Bug 692976 - Spice client crashes when connecting to a Windows guest with support of 2 screens
Spice client crashes when connecting to a Windows guest with support of 2 scr...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: spice-client (Show other bugs)
6.1
Unspecified Unspecified
urgent Severity urgent
: beta
: ---
Assigned To: Yonit Halperin
Desktop QE
:
Depends On:
Blocks: 612966
  Show dependency treegraph
 
Reported: 2011-04-01 16:43 EDT by Marian Krcmarik
Modified: 2011-12-06 10:22 EST (History)
9 users (show)

See Also:
Fixed In Version: spice-client-0.8.2-1.el6 spicec-win-0.1-5
Doc Type: Bug Fix
Doc Text:
Cause Endless recursion in spice-client, when guest (and client) used more than a single monitor (rearrange_monitors -> prepare_monitors -> resize -> errange_monitors ->...). Consequence spicec crashed. Fix Break endless recursion (resize does not call rearrange_monitors). Result spicec does not crash anymore.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-12-06 10:22:17 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Abrt log with bt (252.65 KB, text/plain)
2011-04-01 16:45 EDT, Marian Krcmarik
no flags Details
simple workaround (964 bytes, patch)
2011-05-19 08:39 EDT, Marc-Andre Lureau
no flags Details | Diff
another solution (6.95 KB, patch)
2011-07-21 03:08 EDT, Yonit Halperin
no flags Details | Diff

  None (edit)
Description Marian Krcmarik 2011-04-01 16:43:37 EDT
Description of problem:
Spice client crashes when connecting through User portal of RHEVM2.2 to a Guest with 2 qxl devices - spicec window is open but after a while It does crash, I attach a abrt log with bt where a loop is obvious. Number of screens is set with using Admin portal of RHEVM2.2. When setting 1 screen no crash occurs on the same configuration.

Version-Release number of selected component (if applicable):
Client:
spice-client-0.8.0-2.el6.i686
(tried 0.6.3 client with the same result)
spice-vdagent-0.6.3-5.el6.i686
spice-xpi-2.4-2.el6.i686

Guest:
Win7 32bit, RHEVM Tools 2.2.52832, qxl 4.5.46561.0
(tried WinXP with the same result)

Host:
rhev-hypervisor-5.6-10.1.el5_6 (kvm-83-224.el5, qspice-libs-0.3.0-54.el5_5.2)

How reproducible:
Always

Steps to Reproduce:
1. Connect to a Windows guest through User portal of RHEVM2.2 while enabled 2 screens (-qxl 2) on the windows guest (see additional info for kvm process cli) using spice client ( client machine has two monitors)
  
Actual results:
Spicec window is open and after while crashes.

Expected results:
Spicec window opens on two screens.


Additional info:
/usr/libexec/qemu-kvm -no-hpet -usb -rtc-td-hack -startdate 2011-04-01T23:40:13 -name Win7x32-0 -smp 1,cores=1 -k en-us -m 1024 -boot c -net nic,vlan=1,macaddr=00:1a:4a:22:3a:03,model=rtl8139 -net tap,vlan=1,ifname=rtl8139_13_1,script=no -drive file=/rhev/data-center/b783ba8e-e56f-401c-a373-c8fbb669ccc9/2ba1255a-3db5-42ea-8828-6d7d78095150/images/8041854e-aba9-4332-94d8-bc9cc5c34bb6/bb6694b0-ac29-4255-b155-a245b266417b,media=disk,if=ide,cache=off,index=0,serial=32-94d8-bc9cc5c34bb6,boot=off,format=qcow2,werror=stop -pidfile /var/vdsm/67894dd9-5f67-4c14-8097-470b148f16f3.pid -soundhw ac97 -spice sslpassword=,sslciphersuite=DEFAULT,sslcert=/var/vdsm/ts/certs/vdsmcert.pem,sslkey=/var/vdsm/ts/keys/vdsmkey.pem,ssldhfile=/var/vdsm/ts/keys/dh.pem,sslcafile=/var/vdsm/ts/certs/cacert.pem,host=0,secure-channels=main+inputs,ic=on,sport=5887,port=5913 -qxl 2 -cpu qemu64,+sse2,+cx16,+ssse3,+sse4.1,+sse4.2,+popcnt -M rhel5.5.0 -notify all -balloon none -smbios type=1,manufacturer=Red Hat,product=RHEV Hypervisor,version=5.6-10.1.el5_6,serial=33313934-3432-5A43-3230-323437523147_78:e7:d1:e0:29:3a,uuid=67894dd9-5f67-4c14-8097-470b148f16f3 -vmchannel di:0200,unix:/var/vdsm/67894dd9-5f67-4c14-8097-470b148f16f3.guest.socket,server -monitor unix:/var/vdsm/67894dd9-5f67-4c14-8097-470b148f16f3.monitor.socket,server
Comment 1 Marian Krcmarik 2011-04-01 16:45:17 EDT
Created attachment 489507 [details]
Abrt log with bt
Comment 3 RHEL Product and Program Management 2011-04-03 22:07:48 EDT
Since RHEL 6.1 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.
Comment 4 Marian Krcmarik 2011-04-06 08:15:30 EDT
Reproduced by Michal Hasko, It's not able to use 2 monitors when launching a guest from RHEVM2.2.7.
Comment 7 Marian Krcmarik 2011-05-16 08:39:55 EDT
I reproduced this when guest was started within RHEVM2.3 (it means RHEVM2.3(ic116), RHEL6.1 host, 0.8.1 spice server), I switch two screens to full-screen mode and then I reboot Windows guest and spice-client-0.8.0-2.el6.x86_64 crashed. In backtrace the same loop is obvious:

.
.
.
#20278 0x000000000041e736 in Application::prepare_monitors (this=0x2076bc0)
    at ../../client/application.cpp:1450
#20279 0x000000000041fb81 in Application::rearrange_monitors (this=0x2076bc0, screen=...)
    at ../../client/application.cpp:1396
#20280 0x00000000004d7f7c in RedScreen::resize (this=0x20a7890, width=1440, height=900)
    at ../../client/screen.cpp:189
#20281 0x000000000041e736 in Application::prepare_monitors (this=0x2076bc0)
    at ../../client/application.cpp:1450
#20282 0x000000000041fb81 in Application::rearrange_monitors (this=0x2076bc0, screen=...)
    at ../../client/application.cpp:1396
#20283 0x00000000004d7f7c in RedScreen::resize (this=0x20a7890, width=1440, height=900)
    at ../../client/screen.cpp:189
#20284 0x000000000041e736 in Application::prepare_monitors (this=0x2076bc0)
    at ../../client/application.cpp:1450
#20285 0x000000000041fb81 in Application::rearrange_monitors (this=0x2076bc0, screen=...)
    at ../../client/application.cpp:1396
#20286 0x00000000004d7f7c in RedScreen::resize (this=0x20a7890, width=1440, height=900)
    at ../../client/screen.cpp:189
#20287 0x000000000041e736 in Application::prepare_monitors (this=0x2076bc0)
    at ../../client/application.cpp:1450
#20288 0x000000000041fb81 in Application::rearrange_monitors (this=0x2076bc0, screen=...)
    at ../../client/application.cpp:1396
#20289 0x00000000004d7f7c in RedScreen::resize (this=0x20a7890, width=1440, height=900)
    at ../../client/screen.cpp:189
#20290 0x000000000041e736 in Application::prepare_monitors (this=0x2076bc0)
    at ../../client/application.cpp:1450
#20291 0x000000000041fb81 in Application::rearrange_monitors (this=0x2076bc0, screen=...)
    at ../../client/application.cpp:1396
#20292 0x00000000004d7f7c in RedScreen::resize (this=0x20a7890, width=1440, height=900)
    at ../../client/screen.cpp:189
.
.
.
.
Comment 8 Marc-Andre Lureau 2011-05-19 07:48:16 EDT
taking the bug, as I can reproduce it, and made a simple workaround
Comment 9 Marc-Andre Lureau 2011-05-19 08:39:00 EDT
Created attachment 499823 [details]
simple workaround

There is an obvious loop in the code, which I really don't understand why the code is like that and how it worked...

The easy workaround is to break the loop by having a reentering flag, but perhaps we should be calling screen->lock_size() instead?

I don't know if it's worth investigating more since we are deprecating spicec.
Comment 16 Yonit Halperin 2011-07-21 03:08:21 EDT
Created attachment 514147 [details]
another solution
Comment 19 Marian Krcmarik 2011-08-02 14:41:28 EDT
Verified on spice-client-0.8.2-1.
Comment 20 Uri Lublin 2011-11-20 07:10:19 EST
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause
  Endless recursion in spice-client, when guest (and client) used more than a single monitor (rearrange_monitors -> prepare_monitors -> resize -> errange_monitors ->...).

Consequence
  spicec crashed.

Fix
  Break endless recursion (resize does not call rearrange_monitors).

Result
  spicec does not crash anymore.
Comment 21 errata-xmlrpc 2011-12-06 10:22:17 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1518.html

Note You need to log in before you can comment on or make changes to this bug.