Bug 1372192

Summary: spice: dead-lock when 'quit'
Product: Red Hat Enterprise Linux 7 Reporter: Marcel Kolaja <mkolaja>
Component: qemu-kvm-rhevAssignee: Marc-Andre Lureau <marcandre.lureau>
Status: CLOSED CURRENTRELEASE QA Contact: Guo, Zhiyi <zhguo>
Severity: medium Docs Contact:
Priority: high    
Version: 7.3CC: amit.shah, armbru, chayang, dgilbert, jherrman, jinzhao, juzhang, knoel, marcandre.lureau, quintela, virt-maint, xfu, yduan
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: qemu-kvm-rhev-2.3.0-31.el7_2.24 Doc Type: Bug Fix
Doc Text:
Previously, attempting to shut down a guest virtual machine that was using SPICE audio caused the guest to enter a deadlock state. This update improves the ordering of clean-up actions when exiting a guest, and guests using SPICE audio now shut down correctly.
 Story Points: ---
Clone Of: 1355704 Environment:
Last Closed: 2020-05-06 11:21:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1355704    
Bug Blocks:    

Description Marcel Kolaja 2016-09-01 07:05:09 UTC 
This bug has been copied from bug #1355704 and has been proposed
to be backported to 7.2 z-stream (EUS).
Comment 3 Marc-Andre Lureau 2016-11-18 14:41:43 UTC 
Hang reproducible with similar instructions to parent bug:
run a VM with spice+audio, connect a spice client, and shutdown the VM.

(gdb) bt
#0  0x00007ffff6bbaafd in __lll_lock_wait () at ../sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:135
#1  0x00007ffff6bb4a0d in __GI___pthread_mutex_lock (mutex=0x555556348f60) at ../nptl/pthread_mutex_lock.c:80
#2  0x0000555555993382 in qemu_mutex_lock (mutex=0x555556348f60) at util/qemu-thread-posix.c:73
#3  0x000055555572ac0d in qemu_chr_fe_write (s=0x555556348f60, buf=0x55555634a200 "{\"timestamp\": {\"seconds\": 1479479972, \"microseconds\": 207986}, \"event\": \"SPICE_DISCONNECTED\", \"data\": {\"server\": {\"port\": \"5910\", \"family\": \"ipv4\", \"host\": \"127.0.0.1\"}, \"client\": {\"port\": \"39712\", \"f"..., len=240) at qemu-char.c:219
#4  0x0000555555621eed in monitor_flush_locked (mon=0x5555564de7f0) at /home/elmarco/src/qemu/monitor.c:308
#5  0x0000555555622086 in monitor_puts (mon=0x5555564de7f0, str=0x55555634869f "") at /home/elmarco/src/qemu/monitor.c:350
#6  0x000055555562239f in monitor_json_emitter (mon=0x5555564de7f0, data=0x5555564e6c00) at /home/elmarco/src/qemu/monitor.c:416
#7  0x00005555556225b7 in monitor_qapi_event_emit (event=QAPI_EVENT_SPICE_DISCONNECTED, data=0x5555564e6c00) at /home/elmarco/src/qemu/monitor.c:478
#8  0x000055555562268d in monitor_qapi_event_queue (event=QAPI_EVENT_SPICE_DISCONNECTED, data=0x5555564e6c00, errp=0x7fffffffd308) at /home/elmarco/src/qemu/monitor.c:504
#9  0x0000555555983993 in qapi_event_send_spice_disconnected (server=0x5555575907f0, client=0x555556c63580, errp=0x5555562b3ae8 <error_abort>) at qapi-event.c:1270
#10 0x00005555558be1e5 in channel_event (event=3, info=0x555556c61550) at ui/spice-core.c:244
#11 0x00007fffdb9e793a in reds_handle_channel_event (reds=<optimized out>, event=event@entry=3, info=info@entry=0x555556c61550) at reds.c:325
#12 0x00007fffdb9cfed3 in main_dispatcher_channel_event (info=0x555556c61550, event=3, self=0x555556357880 [MainDispatcher]) at main-dispatcher.c:175
#13 0x00007fffdb9cfed3 in main_dispatcher_channel_event (self=0x555556357880 [MainDispatcher], event=event@entry=3, info=0x555556c61550) at main-dispatcher.c:194
#14 0x00007fffdb9f0176 in reds_stream_push_channel_event (s=s@entry=0x555557d97e30, event=event@entry=3) at reds-stream.c:354
#15 0x00007fffdb9f01ab in reds_stream_free (s=0x555557d97e30) at reds-stream.c:323
#16 0x00007fffdb9f9783 in snd_disconnect_channel (channel=0x5555583229d0) at sound.c:229
#17 0x00007fffdb9f9da6 in snd_detach_common (worker=0x555556fff6d0) at sound.c:1589
#18 0x00007fffdb9fcba1 in snd_detach_playback (sin=sin@entry=0x555556fff688) at sound.c:1602
#19 0x00007fffdb9eb7d8 in spice_server_remove_interface (sin=0x555556fff688) at reds.c:3405
#20 0x00005555557678e4 in line_out_fini (hw=0x555556fff600) at audio/spiceaudio.c:148
#21 0x00005555557614af in audio_atexit () at audio/audio.c:1787
#22 0x00007fffda94b258 in __run_exit_handlers (status=0, listp=0x7fffdacce5d8 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true) at exit.c:82
#23 0x00007fffda94b2a5 in __GI_exit (status=<optimized out>) at exit.c:104
#24 0x00007fffda932738 in __libc_start_main (main=0x55555573beb3 <main>, argc=20, argv=0x7fffffffd668, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffd658) at ../csu/libc-start.c:323
#25 0x00005555555ec309 in _start ()
Comment 4 Miroslav Rezanina 2016-12-01 10:32:57 UTC 
Fix included in qemu-kvm-rhev-2.3.0-31.el7_2.24
Comment 6 Guo, Zhiyi 2016-12-09 07:30:17 UTC 
Hi Marc,

Test against rhel7.2.z guest & host with kernel kernel-3.10.0-327.44.2.el7.x86_64 and buggy qemu-kvm-rhev-2.3.0-31.el7_2.23.x86_64, qemu will hang after executing quit from qmp, following steps from https://bugzilla.redhat.com/show_bug.cgi?id=1355704#c16
I give 10 trials and no qemu core dump happen.

Test against fixed qemu-kvm-rhev-2.3.0-31.el7_2.24.x86_64 and same steps, qemu can quit normally.
Did this phenomenon lead to bug fixed?

BR/
Guo, Zhiyi
Comment 7 Marc-Andre Lureau 2016-12-09 08:27:11 UTC 
(In reply to Guo, Zhiyi from comment #6)
> Test against fixed qemu-kvm-rhev-2.3.0-31.el7_2.24.x86_64 and same steps,
> qemu can quit normally.
> Did this phenomenon lead to bug fixed?

yes (as said in comment 3, it is a hang fix)

thanks
Comment 8 Guo, Zhiyi 2016-12-09 08:29:02 UTC 
Per comment 6-7, mark as verified