1438566 – migration/qxl: Seg fault migrating rhel5&6 at grub

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1438566 - migration/qxl: Seg fault migrating rhel5&6 at grub

Summary: migration/qxl: Seg fault migrating rhel5&6 at grub

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	qemu-kvm-rhev
Sub Component:
Version:	7.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Gerd Hoffmann
QA Contact:	xianwang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1376765
TreeView+	depends on / blocked

Reported:	2017-04-03 19:05 UTC by Dr. David Alan Gilbert
Modified:	2017-08-02 04:35 UTC (History)
CC List:	9 users (show)
Fixed In Version:	qemu-kvm-rhev-2.9.0-1.el7
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-08-02 04:35:59 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2017:2392	0	normal	SHIPPED_LIVE	Important: qemu-kvm-rhev security, bug fix, and enhancement update	2017-08-01 20:04:36 UTC

Description Dr. David Alan Gilbert 2017-04-03 19:05:52 UTC

Description of problem:
(Probably https://bugs.launchpad.net/qemu/+bug/1679126 )
Seg fault on destination loading a migration of a RHEL5 sitting at the grub menu - I suspect it's general on it being a text mode grub.



Version-Release number of selected component (if applicable):
qemu-kvm-rhev-2.9.0-0.el7.mrezanin201703281459.x86_64

How reproducible:


Steps to Reproduce:
1.  Start qemu with:
/usr/libexec/qemu-kvm -nodefaults -machine pc -drive file=/home/vms/rhel5.qcow2,cache=none -monitor stdio -S -vga qxl -spice port=5900,disable-ticketing
2. attach to it with spicy, 
3. hit 'c' to continue in the monitor
4. hit c in the spice window to stop grub at it's menu
5 In the monitor do migrate "exec:cat > spice.mig"
6 quit the qemu
7 Start a new destination qemu as:
/usr/libexec/qemu-kvm -nodefaults -machine pc -drive file=/home/vms/rhel5.qcow2,cache=none -monitor stdio  -vga qxl -spice port=5900,disable-ticketing -incoming "exec:cat spice.mig"

Actual results:

seg
(gdb) where
#0  0x00007ffff513e850 in pixman_image_get_data () at /lib64/libpixman-1.so.0
#1  0x0000555555994796 in qemu_spice_display_refresh (ssd=0x55555825ca30)
    at ui/spice-display.c:215
#2  0x0000555555994796 in qemu_spice_display_refresh (ssd=0x55555825ca30)
    at ui/spice-display.c:502
#3  0x000055555598b890 in gui_update (s=0x5555582b0930) at ui/console.c:1626
#4  0x000055555598b890 in gui_update (opaque=0x5555582b0930)
    at ui/console.c:201
#5  0x0000555555a68079 in timerlist_run_timers (timer_list=0x555556ca5800)
    at util/qemu-timer.c:536
#6  0x0000555555a68306 in qemu_clock_run_all_timers (type=<optimized out>)
    at util/qemu-timer.c:547
#7  0x0000555555a68306 in qemu_clock_run_all_timers () at util/qemu-timer.c:662
#8  0x0000555555a68817 in main_loop_wait (nonblocking=nonblocking@entry=0)
    at util/main-loop.c:514
#9  0x000055555575b99c in main () at vl.c:1898
#10 0x000055555575b99c in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4720
(gdb) q

Expected results:
No seg

Additional info:

Comment 2 Gerd Hoffmann 2017-04-07 08:36:55 UTC

https://patchwork.ozlabs.org/patch/747721/

Comment 4 xianwang 2017-05-22 07:32:58 UTC

This bug is reproduced on qemu-kvm-rhev-2.8.0-4.el7.x86_64 and is verified on qemu-kvm-rhev-2.9.0-1.el7

Bug reproduction:
Host:
3.10.0-588.el7.x86_64
qemu-kvm-rhev-2.8.0-4.el7.x86_64

1.Boot a guest with qemu cli:
/usr/libexec/qemu-kvm \
    -machine pc \
    -nodefaults  \
    -S \
    -drive file=/root/rhel68-64-virtio.qcow2,format=qcow2,if=none,id=drive_blk1,werror=stop,rerror=stop \
    -device virtio-blk-pci,drive=drive_blk1,id=blk-disk1,bootindex=1,bus=pci.0,addr=08 \
    -vga qxl \
    -spice port=5901,disable-ticketing \
    -monitor stdio \
2.attach to it with spicy
3. hit 'c' to continue in the monitor
4. hit c in the spice window to stop grub at it's menu
5 In the monitor do migrate "exec:cat > spice.mig"
6 quit the qemu
7 Start a new destination qemu as:
gdb --args /usr/libexec/qemu-kvm \
    -machine pc \
    -nodefaults  \
    -S \
    -drive file=/root/rhel68-64-virtio.qcow2,format=qcow2,if=none,id=drive_blk1,werror=stop,rerror=stop \
    -device virtio-blk-pci,drive=drive_blk1,id=blk-disk1,bootindex=1,bus=pci.0,addr=08 \
    -vga qxl \
    -spice port=5902,disable-ticketing \
    -monitor stdio \
    -incoming "exec:cat spice.mig"

Actual results:

src end:
(qemu) info migrate
capabilities: xbzrle: off rdma-pin-all: off auto-converge: off zero-blocks: off compress: off events: off postcopy-ram: off x-colo: off 
Migration status: completed
dst end:
(gdb) r
Segmentation fault.
(gdb) where
#0  0x00007fffe32c9140 in pixman_image_get_data () at /lib64/libpixman-1.so.0
#1  0x0000555555982746 in qemu_spice_display_refresh (ssd=0x55555825a930) at ui/spice-display.c:215
#2  0x0000555555982746 in qemu_spice_display_refresh (ssd=0x55555825a930) at ui/spice-display.c:502
#3  0x00005555559792c2 in gui_update (s=0x5555573c7270) at ui/console.c:1584
#4  0x00005555559792c2 in gui_update (opaque=0x5555573c7270) at ui/console.c:200
#5  0x00005555559a7fe9 in timerlist_run_timers (timer_list=0x555556c6b860) at qemu-timer.c:528
#6  0x00005555559a8270 in qemu_clock_run_all_timers (type=<optimized out>) at qemu-timer.c:539
#7  0x00005555559a8270 in qemu_clock_run_all_timers () at qemu-timer.c:653
#8  0x00005555559a7187 in main_loop_wait (nonblocking=<optimized out>) at main-loop.c:516
#9  0x00005555557567a0 in main () at vl.c:1966
#10 0x00005555557567a0 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4695
(gdb) q

Bug verify:
3.10.0-588.el7.x86_64
qemu-kvm-rhev-2.9.0-1.el7.x86_64

results:
src end:
(qemu) info migrate
capabilities: xbzrle: off rdma-pin-all: off auto-converge: off zero-blocks: off compress: off events: off postcopy-ram: off x-colo: off release-ram: off 
Migration status: completed
dst end:
(qemu) info status 
VM status: running
and vm works well in dst end.

So, this bug is fixed.

Comment 6 errata-xmlrpc 2017-08-02 04:35:59 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2392

Note You need to log in before you can comment on or make changes to this bug.