692976 – Spice client crashes when connecting to a Windows guest with support of 2 screens

Bug 692976 - Spice client crashes when connecting to a Windows guest with support of 2 screens

Summary: Spice client crashes when connecting to a Windows guest with support of 2 scr...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	spice-client
Sub Component:
Version:	6.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	beta
Target Release:	---
Assignee:	Yonit Halperin
QA Contact:	Desktop QE
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	612966
TreeView+	depends on / blocked

Reported:	2011-04-01 20:43 UTC by Marian Krcmarik
Modified:	2011-12-06 15:22 UTC (History)
CC List:	9 users (show)
Fixed In Version:	spice-client-0.8.2-1.el6 spicec-win-0.1-5
Doc Type:	Bug Fix
Doc Text:	Cause Endless recursion in spice-client, when guest (and client) used more than a single monitor (rearrange_monitors -> prepare_monitors -> resize -> errange_monitors ->...). Consequence spicec crashed. Fix Break endless recursion (resize does not call rearrange_monitors). Result spicec does not crash anymore.
Clone Of:
Environment:
Last Closed:	2011-12-06 15:22:17 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Abrt log with bt (252.65 KB, text/plain) 2011-04-01 20:45 UTC, Marian Krcmarik	no flags	Details
simple workaround (964 bytes, patch) 2011-05-19 12:39 UTC, Marc-Andre Lureau	no flags	Details \| Diff
another solution (6.95 KB, patch) 2011-07-21 07:08 UTC, Yonit Halperin	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2011:1518	0	normal	SHIPPED_LIVE	libcacard and spice-client bug fix and enhancement update	2011-12-06 00:50:43 UTC

Description Marian Krcmarik 2011-04-01 20:43:37 UTC

Description of problem:
Spice client crashes when connecting through User portal of RHEVM2.2 to a Guest with 2 qxl devices - spicec window is open but after a while It does crash, I attach a abrt log with bt where a loop is obvious. Number of screens is set with using Admin portal of RHEVM2.2. When setting 1 screen no crash occurs on the same configuration.

Version-Release number of selected component (if applicable):
Client:
spice-client-0.8.0-2.el6.i686
(tried 0.6.3 client with the same result)
spice-vdagent-0.6.3-5.el6.i686
spice-xpi-2.4-2.el6.i686

Guest:
Win7 32bit, RHEVM Tools 2.2.52832, qxl 4.5.46561.0
(tried WinXP with the same result)

Host:
rhev-hypervisor-5.6-10.1.el5_6 (kvm-83-224.el5, qspice-libs-0.3.0-54.el5_5.2)

How reproducible:
Always

Steps to Reproduce:
1. Connect to a Windows guest through User portal of RHEVM2.2 while enabled 2 screens (-qxl 2) on the windows guest (see additional info for kvm process cli) using spice client ( client machine has two monitors)
  
Actual results:
Spicec window is open and after while crashes.

Expected results:
Spicec window opens on two screens.


Additional info:
/usr/libexec/qemu-kvm -no-hpet -usb -rtc-td-hack -startdate 2011-04-01T23:40:13 -name Win7x32-0 -smp 1,cores=1 -k en-us -m 1024 -boot c -net nic,vlan=1,macaddr=00:1a:4a:22:3a:03,model=rtl8139 -net tap,vlan=1,ifname=rtl8139_13_1,script=no -drive file=/rhev/data-center/b783ba8e-e56f-401c-a373-c8fbb669ccc9/2ba1255a-3db5-42ea-8828-6d7d78095150/images/8041854e-aba9-4332-94d8-bc9cc5c34bb6/bb6694b0-ac29-4255-b155-a245b266417b,media=disk,if=ide,cache=off,index=0,serial=32-94d8-bc9cc5c34bb6,boot=off,format=qcow2,werror=stop -pidfile /var/vdsm/67894dd9-5f67-4c14-8097-470b148f16f3.pid -soundhw ac97 -spice sslpassword=,sslciphersuite=DEFAULT,sslcert=/var/vdsm/ts/certs/vdsmcert.pem,sslkey=/var/vdsm/ts/keys/vdsmkey.pem,ssldhfile=/var/vdsm/ts/keys/dh.pem,sslcafile=/var/vdsm/ts/certs/cacert.pem,host=0,secure-channels=main+inputs,ic=on,sport=5887,port=5913 -qxl 2 -cpu qemu64,+sse2,+cx16,+ssse3,+sse4.1,+sse4.2,+popcnt -M rhel5.5.0 -notify all -balloon none -smbios type=1,manufacturer=Red Hat,product=RHEV Hypervisor,version=5.6-10.1.el5_6,serial=33313934-3432-5A43-3230-323437523147_78:e7:d1:e0:29:3a,uuid=67894dd9-5f67-4c14-8097-470b148f16f3 -vmchannel di:0200,unix:/var/vdsm/67894dd9-5f67-4c14-8097-470b148f16f3.guest.socket,server -monitor unix:/var/vdsm/67894dd9-5f67-4c14-8097-470b148f16f3.monitor.socket,server

Comment 1 Marian Krcmarik 2011-04-01 20:45:17 UTC

Created attachment 489507 [details]
Abrt log with bt

Comment 3 RHEL Program Management 2011-04-04 02:07:48 UTC

Since RHEL 6.1 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.

Comment 4 Marian Krcmarik 2011-04-06 12:15:30 UTC

Reproduced by Michal Hasko, It's not able to use 2 monitors when launching a guest from RHEVM2.2.7.

Comment 7 Marian Krcmarik 2011-05-16 12:39:55 UTC

I reproduced this when guest was started within RHEVM2.3 (it means RHEVM2.3(ic116), RHEL6.1 host, 0.8.1 spice server), I switch two screens to full-screen mode and then I reboot Windows guest and spice-client-0.8.0-2.el6.x86_64 crashed. In backtrace the same loop is obvious:

.
.
.
#20278 0x000000000041e736 in Application::prepare_monitors (this=0x2076bc0)
    at ../../client/application.cpp:1450
#20279 0x000000000041fb81 in Application::rearrange_monitors (this=0x2076bc0, screen=...)
    at ../../client/application.cpp:1396
#20280 0x00000000004d7f7c in RedScreen::resize (this=0x20a7890, width=1440, height=900)
    at ../../client/screen.cpp:189
#20281 0x000000000041e736 in Application::prepare_monitors (this=0x2076bc0)
    at ../../client/application.cpp:1450
#20282 0x000000000041fb81 in Application::rearrange_monitors (this=0x2076bc0, screen=...)
    at ../../client/application.cpp:1396
#20283 0x00000000004d7f7c in RedScreen::resize (this=0x20a7890, width=1440, height=900)
    at ../../client/screen.cpp:189
#20284 0x000000000041e736 in Application::prepare_monitors (this=0x2076bc0)
    at ../../client/application.cpp:1450
#20285 0x000000000041fb81 in Application::rearrange_monitors (this=0x2076bc0, screen=...)
    at ../../client/application.cpp:1396
#20286 0x00000000004d7f7c in RedScreen::resize (this=0x20a7890, width=1440, height=900)
    at ../../client/screen.cpp:189
#20287 0x000000000041e736 in Application::prepare_monitors (this=0x2076bc0)
    at ../../client/application.cpp:1450
#20288 0x000000000041fb81 in Application::rearrange_monitors (this=0x2076bc0, screen=...)
    at ../../client/application.cpp:1396
#20289 0x00000000004d7f7c in RedScreen::resize (this=0x20a7890, width=1440, height=900)
    at ../../client/screen.cpp:189
#20290 0x000000000041e736 in Application::prepare_monitors (this=0x2076bc0)
    at ../../client/application.cpp:1450
#20291 0x000000000041fb81 in Application::rearrange_monitors (this=0x2076bc0, screen=...)
    at ../../client/application.cpp:1396
#20292 0x00000000004d7f7c in RedScreen::resize (this=0x20a7890, width=1440, height=900)
    at ../../client/screen.cpp:189
.
.
.
.

Comment 8 Marc-Andre Lureau 2011-05-19 11:48:16 UTC

taking the bug, as I can reproduce it, and made a simple workaround

Comment 9 Marc-Andre Lureau 2011-05-19 12:39:00 UTC

Created attachment 499823 [details]
simple workaround

There is an obvious loop in the code, which I really don't understand why the code is like that and how it worked...

The easy workaround is to break the loop by having a reentering flag, but perhaps we should be calling screen->lock_size() instead?

I don't know if it's worth investigating more since we are deprecating spicec.

Comment 16 Yonit Halperin 2011-07-21 07:08:21 UTC

Created attachment 514147 [details]
another solution

Comment 19 Marian Krcmarik 2011-08-02 18:41:28 UTC

Verified on spice-client-0.8.2-1.

Comment 20 Uri Lublin 2011-11-20 12:10:19 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause
  Endless recursion in spice-client, when guest (and client) used more than a single monitor (rearrange_monitors -> prepare_monitors -> resize -> errange_monitors ->...).

Consequence
  spicec crashed.

Fix
  Break endless recursion (resize does not call rearrange_monitors).

Result
  spicec does not crash anymore.

Comment 21 errata-xmlrpc 2011-12-06 15:22:17 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1518.html

Note You need to log in before you can comment on or make changes to this bug.