Bug 964305

Summary: fedora 19 kernels make spice-server crash with "red_create_surface: Untested path stride >= 0" during VM boot
Product: Red Hat Enterprise Linux 6 Reporter: David Jaša <djasa>
Component: spice-serverAssignee: Uri Lublin <uril>
Status: CLOSED DUPLICATE QA Contact: Desktop QE <desktop-qa-list>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.4CC: acathrow, cfergeau, dblechte, dyasny, mkenneth
Target Milestone: beta   
Target Release: 6.5   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-05-17 19:57:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
(gdb) t a a bt full
none
full qemu output none

Description David Jaša 2013-05-17 19:23:28 UTC
Created attachment 749455 [details]
(gdb) t a a bt full

Description of problem:
recent fedora 19 kernels make spice-server crash with "red_create_surface: Untested path stride >= 0" during VM boot.

Version-Release number of selected component (if applicable):
spice-server-0.12.0-12.el6.x86_64
qemu-kvm-0.12.1.2-2.355.el6_4.2.x86_64
  * -M rhel-6.4.0
  * -vga qxl -global qxl-vga.ram_size=67108864 -global qxl-vga.vram_size=536870912
    (generated by libvirt)
Kernel + initrd from Fedora 19 Alpha (occurs also with 2013-05-17 build - latest as of reporting time)

How reproducible:
boot up recent Fedora 19 kernel in spice-server

Steps to Reproduce:
1. set up kernel and initrd to F19 Alpha ones
2. boot the VM
3.
  
Actual results:
qemu-kvm aborts shortly afterwards with these messages in the log:
((null):15751): SpiceWorker-Debug **: red_worker.c:11049:dev_destroy_primary_surface: 
((null):15751): Spice-Debug **: red_dispatcher.c:358:async_command_alloc: 0x7f5124000c20
((null):15751): SpiceWorker-Debug **: red_worker.c:11002:dev_create_primary_surface: 
((null):15751): SpiceWorker-CRITICAL **: red_worker.c:9306:red_create_surface: Untested path stride >= 0

Expected results:
spice-server handles the situation correctly

Additional info:
spice-server thread backtrace:
#0  0x00007f5b1ef038a5 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007f5b1ef05085 in abort () at abort.c:92
#2  0x00007f5b1f79cb12 in spice_logv (log_domain=0x7f5b1f88dc29 "SpiceWorker", log_level=SPICE_LOG_LEVEL_CRITICAL, strloc=0x7f5b1f88fea3 "red_worker.c:9306", function=
    0x7f5b1f891310 "red_create_surface", format=0x7f5b1f88fe89 "Untested path stride >= 0", args=0x7f5b14b0f930) at log.c:109
#3  0x00007f5b1f79cc24 in spice_log (log_domain=0x7f5b1f88dc29 "SpiceWorker", log_level=SPICE_LOG_LEVEL_CRITICAL, strloc=0x7f5b1f88fea3 "red_worker.c:9306", function=
    0x7f5b1f891310 "red_create_surface", format=0x7f5b1f88fe89 "Untested path stride >= 0") at log.c:123
#4  0x00007f5b1f7574c1 in red_create_surface (worker=0x7f5a9c0008c0, surface_id=0, width=1024, height=768, stride=4096, format=32, line_0=0x7f5aa3a00000, data_is_valid=1, send_client=1)
    at red_worker.c:9306
#5  0x00007f5b1f75e8dc in dev_create_primary_surface (worker=0x7f5a9c0008c0, surface_id=0, surface=...) at red_worker.c:11018
#6  0x00007f5b1f75fb47 in handle_dev_create_primary_surface_async (opaque=0x7f5a9c0008c0, payload=0x7f5a9c1d80a0) at red_worker.c:11252
#7  0x00007f5b1f727c30 in dispatcher_handle_single_read (dispatcher=0x7f5b23bccbb8) at dispatcher.c:139
#8  0x00007f5b1f727ddc in dispatcher_handle_recv_read (dispatcher=0x7f5b23bccbb8) at dispatcher.c:162
#9  0x00007f5b1f761603 in handle_dev_input (fd=21, event=1, opaque=0x7f5a9c0008c0) at red_worker.c:11710
#10 0x00007f5b1f761fec in red_worker_main (arg=0x7fff6b6c94f0) at red_worker.c:11842
#11 0x00007f5b20ff5851 in start_thread (arg=0x7f5b14b10700) at pthread_create.c:301
#12 0x00007f5b1efb990d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Comment 1 David Jaša 2013-05-17 19:41:48 UTC
Created attachment 749456 [details]
full qemu output

Comment 3 Christophe Fergeau 2013-05-17 19:57:38 UTC

*** This bug has been marked as a duplicate of bug 952666 ***