SPICE Worker segfault Description of problem: Hello. Sometimes we have an error. kvm randomly crashes. May 07 16:55:50 vdi1 kernel: SPICE Worker[249326]: segfault at 7f1c8c03af40 ip 00007f1fbbbb2579 sp 00007f1dabbf9d20 error 4 in libc.so.6[7f1fbbb41000+155000] likely on CPU 89 (core 20, socket 1) Steps to reproduce: 1. 2. 3. Additional information: `# coredumpctl info PID: 249293 (kvm) UID: 0 (root) GID: 0 (root) Signal: 11 (SEGV) Timestamp: Tue 2024-05-07 16:55:50 MSK (18h ago) Command Line: /usr/bin/kvm -id 141 -name VDI,debug-threads=on -no-shutdown -chardev socket,id=qmp,path=/var/run/qemu-server/141.qmp,server=on,wait=off -mon chardev=qmp,mode=control -chard> Executable: /usr/bin/qemu-system-x86_64 Control Group: /qemu.slice/141.scope Unit: 141.scope Slice: qemu.slice Boot ID: 5cfcd2d515a6425fa3880a61d8cd6bfc Machine ID: 6e4c2fe391324304a856baa8e6c88002 Hostname: vdi1 Storage: /var/lib/systemd/coredump/core.kvm.0.5cfcd2d515a6425fa3880a61d8cd6bfc.249293.1715090150000000.zst (present) Size on Disk: 2.3G Message: Process 249293 (kvm) of user 0 dumped core. Module libsystemd.so.0 from deb systemd-252.22-1~deb12u1.amd64 Module libudev.so.1 from deb systemd-252.22-1~deb12u1.amd64 Stack trace of thread 249326: #0 0x00007f1fbbbb2579 _int_malloc (libc.so.6 + 0x97579) #1 0x00007f1fbbbb46e2 __libc_calloc (libc.so.6 + 0x996e2) #2 0x00007f1fbd3f76d1 g_malloc0 (libglib-2.0.so.0 + 0x5a6d1) #3 0x00007f1fbdadd7a3 red_get_data_chunks_ptr (libspice-server.so.1 + 0x3e7a3) #4 0x00007f1fbdaddf6b red_get_data_chunks (libspice-server.so.1 + 0x3ef6b) #5 0x00007f1fbdadedd9 red_get_copy_ptr (libspice-server.so.1 + 0x3fdd9) #6 0x00007f1fbdadf1e5 red_get_native_drawable (libspice-server.so.1 + 0x401e5) #7 0x00007f1fbdaf1a2c red_process_display (libspice-server.so.1 + 0x52a2c) #8 0x00007f1fbdaf1cb7 worker_source_dispatch (libspice-server.so.1 + 0x52cb7) #9 0x00007f1fbd3f17a9 g_main_context_dispatch (libglib-2.0.so.0 + 0x547a9) #10 0x00007f1fbd3f1a38 n/a (libglib-2.0.so.0 + 0x54a38) #11 0x00007f1fbd3f1cef g_main_loop_run (libglib-2.0.so.0 + 0x54cef) #12 0x00007f1fbdaf0fa9 red_worker_main (libspice-server.so.1 + 0x51fa9) #13 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134) #14 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc) Stack trace of thread 249321: #0 0x00007f1fbbc18c5b __GI___ioctl (libc.so.6 + 0xfdc5b) #1 0x000055b3bae626cf kvm_vcpu_ioctl (qemu-system-x86_64 + 0x72b6cf) #2 0x000055b3bae62ba5 kvm_cpu_exec (qemu-system-x86_64 + 0x72bba5) #3 0x000055b3bae6408d kvm_vcpu_thread_fn (qemu-system-x86_64 + 0x72d08d) #4 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78) #5 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134) #6 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc) Stack trace of thread 249327: #0 0x00007f1fbdac9b48 glz_rgb_alpha_compress_seg (libspice-server.so.1 + 0x2ab48) #1 0x00007f1fbdacc1cb glz_rgb_alpha_compress (libspice-server.so.1 + 0x2d1cb) #2 0x00007f1fbdad08ed image_encoders_compress_glz (libspice-server.so.1 + 0x318ed) #3 0x00007f1fbdaba608 _Z18dcc_compress_imageP20DisplayChannelClientP10SpiceImageP11SpiceBitmapP8DrawableiP20compress_send_data_t (libspice-server.so.1 + 0x1b608) #4 0x00007f1fbdabb7f5 fill_bits (libspice-server.so.1 + 0x1c7f5) #5 0x00007f1fbdabca2f red_marshall_qxl_draw_copy (libspice-server.so.1 + 0x1da2f) #6 0x00007f1fbdabe82b marshall_lossless_qxl_drawable (libspice-server.so.1 + 0x1f82b) #7 0x00007f1fbdadb5d3 _ZN16RedChannelClient4pushEv (libspice-server.so.1 + 0x3c5d3) #8 0x00007f1fbdadb700 red_channel_client_event (libspice-server.so.1 + 0x3c700) #9 0x00007f1fbdac579d spice_watch_dispatch (libspice-server.so.1 + 0x2679d) #10 0x00007f1fbd3f167f g_main_context_dispatch (libglib-2.0.so.0 + 0x5467f) #11 0x00007f1fbd3f1a38 n/a (libglib-2.0.so.0 + 0x54a38) #12 0x00007f1fbd3f1cef g_main_loop_run (libglib-2.0.so.0 + 0x54cef) #13 0x00007f1fbdaf0fa9 red_worker_main (libspice-server.so.1 + 0x51fa9) #14 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134) #15 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc) Stack trace of thread 249324: #0 0x00007f1fbbc18c5b __GI___ioctl (libc.so.6 + 0xfdc5b) #1 0x000055b3bae626cf kvm_vcpu_ioctl (qemu-system-x86_64 + 0x72b6cf) #2 0x000055b3bae62ba5 kvm_cpu_exec (qemu-system-x86_64 + 0x72bba5) #3 0x000055b3bae6408d kvm_vcpu_thread_fn (qemu-system-x86_64 + 0x72d08d) #4 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78) #5 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134) #6 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc) Stack trace of thread 249293: #0 0x00007f1fbbc17256 __ppoll (libc.so.6 + 0xfc256) #1 0x000055b3bb011dfe ppoll (qemu-system-x86_64 + 0x8dadfe) #2 0x000055b3bb00f6ee os_host_main_loop_wait (qemu-system-x86_64 + 0x8d86ee) #3 0x000055b3bac6caa7 qemu_main_loop (qemu-system-x86_64 + 0x535aa7) #4 0x000055b3bae6cf46 qemu_default_main (qemu-system-x86_64 + 0x735f46) #5 0x00007f1fbbb4224a __libc_start_call_main (libc.so.6 + 0x2724a) #6 0x00007f1fbbb42305 __libc_start_main_impl (libc.so.6 + 0x27305) #7 0x000055b3baa5f0a1 _start (qemu-system-x86_64 + 0x3280a1) Stack trace of thread 249322: #0 0x00007f1fbbc18c5b __GI___ioctl (libc.so.6 + 0xfdc5b) #1 0x000055b3bae626cf kvm_vcpu_ioctl (qemu-system-x86_64 + 0x72b6cf) #2 0x000055b3bae62ba5 kvm_cpu_exec (qemu-system-x86_64 + 0x72bba5) #3 0x000055b3bae6408d kvm_vcpu_thread_fn (qemu-system-x86_64 + 0x72d08d) #4 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78) #5 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134) #6 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc) Stack trace of thread 249323: #0 0x00007f1fbbc18c5b __GI___ioctl (libc.so.6 + 0xfdc5b) #1 0x000055b3bae626cf kvm_vcpu_ioctl (qemu-system-x86_64 + 0x72b6cf) #2 0x000055b3bae62ba5 kvm_cpu_exec (qemu-system-x86_64 + 0x72bba5) #3 0x000055b3bae6408d kvm_vcpu_thread_fn (qemu-system-x86_64 + 0x72d08d) #4 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78) #5 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134) #6 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc) Stack trace of thread 249294: #0 0x00007f1fbbc1c719 syscall (libc.so.6 + 0x101719) #1 0x000055b3baffccfa qemu_futex_wait (qemu-system-x86_64 + 0x8c5cfa) #2 0x000055b3bb006602 call_rcu_thread (qemu-system-x86_64 + 0x8cf602) #3 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78) #4 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134) #5 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc) Stack trace of thread 249329: #0 0x00007f1fbbba0e96 __futex_abstimed_wait_common64 (libc.so.6 + 0x85e96) #1 0x00007f1fbbba3558 __pthread_cond_wait_common (libc.so.6 + 0x88558) #2 0x000055b3baffc68b qemu_cond_wait_impl (qemu-system-x86_64 + 0x8c568b) #3 0x000055b3baa88f2b vnc_worker_thread_loop (qemu-system-x86_64 + 0x351f2b) #4 0x000055b3baa89bc8 vnc_worker_thread (qemu-system-x86_64 + 0x352bc8) #5 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78) #6 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134) #7 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc) Stack trace of thread 3982758: #0 0x00007f1fbbba0e96 __futex_abstimed_wait_common64 (libc.so.6 + 0x85e96) #1 0x00007f1fbbba383c __pthread_cond_wait_common (libc.so.6 + 0x8883c) #2 0x000055b3baffbd01 qemu_cond_timedwait_ts (qemu-system-x86_64 + 0x8c4d01) #3 0x000055b3baffc8a0 qemu_cond_timedwait_impl (qemu-system-x86_64 + 0x8c58a0) #4 0x000055b3bb0110d4 worker_thread (qemu-system-x86_64 + 0x8da0d4) #5 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78) #6 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134) #7 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc) Stack trace of thread 969111: #0 0x00007f1fbbba0e96 __futex_abstimed_wait_common64 (libc.so.6 + 0x85e96) #1 0x00007f1fbbba383c __pthread_cond_wait_common (libc.so.6 + 0x8883c) #2 0x000055b3baffbd01 qemu_cond_timedwait_ts (qemu-system-x86_64 + 0x8c4d01) #3 0x000055b3baffc8a0 qemu_cond_timedwait_impl (qemu-system-x86_64 + 0x8c58a0) #4 0x000055b3bb0110d4 worker_thread (qemu-system-x86_64 + 0x8da0d4) #5 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78) #6 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134) #7 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc) Stack trace of thread 969113: #0 0x00007f1fbbba0e96 __futex_abstimed_wait_common64 (libc.so.6 + 0x85e96) #1 0x00007f1fbbba383c __pthread_cond_wait_common (libc.so.6 + 0x8883c) #2 0x000055b3baffbd01 qemu_cond_timedwait_ts (qemu-system-x86_64 + 0x8c4d01) #3 0x000055b3baffc8a0 qemu_cond_timedwait_impl (qemu-system-x86_64 + 0x8c58a0) #4 0x000055b3bb0110d4 worker_thread (qemu-system-x86_64 + 0x8da0d4) #5 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78) #6 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134) #7 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc) Stack trace of thread 969114: #0 0x00007f1fbbba0e96 __futex_abstimed_wait_common64 (libc.so.6 + 0x85e96) #1 0x00007f1fbbba383c __pthread_cond_wait_common (libc.so.6 + 0x8883c) #2 0x000055b3baffbd01 qemu_cond_timedwait_ts (qemu-system-x86_64 + 0x8c4d01) #3 0x000055b3baffc8a0 qemu_cond_timedwait_impl (qemu-system-x86_64 + 0x8c58a0) #4 0x000055b3bb0110d4 worker_thread (qemu-system-x86_64 + 0x8da0d4) #5 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78) #6 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134) #7 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc) Stack trace of thread 969112: #0 0x00007f1fbbba0e96 __futex_abstimed_wait_common64 (libc.so.6 + 0x85e96) #1 0x00007f1fbbba383c __pthread_cond_wait_common (libc.so.6 + 0x8883c) #2 0x000055b3baffbd01 qemu_cond_timedwait_ts (qemu-system-x86_64 + 0x8c4d01) #3 0x000055b3baffc8a0 qemu_cond_timedwait_impl (qemu-system-x86_64 + 0x8c58a0) #4 0x000055b3bb0110d4 worker_thread (qemu-system-x86_64 + 0x8da0d4) #5 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78) #6 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134) #7 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc) Stack trace of thread 4165267: #0 0x00007f1fbbba0e96 __futex_abstimed_wait_common64 (libc.so.6 + 0x85e96) #1 0x00007f1fbbba383c __pthread_cond_wait_common (libc.so.6 + 0x8883c) #2 0x000055b3baffbd01 qemu_cond_timedwait_ts (qemu-system-x86_64 + 0x8c4d01) #3 0x000055b3baffc8a0 qemu_cond_timedwait_impl (qemu-system-x86_64 + 0x8c58a0) #4 0x000055b3bb0110d4 worker_thread (qemu-system-x86_64 + 0x8da0d4) #5 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78) #6 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134) #7 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc) Stack trace of thread 969116: #0 0x00007f1fbbba0e96 __futex_abstimed_wait_common64 (libc.so.6 + 0x85e96) #1 0x00007f1fbbba383c __pthread_cond_wait_common (libc.so.6 + 0x8883c) #2 0x000055b3baffbd01 qemu_cond_timedwait_ts (qemu-system-x86_64 + 0x8c4d01) #3 0x000055b3baffc8a0 qemu_cond_timedwait_impl (qemu-system-x86_64 + 0x8c58a0) #4 0x000055b3bb0110d4 worker_thread (qemu-system-x86_64 + 0x8da0d4) #5 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78) #6 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134) #7 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc) Stack trace of thread 969115: #0 0x00007f1fbbba0e96 __futex_abstimed_wait_common64 (libc.so.6 + 0x85e96) #1 0x00007f1fbbba383c __pthread_cond_wait_common (libc.so.6 + 0x8883c) #2 0x000055b3baffbd01 qemu_cond_timedwait_ts (qemu-system-x86_64 + 0x8c4d01) #3 0x000055b3baffc8a0 qemu_cond_timedwait_impl (qemu-system-x86_64 + 0x8c58a0) #4 0x000055b3bb0110d4 worker_thread (qemu-system-x86_64 + 0x8da0d4) #5 0x000055b3baffbb78 qemu_thread_start (qemu-system-x86_64 + 0x8c4b78) #6 0x00007f1fbbba4134 start_thread (libc.so.6 + 0x89134) #7 0x00007f1fbbc247dc __clone3 (libc.so.6 + 0x1097dc) ELF object binary architecture: AMD x86-64`