Bug 1277471

Summary: VM get killed after SmartCard re-plug / reconnection to the VM
Product: Red Hat Enterprise Linux 7 Reporter: Andrei Stepanov <astepano>
Component: qemu-kvm-rhevAssignee: Marc-Andre Lureau <marcandre.lureau>
Status: CLOSED CURRENTRELEASE QA Contact: Li Xiaohui <xiaohli>
Severity: high Docs Contact: Jiri Herrmann <jherrman>
Priority: unspecified    
Version: 7.2CC: areis, astepano, cww, fidencio, gveitmic, jinzhao, juzhang, knoel, kraxel, marcandre.lureau, michal.skrivanek, michen, mkalinin, qizhu, qzhang, rduda, rmcswain, spice-qe-bugs, tpelka, victortoso, virt-maint, xfu, xiaohli
Target Milestone: pre-dev-freeze   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-01-02 14:26:56 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 917867, 1287969, 1316495, 1356656    
Bug Blocks: 1229843, 1401400, 1477664    
Attachments:
Description Flags
libvirt log
none
vdsm log
none
qemu log
none
One more bt for another core dump
none
One more bt for another core dump #2
none
remote-viewer log
none
smart card in device manager
none
screenshot-1
none
screenshot-2
none
picture 1
none
picture 2
none
Smartcard detected by win10 guest none

Description Andrei Stepanov 2015-11-03 12:19:51 UTC
VM killed on reconnection with SmartCard

Host:
qemu-kvm-rhev-2.3.0-31.el7.x86_64
spice-server-0.12.4-15.el7.x86_64
kernel-3.10.0-324.el7.x86_64

Guest is: WindowXP

Client is: RHEL6.7.z virt-viewer-2.0-7.el6.x86_64

It is possible to drop down VM with 100%.
It is necessary to make a few re-connections to vm or re-plug SmardCard on client.

1. Start VM
2. Connect to it from WebPortal.
3. While connected attach/detach smartcard on client 
4. Close remote-viewer
5. repeat from step 2

At same iteration VM will be killed.

Comment 1 Andrei Stepanov 2015-11-03 12:20:21 UTC
Created attachment 1088951 [details]
libvirt log

Comment 2 Andrei Stepanov 2015-11-03 12:20:48 UTC
Created attachment 1088952 [details]
vdsm log

Comment 3 Andrei Stepanov 2015-11-03 12:21:15 UTC
Created attachment 1088954 [details]
qemu log

Comment 4 Fabiano FidĂȘncio 2015-11-03 14:48:03 UTC
This bug has been opened as suggestion for handling Bug 1267386, comment 5, in a different bug.

From the report the client being used is in RHEL-6.7.z.
Does it also happen with RHEL-7.2 client?
Does it happend with RHEL-6.7 or RHEL-6.6 client? IOW, is this a regression?
Can you also provide a client debug (just run virt-viewer using --debug --spice-debug)?

Comment 5 Andrei Stepanov 2015-11-03 16:21:41 UTC
# gdb /usr/libexec/qemu-kvm core.26144.1446566358.dump 
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-80.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/libexec/qemu-kvm...Reading symbols from /usr/lib/debug/usr/libexec/qemu-kvm.debug...done.
done.
[New LWP 26144]
[New LWP 26145]
[New LWP 26155]
[New LWP 26149]
[New LWP 26154]
[New LWP 26152]
[New LWP 26153]
[New LWP 26150]
[New LWP 26276]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/usr/libexec/qemu-kvm -name WIN-XP -S -machine pc-i440fx-rhel7.2.0,accel=kvm,us'.
Program terminated with signal 11, Segmentation fault.
#0  SLL_Next (t=0x0) at src/linked_list.h:45
45	  return *(reinterpret_cast<void**>(t));
Missing separate debuginfos, use: debuginfo-install nss-3.19.1-17.el7.x86_64 nss-util-3.19.1-4.el7.x86_64
(gdb) bt
#0  SLL_Next (t=0x0) at src/linked_list.h:45
#1  SLL_PopRange (end=<synthetic pointer>, start=<synthetic pointer>, N=429, head=0x7f981a88d0e8) at src/linked_list.h:76
#2  PopRange (end=<synthetic pointer>, start=<synthetic pointer>, N=429, this=0x7f981a88d0e8) at src/thread_cache.h:218
#3  tcmalloc::ThreadCache::ReleaseToCentralCache (this=this@entry=0x7f981a88d0a0, src=src@entry=0x7f981a88d0e8, 
    cl=<optimized out>, N=429, N@entry=8192) at src/thread_cache.cc:195
#4  0x00007f981487347b in tcmalloc::ThreadCache::ListTooLong (this=this@entry=0x7f981a88d0a0, list=0x7f981a88d0e8, 
    cl=<optimized out>) at src/thread_cache.cc:157
#5  0x00007f9814883082 in Deallocate (cl=<optimized out>, ptr=0x7f981afb0210, this=0x7f981a88d0a0) at src/thread_cache.h:379
#6  do_free_helper (invalid_free_fn=0x7f98148632e0 <(anonymous namespace)::InvalidFree(void*)>, heap_must_be_valid=true, 
    heap=0x7f981a88d0a0, ptr=0x7f981afb0210) at src/tcmalloc.cc:1191
#7  do_free_with_callback (invalid_free_fn=0x7f98148632e0 <(anonymous namespace)::InvalidFree(void*)>, ptr=0x7f981afb0210)
    at src/tcmalloc.cc:1221
#8  do_realloc_with_callback (invalid_free_fn=0x7f98148632e0 <(anonymous namespace)::InvalidFree(void*)>, 
    invalid_get_size_fn=0x7f9814863340 <(anonymous namespace)::InvalidGetSizeForRealloc(void const*)>, new_size=140291256930464, 
    old_ptr=0x7f981afb0210) at src/tcmalloc.cc:1293
#9  do_realloc (new_size=140291256930464, old_ptr=0x7f981afb0210) at src/tcmalloc.cc:1305
#10 tc_realloc (old_ptr=old_ptr@entry=0x7f981afb0210, new_size=new_size@entry=3) at src/tcmalloc.cc:1608
#11 0x00007f9818df9581 in realloc_and_trace (mem=0x7f981afb0210, n_bytes=3) at vl.c:2582
#12 0x00007f981714a307 in g_realloc (mem=0x7f981afb0210, n_bytes=3) at gmem.c:162
#13 0x00007f9818f75677 in capacity_increase (qstring=qstring@entry=0x7f981de7cff0, len=len@entry=1) at qobject/qstring.c:81
#14 0x00007f9818f75760 in qstring_append (qstring=qstring@entry=0x7f981de7cff0, str=str@entry=0x7f9818ff869b "{")
    at qobject/qstring.c:91
#15 0x00007f9818f76fd8 in to_json (obj=obj@entry=0x7f981e29c400, str=str@entry=0x7f981de7cff0, pretty=pretty@entry=0, 
    indent=indent@entry=0) at qobject/qjson.c:202
#16 0x00007f9818f77580 in qobject_to_json (obj=0x7f981e29c400) at qobject/qjson.c:274
#17 0x00007f9818d378ed in monitor_json_emitter (mon=0x7f981b0c2140, data=<optimized out>)
    at /usr/src/debug/qemu-2.3.0/monitor.c:411
#18 0x00007f9818d37a06 in monitor_protocol_emitter (mon=mon@entry=0x7f981b0c2140, data=<optimized out>)
---Type <return> to continue, or q <return> to quit---
    at /usr/src/debug/qemu-2.3.0/monitor.c:460
#19 0x00007f9818d385a2 in qmp_call_cmd (cmd=<optimized out>, params=0x7f981e87e000, mon=0x7f981b0c2140)
    at /usr/src/debug/qemu-2.3.0/monitor.c:5053
#20 handle_qmp_command (parser=<optimized out>, tokens=<optimized out>) at /usr/src/debug/qemu-2.3.0/monitor.c:5113
#21 0x00007f9818f776b2 in json_message_process_token (lexer=0x7f981afe06d0, token=0x7f981de7cdb0, type=JSON_OPERATOR, x=49, y=442)
    at qobject/json-streamer.c:87
#22 0x00007f9818f89adf in json_lexer_feed_char (lexer=lexer@entry=0x7f981afe06d0, ch=<optimized out>, flush=flush@entry=false)
    at qobject/json-lexer.c:303
#23 0x00007f9818f89bae in json_lexer_feed (lexer=0x7f981afe06d0, buffer=<optimized out>, size=<optimized out>)
    at qobject/json-lexer.c:356
#24 0x00007f9818f77849 in json_message_parser_feed (parser=<optimized out>, buffer=<optimized out>, size=<optimized out>)
    at qobject/json-streamer.c:110
#25 0x00007f9818d3691f in monitor_control_read (opaque=<optimized out>, buf=<optimized out>, size=<optimized out>)
    at /usr/src/debug/qemu-2.3.0/monitor.c:5134
#26 0x00007f9818df32c0 in qemu_chr_be_write (len=<optimized out>, buf=0x7ffd4589b8a0 "}\271\211E\375\177", s=0x7f981b0482e0)
    at qemu-char.c:305
#27 tcp_chr_read (chan=<optimized out>, cond=<optimized out>, opaque=0x7f981b0482e0) at qemu-char.c:2870
#28 0x00007f981714479a in g_main_dispatch (context=0x7f981afef140) at gmain.c:3109
#29 g_main_context_dispatch (context=context@entry=0x7f981afef140) at gmain.c:3708
#30 0x00007f9818f0c448 in glib_pollfds_poll () at main-loop.c:209
#31 os_host_main_loop_wait (timeout=<optimized out>) at main-loop.c:254
#32 main_loop_wait (nonblocking=<optimized out>) at main-loop.c:503
#33 0x00007f9818d0ba9e in main_loop () at vl.c:1818
#34 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4394

Comment 6 Andrei Stepanov 2015-11-03 16:39:26 UTC
Created attachment 1089131 [details]
One more bt for another core dump

Comment 7 Andrei Stepanov 2015-11-03 16:49:05 UTC
Created attachment 1089135 [details]
One more bt for another core dump #2

Comment 8 Andrei Stepanov 2015-11-03 17:01:43 UTC
Created attachment 1089148 [details]
remote-viewer log

Comment 9 Andrei Stepanov 2015-11-03 17:10:00 UTC
VM also got killed where client = RHEL 7.2 (virt-viewer-2.0-6.el7.x86_64)

Comment 10 Michal Skrivanek 2015-11-04 14:42:42 UTC
fixing bugzilla product, changing release to 7.2 as per comment #9

Comment 11 Marc-Andre Lureau 2016-01-12 14:41:05 UTC
this is very likely a dup of bug 1287969 adding dep for now

Comment 12 Germano Veit Michel 2016-05-03 00:32:13 UTC
We have a customer who hit this a few times with exact same backtraces and is also passing USB/smartcard.

I'm not sure what is the current status here, but please needinfo me if you wish some qemu-kvm cores, as this customer collected a few.

Comment 14 Robert McSwain 2016-07-08 19:41:22 UTC
Hi! Any updates on this or additional thoughts I could pass to the customer?

Comment 15 Marc-Andre Lureau 2016-07-25 11:47:37 UTC
Please check if reproducible with >= spice-0.12.4-16.el7

Comment 16 Andrei Stepanov 2016-08-23 09:27:09 UTC
Server:
ovirt-engine-4.0.2.7-0.1.el7ev.noarch
qemu-kvm-rhev-2.3.0-31.el7_2.21.x86_64

Client:
virt-viewer-2.0-11.el7.x86_64
spice-protocol-0.12.11-1.el7.noarch
spice-gtk3-0.31-5.el7.x86_64

Guest:
Windows XP + rhev-guest-tools-iso-4.0-5.el7ev.noarch


I tried several times, and I didn't manage to reproduce the bug.

Nonetheless, SmartCard cannot be detected at the Guest. We have a few opened bugs:

https://bugzilla.redhat.com/show_bug.cgi?id=1331471
https://bugzilla.redhat.com/show_bug.cgi?id=1356656

All in all, to close this bug it is necessary to test on working configuration. For now, SC support is broken.

Comment 18 juzhang 2017-06-08 12:18:20 UTC
Hi Qunfang,

Free to update the QE contact.

Best Regards,
Junyi

Comment 19 Marc-Andre Lureau 2017-11-16 11:34:12 UTC
moving to 7.6

Comment 20 Marc-Andre Lureau 2018-04-03 09:27:23 UTC
Is this bug still reproducible? (most likely corruption is fixed since https://bugzilla.redhat.com/show_bug.cgi?id=1287969) thanks

Comment 21 Marc-Andre Lureau 2018-05-17 12:42:28 UTC
Andrei, do you want to wait until #917867 is fixed to test this bug?

Should we move it to 7.7?

Comment 22 Radek Duda 2018-05-17 14:47:08 UTC
as for
https://bugzilla.redhat.com/show_bug.cgi?id=1331471
https://bugzilla.redhat.com/show_bug.cgi?id=1356656
(see https://bugzilla.redhat.com/show_bug.cgi?id=1277471#c16)
smartcard sharing does not work in Windows XP now. So I cannot reproduce this one (tried it now and cannot share smartcard with Windows XP). BTW FYI Andrei is not in spice-qe any more.

Comment 23 Marc-Andre Lureau 2018-09-07 10:42:36 UTC
moving to 7.7

Comment 27 Li Xiaohui 2018-12-20 12:55:03 UTC
Hi all, 
I tested this bug in the rhel7.6 and the latest qemu-kvm-rhev, reproduce this bug, so need be fixed.

1.Version-Release:
host info:
kernel-3.10.0-957.el7.x86_64 & qemu-kvm-rhev-2.12.0-20.el7.x86_64
guest info: 
windows7 with virtio-win-1.9.6-1.el7


2.Steps to reproduce:
(1)create certificates on client:
# certutil -x -t "CT,CT,CT" -S -s "CN=cert1" -n cert1 -d /etc/pki/nssdb/
# certutil -x -t "CT,CT,CT" -S -s "CN=cert2" -n cert2 -d /etc/pki/nssdb/
# certutil -x -t "CT,CT,CT" -S -s "CN=cert3" -n cert3 -d /etc/pki/nssdb/

# certutil -L -d /etc/pki/nssdb/

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

cert3                                                        CTu,Cu,Cu
cert1                                                        CTu,Cu,Cu
cert2                                                        CTu,Cu,Cu

(2)launch a windows 7 x86_64 guest with smartcard support:
[root@dell-per515-04 qemu-sh]# gdb /usr/libexec/qemu-kvm
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-114.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/libexec/qemu-kvm...Reading symbols from /usr/lib/debug/usr/libexec/qemu-kvm.debug...done.
done.
(gdb) run -M pc -cpu host -enable-kvm -m 4G -smp 4 -nodefaults -rtc base=localtime,clock=host,driftfix=slew -device virtio-scsi-pci,id=scsi0 -drive file=win7-2.qcow2,format=qcow2,if=none,id=drive-scsi0-0-0-0,media=disk,cache=none,werror=stop,rerror=stop -device scsi-hd,bus=scsi0.0,drive=drive-scsi0-0-0-0,id=scsi0-0-0-0 -device virtio-net-pci,mac=08:9e:01:c2:65:1c,id=netdev1,vectors=4,netdev=net1 -netdev tap,id=net1,vhost=on -device usb-ccid,id=ccid0 -chardev spicevmc,id=charsmartcard0,name=smartcard -device ccid-card-passthru,chardev=charsmartcard0,id=smartcard0,bus=ccid0.0 -usb -spice disable-ticketing,port=5902 -qmp tcp:0:4442,server,nowait -monitor stdio -vga qxl -boot menu=on

(3)connect to guest with remote-viewer:
[root@dell-per515-04 ~]# remote-viewer --spice-smartcard spice://10.73.72.34:5902 --spice-smartcard-db /etc/pki/nssdb/ --spice-smartcard-certificates cert1,cert2,cert3

(4)check "Smart Card" and "Smart card readers" whether is in Device Manager list:
please see attachment picture "smart card in device manager", found "Smart Card" exist some problem, couldn't be recognized right.

(5)delete usb-ccid and chardev and ccid-card-passthru in hmp:
(qemu) device_del smartcard0 
(qemu) chardev-remove 
charsmartcard0   compat_monitor0  compat_monitor1  
(qemu) chardev-remove charsmartcard0 
(qemu) device_del ccid0 

after delete, "Smart Card" and "Smart card readers" disappear in Device Manager list.

(6)use "Ctrl + c" to quit from step(3), and reconnect guest with smart card via remote-viewer:
[root@dell-per515-04 ~]# remote-viewer --spice-smartcard spice://10.73.72.34:5902 --spice-smartcard-db /etc/pki/nssdb/ --spice-smartcard-certificates cert1,cert2,cert3


Actual results:
after step(6), guest core dump, log like following:
**********************************************************************************************
(qemu) red_channel_client_disconnect: rcc=0x55555751a9f0 (channel=0x555557108150 type=1 id=0)
main_channel_client_on_disconnect: rcc=0x55555751a9f0
red_client_destroy: destroy client 0x5555585b21e0 with #channels=5
red_qxl_disconnect_cursor_peer: 
red_channel_client_disconnect: rcc=0x555557cb2dd0 (channel=0x555557f658b0 type=4 id=0)
red_channel_client_disconnect: rcc=0x5555575269c0 (channel=0x555557108940 type=3 id=0)
red_channel_client_disconnect: rcc=0x555557abd1d0 (channel=0x5555583710b0 type=8 id=0)
red_channel_client_disconnect: rcc=0x5555587f15b0 (channel=0x555557108220 type=2 id=0)
red_qxl_disconnect_display_peer: 
main_channel_link: add main channel client
main_channel_client_handle_pong: net test: latency 0.581000 ms, bitrate 17964912280 bps (17132.675438 Mbps)

Program received signal SIGSEGV, Segmentation fault.
smartcard_readers_get_unattached () at smartcard.c:280
280	        if (!dev->priv->scc) {
Missing separate debuginfos, use: debuginfo-install boost-iostreams-1.53.0-27.el7.x86_64 boost-random-1.53.0-27.el7.x86_64 boost-system-1.53.0-27.el7.x86_64 boost-thread-1.53.0-27.el7.x86_64 bzip2-libs-1.0.6-13.el7.x86_64 celt051-0.5.1.3-8.el7.x86_64 cyrus-sasl-gssapi-2.1.26-23.el7.x86_64 cyrus-sasl-lib-2.1.26-23.el7.x86_64 cyrus-sasl-md5-2.1.26-23.el7.x86_64 cyrus-sasl-plain-2.1.26-23.el7.x86_64 cyrus-sasl-scram-2.1.26-23.el7.x86_64 elfutils-libelf-0.172-2.el7.x86_64 elfutils-libs-0.172-2.el7.x86_64 expat-2.1.0-10.el7_3.x86_64 glib2-2.56.1-2.el7.x86_64 glibc-2.17-260.el7.x86_64 glusterfs-api-3.12.2-18.el7.x86_64 glusterfs-libs-3.12.2-18.el7.x86_64 gmp-6.0.0-15.el7.x86_64 gnutls-3.3.29-8.el7.x86_64 gperftools-libs-2.6.1-1.el7.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.15.1-34.el7.x86_64 libacl-2.2.51-14.el7.x86_64 libaio-0.3.109-13.el7.x86_64 libattr-2.4.46-13.el7.x86_64 libblkid-2.23.2-59.el7.x86_64 libcacard-2.5.2-2.el7.x86_64 libcap-2.22-9.el7.x86_64 libcom_err-1.42.9-13.el7.x86_64 libcurl-7.29.0-51.el7.x86_64 libdb-5.3.21-24.el7.x86_64 libdrm-2.4.91-3.el7.x86_64 libepoxy-1.5.2-1.el7.x86_64 libffi-3.0.13-18.el7.x86_64 libgcc-4.8.5-36.el7.x86_64 libgcrypt-1.5.3-14.el7.x86_64 libgpg-error-1.12-3.el7.x86_64 libibumad-17.2-3.el7.x86_64 libibverbs-17.2-3.el7.x86_64 libidn-1.28-4.el7.x86_64 libiscsi-1.9.0-7.el7.x86_64 libjpeg-turbo-1.2.90-6.el7.x86_64 libmount-2.23.2-59.el7.x86_64 libnl3-3.2.28-4.el7.x86_64 libpng-1.5.13-7.el7_2.x86_64 librados2-10.2.5-4.el7.x86_64 librbd1-10.2.5-4.el7.x86_64 librdmacm-17.2-3.el7.x86_64 libseccomp-2.3.1-3.el7.x86_64 libselinux-2.5-14.1.el7.x86_64 libssh2-1.4.3-12.el7.x86_64 libstdc++-4.8.5-36.el7.x86_64 libtasn1-4.10-1.el7.x86_64 libusbx-1.0.21-1.el7.x86_64 libuuid-2.23.2-59.el7.x86_64 libwayland-server-1.15.0-1.el7.x86_64 lz4-1.7.5-2.el7.x86_64 lzo-2.06-8.el7.x86_64 mesa-libgbm-18.0.5-3.el7.x86_64 nettle-2.7.1-8.el7.x86_64 nspr-4.19.0-1.el7_5.x86_64 nss-3.36.0-7.el7_5.x86_64 nss-softokn-freebl-3.36.0-5.el7_5.x86_64 nss-util-3.36.0-1.el7_5.x86_64 numactl-libs-2.0.9-7.el7.x86_64 openldap-2.4.44-20.el7.x86_64 openssl-libs-1.0.2k-16.el7.x86_64 opus-1.0.2-6.el7.x86_64 p11-kit-0.23.5-3.el7.x86_64 pcre-8.32-17.el7.x86_64 pixman-0.34.0-1.el7.x86_64 snappy-1.1.0-3.el7.x86_64 systemd-libs-219-62.el7.x86_64 usbredir-0.7.1-3.el7.x86_64 xz-libs-5.2.2-1.el7.x86_64 zlib-1.2.7-18.el7.x86_64
(gdb) bt
#0  0x00007fffe004cf03 in smartcard_readers_get_unattached ()
    at smartcard.c:280
#1  0x00007fffe004d2b9 in smartcard_connect_client (channel=0x5555583710b0, client=0x5555585b2250, stream=0x5555581aee00, migration=<optimized out>, caps=0x7fffffffda20) at smartcard.c:533
#2  0x00007fffe002e515 in reds_channel_do_link (channel=channel@entry=0x5555583710b0, client=client@entry=0x5555585b2250, link_msg=link_msg@entry=0x555558a2aa40, stream=0x5555581aee00) at reds.c:1886
#3  0x00007fffe0034a99 in reds_handle_link (link=0x5555570d68f0, reds=0x5555570d1080) at reds.c:2028
#4  0x00007fffe0034a99 in reds_handle_link (reds=reds@entry=0x5555570d1080, link=link@entry=0x5555570d68f0) at reds.c:2041
#5  0x00007fffe0035182 in reds_handle_ticket (opaque=0x5555570d68f0)
    at reds.c:2094
#6  0x0000555555ba1f98 in aio_dispatch_handlers (ctx=ctx@entry=0x55555704d7c0)
    at util/aio-posix.c:410
#7  0x0000555555ba2828 in aio_dispatch (ctx=0x55555704d7c0)
    at util/aio-posix.c:441
#8  0x0000555555b9f64e in aio_ctx_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at util/async.c:261
#9  0x00007ffff76c4049 in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#10 0x0000555555ba1b17 in main_loop_wait () at util/main-loop.c:215
#11 0x0000555555ba1b17 in main_loop_wait (timeout=<optimized out>)
---Type <return> to continue, or q <return> to quit---r
    at util/main-loop.c:238
#12 0x0000555555ba1b17 in main_loop_wait (nonblocking=nonblocking@entry=0)
    at util/main-loop.c:497
#13 0x0000555555843de7 in main () at vl.c:1963
#14 0x0000555555843de7 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4768
(gdb) 
(gdb)

Comment 28 Radek Duda 2018-12-20 13:52:09 UTC
Hi  Li Xiaohui,
many thanks for testing. 

> (4)check "Smart Card" and "Smart card readers" whether is in Device Manager list:
> please see attachment picture "smart card in device manager", found "Smart Card" exist some problem, couldn't be recognized right.

You mention attachment - I can not find any. Why it couldn't be recognized right? To test this bug working configuration is needed - as states #c16.
I am also not sure whether you chose appropriate test method - bug is about crash after Smartcard re-pluging - smartcard device was not removed from qemu configuration before re-plug as is in your step (5).

Comment 29 Li Xiaohui 2018-12-21 01:56:08 UTC
Created attachment 1516021 [details]
smart card in device manager

Comment 30 Li Xiaohui 2018-12-21 09:27:12 UTC
Hi Radek,

(In reply to Radek Duda from comment #28)

> > (4)check "Smart Card" and "Smart card readers" whether is in Device Manager list:
> > please see attachment picture "smart card in device manager", found "Smart Card" exist some problem, couldn't be recognized right.
> 
> You mention attachment - I can not find any. Why it couldn't be recognized
> right?
  sorry for forget, have done. This problem is same with bug:
  Bug 1356656 - Windows guest VM - problems with shared smartcard detection

> To test this bug working configuration is needed - as states #c16.
> I am also not sure whether you chose appropriate test method - bug is about
> crash after Smartcard re-pluging - smartcard device was not removed from
> qemu configuration before re-plug as is in your step (5).
I get infomation from attachment "qemu log" that Andrei boot guest with SmartCard, and I do so.
Next if want to re-plug smartcard, I think must unplug it first, then we can re-plug it, so I do unplug operation.


Andrei, could you please help check whether Comment 27's test steps are right for reproduce?

Regrads,
Li Xiaohui

Comment 31 Radek Duda 2018-12-21 16:12:51 UTC
Hi Li,
as stated in #c25 Andrei is not part of spice-qe team any more.

I have a little time to investigate this, so to be brief:
I suspect that smartcard reader shall be unplugged from client - as stated in step 3. from initial comment #c0. Since there is written 'While connected attach/detach smartcard on client'. So it is client to detach or attach smartcard - no guest.

so my config:
client (rhel8):
esc-1.1.2-5.el8.x86_64
libcacard-2.6.1-1.el8.x86_64
spice-gtk3-0.35-7.el8.x86_64
virt-viewer-7.0-3.el8.x86_64

host(rhel7.6):
KVM Version:2.12.0 - 18.el7_6.3
libvirt-4.5.0-10.el7_6.3
VDSM Version: vdsm-4.20.45-1.el7ev
SPICE Version: 0.14.0 - 6.el7

guest is win7 with Activclient-6.2 and guest-tools-4.2-9

To share smartcard I performed those steps:
1. install esc on client (rhel8 used) (# yum groupinstall 'Smart card support')
2. plug smartcard reader with smartcard already inserted to client
3. connect with remote-viewer to Win7 guest (rhv4.2 origin) with enabled smartcard support and Activclient6.2 installed.

result: Smartcard is succesfully detected by client and shared with guest (see attached screenshot-1)
4. unplug smartcard reader from client
result: Smartcard is still shared with guest (detected by Activclient) and enrolled with client (at least esc shows it is enrolled with difference token 'issuer url: null' this time) - probably a bug..? (see attached screenshot-2)
5. restart remote-viewer
6. plug smartcard reader to client
7. smartcard is detected by esc on client, but not in Activclient

further I tried:
8. restart remote-viewer

After step 8 Smartcard is successfully detected by Activclient.

To sum it up I had no qemu crash, but smartcard is available to guest even after its force disconnection from client. So further investigation is necessary there

Comment 32 Radek Duda 2018-12-21 16:14:12 UTC
Created attachment 1516164 [details]
screenshot-1

Smartcard is succesfully shared to guest

Comment 33 Radek Duda 2018-12-21 16:15:12 UTC
Created attachment 1516165 [details]
screenshot-2

After manual unplug of smartcard reader from client, smartcard is still shared to guest.

Comment 34 Li Xiaohui 2018-12-26 06:59:20 UTC
Hi Radek,
Do you use a physical smartcard for test? In fact, in Comment 27, I used a emulated smartcard to reproduce this issue.
Now I'm trying to reproduce the bug using a physical smartcard, will update here if get results.

And if confirm the problem from Comment 27 isn't same with this bug, I will report a new one

Best Regards,
Li Xiaohui

Comment 35 Li Xiaohui 2018-12-27 03:25:39 UTC
Hi Radek,
I have finished test this bug with a physical smart card read and a physical smart card, didn't hit this issue, I think we can close this bug now:

1.Version-Release:
host info:
kernel-3.10.0-957.el7.x86_64 & qemu-kvm-rhev-2.12.0-20.el7.x86_64
guest info: 
windows7 with virtio-win-1.9.6-1.el7
client info:
kernel-4.18.0-46.el8.x86_64 & libcacard-2.5.3-5.el8.x86_64 & spice-gtk-0.35-7.el8.x86_64 & virt-viewer-7.0-1.el8.x86_64 & esc-1.1.2-5.el8.x86_64

2.Test steps:
(1)boot guest with commands:
/usr/libexec/qemu-kvm -M pc \
-cpu host \
-enable-kvm \
-m 4G \
-smp 4 \
-nodefaults \
-rtc base=localtime,clock=host,driftfix=slew \
-device virtio-scsi-pci,id=scsi0 \
-drive file=win7-2.qcow2,format=qcow2,if=none,id=drive-scsi0-0-0-0,media=disk,cache=none,werror=stop,rerror=stop \
-device scsi-hd,bus=scsi0.0,drive=drive-scsi0-0-0-0,id=scsi0-0-0-0 \
-device virtio-net-pci,mac=08:9e:01:c2:65:1c,id=netdev1,vectors=4,netdev=net1 -netdev tap,id=net1,vhost=on \
-usb \
-device usb-ccid \
-chardev spicevmc,id=ccid,name=smartcard \
-device ccid-card-passthru,chardev=ccid \
-spice disable-ticketing,port=5902 \
-qmp tcp:0:4442,server,nowait \
-monitor stdio \
-vga qxl \
-boot menu=on \

(2)plug physical smart card to smart card reader, and plug them to the client, after plug, connect win7 guest via remote-viewer on client:
[root@localhost qemu-sh]# remote-viewer spice://10.73.72.34:5902 --spice-smartcard

(3)after guest booted, check smart card and smart card reader in Device Manager, could find them, but smart card reader should be physical, should be "QEMU USB CCID"(it means it's a emulated smart card reader), and smart card is in Other device list, should be recognized Smart Card.

(4)close remote-viewer, and unplug/re-plug smart card from smart card reader.

(5)repeat from step(3)-(4) for 10 times, check guest whether runs normally.


Actual result:
repeat for 10 times, guest runs normally, no core dump happens.
And test this issue using win2019 guest on rhel8, didn't hit this bug, either.


And the problem in Comment 31 isn't a bug:
> 4. unplug smartcard reader from client
> result: Smartcard is still shared with guest (detected by Activclient) and enrolled with client (at least esc shows it is enrolled with difference token 'issuer url: null' this time) - probably a bug..? (see attached screenshot-2)
I think you may mistake smartcard and smartcard reader. In this bug, we should unplug/re-plug smartcard, not smartcard reader, so smartcard reader is always in device manager, just smartcard reader dispear or appear. 


And there I have two problems:
1.in this Comment, 2-(3), I had said, there are some problems about smart card and smart card reader recognization, please see picture 1(win7 guest in rhel7.6) and picture 2(win2019 guest in rhel8) for compare.
right actions should be:
(1)for smart card reader, not qemu usb ccid, but "Microsoft Usbccid Smartcard Reader(WUDF)"
(2)for smart card, shouldn't be under "Other devices", should be under "Smart cards". this problem is similar with Bug 1002425 - Smartcard emulation fails with physical smartcard / Bug 1356656 - Windows guest VM - problems with shared smartcard detection

I think problem(1) is a new bug, but not confirm problem(2) whether is a bug

2.in Comment 27, core dump when I tried to unplug emulated smartcard and smartcard reader, I can reproduce this bug, so I will report a new one

what's your opinion, Radek?

Regards,
Li Xiaohui

Comment 36 Li Xiaohui 2018-12-27 03:27:05 UTC
Created attachment 1516979 [details]
picture 1

Comment 37 Li Xiaohui 2018-12-27 03:27:47 UTC
Created attachment 1516980 [details]
picture 2

Comment 38 Li Xiaohui 2018-12-27 03:30:00 UTC
correct Comment 35:
And the problem in Comment 31 isn't a bug:
> 4. unplug smartcard reader from client
> result: Smartcard is still shared with guest (detected by Activclient) and enrolled with client (at least esc shows it is enrolled with difference token 'issuer url: null' this time) - probably a bug..? (see attached screenshot-2)
I think you may mistake smartcard and smartcard reader. In this bug, we should unplug/re-plug smartcard, not smartcard reader, so smartcard reader is always in device manager, just smartcard dispear or appear.

Comment 39 Radek Duda 2019-01-02 14:26:56 UTC
Hi Li,
yes I have used physical smartcard for testing described in #c31.
I have asked reporter of the bug and you are right - only smartcard is removed/inserted - smartcard reader stays always plugged to client. Nevertheless I think your reproduction steps are not 100% correct since as step (3) of #c0 smartcard is removed/inserted while client is connected to the guest and not after remote-viewer is closed as is in your step (4).
I tried these steps (using win10 guest, rhel8 client and rhel7.6 host):
1. Connect smartcard to client
2. connect to guest (remote-viewer console.vv)
3. detach and attach smartcard from smatcard-reader
4. close remote-viewer
5. repeat steps 2-4 ten times

after step 2 and 3 smartcard is detected in guest (see attached screenshot)
Then I used the same setup with win7 guest from #c31, repeated steps 2-4 five times -> no crash occurs and smartcard was detected by ActivClient.
No crash occurred, so I agree with you - we should close this bug.

Previously I tested with win 7 guest (see #c31) and 'Microsoft Usbccid smartcard reader' was detected by guest - not "QEMU USB CCID" as you have in #37. Even thou smartcard was detected by ActivClient, it was not recognized in device manager (as you pointed out in 
> (2)for smart card, shouldn't be under "Other devices", should be under "Smart cards". this problem is similar with Bug 1002425 - Smartcard emulation fails with physical smartcard / Bug 1356656 - Windows guest VM - problems with shared 
> smartcard detection
)

I wonder what is the difference between your guest win7 testing and mine regarding problem (1). I am using Activclient-6.2 and guest-tools-4.2-9.
Here is my win 7 qemu cmdline (the rest of my testing setup is in #c31):
/usr/libexec/qemu-kvm -name guest=Win7,debug-threads=on -S -object secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-31-Win7/master-key.aes -machine pc-i440fx-rhel7.3.0,accel=kvm,usb=off,dump-guest-core=off -cpu SandyBridge,hv_time,hv_relaxed,hv_vapic,hv_spinlocks=0x1fff -m size=2048000k,slots=16,maxmem=8192000k -realtime mlock=off -smp 4,maxcpus=16,sockets=16,cores=1,threads=1 -numa node,nodeid=0,cpus=0-3,mem=2000 -uuid 497d0479-b8b7-44db-a449-7ea14a735ab4 -smbios type=1,manufacturer=Red Hat,product=RHEV Hypervisor,version=7.6-4.el7,serial=4C4C4544-0054-4710-8059-B1C04F37354A,uuid=497d0479-b8b7-44db-a449-7ea14a735ab4 -no-user-config -nodefaults -chardev socket,id=charmonitor,fd=36,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=2018-12-21T15:34:30,driftfix=slew -global kvm-pit.lost_tick_policy=delay -no-hpet -no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x5.0x7 -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x5.0x2 -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x5.0x1 -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x5 -device virtio-scsi-pci,id=ua-4829792b-ba37-47e7-a8fe-3bcd7605d6bc,bus=pci.0,addr=0x9 -device virtio-serial-pci,id=ua-af41696f-1da4-4420-932f-1484f1f5f111,max_ports=16,bus=pci.0,addr=0x6 -device usb-ccid,id=ccid0,bus=usb.0,port=5 -drive file=/rhev/data-center/mnt/10.37.175.3:_nfs_iso/b85e609a-c9dc-4d14-bfd9-03b6c2c93fba/images/11111111-1111-1111-1111-111111111111/RHV-toolsSetup_4.2_9.iso,format=raw,if=none,id=drive-ua-35226356-360b-4c78-a9c2-3a4b8ed2de03,werror=report,rerror=report,readonly=on -device ide-cd,bus=ide.1,unit=0,drive=drive-ua-35226356-360b-4c78-a9c2-3a4b8ed2de03,id=ua-35226356-360b-4c78-a9c2-3a4b8ed2de03 -drive file=/rhev/data-center/mnt/blockSD/5325e826-d91c-4c95-be07-51011bf28943/images/548cae0e-3714-456f-99e3-2236a620bd41/5faa7208-0511-4ab3-ba9d-059f46d323a7,format=qcow2,if=none,id=drive-ua-548cae0e-3714-456f-99e3-2236a620bd41,serial=548cae0e-3714-456f-99e3-2236a620bd41,werror=stop,rerror=stop,cache=none,aio=native -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x7,drive=drive-ua-548cae0e-3714-456f-99e3-2236a620bd41,id=ua-548cae0e-3714-456f-99e3-2236a620bd41,bootindex=1,write-cache=on -netdev tap,fds=39:40:42:43,id=hostua-439007a5-4e58-4312-9cf4-fed04d8bec9d,vhost=on,vhostfds=44:45:46:47 -device virtio-net-pci,mq=on,vectors=10,host_mtu=9000,netdev=hostua-439007a5-4e58-4312-9cf4-fed04d8bec9d,id=ua-439007a5-4e58-4312-9cf4-fed04d8bec9d,mac=00:1a:4a:16:01:05,bus=pci.0,addr=0x3 -chardev spicevmc,id=charua-de3e2b80-9487-493a-9a42-70680d01171f,name=smartcard -device ccid-card-passthru,chardev=charua-de3e2b80-9487-493a-9a42-70680d01171f,id=ua-de3e2b80-9487-493a-9a42-70680d01171f,bus=ccid0.0 -chardev socket,id=charchannel0,fd=48,server,nowait -device virtserialport,bus=ua-af41696f-1da4-4420-932f-1484f1f5f111.0,nr=1,chardev=charchannel0,id=channel0,name=ovirt-guest-agent.0 -chardev socket,id=charchannel1,fd=49,server,nowait -device virtserialport,bus=ua-af41696f-1da4-4420-932f-1484f1f5f111.0,nr=2,chardev=charchannel1,id=channel1,name=org.qemu.guest_agent.0 -chardev spicevmc,id=charchannel2,name=vdagent -device virtserialport,bus=ua-af41696f-1da4-4420-932f-1484f1f5f111.0,nr=3,chardev=charchannel2,id=channel2,name=com.redhat.spice.0 -spice port=5904,tls-port=5905,addr=10.37.175.134,x509-dir=/etc/pki/vdsm/libvirt-spice,tls-channel=main,tls-channel=display,tls-channel=inputs,tls-channel=cursor,tls-channel=playback,tls-channel=record,tls-channel=smartcard,tls-channel=usbredir,seamless-migration=on -device qxl-vga,id=ua-4ea055dd-2af1-44e0-b8f6-bb2115a7642e,ram_size=67108864,vram_size=8388608,vram64_size_mb=0,vgamem_mb=16,max_outputs=1,bus=pci.0,addr=0x2 -device qxl,id=ua-9123abe7-a3d8-4d3c-992e-5ff607786b9b,ram_size=67108864,vram_size=8388608,vram64_size_mb=0,vgamem_mb=16,max_outputs=1,bus=pci.0,addr=0xa -device qxl,id=ua-d20d16c6-6952-4cee-96b7-c14c0bf5b286,ram_size=67108864,vram_size=8388608,vram64_size_mb=0,vgamem_mb=16,max_outputs=1,bus=pci.0,addr=0xb -device qxl,id=ua-f8d33dc8-aaf7-4549-a0cb-96a62a9757ba,ram_size=67108864,vram_size=8388608,vram64_size_mb=0,vgamem_mb=16,max_outputs=1,bus=pci.0,addr=0xc -device intel-hda,id=ua-52f7a391-447c-49ad-a40f-1b1c5a8a31f0,bus=pci.0,addr=0x4 -device hda-duplex,id=ua-52f7a391-447c-49ad-a40f-1b1c5a8a31f0-codec0,bus=ua-52f7a391-447c-49ad-a40f-1b1c5a8a31f0.0,cad=0 -chardev spicevmc,id=charua-000f3d2d-1f9f-4b4e-a997-f8a0b4907783,name=usbredir -device usb-redir,chardev=charua-000f3d2d-1f9f-4b4e-a997-f8a0b4907783,id=ua-000f3d2d-1f9f-4b4e-a997-f8a0b4907783,bus=usb.0,port=1 -chardev spicevmc,id=charua-9cb42968-c74a-4a89-9058-98d6a5558c84,name=usbredir -device usb-redir,chardev=charua-9cb42968-c74a-4a89-9058-98d6a5558c84,id=ua-9cb42968-c74a-4a89-9058-98d6a5558c84,bus=usb.0,port=2 -chardev spicevmc,id=charua-cb830dd5-42ec-4d68-ae99-dbc31b2358b9,name=usbredir -device usb-redir,chardev=charua-cb830dd5-42ec-4d68-ae99-dbc31b2358b9,id=ua-cb830dd5-42ec-4d68-ae99-dbc31b2358b9,bus=usb.0,port=3 -chardev spicevmc,id=charua-f77a9945-560a-4ddb-ade1-fe2bb5591ec0,name=usbredir -device usb-redir,chardev=charua-f77a9945-560a-4ddb-ade1-fe2bb5591ec0,id=ua-f77a9945-560a-4ddb-ade1-fe2bb5591ec0,bus=usb.0,port=4 -device virtio-balloon-pci,id=ua-c2f37904-919e-4958-9bf6-7dca02039be0,bus=pci.0,addr=0x8 -object rng-random,id=objua-20f258c9-025b-4086-94a1-5726016a781f,filename=/dev/urandom -device virtio-rng-pci,rng=objua-20f258c9-025b-4086-94a1-5726016a781f,id=ua-20f258c9-025b-4086-94a1-5726016a781f,bus=pci.0,addr=0xd -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny -msg timestamp=on

Comment 40 Radek Duda 2019-01-02 14:28:21 UTC
Created attachment 1517954 [details]
Smartcard detected by win10 guest

Comment 41 Li Xiaohui 2019-01-03 06:29:16 UTC
Hi Radek,
I can reproduce problem (1) always, when boot win7 guest with controller "-usb" instead of ehci and uhci controller:

problem (1):
right actions should be:
(1)for smart card reader, not qemu usb ccid, but "Microsoft Usbccid Smartcard Reader(WUDF)"

you can have a try like booting guest with commands:
***************************************************
-usb \ 
-device usb-ccid \ 
-chardev spicevmc,id=ccid,name=smartcard \ 
-device ccid-card-passthru,chardev=ccid \ 
-spice disable-ticketing,port=5902 \ 

and your reproduction is same with mine(there was a mistake in my test step descriptions), so I couldn't reproduce this bug, either.