Bug 1168509

Summary: qemu-kvm segmentation fault, when boot a RHEL7.1 guest with "-chardev spicevmc" and reboot inside guest
Product: Red Hat Enterprise Linux 6 Reporter: huiqingding <huding>
Component: spice-serverAssignee: Default Assignee for SPICE Bugs <rh-spice-bugs>
Status: CLOSED DUPLICATE QA Contact: Desktop QE <desktop-qa-list>
Severity: high Docs Contact:
Priority: medium    
Version: 6.7CC: cfergeau, dblechte, desktop-qa-list, djasa, fidencio, hhuang, huding, juzhang, kraxel, marcandre.lureau, mkenneth, rbalakri, tpelka, virt-maint, xfu
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1145919 Environment:
Last Closed: 2014-12-15 10:58:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1145919    
Bug Blocks:    

Comment 1 huiqingding 2014-11-27 07:59:57 UTC 
Description of problem:
boot a RHEL7.1 guest with "-chardev spicevmc", login the guest and reboot inside guest, qemu-kvm is Segmentation fault.

Version-Release number of selected component (if applicable):
qemu-kvm-rhev-0.12.1.2-2.448.el6.x86_64
kernel-2.6.32-515.el6.x86_64
spice-server-0.12.4-11.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1.boot a rhel7.1 guest with "-chardev spicevmc"
# /usr/libexec/qemu-kvm -cpu Opteron_G1,enforce \
-enable-kvm  -m 4096  -smp 2,sockets=2,cores=1,threads=1,maxcpus=160 \
-monitor stdio \
-M rhel6.5.0 \
-numa node -numa node \
-global PIIX4_PM.disable_s3=0 \
-global PIIX4_PM.disable_s4=0 \
-drive file=/mnt/rhel_7_1_rhel6.qcow2,if=none,id=drive-scsi-disk,format=qcow2,cache=none,werror=stop,rerror=stop \
-device virtio-scsi-pci,id=scsi0,addr=0x13  \
-device scsi-hd,drive=drive-scsi-disk,bus=scsi0.0,id=data-disk2,bootindex=1 \
-netdev tap,id=hostnet0,vhost=on,id=hostnet0,script=/etc/qemu-ifup \
-device virtio-net-pci,netdev=hostnet0,id=virtio-net-pci0,mac=c2:9a:2f:9c:de:10,bus=pci.0,addr=0x5 \
-qmp tcp:0:4445,server,nowait \
-serial unix:/tmp/tty0,server,nowait \
-spice port=5901,password=redhat-vga,disable-ticketing -vga qxl \
-device virtio-serial-pci,id=virtio-serial1,bus=pci.0,addr=0x1a \
-chardev spicevmc,id=charchannel0,name=vdagent \
-device virtserialport,bus=virtio-serial1.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0 \

2. login the guest
3. inside guest, do reboot
# reboot

Actual results:
qemu-kvm is Segmentation fault:
(gdb) bt
#0  0x00007ffff503c817 in spice_char_device_write_to_device (dev=0x7fffe0000a60) at char_device.c:443
#1  0x00007ffff503cb48 in spice_char_device_start (dev=0x7fffe0000a60) at char_device.c:798
#2  0x00007ffff508136e in spice_server_vm_start (s=<value optimized out>) at reds.c:4544
#3  0x00007ffff7dab3f2 in qemu_system_reset (report=true) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:3340
#4  0x00007ffff7dd1370 in qemu_kvm_system_reset (report=true) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1992
#5  0x00007ffff7dd1573 in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2272
#6  0x00007ffff7db2757 in main_loop (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4268
#7  main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6725
Comment 3 Marc-Andre Lureau 2014-12-15 10:58:02 UTC 

*** This bug has been marked as a duplicate of bug 1163480 ***