Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1294409

Summary: qemu core dump when expire_password with vnc protocol
Product: Red Hat Enterprise Linux 6 Reporter: weliao <weliao>
Component: qemu-kvmAssignee: Gerd Hoffmann <kraxel>
Status: CLOSED NEXTRELEASE QA Contact: Virtualization Bugs <virt-bugs>
Severity: low Docs Contact:
Priority: low    
Version: 6.8CC: ailan, chayang, coli, huding, juzhang, mkenneth, rbalakri, virt-maint, weliao
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-01-15 11:37:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description weliao 2015-12-28 05:30:34 UTC 
Description of problem:
launch guest with spice protocol, then expire_password with vnc protocol on qmp,qemu core dump 

Version-Release number of selected component (if applicable):
2.6.32-595.el6.x86_64
qemu-kvm-0.12.1.2-2.482.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1.launch guest with spice protocol and qmp enable
/usr/libexec/qemu-kvm -name test -machine rhel6.6.0 \
-nodefaults \
-vga qxl  \
-device virtio-scsi-pci,id=virtio_scsi_pci0,bus=pci.0,addr=04 \
-drive id=drive_image1,if=none,cache=none,snapshot=off,format=qcow2,file=/mnt/rhel7.2.z.qcow2 \
-device scsi-hd,id=image1,drive=drive_image1,bus=virtio_scsi_pci0.0,bootindex=0 -netdev tap,id=hostnet0,vhost=on \
-device virtio-net-pci,netdev=hostnet0,mac=06:bc:59:fc:8f:1f,id=net0  \
-m 2048 -smp 2,maxcpus=4,cores=2,threads=1,sockets=1 \
-cpu SandyBridge  \
-rtc base=localtime,clock=host,driftfix=slew \
-boot order=cdn,once=d,menu=off,strict=off \
-enable-kvm -qmp tcp:0:5555,nowait,server \
-monitor stdio  \
-spice port=5900,password=1

2.connect qmp with telnet 
[root@dhcp-65-110 weiliao]# telnet 10.66.8.118 5555
Trying 10.66.8.118...
Connected to 10.66.8.118.
Escape character is '^]'.
{"QMP": {"version": {"qemu": {"micro": 1, "minor": 12, "major": 0}, "package": "(qemu-kvm-0.12.1.2-2.482.el6)"}, "capabilities": []}}
{ 'execute' : 'qmp_capabilities' }
{"return": {}}

3.expire_password with vnc protocol on qmp
{ "execute": "expire_password", "arguments": { "protocol": "vnc", "time":"+6" } }


Actual results:
(qemu) Segmentation fault (core dumped)


Expected results:
can't core dumped.

Additional info:
gdb:
(gdb) bt
#0  vnc_display_pw_expire (ds=0x0, expires=1451279716) at /usr/src/debug/qemu-kvm-0.12.1.2/vnc.c:2706
#1  0x00007ffff7db74fe in expire_password (mon=<value optimized out>, qdict=<value optimized out>, ret_data=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:1400
#2  0x00007ffff7db84c0 in monitor_call_handler (mon=<value optimized out>, cmd=0x7ffff82c01c8, params=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:4377
#3  0x00007ffff7db9174 in handle_qmp_command (parser=<value optimized out>, tokens=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:5003
#4  0x00007ffff7e1f274 in json_message_process_token (lexer=0x7ffff92dac60, token=0x7ffff8b4cbc0, type=JSON_OPERATOR, x=81, y=2) at /usr/src/debug/qemu-kvm-0.12.1.2/json-streamer.c:87
#5  0x00007ffff7e1ef10 in json_lexer_feed_char (lexer=0x7ffff92dac60, ch=125 '}', flush=false) at /usr/src/debug/qemu-kvm-0.12.1.2/json-lexer.c:303
#6  0x00007ffff7e1f059 in json_lexer_feed (lexer=0x7ffff92dac60, buffer=0x7fffffffbbd0 "}", size=1) at /usr/src/debug/qemu-kvm-0.12.1.2/json-lexer.c:355
#7  0x00007ffff7db7dcb in monitor_control_read (opaque=<value optimized out>, buf=<value optimized out>, size=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/monitor.c:5024
#8  0x00007ffff7e428ea in qemu_chr_be_write (chan=<value optimized out>, cond=<value optimized out>, opaque=0x7ffff86e2190) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-char.c:192
#9  tcp_chr_read (chan=<value optimized out>, cond=<value optimized out>, opaque=0x7ffff86e2190) at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-char.c:2286
#10 0x00007ffff7203642 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#11 0x00007ffff7db0910 in glib_pollfds_poll (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4053
#12 main_loop_wait (timeout=1000) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4079
#13 0x00007ffff7dd422a in kvm_main_loop () at /usr/src/debug/qemu-kvm-0.12.1.2/qemu-kvm.c:2258
#14 0x00007ffff7db5317 in main_loop (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:4273
#15 main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.1.2/vl.c:6731
Comment 2 Gerd Hoffmann 2016-01-04 13:00:54 UTC 
Does this happen on RHEL-7 too?
Comment 3 weliao 2016-01-05 02:07:51 UTC 
RHEL-7 & RHEV no this issue:
3.10.0-309.el7.x86_64
 qemu-kvm-rhev.x86_64 10:2.3.0-31.el7_2.1 

{ "execute": "expire_password", "arguments": { "protocol": "vnc", "time":"+6" } }
{"error": {"class": "GenericError", "desc": "Could not set password"}}

RHEL-7 & QEMU-KVM no this issue:
qemu-kvm.x86_64 10:1.5.3-105.el7
Comment 4 Ademar Reis 2016-01-15 11:37:53 UTC 
corner case: changing vnc passwd while using spice, can't happen in practice with our management tools. Fixed in rhel7/upstream.