Hey everyone,

This has been a long-lived bug and I cannot seem to find an answer online, or in any documentation.

This is the situation: My current workstation is at F38 (and is/was up-to-date as of Sep 15 before the process described below).  I am running F38 as a host OS, and have a F38 guest.  The problem described below is with the _guest_.

I reboot the system once every few weeks to get the latest kernel-related security updates from F38.  When this happens, I see

 [  485.420234] spice-vdagent[3334]: segfault at 81 ip 0000556f5e41c536 sp 00007ffff177ba10 error 4 in spice-vdagent[556f5e413000+e000] likely on CPU 60 (core 0, socket 3)

in the boot log.  

Reproducible: Always

Steps to Reproduce:
1. Boot VM with F38
Actual Results:  
When I check the status of spice-vdagent,

[10:13 AM root@prarit ~]# systemctl status spice-vdagentd
● spice-vdagentd.service - Agent daemon for Spice guests
     Loaded: loaded (/usr/lib/systemd/system/spice-vdagentd.service; enabled; preset: enabled)
    Drop-In: /usr/lib/systemd/system/service.d
             └─10-timeout-abort.conf
     Active: active (running) since Fri 2023-09-15 08:31:52 EDT; 3 days ago
TriggeredBy: ● spice-vdagentd.socket
   Main PID: 3407 (spice-vdagentd)
      Tasks: 3 (limit: 180973)
     Memory: 796.0K
        CPU: 5.628s
     CGroup: /system.slice/spice-vdagentd.service
             └─3407 /usr/sbin/spice-vdagentd

Sep 18 10:05:01 prarit.bos.redhat.com spice-vdagentd[3407]: Error getting active session: No data available
Sep 18 10:05:01 prarit.bos.redhat.com spice-vdagentd[3407]: Error getting active session: No data available
Sep 18 10:05:01 prarit.bos.redhat.com spice-vdagentd[3407]: Error getting active session: No data available
Sep 18 10:05:01 prarit.bos.redhat.com spice-vdagentd[3407]: Error getting active session: No data available
Sep 18 10:05:01 prarit.bos.redhat.com spice-vdagentd[3407]: Error getting active session: No data available
Sep 18 10:05:01 prarit.bos.redhat.com spice-vdagentd[3407]: Error getting active session: No data available
Sep 18 10:13:28 prarit.bos.redhat.com spice-vdagentd[3407]: Error getting active session: No data available
Sep 18 10:13:28 prarit.bos.redhat.com spice-vdagentd[3407]: Error getting active session: No data available
Sep 18 10:13:28 prarit.bos.redhat.com spice-vdagentd[3407]: Error getting active session: No data available
Sep 18 10:13:28 prarit.bos.redhat.com spice-vdagentd[3407]: Error getting active session: No data available
[10:13 AM root@prarit ~]# 

Furthermore, I see selinux errors related to spcie-vdagent in the boot log:

Sep 15 08:35:00 prarit.bos.redhat.com spice-vdagent[3334]: display: failed to call GetCurrentState from mutter over DBUS
Sep 15 08:35:00 prarit.bos.redhat.com spice-vdagent[3334]:    error message: Cannot invoke method; proxy is for the well-known name org.gnome.Mutter.DisplayConfig without an owner, and proxy was constructed with the G_DBUS_PROXY_FLAGS_DO_NOT_AUTO_START flag
Sep 15 08:35:00 prarit.bos.redhat.com spice-vdagent[3334]: No guest output map, using output index as display id
Sep 15 08:35:00 prarit.bos.redhat.com audit[3407]: AVC avc:  denied  { search } for  pid=3407 comm="spice-vdagentd" name="3334" dev="proc" ino=40010 scontext=system_u:system_r:vdagent_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=dir permissive=0
Sep 15 08:35:00 prarit.bos.redhat.com audit[3407]: AVC avc:  denied  { search } for  pid=3407 comm="spice-vdagentd" name="3334" dev="proc" ino=40010 scontext=system_u:system_r:vdagent_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=dir permissive=0
Sep 15 08:35:00 prarit.bos.redhat.com audit[3407]: AVC avc:  denied  { search } for  pid=3407 comm="spice-vdagentd" name="3334" dev="proc" ino=40010 scontext=system_u:system_r:vdagent_t:s0 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=dir permissive=0
Sep 15 08:35:00 prarit.bos.redhat.com spice-vdagentd[3407]: Error getting owner UID for pid 3334: Permission denied
Sep 15 08:35:00 prarit.bos.redhat.com spice-vdagentd[3407]: UID mismatch: UID=1000 PID=3334 suid=4294967295
Sep 15 08:35:00 prarit.bos.redhat.com setroubleshoot[4750]: SELinux is preventing spice-vdagentd from search access on the directory 3334. For complete SELinux messages run: sealert -l 4264c074-64c3-4f04-af07-87486f0d34ed
Sep 15 08:35:00 prarit.bos.redhat.com setroubleshoot[4750]: SELinux is preventing spice-vdagentd from search access on the directory 3334.
                                                            
                                                            *****  Plugin catchall (100. confidence) suggests   **************************
                                                            
                                                            If you believe that spice-vdagentd should be allowed search access on the 3334 directory by default.
                                                            Then you should report this as a bug.
                                                            You can generate a local policy module to allow this access.
                                                            Do
                                                            allow this access for now by executing:
                                                            # ausearch -c 'spice-vdagentd' --raw | audit2allow -M my-spicevdagentd
                                                            # semodule -X 300 -i my-spicevdagentd.pp
                                                            
Sep 15 08:35:00 prarit.bos.redhat.com spice-vdagent[3334]: display: failed to call GetCurrentState from mutter over DBUS

The suggestion in the error log does work, however, it seems to only affect the current boot and not subsequent reboots.

As a result of this error I cannot connect spice console AFAICT, and the boot takes a longer time.



Expected Results:  
spice-vdagent should start without errors

This is 100% reproducible on F38.