[Qemu-devel] [BUG] Migration segfaults

[Qemu-devel] [BUG] Migration segfaults

[Pierre Riteau]

The commit 7e72abc382b700a72549e8147bdea413534eeedc (vmstate: port  
cirrus_vga device) appears to break migration for me.
I'm migrating a Debian Lenny with 128 MB of RAM, and it segfaults at  
the end of the migration.

The following backtrace was acquired with the current HEAD  
(b348113d2161a339780e2d9e0479b1f9a53c6cbc).

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb79e06b0 (LWP 9106)]
0x081571b3 in subpage_register (mmio=0xabf32008, start=0, end=4095,  
memory=2089441, region_offset=0) at /mnt/qemu/exec.c:2862
2862                if (io_mem_read[memory][i]) {
(gdb) bt
#0  0x081571b3 in subpage_register (mmio=0xabf32008, start=0,  
end=4095, memory=2089441, region_offset=0) at /mnt/qemu/exec.c:2862
#1  0x081564c6 in cpu_register_physical_memory_offset  
(start_addr=655360, size=131072, phys_offset=16715534,  
region_offset=0) at /mnt/qemu/exec.c:2339
#2  0x080bc969 in cpu_register_physical_memory (start_addr=655360,  
size=131072, phys_offset=16715534) at /mnt/qemu/cpu-common.h:28
#3  0x080bc9ce in unmap_linear_vram (s=0xa0c4008) at /mnt/qemu/hw/ 
cirrus_vga.c:2623
#4  0x080bca72 in cirrus_update_memory_access (s=0xa0c4008) at /mnt/ 
qemu/hw/cirrus_vga.c:2648
#5  0x080bd190 in cirrus_post_load (opaque=0xa0c4008) at /mnt/qemu/hw/ 
cirrus_vga.c:2965
#6  0x08128f92 in vmstate_load_state (f=0xa134760, vmsd=0x81d3a60,  
opaque=0xa0c4008, version_id=2) at savevm.c:1087
#7  0x08129139 in vmstate_load (f=0xa134760, se=0xa0c1218,  
version_id=2) at savevm.c:1133
#8  0x0812985d in qemu_loadvm_state (f=0xa134760) at savevm.c:1371
#9  0x0811ba2e in tcp_accept_incoming_migration (opaque=0xd) at  
migration-tcp.c:158
#10 0x080521b6 in main_loop_wait (timeout=5000) at /mnt/qemu/vl.c:3871
#11 0x08052870 in main_loop () at /mnt/qemu/vl.c:4091
#12 0x08056431 in main (argc=13, argv=0xbfd6ddf4, envp=0xbfd6de2c) at / 
mnt/qemu/vl.c:5943

-- 
Pierre Riteau -- http://perso.univ-rennes1.fr/pierre.riteau/

Re: [Qemu-devel] [BUG] Migration segfaults

[Luiz Capitulino]

On Thu, 17 Sep 2009 17:05:17 +0200
Pierre Riteau <Pierre.Riteau@irisa.fr> wrote:

> The commit 7e72abc382b700a72549e8147bdea413534eeedc (vmstate: port  
> cirrus_vga device) appears to break migration for me.
> I'm migrating a Debian Lenny with 128 MB of RAM, and it segfaults at  
> the end of the migration.
> 
> The following backtrace was acquired with the current HEAD  
> (b348113d2161a339780e2d9e0479b1f9a53c6cbc).

 I'm also getting a migration problem with current HEAD: right
when the migration process finishes the destination guest
reboots.

 Reverting the above commit doesn't fix the problem, though.

 Also, it's been hard to 'bisect' it because:

1. doesn't appear to be caused by a recent commit
2. taking too old 'good' commits makes 'bisect' hit all
   recent migration bugs

 So, not sure what to do here... Maybe I'll go over committed
series manually.

Re: [Qemu-devel] [BUG] Migration segfaults

[Pierre Riteau]

On 17 sept. 2009, at 17:05, Pierre Riteau wrote:

> The commit 7e72abc382b700a72549e8147bdea413534eeedc (vmstate: port  
> cirrus_vga device) appears to break migration for me.
> I'm migrating a Debian Lenny with 128 MB of RAM, and it segfaults at  
> the end of the migration.
>
> The following backtrace was acquired with the current HEAD  
> (b348113d2161a339780e2d9e0479b1f9a53c6cbc).
>
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0xb79e06b0 (LWP 9106)]
> 0x081571b3 in subpage_register (mmio=0xabf32008, start=0, end=4095,  
> memory=2089441, region_offset=0) at /mnt/qemu/exec.c:2862
> 2862                if (io_mem_read[memory][i]) {
> (gdb) bt
> #0  0x081571b3 in subpage_register (mmio=0xabf32008, start=0,  
> end=4095, memory=2089441, region_offset=0) at /mnt/qemu/exec.c:2862
> #1  0x081564c6 in cpu_register_physical_memory_offset  
> (start_addr=655360, size=131072, phys_offset=16715534,  
> region_offset=0) at /mnt/qemu/exec.c:2339
> #2  0x080bc969 in cpu_register_physical_memory (start_addr=655360,  
> size=131072, phys_offset=16715534) at /mnt/qemu/cpu-common.h:28
> #3  0x080bc9ce in unmap_linear_vram (s=0xa0c4008) at /mnt/qemu/hw/ 
> cirrus_vga.c:2623
> #4  0x080bca72 in cirrus_update_memory_access (s=0xa0c4008) at /mnt/ 
> qemu/hw/cirrus_vga.c:2648
> #5  0x080bd190 in cirrus_post_load (opaque=0xa0c4008) at /mnt/qemu/ 
> hw/cirrus_vga.c:2965
> #6  0x08128f92 in vmstate_load_state (f=0xa134760, vmsd=0x81d3a60,  
> opaque=0xa0c4008, version_id=2) at savevm.c:1087
> #7  0x08129139 in vmstate_load (f=0xa134760, se=0xa0c1218,  
> version_id=2) at savevm.c:1133
> #8  0x0812985d in qemu_loadvm_state (f=0xa134760) at savevm.c:1371
> #9  0x0811ba2e in tcp_accept_incoming_migration (opaque=0xd) at  
> migration-tcp.c:158
> #10 0x080521b6 in main_loop_wait (timeout=5000) at /mnt/qemu/vl.c:3871
> #11 0x08052870 in main_loop () at /mnt/qemu/vl.c:4091
> #12 0x08056431 in main (argc=13, argv=0xbfd6ddf4, envp=0xbfd6de2c)  
> at /mnt/qemu/vl.c:5943

Am I the only one to see this issue? I still get a SIGSEGV when  
migrating Debian VMs, however I have to press a key in the migrated VM  
to make it crash.
The backtrace looks weird:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7a496b0 (LWP 2452)]
0x00000000 in ?? ()
(gdb) bt
#0  0x00000000 in ?? ()
#1  0x08187f74 in io_writew (physaddr=104572, val=1906,  
addr=3221985404, retaddr=0xafba6969) at /mnt/qemu/softmmu_template.h:210
#2  0x08187e19 in __stw_mmu (addr=3221985404, val=1906, mmu_idx=0) at / 
mnt/qemu/softmmu_template.h:241
#3  0xafba696a in ?? ()
#4  0xc022ee8f in ?? ()
#5  0xc022ee8f in ?? ()
#6  0x00000000 in ?? ()

It also happens when migrating a VM running a Debian install CD, with  
the following backtrace:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7a256b0 (LWP 2328)]
0x00000000 in ?? ()
(gdb) bt
#0  0x00000000 in ?? ()
#1  0x0818741f in io_readb (physaddr=15422, addr=3085610046,  
retaddr=0xafb2c4de) at /mnt/qemu/softmmu_template.h:68
#2  0x081872e4 in __ldb_mmu (addr=3085610046, mmu_idx=1) at /mnt/qemu/ 
softmmu_template.h:103
#3  0xafb2c4df in ?? ()
#4  0x0804e21c in hpet_start_timer (t=0x3cf) at /mnt/qemu/vl.c:1258
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Steps to reproduce with the CD:

wget http://cdimage.debian.org/debian-cd/5.0.3/i386/iso-cd/debian-503-i386-businesscard.iso
qemu -m 512 -cdrom debian-503-i386-businesscard.iso -boot d -monitor  
stdio
On another machine, qemu -m 512 -cdrom debian-503-i386- 
businesscard.iso -boot d -monitor stdio -incoming tcp:0:4444
wait for the first menu, select Install (Return)
wait for the language selection menu to show up, then migrate to the  
other machine
on the destination machine, press a key in Qemu
watch it segfault

-- 
Pierre Riteau -- http://perso.univ-rennes1.fr/pierre.riteau/