SPICE Worker segfault
Host environment
- Operating system: Proxmox 8.2.2
- Architecture: x86
- QEMU flavor: qemu-system-x86_64
- QEMU version: qemu-server 8.2.1
- QEMU command line: /usr/bin/kvm -id 141 -name VDI,debug-threads=on -no-shutdown -chardev socket,id=qmp,path=/var/run/qemu-server/141.qmp,server=on,wait=off -mon chardev=qmp,mode=control -chard>
Emulated/Virtualized environment
- Operating system: Windows 10 22H2
- Architecture: x86
Description of problem
Hello. Sometimes we have an error. kvm randomly crashes. May 07 16:55:50 vdi1 kernel: SPICE Worker[249326]: segfault at 7f1c8c03af40 ip 00007f1fbbbb2579 sp 00007f1dabbf9d20 error 4 in libc.so.6[7f1fbbb41000+155000] likely on CPU 89 (core 20, socket 1)
Steps to reproduce
Additional information
`# coredumpctl info PID: 249293 (kvm) UID: 0 (root) GID: 0 (root) Signal: 11 (SEGV) Timestamp: Tue 2024-05-07 16:55:50 MSK (18h ago) Command Line: /usr/bin/kvm -id 141 -name VDI,debug-threads=on -no-shutdown -chardev socket,id=qmp,path=/var/run/qemu-server/141.qmp,server=on,wait=off -mon chardev=qmp,mode=control -chard> Executable: /usr/bin/qemu-system-x86_64 Control Group: /qemu.slice/141.scope Unit: 141.scope Slice: qemu.slice Boot ID: 5cfcd2d515a6425fa3880a61d8cd6bfc Machine ID: 6e4c2fe391324304a856baa8e6c88002 Hostname: vdi1 Storage: /var/lib/systemd/coredump/core.kvm.0.5cfcd2d515a6425fa3880a61d8cd6bfc.249293.1715090150000000.zst (present) Size on Disk: 2.3G Message: Process 249293 (kvm) of user 0 dumped core.
Module libsystemd.so.0 from deb systemd-252.22-1~deb12u1.amd64
Module libudev.so.1 from deb systemd-252.22-1~deb12u1.amd64
Stack trace of thread 249326:
#0 0x00007f1fbbbb2579 _int_malloc (libc.so.6 + 0x97579)
#1 0x00007f1fbbbb46e2 __libc_calloc (libc.so.6 + 0x996e2)
#2 0x00007f1fbd3f76d1 g_malloc0 (libglib-2.0.so.0 + 0x5a6d1)
#3 0x00007f1fbdadd7a3 red_get_data_chunks_ptr (libspice-server.so.1 + 0x3e7a3)
#4 0x00007f1fbdaddf6b red_get_data_chunks (libspice-server.so.1 + 0x3ef6b)
#5 0x00007f1fbdadedd9 red_get_copy_ptr (libspice-server.so.1 + 0x3fdd9)
#6 0x00007f1fbdadf1e5 red_get_native_drawable (libspice-server.so.1 + 0x401e5)
#7 0x00007f1fbdaf1a2c red_process_display (libspice-server.so.1 + 0x52a2c)
#8 0x00007f1fbdaf1cb7 worker_source_dispatch (libspice-server.so.1 + 0x52cb7)
#9 0x00007f1fbd3f17a9 g_main_context_dispatch (libglib-2.0.so.0 + 0x547a9)
#10 0x00007f1fbd3f1a38 n/a (libglib-2.0.so.0 + 0x54a38)
#11 0x00007f1fbd3f1cef g_main_loop_run (libglib-2.0.so.0 + 0x54cef)
#12 0x00007f1fbdaf0fa9 red_worker_main (libspice-server.so.1 + 0x51fa9)
#13 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134)
#14 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc)
Stack trace of thread 249321:
#0 0x00007f1fbbc18c5b __GI___ioctl (libc.so.6 + 0xfdc5b)
#1 0x000055b3bae626cf kvm_vcpu_ioctl (qemu-system-x86_64 + 0x72b6cf)
#2 0x000055b3bae62ba5 kvm_cpu_exec (qemu-system-x86_64 + 0x72bba5)
#3 0x000055b3bae6408d kvm_vcpu_thread_fn (qemu-system-x86_64 + 0x72d08d)
#4 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78)
#5 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134)
#6 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc)
Stack trace of thread 249327:
#0 0x00007f1fbdac9b48 glz_rgb_alpha_compress_seg (libspice-server.so.1 + 0x2ab48)
#1 0x00007f1fbdacc1cb glz_rgb_alpha_compress (libspice-server.so.1 + 0x2d1cb)
#2 0x00007f1fbdad08ed image_encoders_compress_glz (libspice-server.so.1 + 0x318ed)
#3 0x00007f1fbdaba608 _Z18dcc_compress_imageP20DisplayChannelClientP10SpiceImageP11SpiceBitmapP8DrawableiP20compress_send_data_t (libspice-server.so.1 + 0x1b608)
#4 0x00007f1fbdabb7f5 fill_bits (libspice-server.so.1 + 0x1c7f5)
#5 0x00007f1fbdabca2f red_marshall_qxl_draw_copy (libspice-server.so.1 + 0x1da2f)
#6 0x00007f1fbdabe82b marshall_lossless_qxl_drawable (libspice-server.so.1 + 0x1f82b)
#7 0x00007f1fbdadb5d3 _ZN16RedChannelClient4pushEv (libspice-server.so.1 + 0x3c5d3)
#8 0x00007f1fbdadb700 red_channel_client_event (libspice-server.so.1 + 0x3c700)
#9 0x00007f1fbdac579d spice_watch_dispatch (libspice-server.so.1 + 0x2679d)
#10 0x00007f1fbd3f167f g_main_context_dispatch (libglib-2.0.so.0 + 0x5467f)
#11 0x00007f1fbd3f1a38 n/a (libglib-2.0.so.0 + 0x54a38)
#12 0x00007f1fbd3f1cef g_main_loop_run (libglib-2.0.so.0 + 0x54cef)
#13 0x00007f1fbdaf0fa9 red_worker_main (libspice-server.so.1 + 0x51fa9)
#14 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134)
#15 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc)
Stack trace of thread 249324:
#0 0x00007f1fbbc18c5b __GI___ioctl (libc.so.6 + 0xfdc5b)
#1 0x000055b3bae626cf kvm_vcpu_ioctl (qemu-system-x86_64 + 0x72b6cf)
#2 0x000055b3bae62ba5 kvm_cpu_exec (qemu-system-x86_64 + 0x72bba5)
#3 0x000055b3bae6408d kvm_vcpu_thread_fn (qemu-system-x86_64 + 0x72d08d)
#4 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78)
#5 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134)
#6 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc)
Stack trace of thread 249293:
#0 0x00007f1fbbc17256 __ppoll (libc.so.6 + 0xfc256)
#1 0x000055b3bb011dfe ppoll (qemu-system-x86_64 + 0x8dadfe)
#2 0x000055b3bb00f6ee os_host_main_loop_wait (qemu-system-x86_64 + 0x8d86ee)
#3 0x000055b3bac6caa7 qemu_main_loop (qemu-system-x86_64 + 0x535aa7)
#4 0x000055b3bae6cf46 qemu_default_main (qemu-system-x86_64 + 0x735f46)
#5 0x00007f1fbbb4224a __libc_start_call_main (libc.so.6 + 0x2724a)
#6 0x00007f1fbbb42305 __libc_start_main_impl (libc.so.6 + 0x27305)
#7 0x000055b3baa5f0a1 _start (qemu-system-x86_64 + 0x3280a1)
Stack trace of thread 249322:
#0 0x00007f1fbbc18c5b __GI___ioctl (libc.so.6 + 0xfdc5b)
#1 0x000055b3bae626cf kvm_vcpu_ioctl (qemu-system-x86_64 + 0x72b6cf)
#2 0x000055b3bae62ba5 kvm_cpu_exec (qemu-system-x86_64 + 0x72bba5)
#3 0x000055b3bae6408d kvm_vcpu_thread_fn (qemu-system-x86_64 + 0x72d08d)
#4 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78)
#5 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134)
#6 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc)
Stack trace of thread 249323:
#0 0x00007f1fbbc18c5b __GI___ioctl (libc.so.6 + 0xfdc5b)
#1 0x000055b3bae626cf kvm_vcpu_ioctl (qemu-system-x86_64 + 0x72b6cf)
#2 0x000055b3bae62ba5 kvm_cpu_exec (qemu-system-x86_64 + 0x72bba5)
#3 0x000055b3bae6408d kvm_vcpu_thread_fn (qemu-system-x86_64 + 0x72d08d)
#4 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78)
#5 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134)
#6 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc)
Stack trace of thread 249294:
#0 0x00007f1fbbc1c719 syscall (libc.so.6 + 0x101719)
#1 0x000055b3baffccfa qemu_futex_wait (qemu-system-x86_64 + 0x8c5cfa)
#2 0x000055b3bb006602 call_rcu_thread (qemu-system-x86_64 + 0x8cf602)
#3 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78)
#4 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134)
#5 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc)
Stack trace of thread 249329:
#0 0x00007f1fbbba0e96 __futex_abstimed_wait_common64 (libc.so.6 + 0x85e96)
#1 0x00007f1fbbba3558 __pthread_cond_wait_common (libc.so.6 + 0x88558)
#2 0x000055b3baffc68b qemu_cond_wait_impl (qemu-system-x86_64 + 0x8c568b)
#3 0x000055b3baa88f2b vnc_worker_thread_loop (qemu-system-x86_64 + 0x351f2b)
#4 0x000055b3baa89bc8 vnc_worker_thread (qemu-system-x86_64 + 0x352bc8)
#5 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78)
#6 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134)
#7 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc)
Stack trace of thread 3982758:
#0 0x00007f1fbbba0e96 __futex_abstimed_wait_common64 (libc.so.6 + 0x85e96)
#1 0x00007f1fbbba383c __pthread_cond_wait_common (libc.so.6 + 0x8883c)
#2 0x000055b3baffbd01 qemu_cond_timedwait_ts (qemu-system-x86_64 + 0x8c4d01)
#3 0x000055b3baffc8a0 qemu_cond_timedwait_impl (qemu-system-x86_64 + 0x8c58a0)
#4 0x000055b3bb0110d4 worker_thread (qemu-system-x86_64 + 0x8da0d4)
#5 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78)
#6 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134)
#7 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc)
Stack trace of thread 969111:
#0 0x00007f1fbbba0e96 __futex_abstimed_wait_common64 (libc.so.6 + 0x85e96)
#1 0x00007f1fbbba383c __pthread_cond_wait_common (libc.so.6 + 0x8883c)
#2 0x000055b3baffbd01 qemu_cond_timedwait_ts (qemu-system-x86_64 + 0x8c4d01)
#3 0x000055b3baffc8a0 qemu_cond_timedwait_impl (qemu-system-x86_64 + 0x8c58a0)
#4 0x000055b3bb0110d4 worker_thread (qemu-system-x86_64 + 0x8da0d4)
#5 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78)
#6 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134)
#7 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc)
Stack trace of thread 969113:
#0 0x00007f1fbbba0e96 __futex_abstimed_wait_common64 (libc.so.6 + 0x85e96)
#1 0x00007f1fbbba383c __pthread_cond_wait_common (libc.so.6 + 0x8883c)
#2 0x000055b3baffbd01 qemu_cond_timedwait_ts (qemu-system-x86_64 + 0x8c4d01)
#3 0x000055b3baffc8a0 qemu_cond_timedwait_impl (qemu-system-x86_64 + 0x8c58a0)
#4 0x000055b3bb0110d4 worker_thread (qemu-system-x86_64 + 0x8da0d4)
#5 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78)
#6 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134)
#7 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc)
Stack trace of thread 969114:
#0 0x00007f1fbbba0e96 __futex_abstimed_wait_common64 (libc.so.6 + 0x85e96)
#1 0x00007f1fbbba383c __pthread_cond_wait_common (libc.so.6 + 0x8883c)
#2 0x000055b3baffbd01 qemu_cond_timedwait_ts (qemu-system-x86_64 + 0x8c4d01)
#3 0x000055b3baffc8a0 qemu_cond_timedwait_impl (qemu-system-x86_64 + 0x8c58a0)
#4 0x000055b3bb0110d4 worker_thread (qemu-system-x86_64 + 0x8da0d4)
#5 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78)
#6 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134)
#7 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc)
Stack trace of thread 969112:
#0 0x00007f1fbbba0e96 __futex_abstimed_wait_common64 (libc.so.6 + 0x85e96)
#1 0x00007f1fbbba383c __pthread_cond_wait_common (libc.so.6 + 0x8883c)
#2 0x000055b3baffbd01 qemu_cond_timedwait_ts (qemu-system-x86_64 + 0x8c4d01)
#3 0x000055b3baffc8a0 qemu_cond_timedwait_impl (qemu-system-x86_64 + 0x8c58a0)
#4 0x000055b3bb0110d4 worker_thread (qemu-system-x86_64 + 0x8da0d4)
#5 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78)
#6 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134)
#7 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc)
Stack trace of thread 4165267:
#0 0x00007f1fbbba0e96 __futex_abstimed_wait_common64 (libc.so.6 + 0x85e96)
#1 0x00007f1fbbba383c __pthread_cond_wait_common (libc.so.6 + 0x8883c)
#2 0x000055b3baffbd01 qemu_cond_timedwait_ts (qemu-system-x86_64 + 0x8c4d01)
#3 0x000055b3baffc8a0 qemu_cond_timedwait_impl (qemu-system-x86_64 + 0x8c58a0)
#4 0x000055b3bb0110d4 worker_thread (qemu-system-x86_64 + 0x8da0d4)
#5 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78)
#6 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134)
#7 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc)
Stack trace of thread 969116:
#0 0x00007f1fbbba0e96 __futex_abstimed_wait_common64 (libc.so.6 + 0x85e96)
#1 0x00007f1fbbba383c __pthread_cond_wait_common (libc.so.6 + 0x8883c)
#2 0x000055b3baffbd01 qemu_cond_timedwait_ts (qemu-system-x86_64 + 0x8c4d01)
#3 0x000055b3baffc8a0 qemu_cond_timedwait_impl (qemu-system-x86_64 + 0x8c58a0)
#4 0x000055b3bb0110d4 worker_thread (qemu-system-x86_64 + 0x8da0d4)
#5 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78)
#6 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134)
#7 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc)
Stack trace of thread 969115:
#0 0x00007f1fbbba0e96 __futex_abstimed_wait_common64 (libc.so.6 + 0x85e96)
#1 0x00007f1fbbba383c __pthread_cond_wait_common (libc.so.6 + 0x8883c)
#2 0x000055b3baffbd01 qemu_cond_timedwait_ts (qemu-system-x86_64 + 0x8c4d01)
#3 0x000055b3baffc8a0 qemu_cond_timedwait_impl (qemu-system-x86_64 + 0x8c58a0)
#4 0x000055b3bb0110d4 worker_thread (qemu-system-x86_64 + 0x8da0d4)
#5 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78)
#6 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134)
#7 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc)
ELF object binary architecture: AMD x86-64`