Hide Forgot
Description of problem: upstream bug: https://bugs.freedesktop.org/show_bug.cgi?id=55726 When the client sends data to the guest agent, if the agent gets disconnected, and the client manages to send more data addressed to the agent (before it receives the AGENT_DISCONNECTED msg) the server will disconnect the client with the following log msg: red_peer_handle_incoming: ERROR: channel refused to allocate buffer Moreover, in case the agent got reconnected, and only then it receives the msgs that were sent from the client to the old instance of the agent, a crash occurs reds.c:3636:spice_server_char_device_remove_interface: remove CHAR_DEVICE vdagent (/usr/bin/gdb:4522): Spice-Debug **: char_device.c:127:spice_char_device_client_send_queue_free: send_queue_empty 1 (/usr/bin/gdb:4522): Spice-Debug **: char_device.c:154:spice_char_device_client_free: write_queue_is_empty 1 (/usr/bin/gdb:4522): SpiceWorker-Info **: red_worker.c:11516:handle_dev_set_mouse_mode: mouse mode 1 (/usr/bin/gdb:4522): Spice-Info **: reds.c:3598:spice_server_char_device_add_interface: CHAR_DEVICE vdagent attach_to_red_agent: mig data ptr (nil) (/usr/bin/gdb:4522): Spice-Debug **: char_device.c:651:spice_char_device_state_create: sin 0xd24798 dev_state 0x7ffff0020010 (/usr/bin/gdb:4522): Spice-Debug **: reds.c:3478:attach_to_red_agent: call spice_char_device_state_create (/usr/bin/gdb:4522): Spice-Debug **: char_device.c:784:spice_char_device_start: dev_state 0x7ffff0020010 __spice_char_device_write_buffer_get: client not found: dev 0x7ffff0020010 client 0x1369df0 [New Thread 0x7ffff56ef700 (LWP 4560)] [New Thread 0x7ffff4c8d700 (LWP 4561)] Program received signal SIGSEGV, Segmentation fault. reds_get_agent_data_buffer (mcc=0x16be7f0, size=48) at reds.c:1009 warning: Source file is more recent than executable. 1009 return dev_state->recv_from_client_buf->buf + sizeof(VDIChunkHeader); Missing separate debuginfos, use: debuginfo-install SDL-1.2.14-16.fc17.x86_64 celt051-0.5.1.3-4.fc17.x86_64 cyrus-sasl-gssapi-2.1.23-31.fc17.x86_64 cyrus-sasl-lib-2.1.23-31.fc17.x86_64 cyrus-sasl-md5-2.1.23-31.fc17.x86_64 cyrus-sasl-plain-2.1.23-31.fc17.x86_64 glib2-2.32.4-2.fc17.x86_64 glibc-2.15-57.fc17.x86_64 gnutls-2.12.17-1.fc17.x86_64 keyutils-libs-1.5.5-2.fc17.x86_64 krb5-libs-1.10.2-6.fc17.x86_64 libX11-1.5.0-2.fc17.x86_64 libXau-1.0.6-3.fc17.x86_64 libcom_err-1.42.3-3.fc17.x86_64 libcurl-7.24.0-5.fc17.x86_64 libdb-5.2.36-5.fc17.x86_64 libgcc-4.7.2-2.fc17.x86_64 libgcrypt-1.5.0-3.fc17.x86_64 libgpg-error-1.10-2.fc17.x86_64 libidn-1.24-1.fc17.x86_64 libjpeg-turbo-1.2.1-1.fc17.x86_64 libselinux-2.1.10-3.fc17.x86_64 libssh2-1.4.1-2.fc17.x86_64 libtasn1-2.12-1.fc17.x86_64 libuuid-2.21.2-2.fc17.x86_64 libxcb-1.9-1.fc17.x86_64 ncurses-libs-5.9-4.20120204.fc17.x86_64 nspr-4.9.2-1.fc17.x86_64 nss-3.13.6-1.fc17.x86_64 nss-softokn-freebl-3.13.6-1.fc17.x86_64 nss-util-3.13.6-1.fc17.x86_64 openldap-2.4.33-2.fc17.x86_64 p11-kit-0.12-1.fc17.x86_64 pixman-0.24.4-2.fc17.x86_64 zlib-1.2.5-7.fc17.x86_64 (gdb) bt #0 reds_get_agent_data_buffer (mcc=0x16be7f0, size=48) at reds.c:1009 #1 0x00007ffff7a36477 in red_peer_handle_incoming (handler=0x16c2900, stream=0x1332dc0) at red_channel.c:240 #2 red_channel_client_receive (rcc=rcc@entry=0x16be7f0) at red_channel.c:294 #3 0x00007ffff7a38b3c in red_channel_client_event (fd=, event=, data=0x16be7f0) at red_channel.c:1206 #4 0x00000000004129bf in main_loop_wait (timeout=timeout@entry=1000) at /home/yonit/projects/redhat/qemu/vl.c:3975 #5 0x0000000000430612 in kvm_main_loop () at /home/yonit/projects/redhat/qemu/qemu-kvm.c:2244 #6 0x000000000040c033 in main_loop () at /home/yonit/projects/redhat/qemu/vl.c:4187 #7 main (argc=, argv=, envp=) at /home/yonit/projects/redhat/qemu/vl.c:6524 Steps to Reproduce: 1. Copy a large amount of data from the client to the guest (e.g., 4M of text) 2. reboot the guest while the copying is ongoing.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0529.html