Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 997772

Summary: Spice-CRITICAL **: red_memslots.c:94:validate_virt: virtual address out of range
Product: Red Hat Enterprise Linux 6 Reporter: Chao Yang <chayang>
Component: qemu-kvmAssignee: Gerd Hoffmann <kraxel>
Status: CLOSED WONTFIX QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.5CC: acathrow, alevy, bsarathy, juzhang, mazhang, michen, mkenneth, qzhang, rhod, shuang, virt-bugs, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-03-27 09:43:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chao Yang 2013-08-16 08:01:52 UTC 
Description of problem:
Installed a windows 7 x86_64 guest in rhevm, it got crashed while keeping reboot in a loop.

Version-Release number of selected component (if applicable):
qemu-kvm-rhev-0.12.1.2-2.390.el6.x86_64
spice-server-0.12.4-2.el6.x86_64

How reproducible:
1/1

Steps to Reproduce:
1. install a windows 7 x86_64 guest with spice protocol
2. connect to graphic server through clicking 'Console' button 
3. keep rebooting guest

Actual results:
It got crashed.
There are a lot of messages like:

((null):7440): SpiceWorker-Warning **: red_worker.c:1287:validate_surface: failed on 12
((null):7440): SpiceWorker-Warning **: red_worker.c:1288:validate_surface: condition `!worker->surfaces[surface_id].context.canvas' reached
((null):7440): SpiceWorker-Warning **: red_worker.c:157:rendering_incorrect: rendering incorrect from now on: get_drawable
((null):7440): SpiceWorker-Warning **: red_worker.c:157:rendering_incorrect: rendering incorrect from now on: failed to get_drawable

And finally it crashed on:

id 0, group 0, virt start 0, virt end ffffffffffffffff, generation 0, delta 0
((null):7440): Spice-CRITICAL **: red_memslots.c:94:validate_virt: virtual address out of range
    virt=0x1b01c08+0xbf slot_id=1 group_id=1
    slot=0x0-0x0 delta=0x0
qemu-kvm: /builddir/build/BUILD/qemu-kvm-0.12.1.2/hw/qxl.c:1061: qxl_check_state: Assertion `!spice_display_running || ((&ram->cmd_ring)->cons == (&ram->cmd_ring)->prod)' failed.
2013-08-16 06:06:52.398+0000: shutting down


Expected results:


Additional info:
Comment 2 Gerd Hoffmann 2013-08-27 06:48:04 UTC 
Does it happen with RHEL-6.4 too?
What is the guest driver version?
Comment 3 Chao Yang 2013-08-27 08:17:42 UTC 
(In reply to Gerd Hoffmann from comment #2)
> Does it happen with RHEL-6.4 too?
I didn't try yet

> What is the guest driver version?

DriverVer = 10/15/2012,6.1.0.10016
Comment 4 Gerd Hoffmann 2013-08-27 08:53:28 UTC 
(In reply to chayang from comment #3)
> (In reply to Gerd Hoffmann from comment #2)
> > Does it happen with RHEL-6.4 too?
> I didn't try yet

Please try.  How many reboots took it ti trigger it?

> > What is the guest driver version?
> 
> DriverVer = 10/15/2012,6.1.0.10016

Which guest-tools-iso version is this?
Comment 5 Chao Yang 2013-08-27 10:20:46 UTC 
(In reply to Gerd Hoffmann from comment #4)
> (In reply to chayang from comment #3)
> > (In reply to Gerd Hoffmann from comment #2)
> > > Does it happen with RHEL-6.4 too?
> > I didn't try yet
> 
> Please try.  How many reboots took it ti trigger it?
> 
I remember it took about 10 minutes, I didn't count the NO. of iterations.
I'll try to test again with a rhel guest

> > > What is the guest driver version?
> > 
> > DriverVer = 10/15/2012,6.1.0.10016
> 
> Which guest-tools-iso version is this?
I installed qxl driver provided by virtio-win-1.6.4-1.el6_4.noarch
Comment 6 Gerd Hoffmann 2013-08-30 05:55:00 UTC 
Hmm.  Let the reboot loop run overnignt, 170 reboots until now, didn't reproduce.

Also note that it isn't clear from the logs above whenever qemu or the qxl guest driver is at fault here.
Comment 7 Chao Yang 2013-08-30 07:03:18 UTC 
(In reply to Gerd Hoffmann from comment #6)
> Hmm.  Let the reboot loop run overnignt, 170 reboots until now, didn't
> reproduce.
> 
> Also note that it isn't clear from the logs above whenever qemu or the qxl
> guest driver is at fault here.

Is there any env variable I could set to record useful log in case that I have a chance to reproduce this issue if it is not easily reproducible? And I will try to fresh install a new one to retest.
Comment 8 Gerd Hoffmann 2013-08-30 07:19:34 UTC 
(In reply to chayang from comment #7)
> Is there any env variable I could set to record useful log in case that I
> have a chance to reproduce this issue if it is not easily reproducible? And
> I will try to fresh install a new one to retest.

qxl has a bunch of tracepoints which can be enabled to see the host-side activities of the qxl device.

There is also a cmdlog property to make qemu log the commands the guest is sending to stderr.  Try '-global qxl-vga.cmdlog=1' to enable it.

Maybe spice-server has logging capabilities too, Alon?
Comment 9 Alon Levy 2013-09-01 07:29:00 UTC 
SPICE_DEBUG_LEVEL=5

see (for the future) http://cgit.freedesktop.org/spice/spice-common/tree/common/log.h#n41

You can set this in libvirt by adding a qemu specific namespace to the xml definition and adding an entry to set this environment variable:

Example taken from http://www.libvirt.org/drvqemu.html

<domain type='qemu' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
  ...
  <qemu:commandline>
    <qemu:env name='SPICE_DEBUG_LEVEL' value='5'/>
  </qemu:commandline>
</domain>
Comment 10 Chao Yang 2013-09-10 03:39:13 UTC 
I cannot reproduce this bug with qemu-kvm instances directly.
Comment 11 Gerd Hoffmann 2013-09-10 05:51:10 UTC 
Reducing priority as it doesn't reproduce.
Comment 15 juzhang 2014-06-10 02:16:47 UTC 
Remove needinfo since this bz has been closed.