Description of problem: Paused an F17 VM in virt-manager, after 10 or so seconds abrt yelled at me. I've seen this at least 3 times. Reproduced with an F18 VM and the latest qemu RPM (which has all the 1.2.1 patches so this is likely still an upstream issue). VM log: LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin QEMU_AUDIO_DRV=spice /usr/bin/qemu-kvm -name f17 -S -M pc-1.2 -cpu Opteron_G4,+nodeid_msr,+wdt,+skinit,+ibs,+osvw,+cr8legacy,+extapic,+cmp_legacy,+fxsr_opt,+mmxext,+osxsave,+monitor,+ht,+vme -enable-kvm -m 2048 -smp 2,sockets=2,cores=1,threads=1 -uuid 9052c2e2-c3ba-cd71-468c-789bf42ec9d1 -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/f17.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown -boot menu=off -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x7 -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive file=/mnt/data/devel/images/f17.qcow2,if=none,id=drive-virtio-disk0,format=qcow2 -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 -netdev tap,fd=25,id=hostnet0,vhost=on,vhostfd=27 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:12:ce:53,bus=pci.0,addr=0x3 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -chardev spicevmc,id=charchannel0,name=vdagent -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0 -device usb-tablet,id=input0 -spice port=5901,addr=127.0.0.1,disable-ticketing -vga qxl -global qxl-vga.vram_size=67108864 -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6 char device redirected to /dev/pts/5 main_channel_link: add main channel client main_channel_handle_parsed: net test: latency 0.495000 ms, bitrate 4830188679 bps (4606.426887 Mbps) inputs_connect: inputs channel client create red_dispatcher_set_cursor_peer: red_channel_client_disconnect: 0x7f9f385e0010 (channel 0x7f9e9c21d0c0 type 2 id 0) red_channel_client_disconnect: 0x7f9f4b610530 (channel 0x7f9f4b3a57c0 type 3 id 0) red_channel_client_disconnect: 0x7f9f4b61f030 (channel 0x7f9f4b5ed8f0 type 5 id 0) snd_channel_put: sound channel freed red_channel_client_disconnect: 0x7f9f4b667c00 (channel 0x7f9f4b5f7250 type 6 id 0) snd_channel_put: sound channel freed red_channel_client_disconnect: 0x7f9f4b624880 (channel 0x7f9f4b39a1b0 type 1 id 0) main_channel_client_on_disconnect: rcc=0x7f9f4b624880 red_client_destroy: destroy client with #channels 6 red_channel_client_disconnect: 0x7f9f4b667c00 (channel 0x7f9f4b5f7250 type 6 id 0) red_channel_client_disconnect: 0x7f9f4b61f030 (channel 0x7f9f4b5ed8f0 type 5 id 0) red_dispatcher_disconnect_display_peer: qemu-kvm: /home/crobinso/src/fedora/qemu/f18/qemu-kvm-1.2.0/hw/i386/../qxl.c:1717: qxl_send_events: Assertion `qemu_spice_display_is_running(&d->ssd)' failed. 2012-10-28 20:35:31.116+0000: shutting down Version-Release number of selected component: qemu-system-x86-1.2.0-17.fc18 Additional info: libreport version: 2.0.16 abrt_version: 2.0.16 backtrace_rating: 4 cmdline: /usr/bin/qemu-kvm -name f17 -S -M pc-1.2 -cpu Opteron_G4,+nodeid_msr,+wdt,+skinit,+ibs,+osvw,+cr8legacy,+extapic,+cmp_legacy,+fxsr_opt,+mmxext,+osxsave,+monitor,+ht,+vme -enable-kvm -m 2048 -smp 2,sockets=2,cores=1,threads=1 -uuid 9052c2e2-c3ba-cd71-468c-789bf42ec9d1 -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/f17.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown -boot menu=off -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x7 -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive file=/mnt/data/devel/images/f17.qcow2,if=none,id=drive-virtio-disk0,format=qcow2 -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 -netdev tap,fd=25,id=hostnet0,vhost=on,vhostfd=27 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:12:ce:53,bus=pci.0,addr=0x3 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -chardev spicevmc,id=charchannel0,name=vdagent -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0 -device usb-tablet,id=input0 -spice port=5901,addr=127.0.0.1,disable-ticketing -vga qxl -global qxl-vga.vram_size=67108864 -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6 crash_function: qxl_send_events kernel: 3.6.3-3.fc18.x86_64 truncated backtrace: :Thread no. 1 (5 frames) : #4 qxl_send_events : #5 handle_dev_display_disconnect at red_worker.c:11236 : #6 dispatcher_handle_single_read at dispatcher.c:139 : #7 dispatcher_handle_recv_read at dispatcher.c:162 : #8 red_worker_main at red_worker.c:11782
Created attachment 634734 [details] File: core_backtrace
Created attachment 634735 [details] File: environ
Created attachment 634736 [details] File: limits
Created attachment 634737 [details] File: backtrace
Created attachment 634738 [details] File: cgroup
Created attachment 634739 [details] File: maps
Created attachment 634740 [details] File: dso_list
Created attachment 634741 [details] File: build_ids
Created attachment 634742 [details] File: proc_pid_status
Created attachment 634743 [details] File: var_log_messages
Created attachment 634744 [details] File: open_fds
Thread 1 (Thread 0x7f9f33fff700 (LWP 30376)): #0 0x00007f9f4361dba5 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:63 resultvar = 0 pid = 30370 selftid = 30376 #1 0x00007f9f4361f358 in __GI_abort () at abort.c:90 save_stage = 2 act = {__sigaction_handler = {sa_handler = 0x7fffc43dea03, sa_sigaction = 0x7fffc43dea03}, sa_mask = {__val = {140322008328925, 140322105169624, 1717, 140319200637680, 140322006991889, 872409432, 140322019106721, 48117049704, 4, 140321748936928, 0, 0, 0, 140322008328731, 140322101743616, 140322008339016}}, sa_flags = 1228642296, sa_restorer = 0x7f9f493b9dd0} sigs = {__val = {32, 0 <repeats 15 times>}} #2 0x00007f9f43616972 in __assert_fail_base (fmt=0x7f9f43761248 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x7f9f493b97f8 "qemu_spice_display_is_running(&d->ssd)", file=file@entry=0x7f9f493b96d8 "/home/crobinso/src/fedora/qemu/f18/qemu-kvm-1.2.0/hw/i386/../qxl.c", line=line@entry=1717, function=function@entry=0x7f9f493b9dd0 "qxl_send_events") at assert.c:92 str = 0x7f9e9c241880 "x" total = 4096 #3 0x00007f9f43616a22 in __GI___assert_fail (assertion=0x7f9f493b97f8 "qemu_spice_display_is_running(&d->ssd)", file=0x7f9f493b96d8 "/home/crobinso/src/fedora/qemu/f18/qemu-kvm-1.2.0/hw/i386/../qxl.c", line=1717, function=0x7f9f493b9dd0 "qxl_send_events") at assert.c:101 No locals. #4 0x00007f9f492bf28d in qxl_send_events () No symbol table info available. #5 0x00007f9f440ef887 in handle_dev_display_disconnect (opaque=0x7f9e9c0008c0, payload=<optimized out>) at red_worker.c:11236 caps = '\000' <repeats 57 times> rcc = 0x7f9f385e0010 worker = 0x7f9e9c0008c0 __FUNCTION__ = "handle_dev_display_disconnect" #6 0x00007f9f440e8e24 in dispatcher_handle_single_read (dispatcher=0x7f9f4b53ba98) at dispatcher.c:139 ret = <optimized out> type = <optimized out> msg = 0x7f9f4b53bdf0 ack = 4294967295 payload = 0x7f9e9c1d80a0 "\020" #7 dispatcher_handle_recv_read (dispatcher=0x7f9f4b53ba98) at dispatcher.c:162 No locals. #8 0x00007f9f441098cc in red_worker_main (arg=<optimized out>) at red_worker.c:11782 events = <optimized out> i = <optimized out> num_events = 2 worker = 0x7f9e9c0008c0 __FUNCTION__ = "red_worker_main" #9 0x00007f9f472cfd15 in start_thread (arg=0x7f9f33fff700) at pthread_create.c:308 __res = <optimized out> pd = 0x7f9f33fff700 now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140321748940544, 4985941761192382884, 0, 140322101760000, 140321748940544, 140322140602496, -5039536355306614364, -5039789922294804060}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = 0 pagesize_m1 = <optimized out> sp = <optimized out> freesize = <optimized out> #10 0x00007f9f436da2cd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:114 Alon, Hans, Gerd, any thoughts on this? For the record we have quite a few post 1.2.0 qxl/spice patches in qemu at the moment: http://pkgs.fedoraproject.org/cgit/qemu.git/tree/
Hi Cole, This is a result of the resent client capabilities update. When a client disconnects handle_dev_display_disconnect is called which calls interface_set_client_capabilities which calls qxl_set_event. The fix would be to queue any interrupt sending. Actually we are having a similar issue right now with interrupt injection from virtio while vm is stopped - there it isn't an assert, ""just"" a missed interrupt. I hope I can get to write a patch for this today. Alon
*** Bug 869958 has been marked as a duplicate of this bug. ***
*** This bug has been marked as a duplicate of bug 870972 ***