Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 869945

Summary: connect to a stopped spice would lead qemu core dump
Product: Red Hat Enterprise Linux 6 Reporter: Xiaoqing Wei <xwei>
Component: spice-serverAssignee: Uri Lublin <uril>
Status: CLOSED DUPLICATE QA Contact: Desktop QE <desktop-qa-list>
Severity: high Docs Contact:
Priority: high    
Version: 6.4CC: acathrow, areis, borgan, bsarathy, cfergeau, dblechte, dyasny, juzhang, marcandre.lureau, michen, mkenneth, shuang, virt-maint
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 869958 (view as bug list) Environment:
Last Closed: 2012-11-15 17:46:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 869958    
Attachments:
Description Flags
core file: bunzip to decompress none

Description Xiaoqing Wei 2012-10-25 08:02:42 UTC 
Description of problem:

connect to a stopped spice would lead qemu core dump

Version-Release number of selected component (if applicable):
qemu-kvm-0.12.1.2-2.331.el6.x86_64
qemu-kvm-rhev-0.12.1.2-2.331.el6.x86_64
How reproducible:

100%

Steps to Reproduce:
1. boot a vm, w/ spice , w/ -S
eg: qemu-kvm -vga qxl -spice port=8000,disable-ticketing -S
2. connect to that qemu w/ spice-client:
spicec -h $host_ip -p 8000
3.
  
Actual results:
qemu core dump

Expected results:
qemu work well

Additional info:

Tried same steps on qemu-kvm-0.12.1.2-2.295.el6.x86_64, works *WELL*, so it's a Regression
Comment 1 Xiaoqing Wei 2012-10-25 08:10:04 UTC 
Created attachment 633220 [details]
core file: bunzip to decompress

Original core has been uploaded.

(gdb) bt
#0  0x00007fa103b648a5 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007fa103b66085 in abort () at abort.c:92
#2  0x00007fa103b5da1e in __assert_fail_base (fmt=<value optimized out>, assertion=
    0x7fa1063d0c38 "qemu_spice_display_is_running(&d->ssd)", file=0x7fa1063d0b28 "/builddir/build/BUILD/qemu-kvm-0.12.1.2/hw/qxl.c", 
    line=<value optimized out>, function=<value optimized out>) at assert.c:96
#3  0x00007fa103b5dae0 in __assert_fail (assertion=0x7fa1063d0c38 "qemu_spice_display_is_running(&d->ssd)", file=
    0x7fa1063d0b28 "/builddir/build/BUILD/qemu-kvm-0.12.1.2/hw/qxl.c", line=1658, function=0x7fa1063d1820 "qxl_send_events")
    at assert.c:105
#4  0x00007fa106390c5d in qxl_send_events (d=0x7fa1086bc840, events=16) at /usr/src/debug/qemu-kvm-0.12.1.2/hw/qxl.c:1658
#5  0x00007fa10439c7a2 in handle_new_display_channel (opaque=0x7f9fdc0008c0, payload=0x7f9fdc1d80a0) at red_worker.c:10370
#6  handle_dev_display_connect (opaque=0x7f9fdc0008c0, payload=0x7f9fdc1d80a0) at red_worker.c:11216
#7  0x00007fa10437ccc7 in dispatcher_handle_single_read (dispatcher=0x7fa1072ca1d8) at dispatcher.c:139
#8  dispatcher_handle_recv_read (dispatcher=0x7fa1072ca1d8) at dispatcher.c:162
#9  0x00007fa10439d88e in red_worker_main (arg=<value optimized out>) at red_worker.c:11782
#10 0x00007fa105b5b851 in start_thread (arg=0x7fa0f5bfc700) at pthread_create.c:301
#11 0x00007fa103c1a90d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
(gdb)
Comment 3 Xiaoqing Wei 2012-10-25 08:24:18 UTC 
after bisect testing, this is a Regression since
qemu-kvm-0.12.1.2-2.324.el6.x86_64

should be introduced by:
Bug 860017 - [RFE] -spice- Add rendering support in order to improve spice performance
Comment 4 Xiaoqing Wei 2012-10-25 08:30:51 UTC 
updating relavent packages here:
spice-server-0.12.0-1.el6.x86_64
vgabios-0.6b-3.6.el6.noarch
Comment 6 Xiaoqing Wei 2012-10-25 09:19:19 UTC 
Found that this exists on Fedora rawhide too, cloned a Bug 869958 .
Comment 7 Xiaoqing Wei 2012-10-25 09:21:32 UTC 
Hi,

I Found a similar one, Bug 867405 - core dump when starting qemu with spice and -S

If they are same, pls feel free to dup to that bug.

Thanks,
Xiaoqing.
Comment 8 Gerd Hoffmann 2012-10-29 07:56:27 UTC 
Looks like a dup of bug 867405 indeed, but I leave that to the spice team to investigate in detail.
Comment 10 Marc-Andre Lureau 2012-11-15 17:46:03 UTC 

*** This bug has been marked as a duplicate of bug 867405 ***