Bug 620843 - gtkvnc: Reproducible segfault in vnc_connection_close via virt-manager
Summary: gtkvnc: Reproducible segfault in vnc_connection_close via virt-manager
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: gtk-vnc
Version: rawhide
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Berrangé
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:d2886f6a424a52ce2fdb4c9eb14...
: 614282 621617 622186 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-08-03 15:55 UTC by Tom London
Modified: 2010-08-24 01:32 UTC (History)
8 users (show)

Fixed In Version: gtk-vnc-0.4.1-5.fc14
Clone Of:
Environment:
Last Closed: 2010-08-24 01:32:55 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
File: backtrace (156.57 KB, text/plain)
2010-08-03 15:55 UTC, Tom London 		no flags Details
Output of gdb showing "thread apply all bt full" after installing all debuginfo packages (159.83 KB, text/plain)
2010-08-03 16:07 UTC, Tom London 		no flags Details
View All

Description Tom London 2010-08-03 15:55:39 UTC 
abrt version: 1.1.10
architecture: x86_64
Attached file: backtrace
cmdline: python /usr/share/virt-manager/virt-manager.py
component: virt-manager
crash_function: _int_malloc
executable: /usr/bin/python
kernel: 2.6.35-0.57.rc6.git5.fc15.x86_64
package: virt-manager-0.8.4-3.fc15
rating: 4
reason: Process /usr/bin/python was killed by signal 11 (SIGSEGV)
release: Fedora release 15 (Rawhide)
time: 1280850715
uid: 500

How to reproduce
-----
1. Running virt-manager; closed console window, attempted to open it again
2. Got window with "connecting to ....." message
3.
Comment 1 Tom London 2010-08-03 15:55:42 UTC 
Created attachment 436305 [details]
File: backtrace
Comment 2 Tom London 2010-08-03 16:07:11 UTC 
Created attachment 436312 [details]
Output of gdb showing "thread apply all bt full" after installing all debuginfo packages

I installed all the debuginfo packages and manually ran gdb.

Output attached.
Comment 3 Tom London 2010-08-03 16:10:53 UTC 
I appear to be able to reproduce a crash by right clicking on the VM in the manager window and selecting "shutdown" ....

Core was generated by `python /usr/share/virt-manager/virt-manager.py'.
Program terminated with signal 6, Aborted.
#0  0x0000003626a33ee5 in raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64	  return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
(gdb) bt 
#0  0x0000003626a33ee5 in raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x0000003626a35896 in abort () at abort.c:92
#2  0x0000003626a710cb in __libc_message (do_abort=2, 
    fmt=0x3626b52d50 "*** glibc detected *** %s: %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:186
#3  0x0000003626a789a0 in malloc_printerr (av=<value optimized out>, 
    p=0x295c4a0, have_lock=0) at malloc.c:6283
#4  _int_free (av=<value optimized out>, p=0x295c4a0, have_lock=0)
    at malloc.c:4795
#5  0x00000033bc8101db in vnc_connection_close (conn=0x28ae9d0)
    at vncconnection.c:4194
#6  0x00000033bc814d5a in vnc_connection_coroutine (
    opaque=<value optimized out>) at vncconnection.c:4535
#7  0x00000033bc816e8b in coroutine_trampoline (cc=0x28aea20)
    at coroutine_ucontext.c:52
#8  0x0000003626a450c0 in ?? () from /lib64/libc-2.12.90.so
#9  0x00000000028aede8 in ?? ()
#10 0x0000000000000000 in ?? ()
(gdb)
Comment 4 Tom London 2010-08-03 16:20:32 UTC 
OK.  Here is a reproducible scenario:

1. Start virt-manager
2. Start a VM (in my case, a FC13 VM)
3. When VM displays gdm-greeter screen, select "Run->Shutdown" from virt-manager window.
4. Notice the "Do you really want to shutdown" popup in gdm
5. Click on the "close window" button in the right of the VM title bar
6. Both VM and virt-manager crashes with crash similar to above:

Core was generated by `python /usr/share/virt-manager/virt-manager.py'.
Program terminated with signal 6, Aborted.
#0  0x0000003626a33ee5 in raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64	  return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
(gdb) bt
#0  0x0000003626a33ee5 in raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x0000003626a35896 in abort () at abort.c:92
#2  0x0000003626a710cb in __libc_message (do_abort=2, 
    fmt=0x3626b52d50 "*** glibc detected *** %s: %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:186
#3  0x0000003626a789a0 in malloc_printerr (av=<value optimized out>, 
    p=0x365b210, have_lock=0) at malloc.c:6283
#4  _int_free (av=<value optimized out>, p=0x365b210, have_lock=0)
    at malloc.c:4795
#5  0x00000033bc8101db in vnc_connection_close (conn=0x35b90e0)
    at vncconnection.c:4194
#6  0x00000033bc814d5a in vnc_connection_coroutine (
    opaque=<value optimized out>) at vncconnection.c:4535
#7  0x00000033bc816e8b in coroutine_trampoline (cc=0x35b9130)
    at coroutine_ucontext.c:52
#8  0x0000003626a450c0 in ?? () from /lib64/libc-2.12.90.so
#9  0x00000000035b94f8 in ?? ()
#10 0x0000000000000000 in ?? ()
(gdb)
Comment 5 Cole Robinson 2010-08-03 16:37:27 UTC 
Seems like a gtkvnc issue, reassigning.
Comment 6 Tom London 2010-08-03 17:07:23 UTC 
The error message malloc_printerr wants to print:

(gdb) print str
$3 = 0x3626b4ff46 "free(): invalid pointer"
Comment 7 Tom London 2010-08-03 17:27:31 UTC 
For completeness, here is the version of gtk-vnc:

[root@tlondon ~]# rpm -qa gtk-vnc\*
gtk-vnc-0.4.1-3.fc14.x86_64
gtk-vnc-python-0.4.1-3.fc14.x86_64
gtk-vnc-debuginfo-0.4.1-3.fc14.x86_64
[root@tlondon ~]#
Comment 8 Daniel Berrangé 2010-08-05 14:36:25 UTC 
This should be fixed in gtk-vnc-0.4.1-4.fc14
Comment 9 Tom London 2010-08-05 15:44:22 UTC 
Well, better, but still crashes :-(

The immediate scenario above no longer crashes, but it crashes immediately if I "open" the console to this VM afterwards.

Not sure this is exactly the same issue....

See this in /var/log/messages:
Aug  5 08:00:55 tlondon libvirtd: 08:00:55.286: error : virCgroupRemoveRecursively:655 : Unable to remove /cgroup/cpu/libvirt/qemu/Kiosk/ (16)



Core was generated by `python /usr/share/virt-manager/virt-manager.py'.
Program terminated with signal 6, Aborted.
#0  0x0000003626a33ee5 in raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64	  return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
Missing separate debuginfos, use: debuginfo-install gtk-vnc-python-0.4.1-3.fc14.x86_64 gvnc-0.4.1-3.fc14.x86_64 nspr-4.8.6-1.fc14.x86_64
(gdb) set pagination off
(gdb) where
#0  0x0000003626a33ee5 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x0000003626a35896 in abort () at abort.c:92
#2  0x0000003626a2c6f5 in __assert_fail (assertion=0x7fce73c7c0e8 "(((PyObject*)(mp))->ob_type) == &PyDict_Type", file=<value optimized out>, line=261, function=<value optimized out>) at assert.c:81
#3  0x00007fce73bc50af in PyDict_New () at /usr/src/debug/Python-2.7/Objects/dictobject.c:261
#4  0x00007fce73bcb6c6 in PyObject_GenericSetAttr (obj=<value optimized out>, name=0x17f50a0, value=0x7fce73ec98f0) at /usr/src/debug/Python-2.7/Objects/object.c:1501
#5  0x00007fce73bcaedf in PyObject_SetAttr (v=0x289bd90, name=0x17f50a0, value=0x7fce73ec98f0) at /usr/src/debug/Python-2.7/Objects/object.c:1245
#6  0x00007fce73c26da9 in PyEval_EvalFrameEx (f=<value optimized out>, throwflag=<value optimized out>) at /usr/src/debug/Python-2.7/Python/ceval.c:2059
#7  0x00007fce73c2c04d in PyEval_EvalCodeEx (co=0x17f1630, globals=<value optimized out>, locals=<value optimized out>, args=<value optimized out>, argcount=2, kws=0x0, kwcount=0, defs=0x1835268, defcount=1, closure=0x0) at /usr/src/debug/Python-2.7/Python/ceval.c:3311
#8  0x00007fce73bb2c62 in function_call (func=0x184baa0, arg=0x2609128, kw=0x0) at /usr/src/debug/Python-2.7/Objects/funcobject.c:526
#9  0x00007fce73b89fc3 in PyObject_Call (func=0x184baa0, arg=<value optimized out>, kw=<value optimized out>) at /usr/src/debug/Python-2.7/Objects/abstract.c:2522
#10 0x00007fce73b9b65f in instancemethod_call (func=0x184baa0, arg=0x2609128, kw=0x0) at /usr/src/debug/Python-2.7/Objects/classobject.c:2578
#11 0x00007fce73b89fc3 in PyObject_Call (func=0x28afa50, arg=<value optimized out>, kw=<value optimized out>) at /usr/src/debug/Python-2.7/Objects/abstract.c:2522
#12 0x00007fce73c29783 in do_call (f=<value optimized out>, throwflag=<value optimized out>) at /usr/src/debug/Python-2.7/Python/ceval.c:4289
#13 call_function (f=<value optimized out>, throwflag=<value optimized out>) at /usr/src/debug/Python-2.7/Python/ceval.c:4094
#14 PyEval_EvalFrameEx (f=<value optimized out>, throwflag=<value optimized out>) at /usr/src/debug/Python-2.7/Python/ceval.c:2721
#15 0x00007fce73c2c04d in PyEval_EvalCodeEx (co=0x17f1e30, globals=<value optimized out>, locals=<value optimized out>, args=<value optimized out>, argcount=2, kws=0x7fce73afc068, kwcount=0, defs=0x18486e0, defcount=2, closure=0x0) at /usr/src/debug/Python-2.7/Python/ceval.c:3311
#16 0x00007fce73bb2d6b in function_call (func=0x184c1b8, arg=0x2609098, kw=0x2a69830) at /usr/src/debug/Python-2.7/Objects/funcobject.c:526
#17 0x00007fce73b89fc3 in PyObject_Call (func=0x184c1b8, arg=<value optimized out>, kw=<value optimized out>) at /usr/src/debug/Python-2.7/Objects/abstract.c:2522
#18 0x00007fce73b9b65f in instancemethod_call (func=0x184c1b8, arg=0x2609098, kw=0x2a69830) at /usr/src/debug/Python-2.7/Objects/classobject.c:2578
#19 0x00007fce73b89fc3 in PyObject_Call (func=0x28aff00, arg=<value optimized out>, kw=<value optimized out>) at /usr/src/debug/Python-2.7/Objects/abstract.c:2522
#20 0x00007fce73be5ade in slot_tp_init (self=<value optimized out>, args=0x28a7810, kwds=0x2a69830) at /usr/src/debug/Python-2.7/Objects/typeobject.c:5648
#21 0x00007fce73be56b8 in type_call (type=<value optimized out>, args=0x28a7810, kwds=0x2a69830) at /usr/src/debug/Python-2.7/Objects/typeobject.c:725
#22 0x00007fce73b89fc3 in PyObject_Call (func=0x1881ec0, arg=<value optimized out>, kw=<value optimized out>) at /usr/src/debug/Python-2.7/Objects/abstract.c:2522
#23 0x00007fce73c28f99 in ext_do_call (f=<value optimized out>, throwflag=<value optimized out>) at /usr/src/debug/Python-2.7/Python/ceval.c:4384
#24 PyEval_EvalFrameEx (f=<value optimized out>, throwflag=<value optimized out>) at /usr/src/debug/Python-2.7/Python/ceval.c:2760
#25 0x00007fce73c2c04d in PyEval_EvalCodeEx (co=0x17f1db0, globals=<value optimized out>, locals=<value optimized out>, args=<value optimized out>, argcount=1, kws=0x1886b78, kwcount=0, defs=0x0, defcount=0, closure=0x0) at /usr/src/debug/Python-2.7/Python/ceval.c:3311
#26 0x00007fce73c2a63a in fast_function (f=<value optimized out>, throwflag=<value optimized out>) at /usr/src/debug/Python-2.7/Python/ceval.c:4167
#27 call_function (f=<value optimized out>, throwflag=<value optimized out>) at /usr/src/debug/Python-2.7/Python/ceval.c:4092
#28 PyEval_EvalFrameEx (f=<value optimized out>, throwflag=<value optimized out>) at /usr/src/debug/Python-2.7/Python/ceval.c:2721
#29 0x00007fce73c2c04d in PyEval_EvalCodeEx (co=0x17f8a30, globals=<value optimized out>, locals=<value optimized out>, args=<value optimized out>, argcount=1, kws=0x7fce73afc068, kwcount=0, defs=0x1847668, defcount=1, closure=0x0) at /usr/src/debug/Python-2.7/Python/ceval.c:3311
#30 0x00007fce73bb2d6b in function_call (func=0x184caa0, arg=0x2627150, kw=0x29ee460) at /usr/src/debug/Python-2.7/Objects/funcobject.c:526
#31 0x00007fce73b89fc3 in PyObject_Call (func=0x184caa0, arg=<value optimized out>, kw=<value optimized out>) at /usr/src/debug/Python-2.7/Objects/abstract.c:2522
#32 0x00007fce73b9b65f in instancemethod_call (func=0x184caa0, arg=0x2627150, kw=0x29ee460) at /usr/src/debug/Python-2.7/Objects/classobject.c:2578
#33 0x00007fce73b89fc3 in PyObject_Call (func=0x28aa7d0, arg=<value optimized out>, kw=<value optimized out>) at /usr/src/debug/Python-2.7/Objects/abstract.c:2522
#34 0x00007fce73be5ade in slot_tp_init (self=<value optimized out>, args=0x7fce73afc050, kwds=0x29ee460) at /usr/src/debug/Python-2.7/Objects/typeobject.c:5648
#35 0x00007fce73be56b8 in type_call (type=<value optimized out>, args=0x7fce73afc050, kwds=0x29ee460) at /usr/src/debug/Python-2.7/Objects/typeobject.c:725
#36 0x00007fce73b89fc3 in PyObject_Call (func=0x18831e0, arg=<value optimized out>, kw=<value optimized out>) at /usr/src/debug/Python-2.7/Objects/abstract.c:2522
#37 0x00007fce73c28f99 in ext_do_call (f=<value optimized out>, throwflag=<value optimized out>) at /usr/src/debug/Python-2.7/Python/ceval.c:4384
#38 PyEval_EvalFrameEx (f=<value optimized out>, throwflag=<value optimized out>) at /usr/src/debug/Python-2.7/Python/ceval.c:2760
#39 0x00007fce73c2c04d in PyEval_EvalCodeEx (co=0x17f89b0, globals=<value optimized out>, locals=<value optimized out>, args=<value optimized out>, argcount=0, kws=0x1885dc8, kwcount=0, defs=0x0, defcount=0, closure=0x0) at /usr/src/debug/Python-2.7/Python/ceval.c:3311
#40 0x00007fce73c2a63a in fast_function (f=<value optimized out>, throwflag=<value optimized out>) at /usr/src/debug/Python-2.7/Python/ceval.c:4167
#41 call_function (f=<value optimized out>, throwflag=<value optimized out>) at /usr/src/debug/Python-2.7/Python/ceval.c:4092
#42 PyEval_EvalFrameEx (f=<value optimized out>, throwflag=<value optimized out>) at /usr/src/debug/Python-2.7/Python/ceval.c:2721
#43 0x00007fce73c2c04d in PyEval_EvalCodeEx (co=0x17f8e30, globals=<value optimized out>, locals=<value optimized out>, args=<value optimized out>, argcount=1, kws=0x260e958, kwcount=3, defs=0x18364e0, defcount=6, closure=0x0) at /usr/src/debug/Python-2.7/Python/ceval.c:3311
#44 0x00007fce73bb2d6b in function_call (func=0x184cd70, arg=0x289bf50, kw=0x2a05d00) at /usr/src/debug/Python-2.7/Objects/funcobject.c:526
#45 0x00007fce73b89fc3 in PyObject_Call (func=0x184cd70, arg=<value optimized out>, kw=<value optimized out>) at /usr/src/debug/Python-2.7/Objects/abstract.c:2522
#46 0x00007fce73b9b65f in instancemethod_call (func=0x184cd70, arg=0x289bf50, kw=0x2a05d00) at /usr/src/debug/Python-2.7/Objects/classobject.c:2578
#47 0x00007fce73b89fc3 in PyObject_Call (func=0x28aa820, arg=<value optimized out>, kw=<value optimized out>) at /usr/src/debug/Python-2.7/Objects/abstract.c:2522
#48 0x00007fce73be5ade in slot_tp_init (self=<value optimized out>, args=0x7fce73afc050, kwds=0x2a05d00) at /usr/src/debug/Python-2.7/Objects/typeobject.c:5648
#49 0x00007fce73be56b8 in type_call (type=<value optimized out>, args=0x7fce73afc050, kwds=0x2a05d00) at /usr/src/debug/Python-2.7/Objects/typeobject.c:725
#50 0x00007fce73b89fc3 in PyObject_Call (func=0x1884890, arg=<value optimized out>, kw=<value optimized out>) at /usr/src/debug/Python-2.7/Objects/abstract.c:2522
#51 0x00007fce73c29783 in do_call (f=<value optimized out>, throwflag=<value optimized out>) at /usr/src/debug/Python-2.7/Python/ceval.c:4289
#52 call_function (f=<value optimized out>, throwflag=<value optimized out>) at /usr/src/debug/Python-2.7/Python/ceval.c:4094
#53 PyEval_EvalFrameEx (f=<value optimized out>, throwflag=<value optimized out>) at /usr/src/debug/Python-2.7/Python/ceval.c:2721
#54 0x00007fce73c2c04d in PyEval_EvalCodeEx (co=0x236f030, globals=<value optimized out>, locals=<value optimized out>, args=<value optimized out>, argcount=1, kws=0x0, kwcount=0, defs=0x0, defcount=0, closure=0x0) at /usr/src/debug/Python-2.7/Python/ceval.c:3311
#55 0x00007fce73bb2c62 in function_call (func=0x2624c80, arg=0x2627690, kw=0x0) at /usr/src/debug/Python-2.7/Objects/funcobject.c:526
#56 0x00007fce73b89fc3 in PyObject_Call (func=0x2624c80, arg=<value optimized out>, kw=<value optimized out>) at /usr/src/debug/Python-2.7/Objects/abstract.c:2522
#57 0x00007fce73b9b65f in instancemethod_call (func=0x2624c80, arg=0x2627690, kw=0x0) at /usr/src/debug/Python-2.7/Objects/classobject.c:2578
#58 0x00007fce73b89fc3 in PyObject_Call (func=0x22fe0a0, arg=<value optimized out>, kw=<value optimized out>) at /usr/src/debug/Python-2.7/Objects/abstract.c:2522
#59 0x00007fce73c24a87 in PyEval_CallObjectWithKeywords (func=0x22fe0a0, arg=0x7fce73afc050, kw=<value optimized out>) at /usr/src/debug/Python-2.7/Python/ceval.c:3940
#60 0x00007fce6959577b in _pyglib_handler_marshal (user_data=0x26087a0) at pyglib.c:562
#61 0x00007fce68e7dfcb in g_timeout_dispatch (source=<value optimized out>, callback=<value optimized out>, user_data=<value optimized out>) at gmain.c:3555
#62 0x00007fce68e7c813 in g_main_dispatch (context=0x1c90850) at gmain.c:2119
#63 g_main_context_dispatch (context=0x1c90850) at gmain.c:2672
#64 0x00007fce68e7cff0 in g_main_context_iterate (context=0x1c90850, block=1, dispatch=1, self=<value optimized out>) at gmain.c:2750
#65 0x00007fce68e7d662 in g_main_loop_run (loop=0x265c6e0) at gmain.c:2958
#66 0x00000033b9549ee7 in IA__gtk_main () at gtkmain.c:1237
#67 0x00007fce6891a846 in _wrap_gtk_main (self=<value optimized out>) at ./gtk.override:1241
#68 0x00007fce73c2a12b in call_function (f=<value optimized out>, throwflag=<value optimized out>) at /usr/src/debug/Python-2.7/Python/ceval.c:4055
#69 PyEval_EvalFrameEx (f=<value optimized out>, throwflag=<value optimized out>) at /usr/src/debug/Python-2.7/Python/ceval.c:2721
#70 0x00007fce73c2b71d in fast_function (f=<value optimized out>, throwflag=<value optimized out>) at /usr/src/debug/Python-2.7/Python/ceval.c:4157
#71 call_function (f=<value optimized out>, throwflag=<value optimized out>) at /usr/src/debug/Python-2.7/Python/ceval.c:4092
#72 PyEval_EvalFrameEx (f=<value optimized out>, throwflag=<value optimized out>) at /usr/src/debug/Python-2.7/Python/ceval.c:2721
#73 0x00007fce73c2c04d in PyEval_EvalCodeEx (co=0x16e0ab0, globals=<value optimized out>, locals=<value optimized out>, args=<value optimized out>, argcount=0, kws=0x0, kwcount=0, defs=0x0, defcount=0, closure=0x0) at /usr/src/debug/Python-2.7/Python/ceval.c:3311
#74 0x00007fce73c2c162 in PyEval_EvalCode (co=<value optimized out>, globals=<value optimized out>, locals=<value optimized out>) at /usr/src/debug/Python-2.7/Python/ceval.c:670
#75 0x00007fce73c4739c in run_mod (mod=<value optimized out>, filename=<value optimized out>, globals=0x15f6f60, locals=0x15f6f60, flags=<value optimized out>, arena=<value optimized out>) at /usr/src/debug/Python-2.7/Python/pythonrun.c:1346
#76 0x00007fce73c481d0 in PyRun_FileExFlags (fp=0x16d12f0, filename=0x7fff8bbf8757 "/usr/share/virt-manager/virt-manager.py", start=<value optimized out>, globals=0x15f6f60, locals=0x15f6f60, closeit=1, flags=0x7fff8bbf7be0) at /usr/src/debug/Python-2.7/Python/pythonrun.c:1332
#77 0x00007fce73c48daf in PyRun_SimpleFileExFlags (fp=0x16d12f0, filename=0x7fff8bbf8757 "/usr/share/virt-manager/virt-manager.py", closeit=1, flags=0x7fff8bbf7be0) at /usr/src/debug/Python-2.7/Python/pythonrun.c:936
#78 0x00007fce73c5a8be in Py_Main (argc=<value optimized out>, argv=<value optimized out>) at /usr/src/debug/Python-2.7/Modules/main.c:599
#79 0x0000003626a1ecdd in __libc_start_main (main=0x400710 <main>, argc=2, ubp_av=0x7fff8bbf7d08, init=<value optimized out>, fini=<value optimized out>, rtld_fini=<value optimized out>, stack_end=0x7fff8bbf7cf8) at libc-start.c:226
#80 0x0000000000400649 in _start ()
(gdb)
Comment 10 Daniel Berrangé 2010-08-05 16:03:03 UTC 
This new stack trace doesn't show any evidence of gtk-vnc being involved now. I did see another virt-manager crash somewhere about new python 2.7, but not sure if that's what this is
Comment 11 Tom London 2010-08-05 16:27:31 UTC 
OK, I'll open a new BZ for this (or jump on an existing one).

I'll close this one.  Reopen if I'm premature.....
Comment 12 Yanko Kaneti 2010-08-05 20:13:48 UTC 
I believe you need something like 

++              priv->xmit_buffer_size = 0;
++              priv->xmit_buffer_capacity = 0;

around the same place. 
I can also reproduce a crash with 0.4.1-4 and this fixes it.
Comment 13 Daniel Berrangé 2010-08-06 09:31:26 UTC 
Opps, of course it does.

This should now be fixed in gtk-vnc-0.4.1-5.fc14
Comment 14 Fedora Update System 2010-08-06 09:33:25 UTC 
gtk-vnc-0.4.1-5.fc14 has been submitted as an update for Fedora 14.
http://admin.fedoraproject.org/updates/gtk-vnc-0.4.1-5.fc14
Comment 15 Tom London 2010-08-06 14:00:28 UTC 
gtk-vnc-0.4.1-5.fc15.x86_64 "works for me".

I can no longer reproduce crash.

I can now close the VM's window and reopen it several times without crash.

I'll dup/close https://bugzilla.redhat.com/show_bug.cgi?id=621617 to this.

Close?
Comment 16 Tom London 2010-08-06 14:02:37 UTC 
*** Bug 621617 has been marked as a duplicate of this bug. ***
Comment 17 Fedora Update System 2010-08-10 01:30:32 UTC 
gtk-vnc-0.4.1-5.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update gtk-vnc'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/gtk-vnc-0.4.1-5.fc14
Comment 18 Cole Robinson 2010-08-21 21:25:32 UTC 
*** Bug 622186 has been marked as a duplicate of this bug. ***
Comment 19 Cole Robinson 2010-08-21 21:28:01 UTC 
*** Bug 614282 has been marked as a duplicate of this bug. ***
Comment 20 Fedora Update System 2010-08-24 01:32:49 UTC 
gtk-vnc-0.4.1-5.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.