. Thread 6 (Thread 0x7fb005efd5c0 (LWP 28882)): #0 0x00007fb000277cf6 in __GI_ppoll (fds=0x5642153cdaf0, nfds=15, timeout=, timeout@entry=0x7ffd7a6e6830, sigmask=sigmask@entry=0x0) at ../sysdeps/unix/sysv/linux/ppoll.c:39 resultvar = 18446744073709551102 sc_cancel_oldtype = 0 sc_ret = tval = {tv_sec = 0, tv_nsec = 28739333} #1 0x00005642139b5129 in ppoll (__ss=0x0, __timeout=0x7ffd7a6e6830, __nfds=, __fds=) at /usr/include/x86_64-linux-gnu/bits/poll2.h:77 No locals. #2 qemu_poll_ns (fds=, nfds=, timeout=timeout@entry=29165306) at ./util/qemu-timer.c:334 ts = {tv_sec = 0, tv_nsec = 29165306} tvsec = #3 0x00005642139b5e73 in os_host_main_loop_wait (timeout=) at ./util/main-loop.c:255 context = 0x564214da6080 ret = context = ret = spin_counter = 0 notified = false #4 main_loop_wait (nonblocking=) at ./util/main-loop.c:515 ret = timeout = 499 timeout_ns = #5 0x00005642135db076 in main_loop () at ./vl.c:1995 No locals. #6 main (argc=, argv=, envp=) at ./vl.c:4944 i = snapshot = linux_boot = initrd_filename = kernel_filename = kernel_cmdline = boot_order = boot_once = ds = cyls = heads = secs = translation = opts = machine_opts = hda_opts = icount_opts = accel_opts = olist = optind = 17 optarg = 0x7ffd7a6e8191 "virtio-net-pci,id=net0,netdev=hostnet0" loadvm = machine_class = cpu_model = vga_model = qtest_chrdev = qtest_log = pid_file = incoming = userconfig = nographic = display_type = display_remote = log_mask = log_file = trace_file = maxram_size = 536870912 ram_slots = vmstate_dump_file = main_loop_err = 0x0 err = 0x0 list_data_dirs = dirs = bdo_queue = {sqh_first = 0x0, sqh_last = 0x7ffd7a6e6980} __func__ = "main" . Thread 5 (Thread 0x7faff71dd700 (LWP 28886)): #0 0x00007fb0005648c2 in futex_abstimed_wait_cancelable (private=0, abstime=0x7faff71dc900, expected=0, futex_word=0x564214db9c28) at ../sysdeps/unix/sysv/linux/futex-internal.h:205 __ret = 0 oldtype = 0 err = oldtype = err = __ret = resultvar = __arg6 = __arg5 = __arg4 = __arg3 = __arg2 = __arg1 = _a6 = _a5 = _a4 = _a3 = _a2 = _a1 = #1 do_futex_wait (sem=sem@entry=0x564214db9c28, abstime=abstime@entry=0x7faff71dc900) at sem_waitcommon.c:111 err = #2 0x00007fb0005649d3 in __new_sem_wait_slow (sem=sem@entry=0x564214db9c28, abstime=abstime@entry=0x7faff71dc900) at sem_waitcommon.c:181 _buffer = {__routine = 0x7fb000564870 <__sem_wait_cleanup>, __arg = 0x564214db9c28, __canceltype = -400686144, __prev = 0x0} err = d = 0 #3 0x00007fb000564a61 in sem_timedwait (sem=sem@entry=0x564214db9c28, abstime=abstime@entry=0x7faff71dc900) at sem_timedwait.c:39 No locals. #4 0x00005642139b94df in qemu_sem_timedwait (sem=sem@entry=0x564214db9c28, ms=ms@entry=10000) at ./util/qemu-thread-posix.c:289 rc = ts = {tv_sec = 1521058442, tv_nsec = 38542000} __PRETTY_FUNCTION__ = "qemu_sem_timedwait" __func__ = "qemu_sem_timedwait" #5 0x00005642139b46cc in worker_thread (opaque=0x564214db9bb0) at ./util/thread-pool.c:92 req = ret = pool = 0x564214db9bb0 #6 0x00007fb00055b6db in start_thread (arg=0x7faff71dd700) at pthread_create.c:463 pd = 0x7faff71dd700 now = unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140393741932288, -1121705345025482181, 140393741929024, 0, 94841817766832, 140726657507040, 1094665895686005307, 1085057748201988667}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = #7 0x00007fb00028488f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 No locals. . Thread 4 (Thread 0x7faff61db700 (LWP 28888)): #0 0x00007fb0002795d7 in ioctl () at ../sysdeps/unix/syscall-template.S:78 No locals. #1 0x0000564213633067 in kvm_vcpu_ioctl (cpu=cpu@entry=0x564214e17f40, type=type@entry=44672) at ./accel/kvm/kvm-all.c:2050 ret = arg = 0x0 ap = {{gp_offset = 16, fp_offset = 32688, overflow_arg_area = 0x7faff61da8c0, reg_save_area = 0x7faff61da850}} #2 0x00005642136331a4 in kvm_cpu_exec (cpu=cpu@entry=0x564214e17f40) at ./accel/kvm/kvm-all.c:1887 attrs = {unspecified = 1, secure = 0, user = 0, requester_id = 41472} run = ret = run_ret = #3 0x000056421360fff4 in qemu_kvm_cpu_thread_fn (arg=0x564214e17f40) at ./cpus.c:1128 cpu = 0x564214e17f40 r = #4 0x00007fb00055b6db in start_thread (arg=0x7faff61db700) at pthread_create.c:463 pd = 0x7faff61db700 now = unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140393725146880, -1121705345025482181, 140393725143616, 0, 94841818152768, 140726657508208, 1094668097930486331, 1085057748201988667}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = #5 0x00007fb00028488f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 No locals. . Thread 3 (Thread 0x7faff79de700 (LWP 28883)): #0 syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 No locals. #1 0x00005642139b971b in qemu_futex_wait (val=, f=) at ./include/qemu/futex.h:29 No locals. #2 qemu_event_wait (ev=ev@entry=0x564214476ca8 ) at ./util/qemu-thread-posix.c:442 value = __PRETTY_FUNCTION__ = "qemu_event_wait" #3 0x00005642139c9c3e in call_rcu_thread (opaque=) at ./util/rcu.c:249 tries = 0 n = node = #4 0x00007fb00055b6db in start_thread (arg=0x7faff79de700) at pthread_create.c:463 pd = 0x7faff79de700 now = unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140393750324992, -1121705345025482181, 140393750321728, 0, 0, 140726657509664, 1094666995734503995, 1085057748201988667}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = #5 0x00007fb00028488f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 No locals. . Thread 2 (Thread 0x7faff69dc700 (LWP 28887)): #0 0x00007fb000564ab4 in futex_wake (private=0, processes_to_wake=1, futex_word=0x564214db9c28) at ../sysdeps/unix/sysv/linux/futex-internal.h:231 __ret = 1 res = res = __ret = resultvar = __arg4 = __arg3 = __arg2 = __arg1 = _a4 = _a3 = _a2 = _a1 = #1 __new_sem_post (sem=sem@entry=0x564214db9c28) at sem_post.c:57 isem = 0x564214db9c28 private = 0 d = #2 0x00005642139b939f in qemu_sem_post (sem=sem@entry=0x564214db9c28) at ./util/qemu-thread-posix.c:234 rc = __PRETTY_FUNCTION__ = "qemu_sem_post" __func__ = "qemu_sem_post" #3 0x00005642139b4a39 in thread_pool_submit_aio (pool=pool@entry=0x564214db9bb0, func=func@entry=0x564213939130 , arg=arg@entry=0x7fafe81d35a0, cb=cb@entry=0x5642139b4590 , opaque=opaque@entry=0x7fafaf1f1a30) at ./util/thread-pool.c:267 req = 0x7fafe81bcb90 #4 0x00005642139b4b33 in thread_pool_submit_co (pool=0x564214db9bb0, func=func@entry=0x564213939130 , arg=arg@entry=0x7fafe81d35a0) at ./util/thread-pool.c:289 tpc = {co = 0x7fafec0096a0, ret = -115} __PRETTY_FUNCTION__ = "thread_pool_submit_co" #5 0x0000564213939660 in paio_submit_co (bs=0x564214dc5370, fd=, offset=30573248512, qiov=, bytes=20480, type=1) at ./block/file-posix.c:1533 acb = 0x7fafe81d35a0 pool = __n = __s = __p = #6 0x000056421393ed76 in bdrv_driver_preadv (bs=bs@entry=0x564214dc5370, offset=offset@entry=30573248512, bytes=bytes@entry=20480, qiov=qiov@entry=0x7fafe81cfd00, flags=0) at ./block/io.c:868 drv = sector_num = nb_sectors = #7 0x0000564213942809 in bdrv_aligned_preadv (child=child@entry=0x564214d89500, req=req@entry=0x7fafaf1f1c60, offset=offset@entry=30573248512, bytes=bytes@entry=20480, align=align@entry=1, qiov=qiov@entry=0x7fafe81cfd00, flags=0) at ./block/io.c:1172 bs = 0x564214dc5370 total_bytes = max_bytes = 969631637504 ret = bytes_remaining = 20480 max_transfer = 1048576 __PRETTY_FUNCTION__ = "bdrv_aligned_preadv" #8 0x0000564213942b18 in bdrv_co_preadv (child=0x564214d89500, offset=30573248512, bytes=20480, qiov=0x7fafe81cfd00, flags=0) at ./block/io.c:1268 bs = 0x564214dc5370 drv = req = {bs = 0x564214dc5370, offset = 30573248512, bytes = 20480, type = BDRV_TRACKED_READ, serialising = false, overlap_offset = 30573248512, overlap_bytes = 20480, list = {le_next = 0x0, le_prev = 0x564214dc85e8}, co = 0x7fafec0096a0, wait_queue = {entries = {sqh_first = 0x0, sqh_last = 0x7fafaf1f1ca8}}, waiting_for = 0x0} align = 1 head_buf = 0x0 tail_buf = 0x0 local_qiov = {iov = 0x0, niov = 328189705, nalloc = 22082, size = 0} use_local_qiov = false ret = #9 0x000056421393ed76 in bdrv_driver_preadv (bs=bs@entry=0x564214dbee70, offset=offset@entry=30573248512, bytes=bytes@entry=20480, qiov=qiov@entry=0x7fafe81cfd00, flags=0) at ./block/io.c:868 drv = sector_num = nb_sectors = #10 0x0000564213942809 in bdrv_aligned_preadv (child=child@entry=0x564214d89b00, req=req@entry=0x7fafaf1f1e90, offset=offset@entry=30573248512, bytes=bytes@entry=20480, align=align@entry=512, qiov=qiov@entry=0x7fafe81cfd00, flags=0) at ./block/io.c:1172 bs = 0x564214dbee70 total_bytes = max_bytes = 969631637504 ret = bytes_remaining = 20480 max_transfer = 1048576 __PRETTY_FUNCTION__ = "bdrv_aligned_preadv" #11 0x0000564213942b18 in bdrv_co_preadv (child=0x564214d89b00, offset=offset@entry=30573248512, bytes=bytes@entry=20480, qiov=qiov@entry=0x7fafe81cfd00, flags=flags@entry=0) at ./block/io.c:1268 bs = 0x564214dbee70 drv = req = {bs = 0x564214dbee70, offset = 30573248512, bytes = 20480, type = BDRV_TRACKED_READ, serialising = false, overlap_offset = 30573248512, overlap_bytes = 20480, list = {le_next = 0x0, le_prev = 0x564214dc20e8}, co = 0x7fafec0096a0, wait_queue = {entries = {sqh_first = 0x0, sqh_last = 0x7fafaf1f1ed8}}, waiting_for = 0x0} align = 512 head_buf = 0x0 tail_buf = 0x0 local_qiov = {iov = 0x0, niov = 2703014, nalloc = 32688, size = 140392534056656} use_local_qiov = false ret = #12 0x0000564213932469 in blk_co_preadv (blk=0x564214dbec10, offset=30573248512, bytes=20480, qiov=0x7fafe81cfd00, flags=0) at ./block/block-backend.c:1105 ret = bs = #13 0x0000564213932576 in blk_aio_read_entry (opaque=0x7fafe81dea00) at ./block/block-backend.c:1315 acb = 0x7fafe81dea00 rwco = 0x7fafe81dea28 #14 0x00005642139cb1c6 in coroutine_trampoline (i0=, i1=) at ./util/coroutine-ucontext.c:79 arg = self = 0x7fafec0096a0 co = 0x7fafec0096a0 #15 0x00007fb0001bb6b0 in ?? () from /tmp/apport_sandbox_g3p9jc4g/lib/x86_64-linux-gnu/libc.so.6 No symbol table info available. #16 0x00007faff61d9cb0 in ?? () No symbol table info available. #17 0x0000000000000000 in ?? () No symbol table info available. . Thread 1 (Thread 0x7fafbf9ff700 (LWP 28889)): #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 set = {__val = {18446744067266837079, 8, 8, 8, 3, 140393907239692, 140393907549151, 140393907899634, 18446744073709551615, 140393907548945, 140392683174112, 0, 94841829600144, 17964741694404280832, 8, 0}} pid = tid = ret = #1 0x00007fb0001a3801 in __GI_abort () at abort.c:79 save_stage = 1 act = {__sigaction_handler = {sa_handler = 0x90, sa_sigaction = 0x90}, sa_mask = {__val = {140392683350576, 140392683012128, 0, 2, 128, 140392683017216, 17964741694404280832, 0, 39, 140392683017216, 140393907333940, 140392683017216, 0, 140392683017216, 0, 140392810932076}}, sa_flags = 16379378, sa_restorer = 0x8} sigs = {__val = {32, 0 }} __cnt = __set = __cnt = __set = #2 0x00007fb0014b9cc9 in spice_logv (log_domain=0x7fb001524195 "Spice", args=0x7fafbf9fe600, format=0x7fb001525015 "condition `%s' failed", function=0x7fb001527ef0 <__func__.47520> "display_channel_update", strloc=0x7fb001527c0f "display-channel.c:2035", log_level=G_LOG_LEVEL_CRITICAL) at log.c:183 log_msg = 0x7fafb8001400 log_msg = #3 spice_log (log_level=log_level@entry=G_LOG_LEVEL_CRITICAL, strloc=strloc@entry=0x7fb001527c0f "display-channel.c:2035", function=function@entry=0x7fb001527ef0 <__func__.47520> "display_channel_update", format=format@entry=0x7fb001525015 "condition `%s' failed") at log.c:196 args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fafbf9fe6f0, reg_save_area = 0x7fafbf9fe620}} #4 0x00007fb00146f516 in display_channel_update (display=0x56421590aa30, surface_id=0, area=area@entry=0x56421590ee1c, clear_dirty=1, qxl_dirty_rects=qxl_dirty_rects@entry=0x7fafbf9fe770, num_dirty_rects=num_dirty_rects@entry=0x7fafbf9fe76c) at display-channel.c:2035 rect = {left = 350465840, top = 22082, right = 1, bottom = 0} surface = __func__ = "display_channel_update" #5 0x00007fb00149b7ae in handle_dev_update_async (opaque=0x56421590ebe0, payload=0x56421590ee10) at red-worker.c:428 worker = 0x56421590ebe0 msg = 0x56421590ee10 qxl_dirty_rects = 0x0 num_dirty_rects = 0 __func__ = "handle_dev_update_async" #6 0x00007fb0014694f1 in dispatcher_handle_single_read (dispatcher=0x56421590e080) at dispatcher.c:284 ret = type = 26 msg = 0x56421590ea70 ack = 4294967295 payload = 0x56421590ee10 "Pc\324\024BV" ret = type = msg = payload = ack = #7 dispatcher_handle_recv_read (dispatcher=0x56421590e080) at dispatcher.c:304 No locals. #8 0x00007fb00146fd7b in watch_func (source=, condition=, data=0x56421590ee60) at event-loop.c:128 watch = 0x56421590ee60 fd = #9 0x00007fb000f7cf85 in g_main_dispatch (context=0x56421590ecd0) at ../../../../glib/gmain.c:3177 dispatch = 0x7fb000fc30e0 prev_source = 0x0 was_in_call = 0 user_data = 0x56421590ee60 callback = 0x7fb00146fd50 cb_funcs = 0x7fb001245280 cb_data = 0x56421590cd30 need_destroy = source = 0x56421590ee90 current = 0x564214da1150 i = 0 current = i = source = _g_boolean_var_ = was_in_call = user_data = callback = cb_funcs = cb_data = need_destroy = dispatch = prev_source = _g_boolean_var_ = #10 g_main_context_dispatch (context=context@entry=0x56421590ecd0) at ../../../../glib/gmain.c:3830 No locals. #11 0x00007fb000f7d350 in g_main_context_iterate (context=0x56421590ecd0, block=block@entry=1, dispatch=dispatch@entry=1, self=) at ../../../../glib/gmain.c:3903 max_priority = 2147483647 timeout = 2147483647 some_ready = 1 nfds = allocated_nfds = 2 fds = 0x7fafb80031e0 #12 0x00007fb000f7d662 in g_main_loop_run (loop=0x7fafb8002530) at ../../../../glib/gmain.c:4099 self = __func__ = "g_main_loop_run" #13 0x00007fb00149bb3a in red_worker_main (arg=0x56421590ebe0) at red-worker.c:1372 worker = 0x56421590ebe0 __FUNCTION__ = "red_worker_main" loop = 0x7fafb8002530 #14 0x00007fb00055b6db in start_thread (arg=0x7fafbf9ff700) at pthread_create.c:463 pd = 0x7fafbf9ff700 now = unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140392810936064, -1121705345025482181, 140392810932800, 0, 94841829649376, 140726657507888, 1094825308765905467, 1085057748201988667}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = #15 0x00007fb00028488f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 No locals.