Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 642131

Summary: qemu-kvm aborts of 'qemu_spice_display_create_update: unhandled depth: 0 bits'
Product: Red Hat Enterprise Linux 6 Reporter: Amos Kong <akong>
Component: qemu-kvmAssignee: Gerd Hoffmann <kraxel>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.0CC: ailan, ehabkost, kcao, mkenneth, plyons, tburke, virt-maint
Target Milestone: rc   
Target Release: 6.1   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: qemu-kvm-0.12.1.2-2.133.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-05-19 11:29:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 580954    
Attachments:
Description Flags
guest snapshot before abort
none
bugfix
none
gdb debug msg none

Description Amos Kong 2010-10-12 06:14:31 UTC 
Description of problem:
When install win2003 guest, qemu-kvm aborted.
error:
(qemu) qemu_spice_display_create_update: unhandled depth: 0 bits

Version-Release number of selected component (if applicable):
host kernel: 2.6.32-71.2.1.el6_0.x86_64
# rpm -qa |grep qemu
qemu-kvm-tools-0.12.1.2-2.113.el6_0.1.x86_64
gpxe-roms-qemu-0.9.7-6.3.el6.noarch
qemu-img-0.12.1.2-2.113.el6_0.1.x86_64
qemu-kvm-debuginfo-0.12.1.2-2.113.el6_0.1.x86_64
qemu-kvm-0.12.1.2-2.113.el6_0.1.x86_64
spice-server-0.4.2-15.el6.x86_64

How reproducible:
not always

Steps to Reproduce:
1. install guest with spice options

Actual results:
qemu-kvm aborted.

Expected results:
installation completed.

Additional info:

1. command line: 
# qemu-kvm -name 'vm1' -chardev socket,id=human_monitor_2nwO,path=/tmp/monitor-humanmonitor1-20101006-173800-AqnM,server,nowait -mon chardev=human_monitor_2nwO,mode=readline -chardev socket,id=serial_LyAW,path=/tmp/serial-20101006-173800-AqnM,server,nowait -device isa-serial,chardev=serial_LyAW -drive file='/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/images/win2003-32-virtio.raw',index=0,if=none,id=drive-ide0-0-0,media=disk,cache=writethrough,boot=on,format=raw,aio=native -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -device rtl8139,netdev=id8U7S2U,id=ndev00id8U7S2U,mac='02:C6:F5:F9:52:39',bus=pci.0,addr=0x3 -netdev tap,id=id8U7S2U,ifname='rtl8139_0_8000',script='/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/scripts/qemu-ifup-vbr0',downscript='no' -m 2048 -smp 2 -drive file='/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/isos/ISO/Win2003/32/en_win_srv_2003_r2_enterprise_with_sp2_cd1_X13-05460.iso',index=1,if=none,id=drive-ide0-0-1,media=cdrom,readonly=on,format=raw -device ide-drive,bus=ide.0,unit=1,drive=drive-ide0-0-1,id=ide0-0-1 -drive file='/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/isos/windows/winutils.iso',index=2,if=none,id=drive-ide0-1-0,media=cdrom,readonly=on,format=raw -device ide-drive,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 -cpu cpu64-rhel6,+x2apic -fda '/usr/local/staf/test/RHEV/kvm-new/autotest/client/tests/kvm/images/floppy.img' -vnc :0 -spice port=8000,disable-ticketing -vga qxl -rtc base=localtime,clock=host,driftfix=none -M rhel6.0.0 -usbdevice tablet -boot d -enable-kvm

2. debug msg:
(gdb) bt
#0  0x0000003bcde329a5 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x0000003bcde34185 in abort () at abort.c:92
#2  0x0000000000471f07 in qemu_spice_display_create_update (ds=0xeeafb0, dirty=<value optimized out>, unique=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/spice-display.c:109
#3  0x0000000000473467 in _qxl_get_command (d=0x18e87c0, cmd=0x7f1fd532d290) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl.c:288
#4  0x0000003bd9e2deb2 in red_process_commands (worker=0x7f1fd532d3d0, max_pipe_size=50) at red_worker.c:4541
#5  0x0000003bd9e2fd81 in red_worker_main (arg=<value optimized out>) at red_worker.c:8864
#6  0x0000003bce2077e1 in start_thread (arg=0x7f1fd5373710) at pthread_create.c:301
#7  0x0000003bcdee153d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
(gdb) info threads
  5 Thread 11764  0x0000003bcded9c34 in pwritev (fd=33, vector=0x7f1fc8000930, count=4, offset=740990464) at ../sysdeps/unix/sysv/linux/pwritev.c:68
  4 Thread 10638  __lll_lock_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:136
  3 Thread 10659  0x0000003bcded95f7 in ioctl () at ../sysdeps/unix/syscall-template.S:82
  2 Thread 10668  0x0000003bcded95f7 in ioctl () at ../sysdeps/unix/syscall-template.S:82
* 1 Thread 10669  0x0000003bcde329a5 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
(gdb) thread 2
[Switching to thread 2 (Thread 10668)]#0  0x0000003bcded95f7 in ioctl () at ../sysdeps/unix/syscall-template.S:82
82      T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS)
(gdb) bt
#0  0x0000003bcded95f7 in ioctl () at ../sysdeps/unix/syscall-template.S:82
#1  0x000000000042a77f in kvm_run (env=0xed3010) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:928
#2  0x000000000042ac09 in kvm_cpu_exec (env=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1658
#3  0x000000000042b82f in kvm_main_loop_cpu (_env=0xed3010) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1900
#4  ap_main_loop (_env=0xed3010) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1950
#5  0x0000003bce2077e1 in start_thread (arg=0x7f1fd600f710) at pthread_create.c:301
#6  0x0000003bcdee153d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
(gdb) thread 3
[Switching to thread 3 (Thread 10659)]#0  0x0000003bcded95f7 in ioctl () at ../sysdeps/unix/syscall-template.S:82
82      T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS)
(gdb) bt
#0  0x0000003bcded95f7 in ioctl () at ../sysdeps/unix/syscall-template.S:82
#1  0x000000000042a77f in kvm_run (env=0xeb9010) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:928
#2  0x000000000042ac09 in kvm_cpu_exec (env=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1658
#3  0x000000000042b82f in kvm_main_loop_cpu (_env=0xeb9010) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1900
#4  ap_main_loop (_env=0xeb9010) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:1950
#5  0x0000003bce2077e1 in start_thread (arg=0x7f1fd6a13710) at pthread_create.c:301
#6  0x0000003bcdee153d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
(gdb) thread 4
[Switching to thread 4 (Thread 10638)]#0  __lll_lock_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:136
136     2:      movl    %edx, %eax
(gdb) bt
#0  __lll_lock_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:136
#1  0x0000003bce209345 in _L_lock_870 () from /lib64/libpthread-2.12.so
#2  0x0000003bce209217 in __pthread_mutex_lock (mutex=0x85c060) at pthread_mutex_lock.c:61
#3  0x000000000047461f in qxl_display_resize (ds=0xeeafb0) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl.c:820
#4  0x0000000000444897 in dpy_resize (opaque=0x18e8a58) at /usr/src/debug/qemu-kvm-0.12.1.2/console.h:218
#5  vga_draw_graphic (opaque=0x18e8a58) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/vga.c:1726
#6  vga_update_display (opaque=0x18e8a58) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/vga.c:1938
#7  0x000000000049eb38 in vga_hw_screen_dump (filename=<value optimized out>) at console.c:182
#8  0x0000000000417829 in handle_user_command (mon=0xf30850, cmdline=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:3960
#9  0x000000000041787a in monitor_command_cb (mon=0xf30850, cmdline=<value optimized out>, opaque=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:4506
#10 0x000000000049e4db in readline_handle_byte (rs=0x194b0e0, ch=<value optimized out>) at readline.c:369
#11 0x00000000004178ec in monitor_read (opaque=<value optimized out>, buf=0x7fff51d293b0 "\n", <incomplete sequence \375>, size=1) at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:4492
#12 0x00000000004b6d8a in qemu_chr_read (opaque=0xe8e050) at qemu-char.c:154
#13 tcp_chr_read (opaque=0xe8e050) at qemu-char.c:2072
#14 0x000000000040b4af in main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4234
#15 0x0000000000428c2a in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2133
#16 0x000000000040e5cb in main_loop (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4444
#17 main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6601
Comment 1 Gerd Hoffmann 2010-10-14 14:48:30 UTC 
Where does it happen?  When booting?
Somewhere in the middle of the install (video probing probably)?

Looks like autotest found it, correct?
Does it happen without autotest too?
Comment 2 Amos Kong 2010-10-15 05:59:22 UTC 
(In reply to comment #1)
> Where does it happen?  When booting?

qemu process exited during installation.
will attach a snapshot.

> Somewhere in the middle of the install (video probing probably)?

not sure, I install guest with this unattended file.

http://github.com/ehabkost/autotest/blob/master/client/tests/kvm/unattended/win2003-32.sif

> Looks like autotest found it, correct?

Yes, the reproduce rate is too low, I only touched 2 times.

> Does it happen without autotest too?

I tried 15 times, could not reproduce.
Comment 3 Amos Kong 2010-10-15 06:01:16 UTC 
Created attachment 453650 [details]
guest snapshot before abort
Comment 4 Gerd Hoffmann 2010-10-15 12:48:59 UTC 
Created attachment 453724 [details]
bugfix

https://brewweb.devel.redhat.com/taskinfo?taskID=2828242
Comment 5 Gerd Hoffmann 2010-10-15 12:49:34 UTC 
Please test
Comment 6 Amos Kong 2010-10-18 02:49:52 UTC 
(In reply to comment #5)
> Please test

the reproduce ratio is very low, so I'm testing with the new packets for longer time(two days), then reply the result to bz.
Comment 7 Amos Kong 2010-10-19 03:03:45 UTC 
(In reply to comment #6)
> (In reply to comment #5)
> > Please test
> 
> the reproduce ratio is very low, so I'm testing with the new packets for longer
> time(two days), then reply the result to bz.

Hello Gerd, the new packet is unavailable. the installation always hangs.


bt)
#0  0x0000003b73c0e50d in read () at ../sysdeps/unix/syscall-template.S:82
#1  0x0000003b7601046a in read (qxl_worker=0x292cb00) at /usr/include/bits/unistd.h:45
#2  receive_data (qxl_worker=0x292cb00) at red_worker.h:117
#3  read_message (qxl_worker=0x292cb00) at red_worker.h:130
#4  qxl_worker_detach (qxl_worker=0x292cb00) at red_dispatcher.c:233
#5  0x00000000004722bd in qxl_detach (d=0x331b7c0) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl.c:463
#6  0x0000000000472ea9 in qxl_reset (d=0x331b7c0) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl.c:546
#7  0x00000000004745d3 in qxl_display_resize (ds=0x2922fa0) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl.c:820
#8  0x0000000000444937 in dpy_resize (opaque=0x331ba58) at /usr/src/debug/qemu-kvm-0.12.1.2/console.h:218
#9  vga_draw_graphic (opaque=0x331ba58) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/vga.c:1726
#10 vga_update_display (opaque=0x331ba58) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/vga.c:1938
#11 0x00000000004744b5 in qxl_display_refresh (ds=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl.c:829
#12 0x000000000040bb6e in dpy_refresh (opaque=0x2922fa0) at /usr/src/debug/qemu-kvm-0.12.1.2/console.h:236
#13 gui_update (opaque=0x2922fa0) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:3455
#14 0x000000000040b5d8 in qemu_run_timers (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:1167
#15 main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4271
#16 0x0000000000428d3a in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2133
#17 0x000000000040e5cb in main_loop (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>)
    at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4444
#18 main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6601
Comment 8 Amos Kong 2010-10-19 04:16:44 UTC 
Created attachment 454246 [details]
gdb debug msg

When I execute win2003-64 installation with the new packages, it's easy to hang.
Attach the debug msg, it looks like a existed bug which was fixed in 0.12.1.2-2.114.el6.

(Bug 617119  - Qemu becomes unresponsive during unattended_installation)
Comment 9 Gerd Hoffmann 2011-01-07 10:17:38 UTC 
spice rebase planned for 6.1 will fix this, patches already @ rhvirt-patches.
Comment 16 errata-xmlrpc 2011-05-19 11:29:30 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0534.html
Comment 17 errata-xmlrpc 2011-05-19 12:49:30 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2011-0534.html