Red Hat Bugzilla – Bug 856068
[Graphical framebuffers]When spice migration finished, remote-viewer disconnected and got Segmentation fault
Last modified: 2013-01-10 18:52:12 EST
Description of problem: When spice migration finished, remote-viewer disconnected and got Segmentation fault (core dumped) Version-Release number of selected component (if applicable): kernel-2.6.32-302.el6.x86_64 virt-viewer-0.5.2-10.el6.x86_64 python-virtinst-0.600.0-8.el6.noarch virt-manager-0.9.0-14.el6.x86_64 spice-gtk-0.13.29-2.el6.x86_64 libvirt-0.10.1-1.el6.x86_64 How reproducible: Always Steps to Reproduce: 0.Prepare two hosts, source and target 1.Edit graphics element of guest's xml like this: #virsh dumpxml test --security-info ... <graphics type='spice' port='5900' tlsPort='5901' autoport='yes' passwd='aaabbb' passwdValidTo='2022-08-04T02:14:01'> <channel name='main' mode='secure'/> <channel name='record' mode='insecure'/> </graphics> ... 2.Modify the followings in /etc/libvirt/qemu.conf, both on source and target host uncomment # spice_listen = "0.0.0.0" spice_listen = "0.0.0.0" uncomment # spice_tls = 1 spice_tls = 1 uncomment # spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice" spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice" 3.Perform the following script on source host, to generate the cert files for ssl #!/bin/bash SERVER_KEY=server-key.pem # creating a key for our ca if [ ! -e ca-key.pem ]; then openssl genrsa -des3 -out ca-key.pem 1024 fi # creating a ca if [ ! -e ca-cert.pem ]; then openssl req -new -x509 -days 1095 -key ca-key.pem -out ca-cert.pem -subj "/C=IL/L=Raanana/O=Red Hat/CN=my CA" fi # create server key if [ ! -e $SERVER_KEY ]; then openssl genrsa -out $SERVER_KEY 1024 fi # create a certificate signing request (csr) if [ ! -e server-key.csr ]; then openssl req -new -key $SERVER_KEY -out server-key.csr -subj "/C=IL/L=Raanana/O=Red Hat/CN=my server" fi # signing our server certificate with this ca if [ ! -e server-cert.pem ]; then openssl x509 -req -days 1095 -in server-key.csr -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem fi # now create a key that doesn't require a passphrase openssl rsa -in $SERVER_KEY -out $SERVER_KEY.insecure mv $SERVER_KEY $SERVER_KEY.secure mv $SERVER_KEY.insecure $SERVER_KEY # show the results (no other effect) openssl rsa -noout -text -in $SERVER_KEY openssl rsa -noout -text -in ca-key.pem openssl req -noout -text -in server-key.csr openssl x509 -noout -text -in server-cert.pem openssl x509 -noout -text -in ca-cert.pem # copy *.pem file to /etc/pki/libvirt-spice if [[ -d "/etc/pki/libvirt-spice" ]] then cp ./*.pem /etc/pki/libvirt-spice else mkdir /etc/pki/libvirt-spice cp ./*.pem /etc/pki/libvirt-spice fi # echo --host-subject echo "your --host-subject is" \" `openssl x509 -noout -text -in server-cert.pem | grep Subject: | cut -f 10- -d " "` \" 4.scp /etc/pki/libvirt-spice/* to the target machine /etc/pki/libvirt-spice 5.Restart libvirtd on both source and target host to rescan the configuration # service libvirtd restart 6.Start the guest # virsh start guest 7.Access the spice interface with ssl connection on source machine # remote-viewer spice://$ip/?tls-port=5901 --spice-host-subject "C=IL,L=Raanana,O=Red Hat,CN=my server" --spice-ca-file /etc/pki/libvirt-spice/ca-cert.pem input password 8. migrate guest on source machine to target machine # virsh migrate --live guest qemu+ssh://$destination_IP/system Actual results: When spice migration finished, remote-viewer disconnected and got Segmentation fault (core dumped) Expected results: spice session always keeps connected . And there is no error for migration. Additional info:
When spice_tls is enabled which is the difference between this case and bug 825633, segmentation fault still comes after migration with spice-gtk-0.11-11.el6.x86_64 and even with the latest version spice-gtk-0.13.29-2.el6.x86_64.
*** This bug has been marked as a duplicate of bug 855870 ***