Bug 869945

Summary: connect to a stopped spice would lead qemu core dump
Product: Red Hat Enterprise Linux 6 Reporter: Xiaoqing Wei <xwei>
Component: spice-serverAssignee: Uri Lublin <uril>
Status: CLOSED DUPLICATE QA Contact: Desktop QE <desktop-qa-list>
Severity: high Docs Contact:
Priority: high    
Version: 6.4CC: acathrow, areis, borgan, bsarathy, cfergeau, dblechte, dyasny, juzhang, marcandre.lureau, michen, mkenneth, shuang, virt-maint
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 869958 (view as bug list) Environment:
Last Closed: 2012-11-15 17:46:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 869958    
Attachments:
Description Flags
core file: bunzip to decompress none

Description Xiaoqing Wei 2012-10-25 08:02:42 UTC
Description of problem:

connect to a stopped spice would lead qemu core dump

Version-Release number of selected component (if applicable):
qemu-kvm-0.12.1.2-2.331.el6.x86_64
qemu-kvm-rhev-0.12.1.2-2.331.el6.x86_64
How reproducible:

100%

Steps to Reproduce:
1. boot a vm, w/ spice , w/ -S
eg: qemu-kvm -vga qxl -spice port=8000,disable-ticketing -S
2. connect to that qemu w/ spice-client:
spicec -h $host_ip -p 8000
3.
  
Actual results:
qemu core dump

Expected results:
qemu work well

Additional info:

Tried same steps on qemu-kvm-0.12.1.2-2.295.el6.x86_64, works *WELL*, so it's a Regression

Comment 1 Xiaoqing Wei 2012-10-25 08:10:04 UTC
Created attachment 633220 [details]
core file: bunzip to decompress

Original core has been uploaded.

(gdb) bt
#0  0x00007fa103b648a5 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007fa103b66085 in abort () at abort.c:92
#2  0x00007fa103b5da1e in __assert_fail_base (fmt=<value optimized out>, assertion=
    0x7fa1063d0c38 "qemu_spice_display_is_running(&d->ssd)", file=0x7fa1063d0b28 "/builddir/build/BUILD/qemu-kvm-0.12.1.2/hw/qxl.c", 
    line=<value optimized out>, function=<value optimized out>) at assert.c:96
#3  0x00007fa103b5dae0 in __assert_fail (assertion=0x7fa1063d0c38 "qemu_spice_display_is_running(&d->ssd)", file=
    0x7fa1063d0b28 "/builddir/build/BUILD/qemu-kvm-0.12.1.2/hw/qxl.c", line=1658, function=0x7fa1063d1820 "qxl_send_events")
    at assert.c:105
#4  0x00007fa106390c5d in qxl_send_events (d=0x7fa1086bc840, events=16) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl.c:1658
#5  0x00007fa10439c7a2 in handle_new_display_channel (opaque=0x7f9fdc0008c0, payload=0x7f9fdc1d80a0) at red_worker.c:10370
#6  handle_dev_display_connect (opaque=0x7f9fdc0008c0, payload=0x7f9fdc1d80a0) at red_worker.c:11216
#7  0x00007fa10437ccc7 in dispatcher_handle_single_read (dispatcher=0x7fa1072ca1d8) at dispatcher.c:139
#8  dispatcher_handle_recv_read (dispatcher=0x7fa1072ca1d8) at dispatcher.c:162
#9  0x00007fa10439d88e in red_worker_main (arg=<value optimized out>) at red_worker.c:11782
#10 0x00007fa105b5b851 in start_thread (arg=0x7fa0f5bfc700) at pthread_create.c:301
#11 0x00007fa103c1a90d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
(gdb)

Comment 3 Xiaoqing Wei 2012-10-25 08:24:18 UTC
after bisect testing, this is a Regression since
qemu-kvm-0.12.1.2-2.324.el6.x86_64

should be introduced by:
Bug 860017 - [RFE] -spice- Add rendering support in order to improve spice performance

Comment 4 Xiaoqing Wei 2012-10-25 08:30:51 UTC
updating relavent packages here:
spice-server-0.12.0-1.el6.x86_64
vgabios-0.6b-3.6.el6.noarch

Comment 6 Xiaoqing Wei 2012-10-25 09:19:19 UTC
Found that this exists on Fedora rawhide too, cloned a Bug 869958 .

Comment 7 Xiaoqing Wei 2012-10-25 09:21:32 UTC
Hi,

I Found a similar one, Bug 867405 - core dump when starting qemu with spice and -S

If they are same, pls feel free to dup to that bug.

Thanks,
Xiaoqing.

Comment 8 Gerd Hoffmann 2012-10-29 07:56:27 UTC
Looks like a dup of bug 867405 indeed, but I leave that to the spice team to investigate in detail.

Comment 10 Marc-Andre Lureau 2012-11-15 17:46:03 UTC

*** This bug has been marked as a duplicate of bug 867405 ***