Bug 98779

Summary: qemu-system-x86 segfaults in libspice-server.so.1.12.0
Product: Spice Reporter: Miroslav Rovis <miroslav.rovis1>
Component: serverAssignee: Spice Bug List <spice-bugs>
Status: RESOLVED MOVED QA Contact:
Severity: normal    
Priority: medium CC: bugzilla, teuf
Version: unspecified   
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: syslog 2016-11-19 at 15:47 with the segfault

Description Miroslav Rovis 2016-11-19 15:58:36 UTC
Created attachment 128070 [details]
syslog 2016-11-19 at 15:47 with the segfault

Following instructions at:
https://www.whonix.org/wiki/KVM
all is fine untill the final:
$ virsh -c qemu:///system start Whonix-Gateway
which fails with this in stdout:
$ virsh -c qemu:///system start Whonix-Gateway
error: Failed to start domain Whonix-Gateway
error: internal error: process exited while connecting to monitor: 6,max_outputs=1,bus=pci.0,addr=0x2 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x7 -object rng-random,id=objrng0,filename=/dev/random -device virtio-rng-pci,rng=objrng0,id=rng0,bus=pci.0,addr=0x8 -msg timestamp=on
$

But the segfault is in the syslog:

Nov 19 15:45:09 g5n dhcpcd[3010]: vnet1: soliciting an IPv6 router
Nov 19 15:45:10 g5n kernel: [  902.333514] qemu-system-x86[4707]: segfault at 20 ip 00007f07aa8efb3e sp 00007fffa9320570 error 4 in libspice-server.so.1.12.0[7f07aa89c000+15b000]
Nov 19 15:45:10 g5n dhcpcd[3010]: vnet1: carrier lost

Pls. see the attachment for the complete syslog.

The qemu is:

$ qemu-system-x86_64 --version
QEMU emulator version 2.7.0, Copyright (c) 2003-2016 Fabrice Bellard and the QEMU Project developers
$
Comment 1 Miroslav Rovis 2016-11-19 16:35:47 UTC
My system is Gentoo. If any details are needed, a relatively recent emerge --info can be found at:

https://bugs.gentoo.org/attachment.cgi?id=451296

near comment:
https://bugs.gentoo.org/show_bug.cgi?id=597554#c19

I only found a similar issue at:
https://bugs.launchpad.net/ubuntu/+source/qemu-linaro/+bug/1078397
Comment 2 Miroslav Rovis 2016-11-19 16:40:14 UTC
Ah, and I might try (not sure *at all* to make it), to debug it as per:

http://stackoverflow.com/questions/2179403/how-do-you-read-a-segfault-kernel-log-message
Comment 3 Victor Toso 2016-11-19 21:37:04 UTC
Thanks for taking time to report this issue.

1-) How did this happen? do you have a way to reliably reproduce this?
2-) Syslog is not enough, we really need a backtrace. Please, install all debuginfo from spice and qemu before getting the backtrace.
Comment 4 Miroslav Rovis 2016-11-20 06:20:00 UTC
(In reply to Victor Toso from comment #3)
> Thanks for taking time to report this issue.
> 
> 1-) How did this happen? do you have a way to reliably reproduce this?
Install that version of spice, and of qemu (all on AMD64), and follow that page on whonix.org (and maybe more, if I missed something).

> 2-) Syslog is not enough, we really need a backtrace. Please, install all
> debuginfo from spice and qemu before getting the backtrace.
I see. I'm not very advanced, and on top of that I work very slowly. I'll try my best, though...
Comment 5 jbash 2016-12-07 05:00:11 UTC
I'm seeing what's almost certainly the same problem starting Whonix-Gateway on Fedora 25.

libvirt-2.2.0-2.fc25.x86_64
qemu-system-x86-2.7.0-7.fc25.x86_64
spice-server-0.13.2-1.fc25.x86_64

Here's a trace:

(gdb) where
#0  0x00007f281d8be41d in spice_server_set_agent_file_xfer (reds=0x557ef1ecb180, enable=enable@entry=0) at reds.c:4024
#1  0x0000557eeeb3895e in qemu_spice_init () at /usr/src/debug/qemu-2.7.0/ui/spice-core.c:754
#2  0x0000557eee8af15a in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /usr/src/debug/qemu-2.7.0/vl.c:4338

In Fedora's source package for spice 0.13.2-1, line 4024 of reds.c is

    reds->agent_dev->priv->write_filter.file_xfer_enabled = reds->config->agent_file_xfer;

and in the source package for qemu 2.7.0-7, line 754 of spice-core.c is

    spice_server_set_agent_file_xfer(spice_server, false);

That's conditionally *compiled* on SPICE_SERVER_VERSION >= 0x000c04, and conditionally *executed* on qemu_opt_get_bool(opts, "disable-agent-file-xfer", 0).

... which is conditio
Comment 6 Christophe Fergeau 2016-12-07 10:03:59 UTC
(In reply to jbash from comment #5)
> I'm seeing what's almost certainly the same problem starting Whonix-Gateway
> on Fedora 25.
> 
> libvirt-2.2.0-2.fc25.x86_64
> qemu-system-x86-2.7.0-7.fc25.x86_64
> spice-server-0.13.2-1.fc25.x86_64
> 

In your case this should be fixed by the latest spice-server release, which I'm currently building into f25, see https://bugzilla.redhat.com/show_bug.cgi?id=1398153
Comment 7 jbash 2016-12-07 12:33:34 UTC
You're right; the rawhide package fixes it for me. Thanks.
Comment 8 GitLab Migration User 2018-06-03 10:15:51 UTC
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/spice/spice-server/issues/24.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.