Bug 615613

Summary:	VM segfault of spice-server occurred
Product:	Red Hat Enterprise Linux 6	Reporter:	Amos Kong <akong>
Component:	spice-server	Assignee:	Uri Lublin <uril>
Status:	CLOSED NOTABUG	QA Contact:	Desktop QE <desktop-qa-list>
Severity:	medium	Docs Contact:
Priority:	medium
Version:	6.0	CC:	ailan, fyang, mkenneth
Target Milestone:	rc
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2010-10-31 12:32:47 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Amos Kong 2010-07-17 13:21:15 UTC

Description of problem:
Boot up guest with 'qemu-kvm ... -spice port=8000,disable-ticketing ...', segfault occurred.


Coredump: 
(gdb) bt
#0  0x0000003b2aa83e8b in ?? ()
#1  0x0000000000471c20 in qemu_spice_display_create_update (ds=0x1dd6040, dirty=<value optimized out>, unique=<value optimized out>) at /usr/include/bits/string3.h:52
#2  0x0000000000471ccb in interface_get_command (qxl=<value optimized out>, cmd=0x7f06279a8180) at /usr/src/debug/qemu-kvm-0.12.1.2/spice-display.c:255
#3  0x000000309042cbd2 in red_process_commands (worker=0x7f06279a82c0, max_pipe_size=50) at red_worker.c:4314
#4  0x000000309042eb86 in red_worker_main (arg=<value optimized out>) at red_worker.c:8510


Version-Release number of selected component (if applicable):
# rpm -qa |grep spice
spice-server-debuginfo-0.4.2-14.el6.x86_64
ffmpeg-spice-libs-0.4.9-0.15.5spice.20080908.el6.x86_64
cairo-spice-1.8.7.1-4.el6.x86_64
spice-server-0.4.2-14.el6.x86_64
cairo-spice-debuginfo-1.8.7.1-4.el6.x86_64
pixman-spice-debuginfo-0.13.3-5.el6.x86_64
spice-client-0.4.2-15.el6.x86_64
pixman-spice-0.13.3-5.el6.x86_64

host kernel: kernel-2.6.32-44.el6.x86_64
# rpm -qa |grep qemu
qemu-img-0.12.1.2-2.93.el6.x86_64
qemu-kvm-0.12.1.2-2.93.el6.x86_64
qemu-kvm-debuginfo-0.12.1.2-2.93.el6.x86_64
qemu-kvm-tools-0.12.1.2-2.93.el6.x86_64
gpxe-roms-qemu-0.9.7-6.3.el6.noarch


How reproducible:
always

Steps to Reproduce:
1.Boot up guest with 'qemu-kvm ... -spice port=8000,disable-ticketing ...'
  
Actual results:
segfault occurred

Expected results:
guest runs normally

Additional info:

1. Qemu-kvm commandline:
# qemu-kvm -name 'vm1' -monitor unix:'/tmp/monitor-humanmonitor1-20100717-061358-ueBY',server,nowait -drive file='/root/push/client/tests/kvm/isos/windows/winutils.iso',if=none,id=drive-ide0-0-0,media=cdrom,readonly=on,format=raw -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -serial unix:'/tmp/serial-20100717-061358-ueBY',server,nowait -drive file='/root/push/client/tests/kvm/images/win2008-64-virtio.raw',if=none,id=drive-virtio-disk1,media=disk,cache=writethrough,boot=on,format=raw -device virtio-blk-pci,drive=drive-virtio-disk1,id=virtio-disk1 -net nic,vlan=0,netdev=idNkALXQ,model=rtl8139,macaddr='02:A9:7C:6C:04:76' -netdev tap,id=idNkALXQ,ifname='rtl8139_0_8000',script='/root/push/client/tests/kvm/scripts/qemu-ifup',downscript='no' -m 2048 -smp 2 -vnc :0 -spice port=8000,disable-ticketing -rtc base=localtime,clock=host -M rhel6.0.0 -usbdevice tablet -cpu qemu64,+sse2 -no-kvm-pit-reinjection -rtc-td-hack

Comment 2 RHEL Program Management 2010-07-17 13:37:33 UTC

This issue has been proposed when we are only considering blocker
issues in the current Red Hat Enterprise Linux release. It has
been denied for the current Red Hat Enterprise Linux release.

** If you would still like this issue considered for the current
release, ask your support representative to file as a blocker on
your behalf. Otherwise ask that it be considered for the next
Red Hat Enterprise Linux release. **

Comment 3 Uri Lublin 2010-07-18 13:37:12 UTC

1. When using spice, please make sure:
  * VM contains the qxl device ( -vga qxl)
  * vnc is _not_ available.

2. With a simple command line (and a bit newer RPMs), I can't reproduce (meaning qemu-kvm does not crash). 


spice rpms:
pixman-spice-0.13.3-5.el6.x86_64
ffmpeg-spice-libs-0.4.9-0.15.5spice.20080908.el6.x86_64
cairo-spice-1.8.7.1-4.el6.x86_64
spice-client-0.4.2-16.el6.x86_64
spice-server-0.4.2-14.el6.x86_64

qemu rpms:
qemu-kvm-0.12.1.2-2.96.el6.x86_64
qemu-img-0.12.1.2-2.96.el6.x86_64
gpxe-roms-qemu-0.9.7-6.3.el6.noarch

qemu-kvm command line:
/usr/libexec/qemu-kvm -snapshot -hda /tmp/urixp.qcow2  -usbdevice tablet -monitor stdio  -spice port=8000,disable-ticketing

 * with/without -vga qxl
 * with/without -vnc :2 (or -vnc :0)
 * with/without replacing -hda with -drive file=...
 * with/without a cdrom
 * with user network.

Another successful trial (meaning: did not crash)
/usr/libexec/qemu-kvm  -name 'vm1' -monitor unix:'/tmp/monitor',server,nowait -drive file='/tmp/cdrom',if=none,id=myhda0,media=cdrom,readonly=on,format=raw  -device ide-drive,bus=ide.0,unit=0,drive=myhda0,id=ide0-0-0 -serial unix:'/tmp/serial',server,nowait -drive file='/tmp/urixp.qcow2',if=none,id=drive-virtio-disk1,media=disk,cache=writethrough,boot=on,format=qcow2 -device virtio-blk-pci,drive=drive-virtio-disk1,id=virtio-disk1  -net nic,vlan=0,model=rtl8139,macaddr='02:A9:7C:6C:04:76' -net user,vlan=0  -m 2048 -smp 2 -vnc :0 -spice port=8000,disable-ticketing -rtc base=localtime,clock=host -M rhel6.0.0 -usbdevice tablet -cpu qemu64,+sse2 -no-kvm-pit-reinjection -rtc-td-hack

Comment 4 Uri Lublin 2010-07-19 14:09:57 UTC

Amos,

Please try to reproduce with the same command line but without "-spice port=8000,disable-ticketing", without -vnc and with -vga qxl.

Comment 5 Amos Kong 2010-07-20 01:55:40 UTC

(In reply to comment #4)
> Amos,
> 
> Please try to reproduce with the same command line but without "-spice
> port=8000,disable-ticketing", without -vnc and with -vga qxl.    

Ok.
I'll do some installation test, and report result to you later.

Comment 6 YangFeng 2010-08-04 04:53:37 UTC

Reproduce this bug in weekly testing

host kernel: 2.6.32-55.el6.x86_64
qemu-kvm version: qemu-kvm-0.12.1.2-2.104.el6.x86_64
cmdline used:
qemu-kvm -name 'vm1' -monitor unix:'/tmp/monitor-humanmonitor1-20100730-153848-UpE9',server,nowait -drive file='/usr/local/autotest/tests/kvm/isos/windows/winutils.iso',if=none,id=drive-ide0-0-0,media=cdrom,readonly=on,format=raw -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -serial unix:'/tmp/serial-20100730-153848-UpE9',server,nowait -drive file='/usr/local/autotest/tests/kvm/images/win7-32-virtio.qcow2',if=none,id=drive-virtio-disk1,media=disk,cache=none,boot=on,format=qcow2 -device virtio-blk-pci,drive=drive-virtio-disk1,id=virtio-disk1 -drive file='/usr/local/autotest/tests/kvm/images/storage.qcow2',if=none,id=drive-virtio-disk2,media=disk,cache=none,format=qcow2 -device virtio-blk-pci,drive=drive-virtio-disk2,id=virtio-disk2 -net nic,vlan=0,netdev=id9uXtq7,model=virtio,macaddr='02:A9:13:4E:e5:02' -netdev tap,id=id9uXtq7,ifname='virtio_0_8000',script='/usr/local/autotest/tests/kvm/scripts/qemu-ifup-switch',downscript='no',vhost=on -m 4096 -smp 2 -vnc :0 -spice port=8000,disable-ticketing -rtc base=localtime,clock=host -M rhel6.0.0 -usbdevice tablet -cpu qemu64,+sse2 -no-kvm-pit-reinjection

Comment 7 Amos Kong 2010-08-04 05:15:53 UTC

(In reply to comment #6)
> Reproduce this bug in weekly testing

How about the reproduce ratio ?

> host kernel: 2.6.32-55.el6.x86_64
> qemu-kvm version: qemu-kvm-0.12.1.2-2.104.el6.x86_64

Comment 8 YangFeng 2010-08-04 05:39:14 UTC

(In reply to comment #7)
> (In reply to comment #6)
> > Reproduce this bug in weekly testing
> 
> How about the reproduce ratio ?
> 
> > host kernel: 2.6.32-55.el6.x86_64
> > qemu-kvm version: qemu-kvm-0.12.1.2-2.104.el6.x86_64    

Reproduce this bug in a automation testing.

Only reproduce one time for about 100 test cases.

Comment 9 Uri Lublin 2010-08-04 09:08:56 UTC

YangFeng,

When running qemu-kvm make sure only one of vnc or spice is used.
Also when using spice, make sure to add the qxl device (-vga qxl).

Please run the tests again twice, one for each option below:
1. run with -vnc and without -spice
2. run without -vnc and with -vga qxl -spice ...

Is the problem reproduced with vnc ?
Is the problem reproduced with spice ?
Only with vnc, or only with spice, or both ?

Thanks.

Comment 10 YangFeng 2010-08-09 08:12:48 UTC

(In reply to comment #9)
> YangFeng,
> 
> When running qemu-kvm make sure only one of vnc or spice is used.
> Also when using spice, make sure to add the qxl device (-vga qxl).
> 
I have run weekly testing loop twice again according your comment.

> Please run the tests again twice, one for each option below:
> 1. run with -vnc and without -spice
Fail to reproduce this bug.

> 2. run without -vnc and with -vga qxl -spice ...
Fail to reproduce this bug.

> 
> Is the problem reproduced with vnc ?
> Is the problem reproduced with spice ?
> Only with vnc, or only with spice, or both ?
> 
> Thanks.

Comment 12 Uri Lublin 2010-10-31 12:32:47 UTC

I'm closing this bug, with NOTABUG.

If someone can reproduce this bug please reopen it (or file a new bug).