Bug 1261263

Summary: qemu crash while start a guest with invalid vnc socket path
Product: Red Hat Enterprise Linux 7 Reporter: zhenfeng wang <zhwang>
Component: qemu-kvm-rhevAssignee: Gerd Hoffmann <kraxel>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: unspecified    
Version: 7.2CC: areis, crobinso, dyuan, eblake, fjin, huding, jsuchane, juzhang, knoel, lmiksik, mazhang, mzhan, rbalakri, virt-maint, xfu
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard:
Fixed In Version: qemu-kvm-rhev-2.3.0-23.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1263986 (view as bug list) Environment:
Last Closed: 2015-12-04 16:56:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1263986    
Attachments:
Description Flags
qemu coredump info
none
guest's xml none

Description zhenfeng wang 2015-09-09 05:36:06 UTC 
Description of problem:
qemu crash while start a guest with invalid vnc socket path

Version-Release number of selected component (if applicable):
qemu-kvm-rhev-2.3.0-22.el7.x86_64
libvirt-1.2.17-8.el7.x86_64


How reproducible:
100%

Steps to Reproduce:
1.Prepare a guest 
# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     rhel7zhwang                            shut off

2.enable vnc_auto_unix_socket in qemu.conf
#cat /etc/libvirt/qemu.conf
vnc_auto_unix_socket = 1

#service libvirtd restart

3.Configure an invalid vnc socket path in guest's xml, directory domain-vm111
didn't exsit actually

#virsh dumpxml rhel7zhwang
--
 <graphics type='vnc' socket='/var/lib/libvirt/qemu/domain-vm111/a.vnc'/>

4.Start guest, guest will crash 
# virsh start vm2
error: Failed to start domain vm2
error: internal error: early end of file from monitor: possible problem:
qemu-kvm: iohandler.c:60: qemu_set_fd_handler2: Assertion `fd >= 0' failed.

Actual results:
qemu crash while start a guest with invalid vnc socket path

Expected results:
qemu shouldn't crash and should get an expect error like following:

Failed to start VNC server: Failed to bind socket to /var/lib/libvirt/qemu/domain-vm111/a.vnc: No such file or directory 

Additional info:
Comment 1 zhenfeng wang 2015-09-09 05:36:49 UTC 
Created attachment 1071569 [details]
qemu coredump info
Comment 2 zhenfeng wang 2015-09-09 05:37:16 UTC 
Created attachment 1071570 [details]
guest's xml
Comment 4 Ján Tomko 2015-09-09 08:09:02 UTC 
Fixed upstream by:
commit 3d00ac1a2ee0294fc3d460e6013a5cdd9c73ea6c
Author:     Cole Robinson <crobinso>
AuthorDate: 2015-05-05 11:07:17 -0400
Commit:     Gerd Hoffmann <kraxel>
CommitDate: 2015-05-20 10:23:08 +0200

    vnc: Don't assert if opening unix socket fails
    
    Reproducer:
    
    $ qemu-system-x86_64 -display vnc=unix:/root/i-cant-access-you.sock
    qemu-system-x86_64: iohandler.c:60: qemu_set_fd_handler2: Assertion `fd >= 0' failed.
    Aborted (core dumped)
    
    Signed-off-by: Cole Robinson <crobinso>
    Reviewed-by: Eric Blake <eblake>
    Signed-off-by: Gerd Hoffmann <kraxel>

git describe: v2.3.0-497-g3d00ac1 contains: v2.4.0-rc0~127^2~2
Comment 5 Karen Noel 2015-09-09 11:03:01 UTC 
Crasher and upstream fix available, request exception for 7.2.
Comment 6 Gerd Hoffmann 2015-09-09 14:51:54 UTC 
posted.
Comment 7 Miroslav Rezanina 2015-09-15 10:51:07 UTC 
Fix included in qemu-kvm-rhev-2.3.0-23.el7
Comment 8 mazhang 2015-09-17 09:15:12 UTC 
Reproduced this bug on qemu-kvm-rhev-2.3.0-22.el7.x86_64.
(gdb) r -display vnc=unix:/blabla/bla
Starting program: /usr/libexec/qemu-kvm -display vnc=unix:/blabla/bla
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x7fffe8829700 (LWP 18385)]
[New Thread 0x7fffe8028700 (LWP 18388)]
[New Thread 0x7fffddfff700 (LWP 18390)]
qemu-kvm: iohandler.c:60: qemu_set_fd_handler2: Assertion `fd >= 0' failed.

Program received signal SIGABRT, Aborted.
0x00007ffff073d5d7 in raise () from /lib64/libc.so.6


Verified this bug on qemu-kvm-rhev-2.3.0-22.el7.x86_64.
(gdb) r -display vnc=unix:/blabla/bla
Starting program: /usr/libexec/qemu-kvm -display vnc=unix:/blabla/bla
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x7fffe8829700 (LWP 18444)]
[New Thread 0x7fffe8028700 (LWP 18447)]
[New Thread 0x7fffddfff700 (LWP 18449)]
qemu-kvm: -display vnc=unix:/blabla/bla: Failed to start VNC server on `(null)': Failed to bind socket to /blabla/bla: No such file or directory

qemu-kvm quit without assert.
So this bug has been fixed.
Comment 10 errata-xmlrpc 2015-12-04 16:56:35 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2546.html