disconnect () at reds.c:589
#8  0x00007fc2f8042207 in spice_server_migrate_end (s=<optimized out>, completed=1) at reds.c:4400
#9  0x00007fc2fcaff404 in notifier_list_notify (list=list@entry=0x7fc2fd2e9268 <migration_state_notifiers>, 
    data=data@entry=0x7fc2fced0400 <current_migration.19506>) at util/notify.c:39
#10 0x00007fc2fc97e684 in migrate_fd_completed (s=0x7fc2fced0400 <current_migration.19506>) at migration.c:294
#11 buffered_file_thread (opaque=0x7fc2fced0400 <current_migration.19506>) at migration.c:716
#12 0x00007fc2fac5dd15 in start_thread (arg=0x7fc2f0179700) at pthread_create.c:308
#13 0x00007fc2f738d46d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:114


Expected results:
qemu-kvm work well, not core dump

Additional info:

dest qemu-kvm work well
Comment 2 Qunfang Zhang 2013-03-18 05:09:25 UTC 
Hi, Xiaoqing
Maybe this is a duplicate of bug 920069 if vnc can not reproduce.
Comment 3 Xiaoqing Wei 2013-03-18 05:30:01 UTC 

*** This bug has been marked as a duplicate of bug 920069 ***