Bug 1955666 - qemu-kvm NULL pointer de-reference during migration at migrate_fd_connect ->...-> notifier_list_notify [rhel-8.4.0.z]
Summary: qemu-kvm NULL pointer de-reference during migration at migrate_fd_connect ->...
Keywords:
Status: POST
Alias: None
Product: Red Hat Enterprise Linux Advanced Virtualization
Classification: Red Hat
Component: qemu-kvm
Version: 8.4
Hardware: Unspecified
OS: Linux
unspecified
urgent
Target Milestone: rc
: 8.4
Assignee: Laurent Vivier
QA Contact: Yanghang Liu
URL:
Whiteboard:
Depends On: 1953045
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-04-30 15:57 UTC by RHEL Program Management Team
Modified: 2021-05-14 10:17 UTC (History)
14 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1953045
Environment:
Last Closed:
Type: ---
Target Upstream Version:


Attachments (Terms of Use)

Comment 3 Yanghang Liu 2021-05-14 09:46:33 UTC
I can use qemu-kvm-5.2.0-16.module+el8.4.0 to reproduce this bug:

Test step:

(1) start a vm with a failover virtio net device:

/usr/libexec/qemu-kvm -enable-kvm -m 1g -M q35 \
-device pcie-root-port,slot=4,id=root1 -device pcie-root-port,slot=5,id=root2 \
-device virtio-net-pci,id=net1,mac=52:54:00:6f:55:cc,failover=on,bus=root1 \
-device e1000e,id=net2,mac=52:54:00:6f:55:cc,bus=root2,addr=0x0,failover_pair_id=net1 \
-monitor stdio \
-vnc :0 \
/home/images/RHEL84.qcow2 \

 
(2) hot-unplug the failover virtio nic

(qemu) device_del net1

(3) do the offline migration

(qemu) migrate "exec:gzip -c > STATEFILE.gz"

(4) check the test result

line 8: 12628 Segmentation fault      (core dumped) /usr/libexec/qemu-kvm -enable-kvm -m 1g -M q35 -device pcie-root-port,slot=4,id=root1 -device pcie-root-port,slot=5,id=root2 -device virtio-net-pci,id=net1,mac=52:54:00:6f:55:cc,failover=on,bus=root1 -device e1000e,id=net2,mac=52:54:00:6f:55:cc,bus=root2,addr=0x0,failover_pair_id=net1 -monitor stdio -vnc :0 /home/images/RHEL84.qcow2


# dmesg
[23911.747222] qemu-kvm[12628]: segfault at 0 ip 0000000000000000 sp 00007fff1762dad8 error 14 in qemu-kvm[5556aaa28000+b13000]
[23911.758442] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.


(gdb) bt
#0  0x0000000000000000 in  ()
#1  0x00005556ab0fbd34 in notifier_list_notify ()
#2  0x00005556aae45552 in migrate_fd_connect ()
#3  0x00005556aadfa6aa in migration_channel_connect ()
#4  0x00005556aae512f8 in exec_start_outgoing_migration ()
#5  0x00005556aae43c99 in qmp_migrate ()
#6  0x00005556aae361b0 in hmp_migrate ()
#7  0x00005556aae0994a in handle_hmp_command ()
#8  0x00005556aae09b70 in monitor_command_cb ()
#9  0x00005556ab108235 in readline_handle_byte ()
#10 0x00005556aae09bc3 in monitor_read ()
#11 0x00005556aafd6e0d in fd_chr_read ()
#12 0x00007f80c5eef8ad in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#13 0x00005556ab10cab0 in main_loop_wait ()
#14 0x00005556aaf6feb1 in qemu_main_loop ()
#15 0x00005556aad4da02 in main ()


Note You need to log in before you can comment on or make changes to this bug.