Bug 1438566

Summary: migration/qxl: Seg fault migrating rhel5&6 at grub
Product: Red Hat Enterprise Linux 7 Reporter: Dr. David Alan Gilbert <dgilbert>
Component: qemu-kvm-rhevAssignee: Gerd Hoffmann <kraxel>
Status: CLOSED ERRATA QA Contact: xianwang <xianwang>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.4CC: chayang, juzhang, knoel, marcandre.lureau, michen, mrezanin, qzhang, virt-maint, xianwang
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qemu-kvm-rhev-2.9.0-1.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-02 04:35:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1376765    

Description Dr. David Alan Gilbert 2017-04-03 19:05:52 UTC 
Description of problem:
(Probably https://bugs.launchpad.net/qemu/+bug/1679126 )
Seg fault on destination loading a migration of a RHEL5 sitting at the grub menu - I suspect it's general on it being a text mode grub.



Version-Release number of selected component (if applicable):
qemu-kvm-rhev-2.9.0-0.el7.mrezanin201703281459.x86_64

How reproducible:


Steps to Reproduce:
1.  Start qemu with:
/usr/libexec/qemu-kvm -nodefaults -machine pc -drive file=/home/vms/rhel5.qcow2,cache=none -monitor stdio -S -vga qxl -spice port=5900,disable-ticketing
2. attach to it with spicy, 
3. hit 'c' to continue in the monitor
4. hit c in the spice window to stop grub at it's menu
5 In the monitor do migrate "exec:cat > spice.mig"
6 quit the qemu
7 Start a new destination qemu as:
/usr/libexec/qemu-kvm -nodefaults -machine pc -drive file=/home/vms/rhel5.qcow2,cache=none -monitor stdio  -vga qxl -spice port=5900,disable-ticketing -incoming "exec:cat spice.mig"

Actual results:

seg
(gdb) where
#0  0x00007ffff513e850 in pixman_image_get_data () at /lib64/libpixman-1.so.0
#1  0x0000555555994796 in qemu_spice_display_refresh (ssd=0x55555825ca30)
    at ui/spice-display.c:215
#2  0x0000555555994796 in qemu_spice_display_refresh (ssd=0x55555825ca30)
    at ui/spice-display.c:502
#3  0x000055555598b890 in gui_update (s=0x5555582b0930) at ui/console.c:1626
#4  0x000055555598b890 in gui_update (opaque=0x5555582b0930)
    at ui/console.c:201
#5  0x0000555555a68079 in timerlist_run_timers (timer_list=0x555556ca5800)
    at util/qemu-timer.c:536
#6  0x0000555555a68306 in qemu_clock_run_all_timers (type=<optimized out>)
    at util/qemu-timer.c:547
#7  0x0000555555a68306 in qemu_clock_run_all_timers () at util/qemu-timer.c:662
#8  0x0000555555a68817 in main_loop_wait (nonblocking=nonblocking@entry=0)
    at util/main-loop.c:514
#9  0x000055555575b99c in main () at vl.c:1898
#10 0x000055555575b99c in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4720
(gdb) q

Expected results:
No seg

Additional info:
Comment 2 Gerd Hoffmann 2017-04-07 08:36:55 UTC 
https://patchwork.ozlabs.org/patch/747721/
Comment 4 xianwang 2017-05-22 07:32:58 UTC 
This bug is reproduced on qemu-kvm-rhev-2.8.0-4.el7.x86_64 and is verified on qemu-kvm-rhev-2.9.0-1.el7

Bug reproduction:
Host:
3.10.0-588.el7.x86_64
qemu-kvm-rhev-2.8.0-4.el7.x86_64

1.Boot a guest with qemu cli:
/usr/libexec/qemu-kvm \
    -machine pc \
    -nodefaults  \
    -S \
    -drive file=/root/rhel68-64-virtio.qcow2,format=qcow2,if=none,id=drive_blk1,werror=stop,rerror=stop \
    -device virtio-blk-pci,drive=drive_blk1,id=blk-disk1,bootindex=1,bus=pci.0,addr=08 \
    -vga qxl \
    -spice port=5901,disable-ticketing \
    -monitor stdio \
2.attach to it with spicy
3. hit 'c' to continue in the monitor
4. hit c in the spice window to stop grub at it's menu
5 In the monitor do migrate "exec:cat > spice.mig"
6 quit the qemu
7 Start a new destination qemu as:
gdb --args /usr/libexec/qemu-kvm \
    -machine pc \
    -nodefaults  \
    -S \
    -drive file=/root/rhel68-64-virtio.qcow2,format=qcow2,if=none,id=drive_blk1,werror=stop,rerror=stop \
    -device virtio-blk-pci,drive=drive_blk1,id=blk-disk1,bootindex=1,bus=pci.0,addr=08 \
    -vga qxl \
    -spice port=5902,disable-ticketing \
    -monitor stdio \
    -incoming "exec:cat spice.mig"

Actual results:

src end:
(qemu) info migrate
capabilities: xbzrle: off rdma-pin-all: off auto-converge: off zero-blocks: off compress: off events: off postcopy-ram: off x-colo: off 
Migration status: completed
dst end:
(gdb) r
Segmentation fault.
(gdb) where
#0  0x00007fffe32c9140 in pixman_image_get_data () at /lib64/libpixman-1.so.0
#1  0x0000555555982746 in qemu_spice_display_refresh (ssd=0x55555825a930) at ui/spice-display.c:215
#2  0x0000555555982746 in qemu_spice_display_refresh (ssd=0x55555825a930) at ui/spice-display.c:502
#3  0x00005555559792c2 in gui_update (s=0x5555573c7270) at ui/console.c:1584
#4  0x00005555559792c2 in gui_update (opaque=0x5555573c7270) at ui/console.c:200
#5  0x00005555559a7fe9 in timerlist_run_timers (timer_list=0x555556c6b860) at qemu-timer.c:528
#6  0x00005555559a8270 in qemu_clock_run_all_timers (type=<optimized out>) at qemu-timer.c:539
#7  0x00005555559a8270 in qemu_clock_run_all_timers () at qemu-timer.c:653
#8  0x00005555559a7187 in main_loop_wait (nonblocking=<optimized out>) at main-loop.c:516
#9  0x00005555557567a0 in main () at vl.c:1966
#10 0x00005555557567a0 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4695
(gdb) q

Bug verify:
3.10.0-588.el7.x86_64
qemu-kvm-rhev-2.9.0-1.el7.x86_64

results:
src end:
(qemu) info migrate
capabilities: xbzrle: off rdma-pin-all: off auto-converge: off zero-blocks: off compress: off events: off postcopy-ram: off x-colo: off release-ram: off 
Migration status: completed
dst end:
(qemu) info status 
VM status: running
and vm works well in dst end.

So, this bug is fixed.
Comment 6 errata-xmlrpc 2017-08-02 04:35:59 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392