From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41432)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mkletzan@redhat.com>) id 1WAM1F-0000UA-U2
	for qemu-devel@nongnu.org; Mon, 03 Feb 2014 11:05:14 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mkletzan@redhat.com>) id 1WAM19-0004E7-7q
	for qemu-devel@nongnu.org; Mon, 03 Feb 2014 11:05:09 -0500
Received: from mx1.redhat.com ([209.132.183.28]:58352)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mkletzan@redhat.com>) id 1WAM18-000484-Vb
	for qemu-devel@nongnu.org; Mon, 03 Feb 2014 11:05:03 -0500
Received: from int-mx09.intmail.prod.int.phx2.redhat.com
	(int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s13G4wMB008596
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
	for <qemu-devel@nongnu.org>; Mon, 3 Feb 2014 11:04:58 -0500
Received: from wheatley.localdomain (dhcp-26-123.brq.redhat.com [10.34.26.123])
	by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id s13G4tB3021242
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <qemu-devel@nongnu.org>; Mon, 3 Feb 2014 11:04:56 -0500
Date: Mon, 3 Feb 2014 17:04:55 +0100
From: Martin Kletzander <mkletzan@redhat.com>
Message-ID: <20140203160455.GC13707@wheatley>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="H1spWtNR+x+ondvy"
Content-Disposition: inline
Subject: [Qemu-devel] qemu segfauls with spiceport chardev and isa-serial
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org


--H1spWtNR+x+ondvy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hello,

current HEAD (2f61120c10da9128357510debc8e66880cd2bfdc) segfaults when
I'm trying to do the following:

I add this to qemu's command-line:

 -chardev spiceport,id=3Dcharserial0,name=3Dorg.qemu.console.serial.0 \
 -device isa-serial,chardev=3Dcharserial0,id=3Dserial0

and then use spicy to connect to that machine.  That spits out the
following error:

 GSpice-Message: main channel: opened
 port 0x7f74182366e0 org.qemu.console.serial.0: opened
=20
 (spicy:32386): GSpice-WARNING **: incomplete link header (-104/16)
=20
 (spicy:32386): GSpice-WARNING **: incomplete link header (-104/16)
 GSpice-Message: main channel: closed

I can see that the console works when the window flashes, so there was
some communication done (Im running the kernel inside with
"console=3Dtty0 console=3DttyS0,115200n8" as suggested here:

http://lists.freedesktop.org/archives/spice-devel/2014-January/015919.html

The full command-line with backtrace of all the threads (with
abort()-ing thread being thread #1 follows.  Let me know if I can help
anyhow.

Thanks,
Martin

Command-line:

qemu-system-x86_64 -name rhel7 -S -machine \
pc-i440fx-1.7,accel=3Dkvm,usb=3Doff,dump-guest-core=3Doff -cpu SandyBridge \
-m 4101 -realtime mlock=3Doff -smp 1,sockets=3D1,cores=3D1,threads=3D1 -uui=
d \
f49fa544-f21d-4267-8958-d82570644f39 -no-user-config -nodefaults \
-chardev \
socket,id=3Dcharmonitor,path=3D/var/lib/libvirt/qemu/rhel7.monitor,server,n=
owait \
-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol -rtc base=3Dutc \
-no-shutdown -boot strict=3Don -device \
piix3-usb-uhci,id=3Dusb,bus=3Dpci.0,addr=3D0x1.0x2 -device \
virtio-serial-pci,id=3Dvirtio-serial0,bus=3Dpci.0,addr=3D0x6 -drive \
if=3Dnone,id=3Ddrive-ide0-0-0,readonly=3Don,format=3Draw -device \
ide-cd,bus=3Dide.0,unit=3D0,drive=3Ddrive-ide0-0-0,id=3Dide0-0-0 -drive \
file=3D/home/nert/.config/libvirt/images/rhel7.img,if=3Dnone,id=3Ddrive-vir=
tio-disk0,format=3Dqcow2 \
-device \
virtio-blk-pci,scsi=3Doff,bus=3Dpci.0,addr=3D0x4,drive=3Ddrive-virtio-disk0=
,id=3Dvirtio-disk0,bootindex=3D1 \
-netdev tap,fd=3D20,id=3Dhostnet0,vhost=3Don,vhostfd=3D21 -device \
virtio-net-pci,netdev=3Dhostnet0,id=3Dnet0,mac=3D52:54:00:42:be:45,bus=3Dpc=
i.0,addr=3D0x3 \
-chardev spiceport,id=3Dcharserial0,name=3Dorg.qemu.console.serial.0 \
-device isa-serial,chardev=3Dcharserial0,id=3Dserial0 -device \
usb-tablet,id=3Dinput0 -vnc 127.0.0.1:0 -spice \
port=3D5901,tls-port=3D5902,addr=3D127.0.0.1,disable-ticketing,x509-dir=3D/=
etc/pki/libvirt-spice,seamless-migration=3Don \
-device \
qxl-vga,id=3Dvideo0,ram_size=3D67108864,vram_size=3D67108864,bus=3Dpci.0,ad=
dr=3D0x2 \
-device virtio-balloon-pci,id=3Dballoon0,bus=3Dpci.0,addr=3D0x5

Backtrace:

Thread 6 (Thread 0x7fed0e1fc700 (LWP 32347)):
#0  sem_timedwait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_timedwai=
t.S:101
#1  0x00007fee3de7096f in qemu_sem_timedwait (sem=3Dsem@entry=3D0x7fee3faa4=
e68, ms=3Dms@entry=3D10000)
    at util/qemu-thread-posix.c:243
#2  0x00007fee3dd2b38c in worker_thread (opaque=3D0x7fee3faa4dd0) at thread=
-pool.c:97
#3  0x00007fee3886a3a5 in start_thread (arg=3D0x7fed0e1fc700) at pthread_cr=
eate.c:309
#4  0x00007fee345b2a3d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clo=
ne.S:111

Thread 5 (Thread 0x7fed0f9ff700 (LWP 32028)):
#0  pthread_cond_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_=
cond_wait.S:185
#1  0x00007fee3de7075b in qemu_cond_wait (cond=3Dcond@entry=3D0x7fee3fd1237=
0, mutex=3Dmutex@entry=3D0x7fee3fd123a0)
    at util/qemu-thread-posix.c:121
#2  0x00007fee3dd4d1d3 in vnc_worker_thread_loop (queue=3Dqueue@entry=3D0x7=
fee3fd12370) at ui/vnc-jobs.c:222
#3  0x00007fee3dd4d680 in vnc_worker_thread (arg=3D0x7fee3fd12370) at ui/vn=
c-jobs.c:318
#4  0x00007fee3886a3a5 in start_thread (arg=3D0x7fed0f9ff700) at pthread_cr=
eate.c:309
#5  0x00007fee345b2a3d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clo=
ne.S:111

Thread 4 (Thread 0x7fecd77fe700 (LWP 32346)):
#0  sem_timedwait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/sem_timedwai=
t.S:101
#1  0x00007fee3de7096f in qemu_sem_timedwait (sem=3Dsem@entry=3D0x7fee3faa4=
e68, ms=3Dms@entry=3D10000)
    at util/qemu-thread-posix.c:243
#2  0x00007fee3dd2b38c in worker_thread (opaque=3D0x7fee3faa4dd0) at thread=
-pool.c:97
#3  0x00007fee3886a3a5 in start_thread (arg=3D0x7fecd77fe700) at pthread_cr=
eate.c:309
#4  0x00007fee345b2a3d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clo=
ne.S:111

Thread 3 (Thread 0x7fee271a7700 (LWP 32025)):
#0  0x00007fee345a9917 in ioctl () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007fee3ddbda11 in kvm_vcpu_ioctl (cpu=3Dcpu@entry=3D0x7fee3fc086f0,=
 type=3Dtype@entry=3D44672)
    at /home/nert/dev/work/qemu/upstream/kvm-all.c:1774
#2  0x00007fee3ddbdb07 in kvm_cpu_exec (cpu=3Dcpu@entry=3D0x7fee3fc086f0)
    at /home/nert/dev/work/qemu/upstream/kvm-all.c:1659
#3  0x00007fee3dd60562 in qemu_kvm_cpu_thread_fn (arg=3D0x7fee3fc086f0) at =
/home/nert/dev/work/qemu/upstream/cpus.c:874
#4  0x00007fee3886a3a5 in start_thread (arg=3D0x7fee271a7700) at pthread_cr=
eate.c:309
#5  0x00007fee345b2a3d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clo=
ne.S:111

Thread 2 (Thread 0x7fee24fff700 (LWP 32027)):
#0  0x00007fee345a7ead in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007fee3528ba81 in poll (__timeout=3D<optimized out>, __nfds=3D20, _=
_fds=3D0x7fee1c0008f8)
    at /usr/include/bits/poll2.h:46
#2  red_worker_main (arg=3D<optimized out>) at red_worker.c:12245
#3  0x00007fee3886a3a5 in start_thread (arg=3D0x7fee24fff700) at pthread_cr=
eate.c:309
#4  0x00007fee345b2a3d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clo=
ne.S:111

Thread 1 (Thread 0x7fee3da66980 (LWP 32022)):
#0  0x00007fee344f1f4e in __GI_raise (sig=3Dsig@entry=3D6) at ../nptl/sysde=
ps/unix/sysv/linux/raise.c:56
#1  0x00007fee344f369f in __GI_abort () at abort.c:89
#2  0x00007fee3de72baa in fifo8_pop (fifo=3Dfifo@entry=3D0x7fee3fc28700) at=
 util/fifo8.c:45
#3  0x00007fee3dc0c110 in serial_xmit (chan=3D<optimized out>, cond=3D<opti=
mized out>, opaque=3D0x7fee3fc286a0)
    at hw/char/serial.c:228
#4  0x00007fee3d1a8957 in g_main_dispatch (context=3D0x7fee3fa49470)
    at /var/tmp/portage/dev-libs/glib-2.38.2/work/glib-2.38.2/glib/gmain.c:=
3066
#5  g_main_context_dispatch (context=3Dcontext@entry=3D0x7fee3fa49470)
    at /var/tmp/portage/dev-libs/glib-2.38.2/work/glib-2.38.2/glib/gmain.c:=
3642
#6  0x00007fee3dccdde7 in glib_pollfds_poll () at main-loop.c:189
#7  os_host_main_loop_wait (timeout=3D<optimized out>) at main-loop.c:234
#8  main_loop_wait (nonblocking=3D<optimized out>) at main-loop.c:483
#9  0x00007fee3db61501 in main_loop () at vl.c:2018
#10 main (argc=3D<optimized out>, argv=3D<optimized out>, envp=3D<optimized=
 out>) at vl.c:4410

--H1spWtNR+x+ondvy
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJS774nAAoJEAgfwp8kF4bd3S4QAJDyKQJuwI5DEG7cFNrA89t1
z7TFPuda2Yj+0+FZDej/k0YQ//uCVwY9Gp8TVfF2wmv5gLRVMmiRuHUQTYoJSxUS
hQeX0lYzbivejhMpuszJ3nbN37RIy40MIyPhnC0xc0NYnjLYJ8zpO9RW6TBeagGm
5bIokSg0u6REBW78HMuWp5eyuLbwKSt91ftp+dTstilPC+4rfdpoLW33Rqe6LMqO
W1U90PtgPHBxYX9RTBfc2NvsP6MzrZggwCHBqlwPlEz7tpXDFvJfNVJKjmdmynCx
X5JbFT3tvkM4cVptWOWOe5iOLojlylwmv6ZJ29LfvNVOLLyxFb3MAlQ/DrvuIa11
vIMSV/qVqCJW1MVKFrS+0OCRCAPhhYLl+jD13Mc1+sr8LNoFmP+O/WFfSCy2NUma
roQi8aSmjMGYfI4nR1qoLIeaiznIYWl3gII+c6xSb4n8y3zYAycbMjk3cndX6kcJ
YIjg/j4Cr6E301+mvua2eyS1I97uSj5YUfIMs/cY/URPJeZpOW0WQeYYiBESl9Dc
DHktYGpc6ju38A4XtDNTQd70QFkxnBQ2Fl5XHczps0r4/SeebO9bK3gCiGKs4kkq
LIwHz7poRiPJhyHws7iIcnjGTL90xHXqgXlJ03/4oKH6s3qB1aCKhkdOnQndtvGM
VBduWVpAcRAugJG8dBxJ
=0y5f
-----END PGP SIGNATURE-----

--H1spWtNR+x+ondvy--