Bug 870811 - [abrt] qemu-system-x86-1.2.0-17.fc18: qxl_send_events: Process /usr/bin/qemu-kvm was killed by signal 6 (SIGABRT)
Summary: [abrt] qemu-system-x86-1.2.0-17.fc18: qxl_send_events: Process /usr/bin/qemu-...
Keywords:
Status: CLOSED DUPLICATE of bug 870972
Alias: None
Product: Fedora
Classification: Fedora
Component: qemu
Version: 18
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Fedora Virtualization Maintainers
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:c80518647e96171fb6fbbdac6fc...
: 869958 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-10-28 21:14 UTC by Cole Robinson
Modified: 2013-01-09 12:10 UTC (History)
14 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-10-30 22:02:29 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
File: core_backtrace (1.14 KB, text/plain)
2012-10-28 21:14 UTC, Cole Robinson
no flags Details
File: environ (85 bytes, text/plain)
2012-10-28 21:14 UTC, Cole Robinson
no flags Details
File: limits (1.29 KB, text/plain)
2012-10-28 21:14 UTC, Cole Robinson
no flags Details
File: backtrace (20.85 KB, text/plain)
2012-10-28 21:14 UTC, Cole Robinson
no flags Details
File: cgroup (277 bytes, text/plain)
2012-10-28 21:14 UTC, Cole Robinson
no flags Details
File: maps (42.20 KB, text/plain)
2012-10-28 21:14 UTC, Cole Robinson
no flags Details
File: dso_list (8.02 KB, text/plain)
2012-10-28 21:14 UTC, Cole Robinson
no flags Details
File: build_ids (3.72 KB, text/plain)
2012-10-28 21:14 UTC, Cole Robinson
no flags Details
File: proc_pid_status (917 bytes, text/plain)
2012-10-28 21:14 UTC, Cole Robinson
no flags Details
File: var_log_messages (312 bytes, text/plain)
2012-10-28 21:14 UTC, Cole Robinson
no flags Details
File: open_fds (1.09 KB, text/plain)
2012-10-28 21:14 UTC, Cole Robinson
no flags Details

Description Cole Robinson 2012-10-28 21:14:08 UTC
Description of problem:
Paused an F17 VM in virt-manager, after 10 or so seconds abrt yelled at me.
I've seen this at least 3 times.
Reproduced with an F18 VM and the latest qemu RPM (which has all the 1.2.1 patches so this is likely still an upstream issue).

VM log:

LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin QEMU_AUDIO_DRV=spice /usr/bin/qemu-kvm -name f17 -S -M pc-1.2 -cpu Opteron_G4,+nodeid_msr,+wdt,+skinit,+ibs,+osvw,+cr8legacy,+extapic,+cmp_legacy,+fxsr_opt,+mmxext,+osxsave,+monitor,+ht,+vme -enable-kvm -m 2048 -smp 2,sockets=2,cores=1,threads=1 -uuid 9052c2e2-c3ba-cd71-468c-789bf42ec9d1 -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/f17.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown -boot menu=off -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x7 -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive file=/mnt/data/devel/images/f17.qcow2,if=none,id=drive-virtio-disk0,format=qcow2 -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 -netdev tap,fd=25,id=hostnet0,vhost=on,vhostfd=27 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:12:ce:53,bus=pci.0,addr=0x3 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -chardev spicevmc,id=charchannel0,name=vdagent -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0 -device usb-tablet,id=input0 -spice port=5901,addr=127.0.0.1,disable-ticketing -vga qxl -global qxl-vga.vram_size=67108864 -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6
char device redirected to /dev/pts/5
main_channel_link: add main channel client
main_channel_handle_parsed: net test: latency 0.495000 ms, bitrate 4830188679 bps (4606.426887 Mbps)
inputs_connect: inputs channel client create
red_dispatcher_set_cursor_peer: 
red_channel_client_disconnect: 0x7f9f385e0010 (channel 0x7f9e9c21d0c0 type 2 id 0)
red_channel_client_disconnect: 0x7f9f4b610530 (channel 0x7f9f4b3a57c0 type 3 id 0)
red_channel_client_disconnect: 0x7f9f4b61f030 (channel 0x7f9f4b5ed8f0 type 5 id 0)
snd_channel_put: sound channel freed
red_channel_client_disconnect: 0x7f9f4b667c00 (channel 0x7f9f4b5f7250 type 6 id 0)
snd_channel_put: sound channel freed
red_channel_client_disconnect: 0x7f9f4b624880 (channel 0x7f9f4b39a1b0 type 1 id 0)
main_channel_client_on_disconnect: rcc=0x7f9f4b624880
red_client_destroy: destroy client with #channels 6
red_channel_client_disconnect: 0x7f9f4b667c00 (channel 0x7f9f4b5f7250 type 6 id 0)
red_channel_client_disconnect: 0x7f9f4b61f030 (channel 0x7f9f4b5ed8f0 type 5 id 0)
red_dispatcher_disconnect_display_peer: 
qemu-kvm: /home/crobinso/src/fedora/qemu/f18/qemu-kvm-1.2.0/hw/i386/../qxl.c:1717: qxl_send_events: Assertion `qemu_spice_display_is_running(&d->ssd)' failed.
2012-10-28 20:35:31.116+0000: shutting down


Version-Release number of selected component:
qemu-system-x86-1.2.0-17.fc18

Additional info:
libreport version: 2.0.16
abrt_version:   2.0.16
backtrace_rating: 4
cmdline:        /usr/bin/qemu-kvm -name f17 -S -M pc-1.2 -cpu Opteron_G4,+nodeid_msr,+wdt,+skinit,+ibs,+osvw,+cr8legacy,+extapic,+cmp_legacy,+fxsr_opt,+mmxext,+osxsave,+monitor,+ht,+vme -enable-kvm -m 2048 -smp 2,sockets=2,cores=1,threads=1 -uuid 9052c2e2-c3ba-cd71-468c-789bf42ec9d1 -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/f17.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown -boot menu=off -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x7 -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive file=/mnt/data/devel/images/f17.qcow2,if=none,id=drive-virtio-disk0,format=qcow2 -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 -netdev tap,fd=25,id=hostnet0,vhost=on,vhostfd=27 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:12:ce:53,bus=pci.0,addr=0x3 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -chardev spicevmc,id=charchannel0,name=vdagent -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0 -device usb-tablet,id=input0 -spice port=5901,addr=127.0.0.1,disable-ticketing -vga qxl -global qxl-vga.vram_size=67108864 -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6
crash_function: qxl_send_events
kernel:         3.6.3-3.fc18.x86_64

truncated backtrace:
:Thread no. 1 (5 frames)
: #4 qxl_send_events
: #5 handle_dev_display_disconnect at red_worker.c:11236
: #6 dispatcher_handle_single_read at dispatcher.c:139
: #7 dispatcher_handle_recv_read at dispatcher.c:162
: #8 red_worker_main at red_worker.c:11782

Comment 1 Cole Robinson 2012-10-28 21:14:15 UTC
Created attachment 634734 [details]
File: core_backtrace

Comment 2 Cole Robinson 2012-10-28 21:14:17 UTC
Created attachment 634735 [details]
File: environ

Comment 3 Cole Robinson 2012-10-28 21:14:19 UTC
Created attachment 634736 [details]
File: limits

Comment 4 Cole Robinson 2012-10-28 21:14:21 UTC
Created attachment 634737 [details]
File: backtrace

Comment 5 Cole Robinson 2012-10-28 21:14:23 UTC
Created attachment 634738 [details]
File: cgroup

Comment 6 Cole Robinson 2012-10-28 21:14:27 UTC
Created attachment 634739 [details]
File: maps

Comment 7 Cole Robinson 2012-10-28 21:14:29 UTC
Created attachment 634740 [details]
File: dso_list

Comment 8 Cole Robinson 2012-10-28 21:14:35 UTC
Created attachment 634741 [details]
File: build_ids

Comment 9 Cole Robinson 2012-10-28 21:14:37 UTC
Created attachment 634742 [details]
File: proc_pid_status

Comment 10 Cole Robinson 2012-10-28 21:14:41 UTC
Created attachment 634743 [details]
File: var_log_messages

Comment 11 Cole Robinson 2012-10-28 21:14:43 UTC
Created attachment 634744 [details]
File: open_fds

Comment 12 Cole Robinson 2012-10-28 21:18:02 UTC
Thread 1 (Thread 0x7f9f33fff700 (LWP 30376)):
#0  0x00007f9f4361dba5 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:63
        resultvar = 0
        pid = 30370
        selftid = 30376
#1  0x00007f9f4361f358 in __GI_abort () at abort.c:90
        save_stage = 2
        act = {__sigaction_handler = {sa_handler = 0x7fffc43dea03, sa_sigaction = 0x7fffc43dea03}, sa_mask = {__val = {140322008328925, 140322105169624, 1717, 140319200637680, 140322006991889, 872409432, 140322019106721, 48117049704, 4, 140321748936928, 0, 0, 0, 140322008328731, 140322101743616, 140322008339016}}, sa_flags = 1228642296, sa_restorer = 0x7f9f493b9dd0}
        sigs = {__val = {32, 0 <repeats 15 times>}}
#2  0x00007f9f43616972 in __assert_fail_base (fmt=0x7f9f43761248 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x7f9f493b97f8 "qemu_spice_display_is_running(&d->ssd)", file=file@entry=0x7f9f493b96d8 "/home/crobinso/src/fedora/qemu/f18/qemu-kvm-1.2.0/hw/i386/../qxl.c", line=line@entry=1717, function=function@entry=0x7f9f493b9dd0 "qxl_send_events") at assert.c:92
        str = 0x7f9e9c241880 "x"
        total = 4096
#3  0x00007f9f43616a22 in __GI___assert_fail (assertion=0x7f9f493b97f8 "qemu_spice_display_is_running(&d->ssd)", file=0x7f9f493b96d8 "/home/crobinso/src/fedora/qemu/f18/qemu-kvm-1.2.0/hw/i386/../qxl.c", line=1717, function=0x7f9f493b9dd0 "qxl_send_events") at assert.c:101
No locals.
#4  0x00007f9f492bf28d in qxl_send_events ()
No symbol table info available.
#5  0x00007f9f440ef887 in handle_dev_display_disconnect (opaque=0x7f9e9c0008c0, payload=<optimized out>) at red_worker.c:11236
        caps = '\000' <repeats 57 times>
        rcc = 0x7f9f385e0010
        worker = 0x7f9e9c0008c0
        __FUNCTION__ = "handle_dev_display_disconnect"
#6  0x00007f9f440e8e24 in dispatcher_handle_single_read (dispatcher=0x7f9f4b53ba98) at dispatcher.c:139
        ret = <optimized out>
        type = <optimized out>
        msg = 0x7f9f4b53bdf0
        ack = 4294967295
        payload = 0x7f9e9c1d80a0 "\020"
#7  dispatcher_handle_recv_read (dispatcher=0x7f9f4b53ba98) at dispatcher.c:162
No locals.
#8  0x00007f9f441098cc in red_worker_main (arg=<optimized out>) at red_worker.c:11782
        events = <optimized out>
        i = <optimized out>
        num_events = 2
        worker = 0x7f9e9c0008c0
        __FUNCTION__ = "red_worker_main"
#9  0x00007f9f472cfd15 in start_thread (arg=0x7f9f33fff700) at pthread_create.c:308
        __res = <optimized out>
        pd = 0x7f9f33fff700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140321748940544, 4985941761192382884, 0, 140322101760000, 140321748940544, 140322140602496, -5039536355306614364, -5039789922294804060}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = 0
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
#10 0x00007f9f436da2cd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:114


Alon, Hans, Gerd, any thoughts on this?

For the record we have quite a few post 1.2.0 qxl/spice patches in qemu at the moment:

http://pkgs.fedoraproject.org/cgit/qemu.git/tree/

Comment 13 Alon Levy 2012-10-29 08:01:33 UTC
Hi Cole,

 This is a result of the resent client capabilities update. When a client disconnects handle_dev_display_disconnect is called which calls interface_set_client_capabilities which calls qxl_set_event.

 The fix would be to queue any interrupt sending. Actually we are having a similar issue right now with interrupt injection from virtio while vm is stopped - there it isn't an assert, ""just"" a missed interrupt.

 I hope I can get to write a patch for this today.

Alon

Comment 14 Cole Robinson 2012-10-29 22:42:12 UTC
*** Bug 869958 has been marked as a duplicate of this bug. ***

Comment 15 Cole Robinson 2012-10-30 22:02:29 UTC

*** This bug has been marked as a duplicate of bug 870972 ***


Note You need to log in before you can comment on or make changes to this bug.