Bug 2000814

Summary: qemu-kvm crashes after I use virt-viewer/virt-manager connect to a vnc vm which listening on unix socket
Product: Red Hat Enterprise Linux 9 Reporter: zhoujunqin <juzhou>
Component: qemu-kvmAssignee: Marc-Andre Lureau <marcandre.lureau>
qemu-kvm sub component: Graphics QA Contact: zhoujunqin <juzhou>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: unspecified CC: ahuang12, bfu, chhu, coli, fjin, hongzliu, lcheng, lethalwp, lijin, marcandre.lureau, mkrajnak, mrezanin, smitterl, tyan, tzheng, virt-maint, xiaodwan, yafu, yicui, zhetang
Version: 9.0Keywords: Triaged
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qemu-kvm-6.2.0-1.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2003679 (view as bug list) Environment:
Last Closed: 2022-05-17 12:24:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2003679    

Description zhoujunqin 2021-09-03 04:40:44 UTC 
Description of problem:
qemu-kvm crashes after I use virt-viewer/virt-manager connect to a vnc vm which listening on unix socket

Version-Release number of selected component (if applicable):
libvirt-7.6.0-2.el9.x86_64
qemu-kvm-6.1.0-1.el9.x86_64
virt-viewer-10.0-3.el9.x86_64


How reproducible:
100%

Steps to Reproduce:
1. Edit the xml of the vnc guest and set listen to type to 'socket'
...
    <graphics type='vnc' port='-1' autoport='yes'>
      <listen type='socket'/>
    </graphics>
...

2.  Start the guest.
# virsh start $vncguest

3. Check the xml of the guest, verify a socket file is generated for the vnc guest.
...
    <graphics type='vnc' socket='/var/lib/libvirt/qemu/domain-4-7vnc1/vnc.sock'>
      <listen type='socket' socket='/var/lib/libvirt/qemu/domain-4-7vnc1/vnc.sock'/>
    </graphics>
...

4. Run virt-viewer to connect the guest by root user.
# virt-viewer $vncguest

Error message prompts by virt-viewer:
"""
Unable to connect to the graphics server localhost:/var/lib/libvirt/qemu/domain-4-7vnc1/vnc.sock

Server closed the connection.
"""

Test result: Failed to connect to the VM's console, and the running VM will be shut down immediately.

# virsh domstate 7vnc1
shut off

Actual results:
As the description.

Expected results:
Fix it.

Additional info:
# coredumpctl  debug
           PID: 5522 (qemu-kvm)
           UID: 107 (qemu)
           GID: 107 (qemu)
        Signal: 6 (ABRT)
     Timestamp: Fri 2021-09-03 00:36:30 EDT (2min 25s ago)
  Command Line: /usr/libexec/qemu-kvm -name guest=7vnc1,debug-threads=on -S -object $'{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain-4-7vnc1/master-key.aes"}' -machine pc-q35-rhel8.5.0,accel=kvm,usb=off,dump-guest-core=off,memory-backend=pc.ram -cpu Skylake-Client-IBRS,ss=on,vmx=on,pdcm=on,hypervisor=on,tsc-adjust=on,clflushopt=on,umip=on,md-clear=on,stibp=on,arch-capabilities=on,ssbd=on,xsaves=on,pdpe1gb=on,ibpb=on,ibrs=on,amd-stibp=on,amd-ssbd=on,skip-l1dfl-vmentry=on,pschange-mc-no=on,hle=off,rtm=off -m 1024 -object $'{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' -overcommit mem-lock=off -smp 2,sockets=2,cores=1,threads=1 -uuid 51b3dcb2-b0ec-46ae-a76f-e402b3bce38b -no-user-config -nodefaults -chardev socket,id=charmonitor,fd=32,server=on,wait=off -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=delay -no-hpet -no-shutdown -global ICH9-LPC.disable_s3=1 -global ICH9-LPC.disable_s4=1 -boot strict=on -device pcie-root-port,port=0x10,chassis=1,id=pci.1,bus=pcie.0,multifunction=on,addr=0x2 -device pcie-root-port,port=0x11,chassis=2,id=pci.2,bus=pcie.0,addr=0x2.0x1 -device pcie-root-port,port=0x12,chassis=3,id=pci.3,bus=pcie.0,addr=0x2.0x2 -device pcie-root-port,port=0x13,chassis=4,id=pci.4,bus=pcie.0,addr=0x2.0x3 -device pcie-root-port,port=0x14,chassis=5,id=pci.5,bus=pcie.0,addr=0x2.0x4 -device pcie-root-port,port=0x15,chassis=6,id=pci.6,bus=pcie.0,addr=0x2.0x5 -device pcie-root-port,port=0x16,chassis=7,id=pci.7,bus=pcie.0,addr=0x2.0x6 -device qemu-xhci,p2=15,p3=15,id=usb,bus=pci.2,addr=0x0 -device virtio-serial-pci,id=virtio-serial0,bus=pci.3,addr=0x0 -device virtio-serial-pci,id=virtio-serial1,bus=pci.7,addr=0x0 -blockdev $'{"driver":"file","filename":"/var/lib/libvirt/images/7vnc1.qcow2","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' -blockdev $'{"node-name":"libvirt-1-format","read-only":false,"driver":"qcow2","file":"libvirt-1-storage","backing":null}' -device virtio-blk-pci,bus=pci.4,addr=0x0,drive=libvirt-1-format,id=virtio-disk0,bootindex=1 -netdev tap,fd=34,id=hostnet0,vhost=on,vhostfd=35 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:93:c0:a6,bus=pci.1,addr=0x0 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -chardev socket,id=charchannel0,fd=36,server=on,wait=off -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0 -device usb-tablet,id=input0,bus=usb.0,port=1 -audiodev id=audio1,driver=none -vnc vnc=unix:/var/lib/libvirt/qemu/domain-4-7vnc1/vnc.sock,audiodev=audio1 -device VGA,id=video0,vgamem_mb=16,bus=pcie.0,addr=0x1 -device virtio-balloon-pci,id=balloon0,bus=pci.5,addr=0x0 -object $'{"qom-type":"rng-random","id":"objrng0","filename":"/dev/urandom"}' -device virtio-rng-pci,rng=objrng0,id=rng0,bus=pci.6,addr=0x0 -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny -msg timestamp=on
    Executable: /usr/libexec/qemu-kvm
 Control Group: /machine.slice/machine-qemu\x2d4\x2d7vnc1.scope/libvirt/emulator
          Unit: machine-qemu\x2d4\x2d7vnc1.scope
         Slice: machine.slice
       Boot ID: a4d2138faa5441ee82c162125dff01f6
    Machine ID: 6e3ff601a3c94dd3913478317e81b21f
      Hostname: juzhou-rhel9
       Storage: none
       Message: Process 5522 (qemu-kvm) of user 107 dumped core.

Coredump entry has no core attached (neither internally in the journal nor externally on disk).
Comment 3 Marc-Andre Lureau 2021-09-03 16:02:28 UTC 
This is fixed by "[PATCH v3] qemu-sockets: fix unix socket path copy (again)" upstream, pending merge.
We will have to backport it ince it is merged.

please qa ack
Comment 4 Marc-Andre Lureau 2021-09-07 16:05:06 UTC 
https://gitlab.com/redhat/centos-stream/src/qemu-kvm/-/merge_requests/42

waiting for CI & acks
Comment 5 yicui 2021-09-13 07:41:31 UTC 
Hi,
This issue can be reproduced in rhel 8.6 with qemu-kvm 6.1.0-1.
Could you please help check if we need to clone this bug to rhel 8.6? 


Thanks,
Yingshun
Comment 7 Marc-Andre Lureau 2021-09-13 08:03:10 UTC 
(In reply to yicui from comment #5)
> Hi,
> This issue can be reproduced in rhel 8.6 with qemu-kvm 6.1.0-1.
> Could you please help check if we need to clone this bug to rhel 8.6? 

yes, thanks
Comment 8 zhoujunqin 2021-09-13 09:48:34 UTC 
Add additional info:
output for command "# ps -ef |grep 7vnc1"


qemu       86718       1  0 Sep07 ?        00:14:28 /usr/libexec/qemu-kvm -name guest=7vnc1,debug-threads=on -S -object {"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain-2-7vnc1/master-key.aes"} -machine pc-q35-rhel8.5.0,accel=kvm,usb=off,dump-guest-core=off,memory-backend=pc.ram -cpu Skylake-Client-IBRS,ss=on,vmx=on,pdcm=on,hypervisor=on,tsc-adjust=on,clflushopt=on,umip=on,md-clear=on,stibp=on,arch-capabilities=on,ssbd=on,xsaves=on,pdpe1gb=on,ibpb=on,ibrs=on,amd-stibp=on,amd-ssbd=on,skip-l1dfl-vmentry=on,pschange-mc-no=on,hle=off,rtm=off -m 1024 -object {"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824} -overcommit mem-lock=off -smp 2,sockets=2,cores=1,threads=1 -uuid 51b3dcb2-b0ec-46ae-a76f-e402b3bce38b -no-user-config -nodefaults -chardev socket,id=charmonitor,fd=37,server=on,wait=off -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=delay -no-hpet -no-shutdown -global ICH9-LPC.disable_s3=1 -global ICH9-LPC.disable_s4=1 -boot strict=on -device pcie-root-port,port=0x10,chassis=1,id=pci.1,bus=pcie.0,multifunction=on,addr=0x2 -device pcie-root-port,port=0x11,chassis=2,id=pci.2,bus=pcie.0,addr=0x2.0x1 -device pcie-root-port,port=0x12,chassis=3,id=pci.3,bus=pcie.0,addr=0x2.0x2 -device pcie-root-port,port=0x13,chassis=4,id=pci.4,bus=pcie.0,addr=0x2.0x3 -device pcie-root-port,port=0x14,chassis=5,id=pci.5,bus=pcie.0,addr=0x2.0x4 -device pcie-root-port,port=0x15,chassis=6,id=pci.6,bus=pcie.0,addr=0x2.0x5 -device pcie-root-port,port=0x16,chassis=7,id=pci.7,bus=pcie.0,addr=0x2.0x6 -device qemu-xhci,p2=15,p3=15,id=usb,bus=pci.2,addr=0x0 -device virtio-serial-pci,id=virtio-serial0,bus=pci.3,addr=0x0 -device virtio-serial-pci,id=virtio-serial1,bus=pci.7,addr=0x0 -blockdev {"driver":"file","filename":"/var/lib/libvirt/images/7vnc1.qcow2","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"} -blockdev {"node-name":"libvirt-1-format","read-only":false,"driver":"qcow2","file":"libvirt-1-storage","backing":null} -device virtio-blk-pci,bus=pci.4,addr=0x0,drive=libvirt-1-format,id=virtio-disk0,bootindex=1 -netdev tap,fd=39,id=hostnet0,vhost=on,vhostfd=40 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:93:c0:a6,bus=pci.1,addr=0x0 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -chardev socket,id=charchannel0,fd=41,server=on,wait=off -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0 -device usb-tablet,id=input0,bus=usb.0,port=1 -audiodev id=audio1,driver=none -vnc vnc=unix:/var/lib/libvirt/qemu/domain-2-7vnc1/vnc.sock,audiodev=audio1 -device VGA,id=video0,vgamem_mb=16,bus=pcie.0,addr=0x1 -device virtio-balloon-pci,id=balloon0,bus=pci.5,addr=0x0 -object {"qom-type":"rng-random","id":"objrng0","filename":"/dev/urandom"} -device virtio-rng-pci,rng=objrng0,id=rng0,bus=pci.6,addr=0x0 -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny -msg timestamp=on
Comment 9 John Ferlan 2021-09-13 12:22:39 UTC 
Update to be included in the qemu-6.2 rebase planned for Nov/Dec
Comment 10 CongLi 2021-09-25 06:37:50 UTC 
*** Bug 2007640 has been marked as a duplicate of this bug. ***
Comment 12 CongLi 2021-12-16 00:20:38 UTC 
*** Bug 2032974 has been marked as a duplicate of this bug. ***
Comment 13 Yanan Fu 2021-12-20 12:44:59 UTC 
QE bot(pre verify): Set 'Verified:Tested,SanityOnly' as gating/tier1 test pass.
Comment 16 Hongzhou Liu 2022-01-05 05:21:34 UTC 
Verify this bug on rhel9.0

packages:
qemu-kvm-6.2.0-1.el9.x86_64
virt-viewer-11.0-1.el9.x86_64
libvirt-7.10.0-1.el9.x86_64

1. prepare a vm, use virsh edit edit the xml of the vnc guest and set listen to type to 'socket'

<graphics type='vnc'>
      <listen type='socket'/>
    </graphics>

2. start the guest and check the xml
# virsh domstate rhel9.0 
>
running
# virsh dumpxml rhel9.0  | grep grap -C2
> 
     <alias name='input2'/>
    </input>
    <graphics type='vnc' socket='/var/lib/libvirt/qemu/domain-16-rhel9.0/vnc.sock'>
      <listen type='socket' socket='/var/lib/libvirt/qemu/domain-16-rhel9.0/vnc.sock'/>
    </graphics>
    <audio id='1' type='none'/>
    <video>
3. connect the guest via virt-viewer
# virt-viewer rhel9.0

result: virt-viewer can connect the guest correctly, the result is as expected so I change the status to verified. Thanks!
Comment 17 zhoujunqin 2022-01-27 05:44:21 UTC 
*** Bug 2027966 has been marked as a duplicate of this bug. ***
Comment 19 errata-xmlrpc 2022-05-17 12:24:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: qemu-kvm), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:2307