Bug 2391334

Summary: qemu crashes in qemu_spice_gl_scanout_disable during early boot
Product: [Fedora] Fedora Reporter: mark preston <mark>
Component: qemuAssignee: Fedora Virtualization Maintainers <virt-maint>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: berrange, cfergeau, crobinso, kraxel, marcandre.lureau, mcascell, pbonzini, philmd, rjones, suraj.ghimire7, virt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: qemu-10.1.0-6.fc43 Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2025-09-16 00:19:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
stack of crashed qemu-system
none
stack of crashed qemu
none
gdb stack output
none
gdb stack trace
none
2nd gdb stack trace
none
gdb stack trace
none
gcb stack trace
none
potential fix none

Description mark preston 2025-08-27 18:13:55 UTC 
a recent update to virt-preview started to cause my guest vm crash early in booting.
I'm running fedora 42 on the host and guest.  I've been using virt-preview for years and this is the first time it has giving me an issue.
I think this is a regression.
I can only boot my guest vm if i disable 3dacc and OpenGL.  and even then i still have graphic issues with firefox and chrome crashing playing videos in the running guest.

I've downgraded to fedora 42 repository qemu, libvirt and other related products and i have no issues with crashes during boot and in the guest VM, firefox and chrome no longer crash playing videos. 

I have lots of core dumps of qemu-system-x86_64 and i will attach a few.

more info about my vm host:
Operating System: Fedora Linux 42
KDE Plasma Version: 6.4.4
KDE Frameworks Version: 6.17.0
Qt Version: 6.9.1
Kernel Version: 6.16.3-200.fc42.x86_64 (64-bit)
Graphics Platform: Wayland
Processors: 16 × AMD Ryzen 7 9700X 8-Core Processor
Memory: 128 GiB of RAM (123.4 GiB usable)
Graphics Processor: AMD Radeon Graphics
Manufacturer: ASRock
Product Name: X870E Taichi

the guest is running the same fedora version and kernel version.

Reproducible: Always

Steps to Reproduce:
1. use virt-preview and install qemu, libvirt and other required components
2. create a fedora 42 or rawhide guest
3.in the guest, enable 3d acceleration and OpenGL
4. Start the guest and very early in the boot, it crashes
Actual Results:
crashes with 3d acceleration and OpenGL enable.
with them disabled it will boot but video on the guest is not stable.

Expected Results:
seem to be a regression in the release canidate

I tried to get a kdump but it the crash occurs too soon in the boot for kdump to catch a core.
Comment 1 mark preston 2025-08-27 18:20:55 UTC 
Created attachment 2105045 [details]
stack of crashed qemu-system
Comment 2 mark preston 2025-08-27 18:21:40 UTC 
Created attachment 2105046 [details]
stack of crashed qemu
Comment 3 Richard W.M. Jones 2025-08-27 18:48:30 UTC 
Rather than attaching core dumps, much more useful would be stack traces.  Use
'coredumpctl gdb' and in gdb run the command 't a a bt'.
Comment 4 mark preston 2025-08-27 19:19:29 UTC 
i'm not sure this stack trace is more useful than the decompressed zstd file but i'm attaching.
It looks like there are symbols missing in the gdb stack.  I've included the whole coredumpctl term session
Let me know if you need anything else.
Comment 5 mark preston 2025-08-27 19:20:24 UTC 
Created attachment 2105048 [details]
gdb stack output
Comment 6 mark preston 2025-08-27 19:23:10 UTC 
oh i forgot, i have downgraded from the preview version so i dont' have those debuginfo files there so the trace stack won't be correct now.
Comment 7 Richard W.M. Jones 2025-08-27 19:40:15 UTC 
> oh i forgot, i have downgraded from the preview version so i dont' have those debuginfo files there so the trace stack won't be correct now.

I'm unclear what this means exactly, but we'd definitely prefer if we have
full debuginfo installed that exactly corresponds to the qemu version where
the crash occurred, and then get the stack trace with full symbols.  It may
be necessary to reproduce the crash again to be really sure everything is
lined up properly.  Otherwise we'd be wasting time chasing shadows.
Comment 8 mark preston 2025-08-27 21:39:41 UTC 
Created attachment 2105056 [details]
gdb stack trace
Comment 9 mark preston 2025-08-27 21:40:13 UTC 
Created attachment 2105057 [details]
2nd gdb stack trace
Comment 10 mark preston 2025-08-27 21:50:40 UTC 
I upgraded to the preview version, installed debuginfo rpms and reproduced the problem.  I've extracted the gdb trace stack info and attached to the bug.  These stack traces look readable.
Comment 11 Richard W.M. Jones 2025-08-28 07:50:36 UTC 
Unfortunately there are still missing debug symbols.  See the suggested
command to run in the output linked in comment 9.
Comment 12 mark preston 2025-08-28 12:56:55 UTC 
Created attachment 2105108 [details]
gdb stack trace

replacing the attachments with update stack trace
Comment 13 mark preston 2025-08-28 12:58:00 UTC 
Created attachment 2105109 [details]
gcb stack trace

with more debuginfo
Comment 14 mark preston 2025-08-28 13:00:30 UTC 
sorry i missed that info in the coredump.  I've installed all the debuginfo except for libxdp-debuginfo-1.5.6-1.fc42.x86_64
this doesn't exist anywhere in any of the fedora repositories that i know about.
Comment 15 Daniel Berrangé 2025-08-28 13:06:15 UTC 
The following changes to spice were in qemu 10.1.0

0c0729b46a3680c233e0d45647d5193c5c5083f9 ui/spice: Destroy the temporary egl fb after the blit is submitted
f851cd65ebe24cc716a70a2fa68c149e5440f2f4 ui/spice: Blit the scanout texture if its memory layout is not linear
2103690b1a7d98f88f7c150f48fcd951d3ee8b36 ui/spice: Create a new texture with linear layout when gl=on is specified
50d135e3779f276eba93c63dff49a940b85e23a5 ui/spice: Add an option to submit gl_draw requests at fixed rate
376d4b22e4d7dd81cb0c1ea1dfe1db0a0dc4b0e2 ui/spice: Enable gl=on option for non-local or remote clients
98a050ca93afd8686b78c3a71cbeef23e0bc420b ui/spice: support multi plane dmabuf scanout
0e15d0b92700000db66e19c68ad2d50aace860d8 ui/egl: support multi-plane dmabuf when egl export/import
bb5101aadc1675790983c7911092dd9abeec4651 ui/dmabuf: extend QemuDmaBuf to support multi-plane

given the stack trace it is strongly pointing to 98a050ca93afd8686b78c3a71cbeef23e0bc420b being flawed.
Comment 16 Daniel Berrangé 2025-08-28 13:08:10 UTC 
@marcandre: could you take a look at the stack trace and see if you can spot what might be wrong with the spice commits above
Comment 17 Marc-Andre Lureau 2025-08-28 13:44:30 UTC 
Created attachment 2105121 [details]
potential fix

@mark, can you try this patch?
Comment 18 mark preston 2025-08-28 13:47:20 UTC 
Hi, I'd be happy to try the patch but i can't accesss the attachement
 Sorry, you are not authorized to access attachment #2105121 [details].
Comment 19 Richard W.M. Jones 2025-08-28 13:49:12 UTC 
You should be able to access it now.
Comment 20 mark preston 2025-08-28 13:51:52 UTC 
still getting a not authorized to access.  security is never easy ;)
Comment 21 mark preston 2025-08-28 13:59:19 UTC 
I see the patch now.  I can't do that as i'm not building from source.  If you can get me a new binary i can replace just that instead of someone building a new install package (rpm)
Comment 22 mark preston 2025-08-28 16:27:52 UTC 
Comment on attachment 2105121 [details]
potential fix

i see there is a new build for 10.1.0-5.  is this patch in that build?  if so i can wait for it to show up in the preview repository.
Comment 23 mark preston 2025-08-28 19:36:07 UTC 
i can confirm that the fix is not in 10.1.0-5.   If someone can make available a patched library/executable i'll be happy to test.  I do not have a build/dev env where i can patch source code.
Comment 24 Marc-Andre Lureau 2025-08-28 19:45:43 UTC 
Try with this scratch-build: https://koji.fedoraproject.org/koji/taskinfo?taskID=136509748 (hmm I should have used a different version/suffix..)
Comment 25 mark preston 2025-08-28 23:22:35 UTC 
I was finally able to test the patch and yes it does resolve the crash during boot.  I'm now running a guest VM to see if it also fixes the issue with firefox and chrome crashes during video playback.
Comment 26 Fedora Update System 2025-09-04 20:10:43 UTC 
FEDORA-2025-b8b6acb283 (qemu-10.1.0-6.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-b8b6acb283
Comment 27 Fedora Update System 2025-09-05 01:29:51 UTC 
FEDORA-2025-b8b6acb283 has been pushed to the Fedora 43 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-b8b6acb283`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-b8b6acb283

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 28 Fedora Update System 2025-09-16 00:19:14 UTC 
FEDORA-2025-b8b6acb283 (qemu-10.1.0-6.fc43) has been pushed to the Fedora 43 stable repository.
If problem still persists, please make note of it in this bug report.