Bug 1570046 - Rawhide QEMU VM crashes in a SPICE server assertion
Summary: Rawhide QEMU VM crashes in a SPICE server assertion
Keywords:
Status: CLOSED DUPLICATE of bug 1565354
Alias: None
Product: Fedora
Classification: Fedora
Component: spice
Version: 27
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Christophe Fergeau
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-20 13:54 UTC by Gwyn Ciesla
Modified: 2018-04-20 14:46 UTC (History)
16 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-04-20 14:46:50 UTC
Type: Bug


Attachments (Terms of Use)

Description Gwyn Ciesla 2018-04-20 13:54:29 UTC
I have a rawhive VM running on an f27 machine. Recently it's begun crashing. I've verified the host and guest filesystems, and after startup, sometimes during boot, other times it takes a few hours, it crashes. I've tried all available guest kernels and my f27 system is up to date.  Here's the relevant entry in /var/log/libvirt/qemu/fedora64.log:

2018-04-20 13:45:11.823+0000: starting up libvirt version: 3.7.0, package: 4.fc27 (Fedora Project, 2018-02-13-19:29:35, buildvm-27.phx2.fedoraproject.org), qemu version: 2.10.1(qemu-2.10.1-3.fc27), hostname: bamboo.local
LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin QEMU_AUDIO_DRV=spice /usr/bin/qemu-kvm -name guest=fedora64,debug-threads=on -S -object secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-4-fedora64/master-key.aes -machine pc-i440fx-2.10,accel=kvm,usb=off,vmport=off,dump-guest-core=off -cpu Westmere -m 8192 -realtime mlock=off -smp 2,sockets=2,cores=1,threads=1 -uuid af4e4c1c-0655-4b0d-b5e7-4e580bae56d2 -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-4-fedora64/monitor.sock,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=delay -no-hpet -no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x5.0x7 -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x5 -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x5.0x1 -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x5.0x2 -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x6 -drive file=/var/lib/libvirt/images/fedora64.qcow2,format=qcow2,if=none,id=drive-ide0-0-0 -device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -drive if=none,id=drive-ide0-0-1,readonly=on -device ide-cd,bus=ide.0,unit=1,drive=drive-ide0-0-1,id=ide0-0-1 -netdev tap,fd=25,id=hostnet0 -device rtl8139,netdev=hostnet0,id=net0,mac=52:54:00:cb:e6:8b,bus=pci.0,addr=0x3 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -chardev spicevmc,id=charchannel0,name=vdagent -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0 -spice port=5900,addr=127.0.0.1,disable-ticketing,seamless-migration=on -device qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vram64_size_mb=0,vgamem_mb=16,max_outputs=1,bus=pci.0,addr=0x2 -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -chardev spicevmc,id=charredir0,name=usbredir -device usb-redir,chardev=charredir0,id=redir0,bus=usb.0,port=1 -chardev spicevmc,id=charredir1,name=usbredir -device usb-redir,chardev=charredir1,id=redir1,bus=usb.0,port=2 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x7 -msg timestamp=on
2018-04-20 13:45:11.847+0000: 22890: info : libvirt version: 3.7.0, package: 4.fc27 (Fedora Project, 2018-02-13-19:29:35, buildvm-27.phx2.fedoraproject.org)
2018-04-20 13:45:11.847+0000: 22890: info : hostname: bamboo
2018-04-20 13:45:11.847+0000: 22890: info : virObjectUnref:350 : OBJECT_UNREF: obj=0x7f44dc154710
2018-04-20T13:45:12.060576Z qemu-system-x86_64: -chardev pty,id=charserial0: char device redirected to /dev/pts/1 (label charserial0)

(process:22890): Spice-WARNING **: display-channel.c:2426:display_channel_validate_surface: invalid surface_id 67108864
id 0, group 0, virt start 0, virt end ffffffffffffffff, generation 0, delta 0
id 1, group 1, virt start 7fcbafc00000, virt end 7fcbb3bfe000, generation 0, delta 7fcbafc00000
id 2, group 1, virt start 7fcbaba00000, virt end 7fcbafa00000, generation 0, delta 7fcbaba00000

(process:22890): Spice-WARNING **: memslot.c:68:memslot_validate_virt: virtual address out of range
    virt=0x0+0x18 slot_id=0 group_id=1
    slot=0x0-0x0 delta=0x0

(process:22890): Spice-WARNING **: display-channel.c:2426:display_channel_validate_surface: invalid surface_id 524288
id 0, group 0, virt start 0, virt end ffffffffffffffff, generation 0, delta 0
id 1, group 1, virt start 7fcbafc00000, virt end 7fcbb3bfe000, generation 0, delta 7fcbafc00000
id 2, group 1, virt start 7fcbaba00000, virt end 7fcbafa00000, generation 0, delta 7fcbaba00000

(process:22890): Spice-WARNING **: memslot.c:68:memslot_validate_virt: virtual address out of range
    virt=0x0+0x18 slot_id=0 group_id=1
    slot=0x0-0x0 delta=0x0

(process:22890): Spice-WARNING **: display-channel.c:2426:display_channel_validate_surface: invalid surface_id 3145728
id 0, group 0, virt start 0, virt end ffffffffffffffff, generation 0, delta 0
id 1, group 1, virt start 7fcbafc00000, virt end 7fcbb3bfe000, generation 0, delta 7fcbafc00000
id 2, group 1, virt start 7fcbaba00000, virt end 7fcbafa00000, generation 0, delta 7fcbaba00000

(process:22890): Spice-CRITICAL **: memslot.c:111:memslot_get_virt: slot_id 46 too big, addr=2e3436002e343600
Thread 6 (Thread 0x7fcdc15ff700 (LWP 22922)):
#0  0x00007fcdd2bebd68 in read () at /lib64/libpthread.so.0
#1  0x00007fcdd4384939 in spice_backtrace_gstack () at /lib64/libspice-server.so.1
#2  0x00007fcdd438c004 in spice_log () at /lib64/libspice-server.so.1
#3  0x00007fcdd43516e8 in memslot_get_virt () at /lib64/libspice-server.so.1
#4  0x00007fcdd435a489 in red_get_clip_rects () at /lib64/libspice-server.so.1
#5  0x00007fcdd435bc1f in red_get_drawable () at /lib64/libspice-server.so.1
#6  0x00007fcdd436e70d in red_process_display () at /lib64/libspice-server.so.1
#7  0x00007fcdd436e94b in worker_source_dispatch () at /lib64/libspice-server.so.1
#8  0x00007fcdd69d0b77 in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#9  0x00007fcdd69d0f20 in g_main_context_iterate.isra () at /lib64/libglib-2.0.so.0
#10 0x00007fcdd69d1232 in g_main_loop_run () at /lib64/libglib-2.0.so.0
#11 0x00007fcdd436de7a in red_worker_main () at /lib64/libspice-server.so.1
#12 0x00007fcdd2be250b in start_thread () at /lib64/libpthread.so.0
#13 0x00007fcdd291a16f in clone () at /lib64/libc.so.6
Thread 5 (Thread 0x7fcdc25a8700 (LWP 22912)):
#0  0x00007fcdd29110f7 in ioctl () at /lib64/libc.so.6
#1  0x000055b06afef9a5 in kvm_vcpu_ioctl ()
#2  0x000055b06afefa58 in kvm_cpu_exec ()
#3  0x000055b06afcf6d4 in qemu_kvm_cpu_thread_fn ()
#4  0x00007fcdd2be250b in start_thread () at /lib64/libpthread.so.0
#5  0x00007fcdd291a16f in clone () at /lib64/libc.so.6
Thread 4 (Thread 0x7fcdc2da9700 (LWP 22911)):
#0  0x00007fcdd29110f7 in ioctl () at /lib64/libc.so.6
#1  0x000055b06afef9a5 in kvm_vcpu_ioctl ()
#2  0x000055b06afefa58 in kvm_cpu_exec ()
#3  0x000055b06afcf6d4 in qemu_kvm_cpu_thread_fn ()
#4  0x00007fcdd2be250b in start_thread () at /lib64/libpthread.so.0
#5  0x00007fcdd291a16f in clone () at /lib64/libc.so.6
Thread 3 (Thread 0x7fcdc3cb2700 (LWP 22910)):
#0  0x00007fcdd2beb2f0 in do_futex_wait () at /lib64/libpthread.so.0
#1  0x00007fcdd2beb403 in __new_sem_wait_slow () at /lib64/libpthread.so.0
#2  0x000055b06b32653f in qemu_sem_timedwait ()
#3  0x000055b06b321f7c in worker_thread ()
#4  0x00007fcdd2be250b in start_thread () at /lib64/libpthread.so.0
#5  0x00007fcdd291a16f in clone () at /lib64/libc.so.6
Thread 2 (Thread 0x7fcdc5ac1700 (LWP 22906)):
#0  0x00007fcdd2914b99 in syscall () at /lib64/libc.so.6
#1  0x000055b06b32677b in qemu_event_wait ()
#2  0x000055b06b33697e in call_rcu_thread ()
#3  0x00007fcdd2be250b in start_thread () at /lib64/libpthread.so.0
#4  0x00007fcdd291a16f in clone () at /lib64/libc.so.6
Thread 1 (Thread 0x7fcddbf61cc0 (LWP 22890)):
#0  0x00007fcdd290fd66 in ppoll () at /lib64/libc.so.6
#1  0x000055b06b322879 in qemu_poll_ns ()
#2  0x000055b06b3235c3 in main_loop_wait ()
#3  0x000055b06af938cf in main ()
2018-04-20 13:46:06.796+0000: shutting down, reason=crashed

Comment 1 Christophe Fergeau 2018-04-20 14:46:50 UTC

*** This bug has been marked as a duplicate of bug 1565354 ***


Note You need to log in before you can comment on or make changes to this bug.