Bug 766518

Summary: Core dump when using spice client connecting to a guest has both spice and vnc connection
Product: Red Hat Enterprise Linux 5 Reporter: Shaolong Hu <shu>
Component: kvmAssignee: Alon Levy <alevy>
Status: CLOSED WONTFIX QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: high    
Version: 5.8CC: dblechte, juzhang, kraxel, michen, mkenneth, rhod, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-25 09:47:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Shaolong Hu 2011-12-12 09:02:09 UTC 
Description of problem:
------------------------
Boot a guest with both spice and vnc connection, then connect guest with spice client, kvm core dump.

Version-Release number of selected component (if applicable):
----------------------------------------------------------------
kvm-83-246.el5
2.6.18-300.el5

How reproducible:
-----------------
100%

Steps to Reproduce:
-------------------
1.boot guest with:
(gdb) r -no-hpet -rtc-td-hack -cpu qemu64,+sse2 -smp 4 -m 4G -name rhel5.7 -uuid 31e71eea-d178-4988-89da-25b2e4484001 -drive file=RHEL-Server-5.7-64-virtio.qcow2,format=qcow2,cache=off,index=0,boot=on,media=disk,if=virtio -monitor stdio -usbdevice tablet -net nic,vlan=0,model=virtio -net tap,vlan=0,ifname=net1,script=/etc/qemu-ifup -M rhel5.6.0 -vnc :10 -spice port=5920,disable-ticketing
Starting program: /usr/libexec/qemu-kvm -no-hpet -rtc-td-hack -cpu qemu64,+sse2 -smp 4 -m 4G -name rhel5.7 -uuid 31e71eea-d178-4988-89da-25b2e4484001 -drive file=RHEL-Server-5.7-64-virtio.qcow2,format=qcow2,cache=off,index=0,boot=on,media=disk,if=virtio -monitor stdio -usbdevice tablet -net nic,vlan=0,model=virtio -net tap,vlan=0,ifname=net1,script=/etc/qemu-ifup -M rhel5.6.0 -vnc :10 -spice port=5920,disable-ticketing
2.spicec -h X.X.X.X -p 5920

  
Actual results:
----------------
Program received signal SIGSEGV, Segmentation fault.
0x0000003a9060dd9e in cairo_surface_reference () from /usr/lib64/libspice.so.0
(gdb) bt
#0  0x0000003a9060dd9e in cairo_surface_reference () from /usr/lib64/libspice.so.0
#1  0x0000003a90617a92 in ?? () from /usr/lib64/libspice.so.0
#2  0x0000000000409452 in main_loop_wait (timeout=<value optimized out>) at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/vl.c:4093
#3  0x000000000050139a in kvm_main_loop () at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/qemu-kvm.c:596
#4  0x000000000040e737 in main_loop (argc=29, argv=0x7fffffffe778, envp=<value optimized out>) at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/vl.c:4150
#5  main (argc=29, argv=0x7fffffffe778, envp=<value optimized out>) at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/vl.c:6552


Expected results:
------------------
no core dump.
Comment 1 juzhang 2011-12-12 09:26:26 UTC 
FYI,Bug 760456
these two bugs seems same senarios,difference results
Comment 2 Alon Levy 2011-12-21 13:08:57 UTC 
Please install debug symbols for libspice.so.0 and update the stack trace.

Thanks,
Alon
Comment 3 Shaolong Hu 2011-12-22 06:37:22 UTC 
(In reply to comment #2)
> Please install debug symbols for libspice.so.0 and update the stack trace.
> 
> Thanks,
> Alon

Program received signal SIGSEGV, Segmentation fault.
0x0000003a9060dd9e in red_dispatcher_qxl_ram_size () at red_dispatcher.c:360
360	    dispatchers->qxl_interface->get_info(dispatchers->qxl_interface, &qxl_info);
(gdb) bt
#0  0x0000003a9060dd9e in red_dispatcher_qxl_ram_size () at red_dispatcher.c:360
#1  0x0000003a90617a92 in reds_handle_main_link (opaque=<value optimized out>) at reds.c:2090
#2  reds_handle_ticket (opaque=<value optimized out>) at reds.c:2559
#3  0x0000000000409452 in main_loop_wait (timeout=<value optimized out>) at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/vl.c:4093
#4  0x000000000050139a in kvm_main_loop () at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/qemu-kvm.c:596
#5  0x000000000040e737 in main_loop (argc=29, argv=0x7fffffffe778, envp=<value optimized out>) at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/vl.c:4150
#6  main (argc=29, argv=0x7fffffffe778, envp=<value optimized out>) at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/vl.c:6552
Comment 5 Ronen Hod 2011-12-25 09:47:21 UTC 
Copied from
https://bugzilla.redhat.com/show_bug.cgi?id=760456#c3

Since this is not a regression, and there is no data corruption, and there
exists a simple workaround, I am closing.
I believe that RHEV-M is not using both VNC and spice, so they do not encounter
the problem.

It might be worth checking on RHEL6.