1128992 – Spiceport character device is not reliable caused domain shutoff

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1128992 - Spiceport character device is not reliable caused domain shutoff

Summary: Spiceport character device is not reliable caused domain shutoff

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	qemu-kvm-rhev
Sub Component:
Version:	7.0
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Gerd Hoffmann
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1326628 (view as bug list)
Depends On:
Blocks:	1281814
TreeView+	depends on / blocked

Reported:	2014-08-12 03:35 UTC by Hu Jianwei
Modified:	2019-09-12 07:57 UTC (History)
CC List:	26 users (show)
Fixed In Version:	qemu-kvm-rhev-2.3.0-20.el7
Doc Type:	Bug Fix
Doc Text:	Virtual machine guests using the spiceport character device in some cases terminated unexpectedly on any activity triggered by changed or open flags of the device. This update fixes the related precondition, which prevents the described crash from occurring.
Clone Of:
Clones:	1281814 (view as bug list)
Environment:
Last Closed:	2015-12-04 16:17:36 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Knowledge Base (Solution)	2100061	0	None	None	None	2015-12-21 04:51:42 UTC
Red Hat Product Errata	RHBA-2015:2546	0	normal	SHIPPED_LIVE	qemu-kvm-rhev bug fix and enhancement update	2015-12-04 21:11:56 UTC

Description Hu Jianwei 2014-08-12 03:35:49 UTC

Description of problem:
Domain with spiceport character device can not keep running after taking action on ttyS0 in domain OS 

Version-Release number of selected component (if applicable):
libvirt-1.2.7-1.el7.x86_64
qemu-kvm-rhev-2.1.0-1.el7.x86_64
kernel-3.10.0-138.el7.x86_64

Guest OS kernel:
kernel-3.10.0-123.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
[root@localhost libvirt-1.2.7]# virsh dumpxml r7 | grep spiceport -b4

1370:    <serial type='spiceport'>
1400-      <source channel='org.qemu.console.serial.0'/>
1452-      <target port='1'/>
1477-    </serial>
1491:    <console type='spiceport'>
1522-      <source channel='org.qemu.console.serial.0'/>
1574-      <target type='serial' port='1'/>
1613-    </console>

[root@localhost libvirt-1.2.7]# virsh start r7
Domain r7 started

In guest OS:
echo hello > /dev/ttyS0

[root@localhost libvirt-1.2.7]# tailf /var/log/libvirt/qemu/r7.log
[root@localhost ~]# tailf /var/log/libvirt/qemu/r7.log
2014-08-12 02:34:37.757+0000: shutting down
2014-08-12 02:35:00.286+0000: starting up
LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin QEMU_AUDIO_DRV=spice /usr/libexec/qemu-kvm -name r7 -S -machine pc-i440fx-rhel7.0.0,accel=kvm,usb=off -m 1024 -realtime mlock=off -smp 1,sockets=1,cores=1,threads=1 -uuid 628e1918-eb89-4ded-8c10-f81e93b8eb7c -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/r7.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown -boot strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x5 -drive file=/var/lib/libvirt/images/r7_latest.img,if=none,id=drive-ide0-0-0,format=raw,cache=none -device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -netdev tap,fd=24,id=hostnet0 -device rtl8139,netdev=hostnet0,id=net0,mac=52:54:00:06:82:2b,bus=pci.0,addr=0x3 -chardev spiceport,id=charserial0,name=org.qemu.console.serial.0 -device isa-serial,chardev=charserial0,id=serial0 -chardev spicevmc,id=charchannel0,name=vdagent -device virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel0,id=channel0,name=com.redhat.spice.0 -spice port=5900,addr=127.0.0.1,disable-ticketing,seamless-migration=on -device qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,bus=pci.0,addr=0x2 -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6 -msg timestamp=on
main_channel_link: add main channel client
main_channel_handle_parsed: net test: latency 0.194000 ms, bitrate 30567164179 bps (29151.119403 Mbps)
inputs_connect: inputs channel client create
red_dispatcher_set_cursor_peer: 
inputs_detach_tablet: 
qemu-kvm: spice-qemu-char.c:173: spice_chr_add_watch: Assertion `cond == G_IO_OUT' failed.
2014-08-12 02:46:50.279+0000: shutting down
...


[root@localhost libvirt-1.2.7]# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     r7                             shut off

Actual results:
As shown above steps, qemu-kvm shut down domain after assertion `cond == G_IO_OUT' failed.
 
Expected results:
Keep running, can not shut down the domain.

Additional info:

Comment 2 Peter Krempa 2014-08-12 07:07:41 UTC

Qemu exists after an assertion failure. Reassigning.

Comment 3 Gerd Hoffmann 2014-09-02 10:58:14 UTC

Commit e02bc6de30c44fd668dc0d6e1cd1804f2eed3ed3 broke spiceport (polls are done with G_IO_OUT|G_IO_HUP now).  Not sure how to fix this.  Marc?

Comment 4 Marc-Andre Lureau 2014-09-02 11:17:17 UTC

(In reply to Gerd Hoffmann from comment #3)
> Commit e02bc6de30c44fd668dc0d6e1cd1804f2eed3ed3 broke spiceport (polls are
> done with G_IO_OUT|G_IO_HUP now).  Not sure how to fix this.  Marc?

It looks like spice char could ignore the G_IO_HUP flag, so a simple change in the assert from = to & should bring us back to previous state.

However, if we had to implement HUP event, I suppose it would match to a client disconnection event, which is currently always followed by a call to qemu qemu_chr_be_event(CHR_EVENT_CLOSED) in vmc_state.

Comment 5 vivian zhang 2014-11-06 01:39:41 UTC

(In reply to Marc-Andre Lureau from comment #4)
> (In reply to Gerd Hoffmann from comment #3)
> > Commit e02bc6de30c44fd668dc0d6e1cd1804f2eed3ed3 broke spiceport (polls are
> > done with G_IO_OUT|G_IO_HUP now).  Not sure how to fix this.  Marc?
> 
> It looks like spice char could ignore the G_IO_HUP flag, so a simple change
> in the assert from = to & should bring us back to previous state.
> 
> However, if we had to implement HUP event, I suppose it would match to a
> client disconnection event, which is currently always followed by a call to
> qemu qemu_chr_be_event(CHR_EVENT_CLOSED) in vmc_state.

I met the same assertion qemu error after following steps, but this failure can not be produced with 100%. Please help me check qemu log to confirm whether it is the same root cause, or another new issue. thanks

Description of problem:
migration failed when connect guest with virt-viewer

Version-Release number of selected component (if applicable):
libvirt-1.2.8-6.el7.x86_64
qemu-kvm-rhev-2.1.2-6.el7.x86_64
kernel-3.10.0-195.el7.x86_64

steps:
1. Start a guest on source host which image is on local disk(without shared with target host)
# virsh list
 Id    Name                           State
----------------------------------------------------
 16    rhel6new                       running
# qemu-img info rhel6.qcow2 
image: rhel6.qcow2
file format: qcow2
virtual size: 7.8G (8388608000 bytes)
disk size: 7.6G
cluster_size: 65536
backing file: /mnt/rhel6.img
Format specific information:
    compat: 1.1
    lazy refcounts: false
2. connect guest with virt-viewer on localhost
#virt-viewer rhel6new

3. Create a empty image on target host with the same size, directory and name as in source host

# qemu-img create /var/lib/libvirt/images/rhel6.qcow2.img 7.8G

4. Do migration

# virsh migrate rhel6new --live qemu+ssh://10.66.6.205/system --verbose --copy-storage-all
root.6.205's password: 
error: Unable to read from monitor: Connection reset by peer

at the same time, virt-viewer connection closed with error
# virt-viewer rhel6new


(virt-viewer:26105): GSpice-WARNING **: Warning no automount-inhibiting implementation available

(virt-viewer:26105): GSpice-WARNING **: incomplete link header (-104/16)

(virt-viewer:26105): GSpice-WARNING **: incomplete link header (-104/16)

(virt-viewer:26105): GSpice-WARNING **: incomplete link header (0/16)

(virt-viewer:26105): GSpice-WARNING **: incomplete link header (0/16)
Segmentation fault (core dumped)

5. check qemu.log

2014-11-05 10:20:35.892+0000: 28909: debug : virLockManagerLogParams:94 :   key=uri type=cstring value=qemu:///system
2014-11-05 10:20:35.892+0000: 28909: debug : virDomainLockManagerNew:145 : Adding leases
2014-11-05 10:20:35.892+0000: 28909: debug : virDomainLockManagerNew:150 : Adding disks
2014-11-05 10:20:35.892+0000: 28909: debug : virDomainLockManagerAddImage:90 : Add disk /var/lib/libvirt/images/rhel6.qcow2
2014-11-05 10:20:35.892+0000: 28909: debug : virLockManagerAddResource:332 : lock=0x7fdcd400af00 type=0 name=/var/lib/libvirt/images/rhel6.qcow2 nparams=0 params=(nil) flags=0
2014-11-05 10:20:35.892+0000: 28909: debug : virLockManagerAcquire:350 : lock=0x7fdcd400af00 state='<null>' flags=3 action=0 fd=0x7fdd02ce8b04
2014-11-05 10:20:35.892+0000: 28909: debug : virLockManagerFree:387 : lock=0x7fdcd400af00
2014-11-05 10:20:35.892+0000: 28909: debug : virObjectUnref:259 : OBJECT_UNREF: obj=0x7fdcf416bd00
2014-11-05 10:20:35.892+0000: 28909: debug : qemuProcessHook:2961 : Hook complete ret=0
2014-11-05 10:20:35.892+0000: 28909: debug : virExec:691 : Done hook 0
2014-11-05 10:20:35.892+0000: 28909: debug : virExec:698 : Setting child security label to system_u:system_r:svirt_t:s0:c741,c966
2014-11-05 10:20:35.892+0000: 28909: debug : virExec:728 : Setting child uid:gid to 107:107 with caps 0
2014-11-05 10:20:35.892+0000: 28909: debug : virCommandHandshakeChild:431 : Notifying parent for handshake start on 25
2014-11-05 10:20:35.893+0000: 28909: debug : virCommandHandshakeChild:439 : Waiting on parent for handshake complete on 26
2014-11-05 10:20:35.904+0000: 28909: debug : virFileClose:99 : Closed fd 25
2014-11-05 10:20:35.904+0000: 28909: debug : virFileClose:99 : Closed fd 26
2014-11-05 10:20:35.904+0000: 28909: debug : virCommandHandshakeChild:459 : Handshake with parent is done
char device redirected to /dev/pts/5 (label charserial0)
main_channel_link: add main channel client
main_channel_handle_parsed: net test: latency 0.150000 ms, bitrate 24380952380 bps (23251.488094 Mbps)
inputs_connect: inputs channel client create
red_dispatcher_set_cursor_peer:
main_channel_handle_parsed: agent start
red_client_destroy: destroy client 0x7fb69f40f350 with #channels=10
red_channel_client_disconnect: rcc=0x7fb69f730030 (channel=0x7fb69f447570 type=9 id=2)
red_dispatcher_disconnect_cursor_peer:
red_channel_client_disconnect: rcc=0x7fb6842a0ed0 (channel=0x7fb68421f930 type=4 id=0)
red_channel_client_disconnect: rcc=0x7fb69f72acf0 (channel=0x7fb69f0a2710 type=3 id=0)
red_dispatcher_disconnect_display_peer:
red_channel_client_disconnect: rcc=0x7fb684243aa0 (channel=0x7fb68421f360 type=2 id=0)
red_channel_client_disconnect_dummy: rcc=0x7fb69f726ab0 (channel=0x7fb69f47e800 type=5 id=0)
snd_channel_put: SndChannel=0x7fb69f4d0ae0 freed
red_channel_client_disconnect_dummy: rcc=0x7fb69f3acfc0 (channel=0x7fb69f3bac00 type=6 id=0)
snd_channel_put: SndChannel=0x7fb69f7165e0 freed
red_channel_client_disconnect: rcc=0x7fb69f438ea0 (channel=0x7fb69f410cb0 type=9 id=0)
red_channel_client_disconnect: rcc=0x7fb69f49f170 (channel=0x7fb69f459070 type=9 id=1)
red_channel_client_disconnect: rcc=0x7fb69f49af30 (channel=0x7fb69f448380 type=9 id=3)
red_channel_client_disconnect: rcc=0x7fb69f427a30 (channel=0x7fb69f096890 type=1 id=0)
main_channel_client_on_disconnect: rcc=0x7fb69f427a30
main_channel_link: add main channel client
((null):28909): Spice-Warning **: reds.c:1711:reds_handle_main_link: unexpected: vdagent attached to destination during migration
inputs_connect: inputs channel client create
red_dispatcher_set_cursor_peer:
qemu-kvm: spice-qemu-char.c:173: spice_chr_add_watch: Assertion `cond == G_IO_OUT' failed.
2014-11-05 10:22:24.672+0000: shutting down


thanks
vivian zhang

Comment 6 vivian zhang 2015-01-04 09:03:46 UTC

hi, Marc-Andre Lureau

could you please help check the issue described in comment 5

Comment 7 Marc-Andre Lureau 2015-01-05 10:53:07 UTC

(In reply to vivian zhang from comment #6)
> hi, Marc-Andre Lureau
> 
> could you please help check the issue described in comment 5

Well, you hit the same assertion in qemu, and the client crashes at that time.

Can you provide a backtrace of the client and open a new bug for spice-gtk component with the backtrace + SPICE_DEBUG=1 log ? thanks

Comment 9 vivian zhang 2015-01-27 02:14:12 UTC

(In reply to Marc-Andre Lureau from comment #7)
> (In reply to vivian zhang from comment #6)
> > hi, Marc-Andre Lureau
> > 
> > could you please help check the issue described in comment 5
> 
> Well, you hit the same assertion in qemu, and the client crashes at that
> time.
> 
> Can you provide a backtrace of the client and open a new bug for spice-gtk
> component with the backtrace + SPICE_DEBUG=1 log ? thanks

hi, Marc-Andre Lureau
Since I could not reproduce this client crashes again, so I will postpond to open a new bug.
Later I will try to find some way which could produce it and capture the log again.
thanks for your reply

Comment 10 vivian zhang 2015-02-03 01:28:17 UTC

could not produce the comment 5 issue again, so cancel the needinfo

Comment 12 Alexandros Gkesos 2015-05-28 11:49:12 UTC

Hello,

A customer with RHE-V-H 7.1 (20150512.1.el7ev) and "Windows 7 x64 guest (With latest 3.5.9 RHEV-Tools) as well as a CentOS 6 x64 guest (With latest ovirt-guest-agent). Both using the virt-viewer supplied with RHEV 3.5.1." is having the same behaviour when he is pasting big texts (5000 lines).

qemu-kvm: spice-qemu-char.c:173: spice_chr_add_watch: Assertion `cond == G_IO_OUT' failed.

and guest shuts down.

Host:
qemu-kvm-rhev-2.1.2-23.el7_1.3.x86_64
libvirt-1.2.8-16.el7_1.2.x86_64
kernel-3.10.0-229.1.2.el7.x86_64

Is it related or shall i open a new bug?

There was no problem when i reproduced it in RHEL-H 6.6.
libvirt-0.10.2-46.el6_6.2
kernel-2.6.32 - 504.3.3.el6.x86_64

Comment 14 Marc-Andre Lureau 2015-05-28 12:58:20 UTC

Gerd, 

I think spice-qemu-char.c assert(cond == G_IO_OUT); should be changed asap to be cond & G_IO_OUT. It won't watch for HUP condition, but that's just ok so far.

Comment 16 Colin Coe 2015-07-21 04:27:13 UTC

Hi all

We're seeing this now in our environment since upgrading of UAT environment to RHEV 3.5 and using RHEL7.1 hypervisors.  Specifically, we're hitting this bug copy/pasting screen shots from the guest to the client.

Have filed Case 01479716 with Red Hat GSS.

Thanks

/var/log/libvirt/qemu/tstvec02.log (extract)
---
2015-07-21 01:36:04.306+0000: starting up
LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin QEMU_AUDIO_DRV=spice /usr/libexec/qemu-kvm -name tstvec02 -S -machine rhel6.5.0,accel=kvm,usb=off -cpu SandyBridge,hv_relaxed -m 2048 -realtime mlock=off -smp 1,maxcpus=16,s
ockets=16,cores=1,threads=1 -uuid 5d89ddc4-5482-4cf6-862b-9325fd5872c5 -smbios type=1,manufacturer=Red Hat,product=RHEV Hypervisor,version=7.1-1.el7,serial=31353337-3135-4753-4834-33334D564459,uuid=5d89ddc4-5482-4cf6-862b-9325fd5872c5 -n
o-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/tstvec02.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=2015-07-21T09:36:03,clock=vm,driftfix=slew -global kvm-pit.lost
_tick_policy=discard -no-hpet -no-shutdown -boot strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device virtio-serial-pci,id=virtio-serial0,max_ports=16,bus=pci.0,addr=0x5 -drive file=/rhev/data-center/mnt/hidden:_var_lib_nfs_ISO/02ea47c8-2d0d-4bc5-8004-b8cd261c1dab/images/11111111-1111-1111-1111-111111111111/RHEV-toolsSetup_3.5_9.iso,if=none,id=drive-ide0-1-0,readonly=on,format=raw,serial= -device ide-cd,bus=ide.1,unit=0,driv
e=drive-ide0-1-0,id=ide0-1-0 -drive file=/rhev/data-center/00000002-0002-0002-0002-000000000379/ae6d0672-ba56-44a8-96af-f67c58d0ca14/images/55d5b6a8-cb35-4cd7-ae10-12b14ad398ec/b6062a0c-1faa-4504-bca7-827f649d07c5,if=none,id=drive-virtio
-disk0,format=raw,serial=55d5b6a8-cb35-4cd7-ae10-12b14ad398ec,cache=none,werror=stop,rerror=stop,aio=threads -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x6,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 -netdev tap,fd=26,id=hos
tnet0,vhost=on,vhostfd=27 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=00:1a:4a:34:fe:11,bus=pci.0,addr=0x3 -chardev socket,id=charchannel0,path=/var/lib/libvirt/qemu/channels/5d89ddc4-5482-4cf6-862b-9325fd5872c5.com.redhat.rhevm.v
dsm,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.rhevm.vdsm -chardev socket,id=charchannel1,path=/var/lib/libvirt/qemu/channels/5d89ddc4-5482-4cf6-862b-9325fd5872c5.org.q
emu.guest_agent.0,server,nowait -device virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,id=channel1,name=org.qemu.guest_agent.0 -chardev spicevmc,id=charchannel2,name=vdagent -device virtserialport,bus=virtio-serial0.0,nr=3
,chardev=charchannel2,id=channel2,name=com.redhat.spice.0 -spice tls-port=5901,addr=172.22.104.133,x509-dir=/etc/pki/vdsm/libvirt-spice,tls-channel=main,tls-channel=display,tls-channel=inputs,tls-channel=cursor,tls-channel=playback,tls-c
hannel=record,tls-channel=smartcard,tls-channel=usbredir,seamless-migration=on -k en-us -device qxl-vga,id=video0,ram_size=67108864,vram_size=33554432,vgamem_mb=16,bus=pci.0,addr=0x2 -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device
 hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x7 -msg timestamp=on
main_channel_link: add main channel client
main_channel_handle_parsed: net test: latency 6.001000 ms, bitrate 122744980 bps (117.058735 Mbps)
inputs_connect: inputs channel client create
red_dispatcher_set_cursor_peer:
main_channel_handle_parsed: agent start
main_channel_handle_parsed: agent start
red_channel_client_disconnect: rcc=0x7f92e72de770 (channel=0x7f92e402b340 type=3 id=0)
red_channel_client_disconnect: rcc=0x7f923c263d10 (channel=0x7f923c21f360 type=2 id=0)
red_channel_client_disconnect_dummy: rcc=0x7f92e85b7070 (channel=0x7f92e417a4c0 type=6 id=0)
snd_channel_put: SndChannel=0x7f92e4209840 freed
red_channel_client_disconnect_dummy: rcc=0x7f92e7d5bd00 (channel=0x7f92e41083e0 type=5 id=0)
snd_channel_put: SndChannel=0x7f92e7f6ed70 freed
red_channel_client_disconnect: rcc=0x7f923c253950 (channel=0x7f923c21f930 type=4 id=0)
red_channel_client_disconnect: rcc=0x7f92e72e3380 (channel=0x7f92e4020100 type=1 id=0)
main_channel_client_on_disconnect: rcc=0x7f92e72e3380
red_client_destroy: destroy client 0x7f92e3feccc0 with #channels=6
red_dispatcher_disconnect_cursor_peer:
red_dispatcher_disconnect_display_peer:
main_channel_link: add main channel client
main_channel_handle_parsed: agent start
main_channel_handle_parsed: net test: latency 6.958000 ms, bitrate 125467132 bps (119.654781 Mbps)
inputs_connect: inputs channel client create
red_dispatcher_set_cursor_peer:
qemu-kvm: spice-qemu-char.c:173: spice_chr_add_watch: Assertion `cond == G_IO_OUT' failed.
2015-07-21 01:43:53.248+0000: shutting down
---

rpm -q qemu-kvm-rhev libvirt vdsm kernel
qemu-kvm-rhev-2.1.2-23.el7_1.4.x86_64
package libvirt is not installed
vdsm-4.16.20-1.el7ev.x86_64
kernel-3.10.0-229.7.2.el7.x86_64

Comment 17 Colin Coe 2015-07-21 04:36:45 UTC

Sorry, I missed the libvirt RPM info:

rpm -qa | grep libvirt
libvirt-python-1.2.8-7.el7_1.1.x86_64
libvirt-daemon-kvm-1.2.8-16.el7_1.3.x86_64
libvirt-glib-0.1.7-3.el7.x86_64
libvirt-daemon-driver-interface-1.2.8-16.el7_1.3.x86_64
libvirt-daemon-1.2.8-16.el7_1.3.x86_64
libvirt-lock-sanlock-1.2.8-16.el7_1.3.x86_64
libvirt-daemon-driver-secret-1.2.8-16.el7_1.3.x86_64
libvirt-daemon-driver-qemu-1.2.8-16.el7_1.3.x86_64
libvirt-gobject-0.1.7-3.el7.x86_64
libvirt-client-1.2.8-16.el7_1.3.x86_64
libvirt-daemon-config-nwfilter-1.2.8-16.el7_1.3.x86_64
libvirt-daemon-driver-storage-1.2.8-16.el7_1.3.x86_64
libvirt-daemon-driver-network-1.2.8-16.el7_1.3.x86_64
libvirt-gconfig-0.1.7-3.el7.x86_64
libvirt-daemon-driver-nodedev-1.2.8-16.el7_1.3.x86_64
libvirt-daemon-driver-nwfilter-1.2.8-16.el7_1.3.x86_64

Comment 21 Gerd Hoffmann 2015-08-26 11:33:58 UTC

Upstream commit f7a8beb5e6a13dc924895244777d9ef08b23b367
Backport posted, for 7.2.
If 7.1 needs a fix too set z-stream flag please.

Comment 22 Yash Mankad 2015-08-27 20:09:27 UTC

Fix included in qemu-kvm-rhev-2.3.0-20.el7

Comment 25 mazhang 2015-09-07 07:49:38 UTC

Reproduced this bug on qemu-kvm-rhev-2.1.2-16.el7.x86_64.

Host:
qemu-kvm-rhev-2.1.2-16.el7.x86_64
3.10.0-314.el7.x86_64

Guest:
RHEL7.0
3.10.0-308.el7.x86_64

Steps:
1. Boot guest:
gdb --args /usr/libexec/qemu-kvm -name r7 -S -machine pc-i440fx-rhel7.0.0,accel=kvm,usb=off -m 1024 -realtime mlock=off -smp 1,sockets=1,cores=1,threads=1 -uuid 628e1918-eb89-4ded-8c10-f81e93b8eb7c -no-user-config -nodefaults \
-chardev socket,id=charmonitor,path=/tmp/r7.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown \
-boot strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \
-device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x5 \
-netdev tap,id=hostnet0 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:06:82:2b,bus=pci.0,addr=0x3 \
-chardev spiceport,id=charserial0,name=org.qemu.console.serial.0 -device isa-serial,chardev=charserial0,id=serial0 \
-chardev spicevmc,id=charchannel0,name=vdagent -device virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel0,id=channel0,name=com.redhat.spice.0 \
-spice port=5900,disable-ticketing,seamless-migration=on \
-device qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,bus=pci.0,addr=0x2 \
-device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 \
-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6 -msg timestamp=on \
-monitor stdio \
-drive file=/home/rhel7.2-64.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,werror=stop,rerror=stop,aio=threads \
-device virtio-blk-pci,scsi=off,bus=pci.0,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=0 \

2. In guest:
echo hello > /dev/ttyS0

Result:
qemu-kvm crash.

[Thread 0x7fff6d7fa700 (LWP 13148) exited]
qemu-kvm: spice-qemu-char.c:173: spice_chr_add_watch: Assertion `cond == G_IO_OUT' failed.

Program received signal SIGABRT, Aborted.
[Switching to Thread 0x7fffe72cb700 (LWP 13073)]
0x00007ffff09b05d7 in raise () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install alsa-lib-1.0.28-2.el7.x86_64 celt051-0.5.1.3-8.el7.x86_64 cyrus-sasl-lib-2.1.26-17.el7.x86_64 cyrus-sasl-md5-2.1.26-17.el7.x86_64 cyrus-sasl-plain-2.1.26-17.el7.x86_64 dbus-libs-1.6.12-11.el7.x86_64 flac-libs-1.3.0-4.el7.x86_64 glib2-2.40.0-4.el7.x86_64 glibc-2.17-78.el7.x86_64 glusterfs-api-3.6.0.29-2.el7.x86_64 glusterfs-libs-3.6.0.29-2.el7.x86_64 gmp-6.0.0-11.el7.x86_64 gnutls-3.3.8-12.el7.x86_64 gsm-1.0.13-11.el7.x86_64 json-c-0.11-4.el7_0.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.12.2-14.el7.x86_64 libICE-1.0.8-7.el7.x86_64 libSM-1.2.1-7.el7.x86_64 libX11-1.6.0-2.1.el7.x86_64 libXau-1.0.8-2.1.el7.x86_64 libXext-1.3.2-2.1.el7.x86_64 libXi-1.7.2-2.1.el7.x86_64 libXtst-1.2.2-2.1.el7.x86_64 libaio-0.3.109-13.el7.x86_64 libasyncns-0.8-7.el7.x86_64 libattr-2.4.46-12.el7.x86_64 libcap-2.22-8.el7.x86_64 libcom_err-1.42.9-7.el7.x86_64 libcurl-7.29.0-25.el7.x86_64 libdb-5.3.21-17.el7_0.1.x86_64 libffi-3.0.13-11.el7.x86_64 libgcc-4.8.3-9.el7.x86_64 libgcrypt-1.5.3-12.el7.x86_64 libgpg-error-1.12-3.el7.x86_64 libibverbs-1.1.8-5.el7.x86_64 libidn-1.28-3.el7.x86_64 libiscsi-1.9.0-6.el7.x86_64 libjpeg-turbo-1.2.90-5.el7.x86_64 libnl3-3.2.21-8.el7.x86_64 libogg-1.3.0-7.el7.x86_64 libpng-1.5.13-5.el7.x86_64 librdmacm-1.0.19.1-1.el7.x86_64 libseccomp-2.1.1-2.el7.x86_64 libselinux-2.2.2-6.el7.x86_64 libsndfile-1.0.25-9.el7.x86_64 libssh2-1.4.3-8.el7.x86_64 libstdc++-4.8.3-9.el7.x86_64 libtasn1-3.8-2.el7.x86_64 libusbx-1.0.15-4.el7.x86_64 libuuid-2.23.2-22.el7_1.x86_64 libvorbis-1.3.3-8.el7.x86_64 libxcb-1.9-5.el7.x86_64 lzo-2.06-6.el7_0.2.x86_64 nettle-2.7.1-4.el7.x86_64 nspr-4.10.8-1.el7_1.x86_64 nss-3.19.1-3.el7_1.x86_64 nss-softokn-freebl-3.16.2.3-12.el7.x86_64 nss-util-3.19.1-3.el7.x86_64 numactl-libs-2.0.9-4.el7.x86_64 openldap-2.4.39-6.el7.x86_64 openssl-libs-1.0.1e-42.el7.x86_64 p11-kit-0.20.7-3.el7.x86_64 pcre-8.32-14.el7.x86_64 pixman-0.32.4-3.el7.x86_64 pulseaudio-libs-3.0-30.el7.x86_64 snappy-1.1.0-3.el7.x86_64 spice-server-0.12.4-9.el7.x86_64 tcp_wrappers-libs-7.6-77.el7.x86_64 trousers-0.3.11.2-3.el7.x86_64 usbredir-0.6-7.el7.x86_64 xz-libs-5.1.2-9alpha.el7.x86_64 zlib-1.2.7-15.el7.x86_64
(gdb) bt
#0  0x00007ffff09b05d7 in raise () from /lib64/libc.so.6
#1  0x00007ffff09b1cc8 in abort () from /lib64/libc.so.6
#2  0x00007ffff09a9546 in __assert_fail_base () from /lib64/libc.so.6
#3  0x00007ffff09a95f2 in __assert_fail () from /lib64/libc.so.6
#4  0x00005555556ddb73 in spice_chr_add_watch (chr=<optimized out>, cond=<optimized out>) at spice-qemu-char.c:173
#5  0x00005555556da4a5 in qemu_chr_fe_add_watch (s=0x3303, cond=(G_IO_IN | G_IO_HUP | unknown: 13056), cond@entry=(G_IO_OUT | G_IO_HUP), func=0x55555573c490 <serial_xmit>, 
    user_data=0x5555563a9968) at qemu-char.c:3671
#6  0x000055555573c568 in serial_xmit (chan=chan@entry=0x0, cond=cond@entry=G_IO_OUT, opaque=opaque@entry=0x5555563a9968) at hw/char/serial.c:250
#7  0x000055555573c81b in serial_ioport_write (opaque=0x5555563a9968, addr=<optimized out>, val=<optimized out>, size=<optimized out>) at hw/char/serial.c:302
#8  0x0000555555611f6a in access_with_adjusted_size (addr=addr@entry=0, value=value@entry=0x7fffe72caaf0, size=size@entry=1, access_size_min=<optimized out>, 
    access_size_max=<optimized out>, access=0x5555556120e0 <memory_region_write_accessor>, mr=0x5555563a9a10) at /usr/src/debug/qemu-2.1.2/memory.c:481
#9  0x0000555555616b37 in memory_region_dispatch_write (size=1, data=115, addr=0, mr=0x5555563a9a10) at /usr/src/debug/qemu-2.1.2/memory.c:1143
#10 io_mem_write (mr=mr@entry=0x5555563a9a10, addr=0, val=<optimized out>, size=1) at /usr/src/debug/qemu-2.1.2/memory.c:1976
#11 0x00005555555e1e73 in address_space_rw (as=0x555555c70580 <address_space_io>, addr=addr@entry=1016, buf=0x7ffff7fec000 "s", len=len@entry=1, is_write=is_write@entry=true)
    at /usr/src/debug/qemu-2.1.2/exec.c:2092
#12 0x00005555556113f0 in kvm_handle_io (count=1, size=1, direction=<optimized out>, data=<optimized out>, port=1016) at /usr/src/debug/qemu-2.1.2/kvm-all.c:1600
#13 kvm_cpu_exec (cpu=cpu@entry=0x5555562e3d20) at /usr/src/debug/qemu-2.1.2/kvm-all.c:1742
#14 0x0000555555600532 in qemu_kvm_cpu_thread_fn (arg=0x5555562e3d20) at /usr/src/debug/qemu-2.1.2/cpus.c:883
#15 0x00007ffff6bc7df5 in start_thread () from /lib64/libpthread.so.0
#16 0x00007ffff0a711ad in clone () from /lib64/libc.so.6


Verified this bug on qemu-kvm-rhev-2.3.0-22.el7.x86_64.

Steps is the same as above, qemu-kvm and guest works well.

So this bug has been fixed.

Comment 33 errata-xmlrpc 2015-12-04 16:17:36 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2546.html

Comment 34 David Kutálek 2016-04-19 08:29:15 UTC

*** Bug 1326628 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.

agkesos
colin.coe
dkutalek
dyuan
hhuang
honzhang
huding
jherrman
juzhang
kraxel
marcandre.lureau
mazhang
michen
mrezanin
mzhan
nashok
obockows
pkrempa
pzhukov
rbalakri
sapandit
shyu
tdosek
tzheng
virt-maint
xfu