[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [Bug 1679126] Re: null pointer access on migration resume o
|
From: |
Thomas Huth |
|
Subject: |
[Qemu-devel] [Bug 1679126] Re: null pointer access on migration resume of systemrescuecd boot menu with qxl-vga |
|
Date: |
Fri, 15 Sep 2017 08:58:08 -0000 |
The fix has apparently been included here:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=a703d3aef5991b72a5a45880e7491232b8032f09
... and has been released with QEMU v2.9 already.
** Changed in: qemu
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1679126
Title:
null pointer access on migration resume of systemrescuecd boot menu
with qxl-vga
Status in QEMU:
Fix Released
Bug description:
With qemu-2.8.0 up to 2.9.0-rc2 and git master (6954cdc), when
resuming from a migration state file created from a VM suspended while
showing the System Rescue CD 4.9.2 boot menu and using the QXL VGA
device, I get a null point access in pixman_image_get_data called from
qemu_spice_create_update (spice-display.c:215). When I added
assert(ssd->mirror != NULL) above that line, assert failed. I don't
get the crash when using standard VGA or cirrus-vga. I am using
gcc-4.9.3 on Gentoo x86_64 with Intel i7-4700HQ CPU and kernel:
4.9.15-gentoo.
Here is the valgrind trace from the git version:
==2634== Thread 1:
==2634== Invalid read of size 4
==3516== at 0x65F3050: pixman_image_get_data (in
/usr/lib64/libpixman-1.so.0.34.0)
==3516== by 0x6F0CEB: qemu_spice_create_update (spice-display.c:215)
==3516== by 0x6F1CC7: qemu_spice_display_refresh (spice-display.c:502)
==3516== by 0x58CF77: display_refresh (qxl.c:1948)
==3516== by 0x6E8084: do_safe_dpy_refresh (console.c:1591)
==3516== by 0x6E80D5: dpy_refresh (console.c:1604)
==3516== by 0x6E4508: gui_update (console.c:201)
==3516== by 0x81898E: timerlist_run_timers (qemu-timer.c:536)
==3516== by 0x8189D6: qemu_clock_run_timers (qemu-timer.c:547)
==3516== by 0x818D98: qemu_clock_run_all_timers (qemu-timer.c:662)
==3516== by 0x81952A: main_loop_wait (main-loop.c:514)
==3516== by 0x4ADD29: main_loop (vl.c:1898)
Minimal steps to reproduce:
Compile (debug compile flags are just so valgrind works, the crash occurs
with non-debug compile flags as well):
CFLAGS="-g -O0" CXXFLAGS="-g -O0" ./configure
--target-list=i386-softmmu,x86_64-softmmu
./configure
make
Start VM and leave it on the System Rescue CD graphical boot menu:
x86_64-softmmu/qemu-system-x86_64 -nodefaults -machine pc -drive
file=systemrescuecd-x86-4.9.2.iso,if=none,id=cdrom-cd,readonly=on -device
ide-cd,bus=ide.0,drive=cdrom-cd,bootindex=1 -device qxl-vga -monitor
unix:monitor.sock,server,nowait -display gtk
Suspend VM and save state:
socat - unix:monitor.sock
stop
migrate "exec:cat > vm.state"
quit
Attempt to resume VM (but this crashes):
x86_64-softmmu/qemu-system-x86_64 -nodefaults -machine pc -drive
file=systemrescuecd-x86-4.9.2.iso,if=none,id=cdrom-cd,readonly=on -device
ide-cd,bus=ide.0,drive=cdrom-cd,bootindex=1 -device qxl-vga -monitor
unix:monitor.sock,server,nowait -display gtk -incoming exec:"cat vm.state"
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1679126/+subscriptions
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-devel] [Bug 1679126] Re: null pointer access on migration resume of systemrescuecd boot menu with qxl-vga,
Thomas Huth <=