Bug 961577

Summary: segfault using spice + GTK broadway backend
Product: [Fedora] Fedora Reporter: Michael Hines <mrhines>
Component: spice-gtkAssignee: Marc-Andre Lureau <marcandre.lureau>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: rawhideCC: acathrow, berrange, cfergeau, crobinso, hdegoede, marcandre.lureau, sandmann, virt-maint, xen-maint
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 961575 Environment:
Last Closed: 2013-09-03 16:43:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 961575    
Bug Blocks:    

Description Michael Hines 2013-05-10 01:51:45 UTC 
Description of problem:

The GTK broadway backend is a very convenient way to see applications over websockets in HTML5.

Trying to use virt-viewer causes a segfault as soon as you try to access the viewer inside the browser.

Version-Release number of selected component (if applicable):

virt-viewer-0.5.6

How reproducible:

100% reproducible. Just run with GDB_BACKEND=broadway set and then point your browser to port 8080 and try to use remote-viewer inside the browser. The segfault is immediate.

Steps to Reproduce:
1. GDK_BACKEND=broadway remote-viewer URI
2. Load chrome/firefox and point to port 8080 on the localhost
3. Then try to interact with the viewer
  
Actual results:

mrhines@mrhinesdev:~/packages/virt-viewer-0.5.6$ GDK_BACKEND=broadway gdb remote-viewer
GNU gdb (GDB) 7.5-ubuntu
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/remote-viewer...done.
(gdb) run spice://klinux13:5900
Starting program: /usr/bin/remote-viewer spice://klinux13:5900
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
[New Thread 0xaf07fb40 (LWP 17728)]
[New Thread 0xae6ffb40 (LWP 17730)]
[New Thread 0xadcffb40 (LWP 17731)]

(remote-viewer:17719): vnc-keymap-WARNING **: Unsupported GDK Windowing platform.
Disabling extended keycode tables.
Please report to gtk-vnc-list
including the following information:

  - Operating system
  - GDK Windowing system build


Program received signal SIGSEGV, Segmentation fault.
require_socket (dpy=dpy@entry=0x809c400) at ../../src/xcb_io.c:65
65      ../../src/xcb_io.c: No such file or directory.
(gdb) bt
#0  require_socket (dpy=dpy@entry=0x809c400) at ../../src/xcb_io.c:65
#1  0xb70be45f in _XFlush (dpy=dpy@entry=0x809c400) at ../../src/xcb_io.c:514
#2  0xb70c1268 in _XGetRequest (dpy=dpy@entry=0x809c400, type=type@entry=103 'g', len=len@entry=4) at ../../src/XlibInt.c:1973
#3  0xb70a330c in XGetKeyboardControl (dpy=0x809c400, state=state@entry=0xbfffe644) at ../../src/GetKCnt.c:40
#4  0xb7e4f525 in get_keyboard_lock_modifiers (x_display=<optimized out>) at spice-widget.c:2563
#5  sync_keyboard_lock_modifiers (display=display@entry=0x826a0b8) at spice-widget.c:2592
#6  0xb7e506fa in focus_in_event (widget=0x826a0b8, focus=focus@entry=0x820d538) at spice-widget.c:1433
#7  0xb7aee2a0 in _gtk_marshal_BOOLEAN__BOXEDv (closure=0x8086c88, return_value=0xbfffe824, instance=0x826a0b8, args=0xbfffe98c "8\325 \b\254\351\377\277\204o[\267", marshal_data=0xb7e50660 <focus_in_event>, n_params=1, 
    param_types=0x8086ca0) at /build/buildd/gtk+3.0-3.6.0/./gtk/gtkmarshalers.c:130
#8  0xb7592177 in g_type_class_meta_marshalv (closure=closure@entry=0x8086c88, return_value=return_value@entry=0xbfffe824, instance=instance@entry=0x826a0b8, args=args@entry=0xbfffe98c "8\325 \b\254\351\377\277\204o[\267", 
    marshal_data=marshal_data@entry=0xec, n_params=n_params@entry=1, param_types=param_types@entry=0x8086ca0) at /build/buildd/glib2.0-2.34.1/./gobject/gclosure.c:997
#9  0xb7593a0d in _g_closure_invoke_va (closure=0x8086c88, return_value=return_value@entry=0xbfffe824, instance=instance@entry=0x826a0b8, args=args@entry=0xbfffe98c "8\325 \b\254\351\377\277\204o[\267", n_params=1, 
    param_types=0x8086ca0) at /build/buildd/glib2.0-2.34.1/./gobject/gclosure.c:840
#10 0xb75ace77 in g_signal_emit_valist (instance=instance@entry=0x826a0b8, signal_id=signal_id@entry=41, detail=detail@entry=0, var_args=var_args@entry=0xbfffe98c "8\325 \b\254\351\377\277\204o[\267")
    at /build/buildd/glib2.0-2.34.1/./gobject/gsignal.c:3211
#11 0xb75ad8b3 in g_signal_emit (instance=instance@entry=0x826a0b8, signal_id=41, detail=detail@entry=0) at /build/buildd/glib2.0-2.34.1/./gobject/gsignal.c:3356
#12 0xb7c3d71b in gtk_widget_event_internal (widget=widget@entry=0x826a0b8, event=event@entry=0x820d538) at /build/buildd/gtk+3.0-3.6.0/./gtk/gtkwidget.c:6294
#13 0xb7c3db1e in gtk_widget_event (widget=widget@entry=0x826a0b8, event=event@entry=0x820d538) at /build/buildd/gtk+3.0-3.6.0/./gtk/gtkwidget.c:5951
#14 0xb7c4d076 in gtk_widget_send_focus_change (widget=widget@entry=0x826a0b8, event=event@entry=0x820d538) at /build/buildd/gtk+3.0-3.6.0/./gtk/gtkwidget.c:13686
#15 0xb7c5055e in do_focus_change (widget=0x826a0b8, in=1) at /build/buildd/gtk+3.0-3.6.0/./gtk/gtkwindow.c:6238
#16 0xb7c506a1 in window_update_has_focus (window=window@entry=0x80b8010) at /build/buildd/gtk+3.0-3.6.0/./gtk/gtkwindow.c:9566
#17 0xb7c5d4ca in _gtk_window_set_is_active (window=0x80b8010, is_active=1) at /build/buildd/gtk+3.0-3.6.0/./gtk/gtkwindow.c:9595
#18 0xb7c5da88 in gtk_window_focus_in_event (widget=0x80b8010, event=<optimized out>) at /build/buildd/gtk+3.0-3.6.0/./gtk/gtkwindow.c:6292
#19 gtk_window_focus_in_event (widget=widget@entry=0x80b8010, event=0x820d478) at /build/buildd/gtk+3.0-3.6.0/./gtk/gtkwindow.c:6278
#20 0xb7aee1d2 in _gtk_marshal_BOOLEAN__BOXED (closure=0x8086c88, return_value=0xbfffec40, n_param_values=2, param_values=0xbfffecb0, invocation_hint=0xbfffec5c, marshal_data=0xb7c5da20 <gtk_window_focus_in_event>)
    at /build/buildd/gtk+3.0-3.6.0/./gtk/gtkmarshalers.c:85
#21 0xb75926bd in g_type_class_meta_marshal (closure=closure@entry=0x8086c88, return_value=return_value@entry=0xbfffec40, n_param_values=n_param_values@entry=2, param_values=param_values@entry=0xbfffecb0, 
    invocation_hint=invocation_hint@entry=0xbfffec5c, marshal_data=marshal_data@entry=0xec) at /build/buildd/glib2.0-2.34.1/./gobject/gclosure.c:970
#22 0xb7593826 in g_closure_invoke (closure=closure@entry=0x8086c88, return_value=return_value@entry=0xbfffec40, n_param_values=2, param_values=param_values@entry=0xbfffecb0, invocation_hint=invocation_hint@entry=0xbfffec5c)
    at /build/buildd/glib2.0-2.34.1/./gobject/gclosure.c:777
#23 0xb75a543a in signal_emit_unlocked_R (node=node@entry=0x8086cb0, detail=detail@entry=0, instance=instance@entry=0x80b8010, emission_return=emission_return@entry=0xbfffed6c, instance_and_params=instance_and_params@entry=0xbfffecb0)
    at /build/buildd/glib2.0-2.34.1/./gobject/gsignal.c:3589
#24 0xb75ad473 in g_signal_emit_valist (instance=instance@entry=0x80b8010, signal_id=signal_id@entry=41, detail=detail@entry=0, var_args=0xbfffeeb0 "\314\356\377\277\204o[\267\200\260\b\b", 
    var_args@entry=0xbfffeeac "x\324 \b\314\356\377\277\204o[\267\200\260\b\b") at /build/buildd/glib2.0-2.34.1/./gobject/gsignal.c:3310
#25 0xb75ad8b3 in g_signal_emit (instance=instance@entry=0x80b8010, signal_id=41, detail=detail@entry=0) at /build/buildd/glib2.0-2.34.1/./gobject/gsignal.c:3356
#26 0xb7c3d71b in gtk_widget_event_internal (widget=widget@entry=0x80b8010, event=event@entry=0x820d478) at /build/buildd/gtk+3.0-3.6.0/./gtk/gtkwidget.c:6294
#27 0xb7c3db1e in gtk_widget_event (widget=widget@entry=0x80b8010, event=event@entry=0x820d478) at /build/buildd/gtk+3.0-3.6.0/./gtk/gtkwidget.c:5951
#28 0xb7aee068 in gtk_main_do_event (event=0x820d478) at /build/buildd/gtk+3.0-3.6.0/./gtk/gtkmain.c:1651
#29 0xb7787eec in _gdk_event_emit (event=event@entry=0x820d478) at /build/buildd/gtk+3.0-3.6.0/./gdk/gdkevents.c:69
#30 0xb77caa98 in gdk_event_source_dispatch (source=source@entry=0x808f080, callback=0x0, user_data=0x0) at /build/buildd/gtk+3.0-3.6.0/./gdk/broadway/gdkeventsource.c:362
#31 0xb74d09e3 in g_main_dispatch (context=0x8097ec8) at /build/buildd/glib2.0-2.34.1/./glib/gmain.c:2715
#32 g_main_context_dispatch (context=context@entry=0x8097ec8) at /build/buildd/glib2.0-2.34.1/./glib/gmain.c:3219
#33 0xb74d0d80 in g_main_context_iterate (context=0x8097ec8, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /build/buildd/glib2.0-2.34.1/./glib/gmain.c:3290
#34 0xb74d11db in g_main_loop_run (loop=loop@entry=0x8169428) at /build/buildd/glib2.0-2.34.1/./glib/gmain.c:3484
#35 0xb7aecfed in gtk_main () at /build/buildd/gtk+3.0-3.6.0/./gtk/gtkmain.c:1162
#36 0x08053458 in main (argc=1, argv=0xbffff304) at remote-viewer-main.c:316
(gdb) quit


Expected results:

No crash =)

Additional info:
Comment 1 Daniel Berrangé 2013-05-10 09:05:35 UTC 
Sigh, naughty, naughty, very naughty, spice-gtk widget is blindly calling GDK_WINDOW_XDISPLAY without first checking GDK_IS_X11_DISPLAY to see if the GTK windowing backend is X11 :-(
Comment 2 Marc-Andre Lureau 2013-05-10 11:55:18 UTC 
(In reply to comment #1)
> Sigh, naughty, naughty, very naughty, spice-gtk widget is blindly calling
> GDK_WINDOW_XDISPLAY without first checking GDK_IS_X11_DISPLAY to see if the
> GTK windowing backend is X11 :-(

yeah, it isn't ready for having gtk/gdk backend at runtime, that's it.

will work on it
Comment 3 Marc-Andre Lureau 2013-05-10 20:51:18 UTC 
sent some patches to spice ML, however, broadway isn't going to work nicely with spice or vnc client, since it sends keysyms atm.. I added basic en mapping support, but I am afraid this isn't going to fly (and I guess Daniel will not like it either):

http://lists.freedesktop.org/archives/spice-devel/2013-May/013383.html
Comment 4 Michael Hines 2013-05-14 02:56:29 UTC 
Thanks for commiting a fix so fast - I just pulled the changes from spice-gtk.git and it worked great =)
Comment 5 Cole Robinson 2013-09-03 16:43:05 UTC 
Those patches are in spice-gtk 0.20 which is in rawhide these days