Bug 1159425

Summary: [abrt] qemu-kvm-rhev: memset(): qemu-kvm killed by SIGSEGV
Product: Red Hat Enterprise Linux 7 Reporter: David Jaša <djasa>
Component: spiceAssignee: Default Assignee for SPICE Bugs <rh-spice-bugs>
Status: CLOSED DUPLICATE QA Contact: Desktop QE <desktop-qa-list>
Severity: high Docs Contact:
Priority: unspecified    
Version: 7.0CC: cfergeau, djasa, marcandre.lureau, tpelka, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: http://faf-report.itos.redhat.com/reports/bthash/6b49e46239a2ad1f6fb16b2303f8433b3e9ef8c3
Whiteboard: abrt_hash:416ee8f4b5a67892bb4c63e449481bc7a7c309b9
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-12-11 16:19:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: dso_list
none
File: environ
none
File: exploitable
none
File: limits
none
File: maps
none
File: open_fds
none
File: proc_pid_status
none
File: var_log_messages none

Description David Jaša 2014-10-31 22:51:41 UTC 
Description of problem:
spice-server crashed when resizing guest from client:
1. connect to a guest from windows client launched from cmd with --spice-debug and -f options
2. exit fullscreen
3. grab top left corner of a remote-viewer windows, move it close to lower right corner, continue resizing the windows till the VM crashes (or remote-viewer crashes)

versions:
spice-server-0.12.4-5.el7.x86_64
qemu-kvm-rhev-1.5.3-60.el7_0.10.x86_64
glibc-2.17-55.el7_0.1.x86_64

Version-Release number of selected component:
qemu-kvm-rhev-1.5.3-60.el7_0.10

Additional info:
reporter:       libreport-2.1.11
backtrace_rating: 4
cmdline:        /usr/libexec/qemu-kvm -name tp-rhel71 -S -machine rhel6.5.0,accel=kvm,usb=off -cpu Nehalem -m 1024 -realtime mlock=off -smp 1,maxcpus=16,sockets=16,cores=1,threads=1 -uuid 75909e63-91c7-4d58-aa27-a07ff874c809 -smbios 'type=1,manufacturer=Red Hat,product=RHEV Hypervisor,version=7.0-1.el7,serial=D2856658-3374-11DF-BBDA-05C14FFB18A9,uuid=75909e63-91c7-4d58-aa27-a07ff874c809' -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/tp-rhel71.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=2014-10-31T21:36:05,driftfix=slew -no-kvm-pit-reinjection -no-hpet -no-shutdown -boot menu=on,strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x5.0x7 -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x5.0x1 -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x5 -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x5.0x2 -device virtio-scsi-pci,id=scsi0,bus=pci.0,addr=0x6 -device virtio-serial-pci,id=virtio-serial0,max_ports=16,bus=pci.0,addr=0x7 -drive if=none,id=drive-ide0-1-0,readonly=on,format=raw,serial= -device ide-cd,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -drive file=/rhev/data-center/00000002-0002-0002-0002-000000000237/1312236c-5b8d-4d60-8c84-7e92c19ec064/images/8d4ac956-9979-4e2d-ae6e-40b4a155bdc7/9bea6ac5-12e5-4632-8d14-b10589d846f1,if=none,id=drive-scsi0-0-0-0,format=raw,serial=8d4ac956-9979-4e2d-ae6e-40b4a155bdc7,cache=none,werror=stop,rerror=stop,aio=native -device scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,drive=drive-scsi0-0-0-0,id=scsi0-0-0-0,bootindex=1 -netdev tap,fd=27,id=hostnet0,vhost=on,vhostfd=28 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=00:1a:4a:2a:2a:09,bus=pci.0,addr=0x3 -chardev socket,id=charchannel0,path=/var/lib/libvirt/qemu/channels/75909e63-91c7-4d58-aa27-a07ff874c809.com.redhat.rhevm.vdsm,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.rhevm.vdsm -chardev socket,id=charchannel1,path=/var/lib/libvirt/qemu/channels/75909e63-91c7-4d58-aa27-a07ff874c809.org.qemu.guest_agent.0,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,id=channel1,name=org.qemu.guest_agent.0 -chardev spicevmc,id=charchannel2,name=vdagent -device virtserialport,bus=virtio-serial0.0,nr=3,chardev=charchannel2,id=channel2,name=com.redhat.spice.0 -spice tls-port=5900,addr=10.34.130.227,x509-dir=/etc/pki/vdsm/libvirt-spice,tls-channel=main,tls-channel=display,tls-channel=inputs,tls-channel=cursor,tls-channel=playback,tls-channel=record,tls-channel=smartcard,tls-channel=usbredir,seamless-migration=on -k en-us -vga qxl -global qxl-vga.ram_size=67108864 -global qxl-vga.vram_size=33554432 -device qxl,id=video1,ram_size=67108864,vram_size=33554432,bus=pci.0,addr=0xa -device qxl,id=video2,ram_size=67108864,vram_size=33554432,bus=pci.0,addr=0xb -device qxl,id=video3,ram_size=67108864,vram_size=33554432,bus=pci.0,addr=,bus=sound0.0,cad=0 -chardev spicevmc,id=charredir0,name=usbredir -device usb-redir,chardev=charredir0,id=redir0 -chardev spicevmc,id=charredir1,name=usbredir -device usb-redir,chardev=charredir1,id=redir1 -chardev spicevmc,id=charredir2,name=usbredir -device usb-redir,chardev=charredir2,id=redir2 -chardev spicevmc,id=charredir3,name=usbredir -device usb-redir,chardev=charredir3,id=redir3 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x9
crash_function: memset
executable:     /usr/libexec/qemu-kvm
kernel:         3.10.0-123.9.2.el7.x86_64
runlevel:       N 3
type:           CCpp
uid:            107

Truncated backtrace:
Thread no. 1 (9 frames)
 #0 memset at /lib64/libc.so.6
 #2 red_create_surface at red_worker.c:9657
 #3 red_process_surface at red_worker.c:4295
 #4 red_process_commands at red_worker.c:5241
 #5 flush_display_commands at red_worker.c:9710
 #6 handle_dev_update_async at red_worker.c:11026
 #7 dispatcher_handle_single_read at dispatcher.c:139
 #8 dispatcher_handle_recv_read at dispatcher.c:162
 #9 red_worker_main at red_worker.c:12196
Comment 1 David Jaša 2014-10-31 22:51:46 UTC 
Created attachment 952633 [details]
File: backtrace
Comment 2 David Jaša 2014-10-31 22:51:47 UTC 
Created attachment 952634 [details]
File: cgroup
Comment 3 David Jaša 2014-10-31 22:51:49 UTC 
Created attachment 952635 [details]
File: core_backtrace
Comment 4 David Jaša 2014-10-31 22:51:50 UTC 
Created attachment 952636 [details]
File: dso_list
Comment 5 David Jaša 2014-10-31 22:51:51 UTC 
Created attachment 952637 [details]
File: environ
Comment 6 David Jaša 2014-10-31 22:51:53 UTC 
Created attachment 952638 [details]
File: exploitable
Comment 7 David Jaša 2014-10-31 22:51:54 UTC 
Created attachment 952639 [details]
File: limits
Comment 8 David Jaša 2014-10-31 22:51:56 UTC 
Created attachment 952640 [details]
File: maps
Comment 9 David Jaša 2014-10-31 22:51:57 UTC 
Created attachment 952641 [details]
File: open_fds
Comment 10 David Jaša 2014-10-31 22:51:59 UTC 
Created attachment 952642 [details]
File: proc_pid_status
Comment 11 David Jaša 2014-10-31 22:52:00 UTC 
Created attachment 952643 [details]
File: var_log_messages
Comment 12 David Jaša 2014-10-31 22:53:54 UTC 
The last frame is from glibc but assigning to spice-server first to find out if the bug actually isn't there.
Comment 14 Christophe Fergeau 2014-11-03 16:24:28 UTC 
Could you try spice-server spice-server-0.12.4-6? This looks like bug #1029646
Comment 16 David Jaša 2014-12-11 16:19:41 UTC 
(In reply to Christophe Fergeau from comment #14)
> Could you try spice-server spice-server-0.12.4-6? This looks like bug
> #1029646

Yeah, you're right. It doesn't occur anymore (tested in -8) and the backtrace is the same.

*** This bug has been marked as a duplicate of bug 1029646 ***