Bug 1684383
| Summary: | qemu crashed when take screenshot for 2nd head of virtio video device if the display not opened by virt-viewer | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Yanqiu Zhang <yanqzhan> | ||||
| Component: | qemu-kvm | Assignee: | Gerd Hoffmann <kraxel> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Guo, Zhiyi <zhguo> | ||||
| Severity: | unspecified | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 8.0 | CC: | chayang, ddepaula, dyuan, fjin, jinzhao, juzhang, mzhan, nanliu, rbalakri, virt-maint, xuzhang, yafu, yanqzhan, zhguo | ||||
| Target Milestone: | rc | ||||||
| Target Release: | 8.0 | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | qemu-kvm-2.12.0-85.module+el8.1.0+4010+d6842f29 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2019-11-05 20:48:05 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Created attachment 1539732 [details]
full-bt-gdb.txt
> #0 0x0000559c66413595 in ppm_save (errp=0x7ffdff574a58, ds=0x0,
> filename=0x559c69054490 "/var/cache/libvirt/qemu/qemu.screendump.89EaXo") at
> ui/console.c:373
ds=0x0
=> DisplaySurface NULL pointer dereference.
Fixed by commit 08d9864fa4e0c616e076ca8b225d39a7ecb189af (qemu 3.0). QA_ACK, please? Reproduce this issue against qemu-kvm-2.12.0-84.module+el8.1.0+3980+a02d9447.x86_64
Steps:
1.start vm with qemu options:
...-device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0 -chardev spicevmc,id=charchannel1,name=vdagent -device virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,id=channel1,name=com.redhat.spice.0 -device usb-tablet,id=input0,bus=usb.0,port=1 -spice port=5900,addr=0.0.0.0,disable-ticketing,image-compression=off,seamless-migration=on -device virtio-vga,id=video0,max_outputs=4,bus=pcie.0,addr=0x1 ...
2.try to screenshot head 1 by qmp:
{ "execute": "screendump","arguments": {"filename": "/tmp/screen.png", "device": "video0", "head": 1} }'
result:
qemu will coredump
Verify this issue against qemu-kvm-2.12.0-85.module+el8.1.0+4010+d6842f29.x86_64, no qemu-kvm coredump happen when trying to screenshot head 1-3
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:3345 |
Description of problem: Start a guest with virtio video device with heads >1, e.g.heads=3. If do not select the checkbox in virt-viewer to show the 'Display 2', then qemu will crash when take screenshot for the 2nd display. (If show it by virt-viewer, issue will not happen.) Version-Release number of selected component (if applicable): qemu-kvm-core-2.12.0-63.module+el8+2833+c7d6d092 libvirt-4.5.0-23.module+el8+2800+2d311f65.x86_64 kernel-4.18.0-73.el8.x86_64 How reproducible: 100% Steps to Reproduce: 1.Configure a guest with following xml(a rhel guest as example): ... <channel type='spicevmc'> <target type='virtio' name='com.redhat.spice.0'/> <address type='virtio-serial' controller='0' bus='0' port='2'/> </channel> ... <graphics type='spice' autoport='yes'> <listen type='address'/> </graphics> ... <video> <model type='virtio' heads='3' primary='yes'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/> </video> ... 2. Start guest # virsh start rhel8.0-yqz Domain rhel8.0-yqz started ...-device virtio-vga,id=video0,max_outputs=3,bus=pci.0,addr=0x2 ... 3. Do not show the 2nd display by virt-viewer, try to take screenshot for each video head: # virsh screenshot rhel8.0-yqz --screen 0 Screenshot saved to rhel8.0-yqz-2019-02-28-19:46:24.ppm, with type of image/x-portable-pixmap # virsh screenshot rhel8.0-yqz --screen 1 error: could not take a screenshot of rhel8.0-yqz error: Unable to read from monitor: Connection reset by peer # abrt-cli ls id 1e2225e60b90d41d0677df534053c9631e29439f reason: qmp_screendump(): qemu-kvm killed by SIGSEGV time: Thu 28 Feb 2019 07:46:25 PM CST cmdline: /usr/libexec/qemu-kvm -name guest=rhel8.0-yqz,debug-threads=on -S -object secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-13-rhel8.0-yqz/master-key.aes -machine pc-q35-rhel7.6.0,accel=kvm,usb=off,vmport=off,dump-guest-core=off -cpu Haswell-noTSX-IBRS,vme=on,ds=on,acpi=on,ss=on,ht=on,tm=on,pbe=on,dtes64=on,monitor=on,ds_cpl=on,vmx=on,smx=on,est=on,tm2=on,xtpr=on,pdcm=on,osxsave=on,f16c=on,rdrand=on,arat=on,tsc_adjust=on,stibp=on,xsaveopt=on,pdpe1gb=on,abm=on -m 1024 -realtime mlock=off -smp 1,sockets=1,cores=1,threads=1 -uuid 74e8cfa0-0beb-40ac-9662-17d5da05c52d -no-user-config -nodefaults -chardev socket,id=charmonitor,fd=30,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=delay -no-hpet -no-shutdown -global ICH9-LPC.disable_s3=1 -global ICH9-LPC.disable_s4=1 -boot strict=on -device pcie-root-port,port=0x10,chassis=1,id=pci.1,bus=pcie.0,multifunction=on,addr=0x2 -device pcie-root-port,port=0x11,chassis=2,id=pci.2,bus=pcie.0,addr=0x2.0x1 -device pcie-root-port,port=0x12,chassis=3,id=pci.3,bus=pcie.0,addr=0x2.0x2 -device pcie-root-port,port=0x13,chassis=4,id=pci.4,bus=pcie.0,addr=0x2.0x3 -device pcie-root-port,port=0x14,chassis=5,id=pci.5,bus=pcie.0,addr=0x2.0x4 -device pcie-root-port,port=0x15,chassis=6,id=pci.6,bus=pcie.0,addr=0x2.0x5 -device pcie-root-port,port=0x16,chassis=7,id=pci.7,bus=pcie.0,addr=0x2.0x6 -device qemu-xhci,p2=15,p3=15,id=usb,bus=pci.2,addr=0x0 -device virtio-serial-pci,id=virtio-serial0,bus=pci.3,addr=0x0 -drive file=/s3-qe-team/yanqzhan/RHEL-8.0-x86_64-latest.qcow2,format=qcow2,if=none,id=drive-virtio-disk0 -device virtio-blk-pci,scsi=off,bus=pci.4,addr=0x0,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 -netdev tap,fd=32,id=hostnet0,vhost=on,vhostfd=33 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:3a:3d:9f,bus=pci.1,addr=0x0 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -chardev socket,id=charchannel0,fd=34,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0 -chardev spicevmc,id=charchannel1,name=vdagent -device virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,id=channel1,name=com.redhat.spice.0 -device usb-tablet,id=input0,bus=usb.0,port=1 -spice port=5900,addr=127.0.0.1,disable-ticketing,seamless-migration=on -device virtio-vga,id=video0,max_outputs=2,bus=pcie.0,addr=0x1 -device ich9-intel-hda,id=sound0,bus=pcie.0,addr=0x1b -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -chardev spicevmc,id=charredir0,name=usbredir -device usb-redir,chardev=charredir0,id=redir0,bus=usb.0,port=2 -chardev spicevmc,id=charredir1,name=usbredir -device usb-redir,chardev=charredir1,id=redir1,bus=usb.0,port=3 -device virtio-balloon-pci,id=balloon0,bus=pci.5,addr=0x0 -object rng-random,id=objrng0,filename=/dev/urandom -device virtio-rng-pci,rng=objrng0,id=rng0,bus=pci.6,addr=0x0 -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny -msg timestamp=on package: 15:qemu-kvm-core-2.12.0-63.module+el8+2833+c7d6d092 uid: 107 (qemu) count: 1 Directory: /var/spool/abrt/ccpp-2019-02-28-19:46:25-3153 Run 'abrt-cli report /var/spool/abrt/ccpp-2019-02-28-19:46:25-3153' for creating a case in Red Hat Customer Portal Actual result: As in step3, qemu crashed when take screenshot for 2nd head of virtio video device when the display not shows in virt-viewer. Expected result: qemu should not crash, screenshot could succeed or fail with proper error. Additional info: 1.(gdb) bt #0 0x0000559c66413595 in ppm_save (errp=0x7ffdff574a58, ds=0x0, filename=0x559c69054490 "/var/cache/libvirt/qemu/qemu.screendump.89EaXo") at ui/console.c:373 #1 0x0000559c66413595 in qmp_screendump (filename=0x559c69054490 "/var/cache/libvirt/qemu/qemu.screendump.89EaXo", has_device=<optimized out>, device=<optimized out>, has_head=<optimized out>, head=<optimized out>, errp=errp@entry=0x7ffdff574a58) at ui/console.c:373 #2 0x0000559c663017a7 in qmp_marshal_screendump (args=<optimized out>, ret=<optimized out>, errp=0x7ffdff574ac8) at qapi/qapi-commands-ui.c:110 #3 0x0000559c664e93bb in do_qmp_dispatch (errp=0x7ffdff574ac0, request=0x7ffdff574ac0, cmds=<optimized out>) at qapi/qmp-dispatch.c:111 #4 0x0000559c664e93bb in qmp_dispatch (cmds=<optimized out>, request=request@entry=0x559c67de0e80) at qapi/qmp-dispatch.c:160 #5 0x0000559c6620b62e in monitor_qmp_dispatch_one (req_obj=<optimized out>) at /usr/src/debug/qemu-kvm-2.12.0-63.module+el8+2833+c7d6d092.x86_64/monitor.c:4084 #6 0x0000559c6620b8cc in monitor_qmp_bh_dispatcher (data=<optimized out>) at /usr/src/debug/qemu-kvm-2.12.0-63.module+el8+2833+c7d6d092.x86_64/monitor.c:4142 #7 0x0000559c664f3bf6 in aio_bh_call (bh=0x559c67c0e950) at util/async.c:118 #8 0x0000559c664f3bf6 in aio_bh_poll (ctx=ctx@entry=0x559c67bc7d70) at util/async.c:118 #9 0x0000559c664f6d74 in aio_dispatch (ctx=0x559c67bc7d70) at util/aio-posix.c:440 #10 0x0000559c664f3ad2 in aio_ctx_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at util/async.c:261 #11 0x00007f4f0ebb989d in g_main_dispatch (context=0x559c67bc8540) at gmain.c:3176 #12 0x00007f4f0ebb989d in g_main_context_dispatch (context=context@entry=0x559c67bc8540) at gmain.c:3829 #13 0x0000559c664f5ff0 in glib_pollfds_poll () at util/main-loop.c:215 #14 0x0000559c664f5ff0 in os_host_main_loop_wait (timeout=<optimized out>) at util/main-loop.c:238 #15 0x0000559c664f5ff0 in main_loop_wait (nonblocking=<optimized out>) at util/main-loop.c:497 #16 0x0000559c661c04b5 in main_loop () at vl.c:1964 #17 0x0000559c661c04b5 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4789 2. If select to show 'Display 2' in virt-viewer, screenshot succeed: # virsh screenshot avocado-vt-vm1 --screen 1 Screenshot saved to avocado-vt-vm1-2019-02-28-07:20:57.ppm, with type of image/x-portable-pixmap