Bug 1505696

Summary: Qemu crashed when open the second display of virtio video
Product: Red Hat Enterprise Linux 7 Reporter: Fangge Jin <fjin>
Component: qemu-kvm-rhevAssignee: Gerd Hoffmann <kraxel>
Status: CLOSED ERRATA QA Contact: Guo, Zhiyi <zhguo>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 7.5CC: chayang, jinzhao, juzhang, knoel, lmiksik, michen, virt-maint, zhguo
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: qemu-kvm-rhev-2.10.0-20.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-11 00:44:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1460595    
Attachments:
Description Flags
backtrace of qemu none

Description Fangge Jin 2017-10-24 06:59:20 UTC 
Description of problem:
Qemu crashed when open the second display of virtio video. Qemu log:

qemu-kvm: ui/console.c:1567: dpy_gfx_replace_surface: Assertion `old_surface != surface' failed.

Version-Release number of selected component (if applicable):
qemu-kvm-rhev-2.10.0-3.el7.x86_64
spice-server-0.14.0-1.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1.Start a guest with spice graphic, virtio video and heads=3
# virsh dumpxml $guest
...
    <video>
      <model type='virtio' heads='3' primary='yes'/>
    </video>
...

2. Check qemu command line:
... -device virtio-vga,id=video0,max_outputs=3,bus=pci.0,addr=0xb ...

3. Connect to guest by remote-viewer:
# remote-viewer spice://$ip:$port

4. Log in guest

5. Open the second display by remote-viewer: Click View -> Click Displays -> Check on "Display 2"

Actual results:
In step5, qemu crashed

Expected results:
No crash
Comment 2 Fangge Jin 2017-10-24 07:15:33 UTC 
Created attachment 1342543 [details]
backtrace of qemu
Comment 3 Gerd Hoffmann 2017-11-01 08:38:57 UTC 
commit 1540008629bbb6a9c0826582d94ecf7a559f784c
Author: Gerd Hoffmann <kraxel>
Date:   Wed Sep 6 16:21:09 2017 +0200

    console: fix dpy_gfx_replace_surface assert
    
    virtio-gpu can trigger the assert added by commit "6905b93447 console:
    add same surface replace pre-condition" in multihead setups (where
    surface can be NULL for secondary displays).  Allow surface being NULL.
    
    Fixes: 6905b93447a42e606dfd126b90f75f4cd3c6fe94
    Signed-off-by: Gerd Hoffmann <kraxel>
    Reviewed-by: Marc-André Lureau <marcandre.lureau>
    Message-id: 20170906142109.2685-1-kraxel
Comment 5 Miroslav Rezanina 2018-02-07 13:30:30 UTC 
Fix included in qemu-kvm-rhev-2.10.0-20.el7
Comment 7 Guo, Zhiyi 2018-02-12 06:11:47 UTC 
Verify this issue against qemu-kvm-rhev-2.10.0-20.el7.x86_64

Qemu cli used:
/usr/libexec/qemu-kvm -name nice -m 4G \
        -S \
        -cpu Skylake-Client,enforce \
        -smp 4 \
        -monitor stdio \
        -qmp unix:/tmp/qmp,server,nowait \
        -device virtio-vga,max_outputs=2 \
        -serial unix:/tmp/console,server,nowait \
        -netdev tap,id=idinWyYp,vhost=on -device e1000,mac=42:ce:a9:d8:8e:d4,id=idlbq7eA,netdev=idinWyYp \
        -uuid 115e11b2-a869-41b5-91cd-6a32a907be7e \
        -drive file=latest75.qcow2,if=none,id=drive-scsi-disk0,format=qcow2,cache=none,werror=stop,rerror=stop -device ide-hd,drive=drive-sc
si-disk0,id=scsi-disk0 \
        -spice port=5900,disable-ticketing \
        -device virtio-serial -chardev spicevmc,id=vdagent,debug=0,name=vdagent \
        -device virtserialport,chardev=vdagent,name=com.redhat.spice.0 \

Steps:
1. Boot rhel 7.5 guest and use remote-viewer to connect guest.
2. After guest boot to desktop, launch second monitor: View -> Displays -> Display 2

Results:
Display 2 can be launched with desktop graphic. After 3 times trials, no coredump happen too.
Comment 8 Guo, Zhiyi 2018-02-12 06:12:24 UTC 
Verified per comment 7
Comment 10 errata-xmlrpc 2018-04-11 00:44:15 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:1104