Bug 2042820
| Summary: | qemu crash when try to copy and paste contents from client to VM | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Guo, Zhiyi <zhguo> |
| Component: | qemu-kvm | Assignee: | Gerd Hoffmann <kraxel> |
| qemu-kvm sub component: | Graphics | QA Contact: | Guo, Zhiyi <zhguo> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | high | ||
| Priority: | high | CC: | coli, jinzhao, jsnow, juzhou, kkiwi, kraxel, marcandre.lureau, mrezanin, virt-maint, ymankad |
| Version: | 9.0 | Keywords: | CustomerScenariosInitiative, Triaged |
| Target Milestone: | rc | Flags: | pm-rhel:
mirror+
|
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | qemu-kvm-6.2.0-10.el9 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-05-17 12:25:11 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1874926 | ||
Update, for crash message "malloc_consolidate(): unaligned fastbin chunk detected", the correct reproducer: Inside VM, select some characters and then qemu will crash For crash message "free(): double free detected in tcache 2", a simple reproducer:
1.Copy some characters from Client
2.Inside VM, open terminal and paste them twice.
With the reproduce, can also hit crash with stack:
corrupted double-linked list
--Type <RET> for more, q to quit, c to continue without paging--
Thread 1 "qemu-kvm" received signal SIGABRT, Aborted.
[Switching to Thread 0x7ffff67a2ec0 (LWP 20283)]
0x00007ffff78017fc in __pthread_kill_implementation () from /lib64/libc.so.6
(gdb) bt
#0 0x00007ffff78017fc in __pthread_kill_implementation () from /lib64/libc.so.6
#1 0x00007ffff77b4676 in raise () from /lib64/libc.so.6
#2 0x00007ffff779e7d3 in abort () from /lib64/libc.so.6
#3 0x00007ffff77f59d7 in __libc_message () from /lib64/libc.so.6
#4 0x00007ffff780b7ec in malloc_printerr () from /lib64/libc.so.6
#5 0x00007ffff780c39c in unlink_chunk.constprop () from /lib64/libc.so.6
#6 0x00007ffff780eb59 in _int_malloc () from /lib64/libc.so.6
#7 0x00007ffff780f0aa in _int_realloc () from /lib64/libc.so.6
#8 0x00007ffff780fe4b in realloc () from /lib64/libc.so.6
#9 0x00007ffff7adca20 in g_realloc () from /lib64/libglib-2.0.so.0
#10 0x00005555558ee2dd in vnc_client_cut_text_ext (vs=0x555557049000, len=<optimized out>, flags=268435457,
data=<optimized out>) at ../ui/vnc-clipboard.c:61
#11 0x00005555558ce46b in protocol_client_msg (vs=0x555557049000, data=<optimized out>, len=43) at ../ui/vnc.c:2459
#12 0x00005555558cbb2c in vnc_client_io (ioc=<optimized out>, condition=G_IO_IN, opaque=0x555557049000)
at ../ui/vnc.c:1621
#13 0x00007ffff7ad3f6f in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#14 0x0000555555eddbc3 in main_loop_wait (nonblocking=<optimized out>) at ../util/main-loop.c:232
#15 0x0000555555b57d57 in qemu_main_loop () at ../softmmu/runstate.c:726
#16 0x00005555558b06f2 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>)
at ../softmmu/main.c:50
(In reply to Guo, Zhiyi from comment #1) > Update, for crash message "malloc_consolidate(): unaligned fastbin chunk > detected", the correct reproducer: > Inside VM, select some characters and then qemu will crash Another simple method to trigger this crash is to copy large number of characters (I'm using 11K character 'A') from client to VM Doesn't reproduce upstream. So probably the downstream-only commit 8df1ea81ee6c674522967d056daa8d3748fa3883 is broken. Trying to revert and cherry-pick two upstream clipboard fixes instead. https://gitlab.com/kraxel/centos-qemu-kvm/-/commits/bz2042820-vnc-cut-paste-crash/ https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=42796819 (In reply to Gerd Hoffmann from comment #6) > Doesn't reproduce upstream. So probably the downstream-only commit > 8df1ea81ee6c674522967d056daa8d3748fa3883 is broken. > > Trying to revert and cherry-pick two upstream clipboard fixes instead. > > https://gitlab.com/kraxel/centos-qemu-kvm/-/commits/bz2042820-vnc-cut-paste- > crash/ > https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=42796819 Original issues addressed by comment 0, 1, 2 and 4 indeed have been fixed. (In reply to Guo, Zhiyi from comment #7) > (In reply to Gerd Hoffmann from comment #6) > > Doesn't reproduce upstream. So probably the downstream-only commit > > 8df1ea81ee6c674522967d056daa8d3748fa3883 is broken. > > > > Trying to revert and cherry-pick two upstream clipboard fixes instead. > > > > https://gitlab.com/kraxel/centos-qemu-kvm/-/commits/bz2042820-vnc-cut-paste- > > crash/ > > https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=42796819 > > Original issues addressed by comment 0, 1, 2 and 4 indeed have been fixed. Find another issue with scratch build. Steps: 1.Boot a rhel 9 using the same qemu cli as comment 0 and connect vncviewer to qemu vnc port 2.Copy some characters from client side and then close vncviewer 3.Try to re-connect vncviewer to qemu vnc port Result: After step 3, vncviewer cannot re-connect to qemu vnc port. Additional problem: When issue happening, I cannot reboot/reset/shutdown VM. Gerd, do we need a new bug to track this issue(I haven't checked whether this issue can be reproduced on upstream or not)? Zhiyi (In reply to Gerd Hoffmann from comment #6) > Doesn't reproduce upstream. So probably the downstream-only commit > 8df1ea81ee6c674522967d056daa8d3748fa3883 is broken. > > Trying to revert and cherry-pick two upstream clipboard fixes instead. > > https://gitlab.com/kraxel/centos-qemu-kvm/-/commits/bz2042820-vnc-cut-paste- > crash/ > https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=42796819 Oh, I didn't realize that one went in downstream. We never took it upstream. Sorry about that. I need to refresh the upstream version. --js (In reply to John Snow from comment #9) > (In reply to Gerd Hoffmann from comment #6) > > Doesn't reproduce upstream. So probably the downstream-only commit > > 8df1ea81ee6c674522967d056daa8d3748fa3883 is broken. > > > > Trying to revert and cherry-pick two upstream clipboard fixes instead. > > > > https://gitlab.com/kraxel/centos-qemu-kvm/-/commits/bz2042820-vnc-cut-paste- > > crash/ > > https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=42796819 > > Oh, I didn't realize that one went in downstream. We never took it upstream. > Sorry about that. I need to refresh the upstream version. > > --js I couldn't follow if there's an action for Gerd here. I.e., is the solution clear and are we able to progress even with Gerd out this week, or does the (new) bug needs to be debugged/root-caused? Thanks, A different fix went in upstream, I mailed Mirek about it.
commit 70a54b01693eda3c61814b05d699aba41015ac48
Author: Daniel P. Berrangé <berrange>
Date: Wed Jan 5 13:49:36 2022 +0000
ui: avoid compiler warnings from unused clipboard info variable
You'll want to take out my bad fix and replace it with this good fix.
--js
Thanks John, I'll reassign to Mirek then, in case he can get to this this week. Otherwise we can put it back on Gerd's queue next week. -Klaus > Find another issue with scratch build. > > Steps: > 1.Boot a rhel 9 using the same qemu cli as comment 0 and connect vncviewer > to qemu vnc port > 2.Copy some characters from client side and then close vncviewer > 3.Try to re-connect vncviewer to qemu vnc port Any change with http://brew-task-repos.usersys.redhat.com/repos/scratch/ghoffman/qemu-kvm/6.2.0/7.el9.bz2042820.3/ ? (new scratch build dropped one unrelated patch, branch is now this): kraxel@sirius ~/rhel/9/qemu-kvm (bz2042820-vnc-cut-paste-crash)# git log --oneline c9s.. 6a7982a0bab8 (HEAD -> bz2042820-vnc-cut-paste-crash, gitlab.kraxel.centos/bz2042820-vnc-cut-paste-crash) ui: avoid compiler warnings from unused clipboard info variable 0937d15054ad Revert "ui/clipboard: Don't use g_autoptr just to free a variable" Just in: https://patchwork.ozlabs.org/project/qemu-devel/patch/20220214115917.1679568-1-marcandre.lureau@redhat.com/ Guess that calls for a new scratch build ... > Guess that calls for a new scratch build ... And here we go: http://brew-task-repos.usersys.redhat.com/repos/scratch/ghoffman/qemu-kvm/6.2.0/7.el9.bz2042820.4/ (In reply to Gerd Hoffmann from comment #15) > > Guess that calls for a new scratch build ... > > And here we go: > http://brew-task-repos.usersys.redhat.com/repos/scratch/ghoffman/qemu-kvm/6. > 2.0/7.el9.bz2042820.4/ Issue is still there with qemu-kvm-6.2.0-7.el9.bz2042820.4.x86_64... (In reply to Guo, Zhiyi from comment #16) > (In reply to Gerd Hoffmann from comment #15) > > > Guess that calls for a new scratch build ... > > > > And here we go: > > http://brew-task-repos.usersys.redhat.com/repos/scratch/ghoffman/qemu-kvm/6. > > 2.0/7.el9.bz2042820.4/ > > Issue is still there with qemu-kvm-6.2.0-7.el9.bz2042820.4.x86_64... I have tested same scenario against upstream qemu and cannot reproduce this issue Marc, you've look at at the clipboard upstream recently, does the behavior (see comment #8) ring a bell? Can you take over the bug? Failing that, any suggestions what to cherry-pick? Thanks. The qemu-kvm patch is wrong: 0001-ui-clipboard-Don-t-use-g_autoptr-just-to-free-a-vari.patch
The upstream commit 70a54b01693eda3c61814b05d699aba41015ac48 ("ui: avoid compiler warnings from unused clipboard info variable"), isn't much better either.
You need the following fix I sent a few days ago: [PATCH] ui/clipboard: fix use-after-free regression
https://patchew.org/QEMU/20220214115917.1679568-1-marcandre.lureau@redhat.com/
Mirsolav, can you update the package patches?
(In reply to Marc-Andre Lureau from comment #19) > The qemu-kvm patch is wrong: > 0001-ui-clipboard-Don-t-use-g_autoptr-just-to-free-a-vari.patch > > The upstream commit 70a54b01693eda3c61814b05d699aba41015ac48 ("ui: avoid > compiler warnings from unused clipboard info variable"), isn't much better > either. > > You need the following fix I sent a few days ago: [PATCH] ui/clipboard: fix > use-after-free regression > https://patchew.org/QEMU/20220214115917.1679568-1-marcandre.lureau@redhat. > com/ > > Mirsolav, can you update the package patches? Hmm, Gerd has already created a scratch build with this patch but the it cannot solve the issue addressed by comment 8 > > Mirsolav, can you update the package patches? > > Hmm, Gerd has already created a scratch build with this patch but the it > cannot solve the issue addressed by comment 8 https://gitlab.com/kraxel/centos-qemu-kvm/-/commits/bz2042820-vnc-cut-paste-crash/ git branch for the latest scratch build, with exactly those three changes (revert, 70a54b01693eda3c61814b05d699aba41015ac48 with conflicts resolved, additional fix posted yesterday). (In reply to Guo, Zhiyi from comment #20) > > Mirsolav, can you update the package patches? > > Hmm, Gerd has already created a scratch build with this patch but the it > cannot solve the issue addressed by comment 8 My bad, I didn't study enough the current situation. I cannot reproduce the behaviour described in comment 8 on fedora. I suggest we open a different bug for it. @ > When issue happening, I cannot reboot/reset/shutdown VM.
@zhguo you could perhaps check if qemu is stuck by attaching gdb and producing a backtrace?
(In reply to Marc-Andre Lureau from comment #23) > > When issue happening, I cannot reboot/reset/shutdown VM. > > @zhguo you could perhaps check if qemu is stuck by attaching gdb > and producing a backtrace? backtrace: (gdb) bt #0 0x00007ffff780b450 in __lll_lock_wait () from /lib64/libc.so.6 #1 0x00007ffff7811b12 in pthread_mutex_lock@@GLIBC_2.2.5 () from /lib64/libc.so.6 #2 0x0000555555ebaeff in qemu_mutex_lock_impl (mutex=0x555556e53fe8, file=0x555555f0ce72 "../ui/vnc-jobs.h", line=60) at ../util/qemu-thread-posix.c:80 #3 0x00005555558ee8d8 in vnc_lock_output (vs=0x555556e47e50) at ../ui/vnc-jobs.h:60 #4 vnc_clipboard_send (vs=0x555556e47e50, count=1, dwords=0x7ffff678cf74) at ../ui/vnc-clipboard.c:138 #5 0x00005555558eeafc in vnc_clipboard_notify (notifier=<optimized out>, data=0x55555665e520) at ../ui/vnc-clipboard.c:209 #6 0x00005555558bafc9 in notifier_list_notify (data=0x55555665e520, list=<optimized out>) at ../util/notify.c:39 #7 qemu_clipboard_update (info=0x55555665e520) at ../ui/clipboard.c:49 #8 0x00005555558baf03 in qemu_clipboard_peer_release (peer=<optimized out>, selection=QEMU_CLIPBOARD_SELECTION_CLIPBOARD) at ../ui/clipboard.c:41 #9 0x00005555558cc16a in qemu_clipboard_peer_unregister (peer=0x555556e58140) at ../ui/clipboard.c:19 #10 vnc_disconnect_finish (vs=0x555556e47e50) at ../ui/vnc.c:1358 #11 0x00005555558cbab3 in vnc_client_io (ioc=<optimized out>, condition=G_IO_IN, opaque=0x555556e47e50) at ../ui/vnc.c:1610 #12 0x00007ffff7acbd4f in g_main_context_dispatch () from /lib64/libglib-2.0.so.0 #13 0x0000555555eddec3 in main_loop_wait (nonblocking=<optimized out>) at ../util/main-loop.c:232 #14 0x0000555555b58057 in qemu_main_loop () at ../softmmu/runstate.c:726 #15 0x00005555558b06f2 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at ../softmmu/main.c:50 commit 1dbbe6f172810026c51dc84ed927a3cc23017949 https://gitlab.com/qemu-project/qemu/-/commit/1dbbe6f172810026c51dc84ed927a3cc23017949 Miroslav, can you pick this as well? Or should we open a new bug? (In reply to Marc-Andre Lureau from comment #25) > commit 1dbbe6f172810026c51dc84ed927a3cc23017949 > https://gitlab.com/qemu-project/qemu/-/commit/ > 1dbbe6f172810026c51dc84ed927a3cc23017949 cherry-picked, new scratch build is in progress. (In reply to Marc-Andre Lureau from comment #22) > (In reply to Guo, Zhiyi from comment #20) > > > Mirsolav, can you update the package patches? > > > > Hmm, Gerd has already created a scratch build with this patch but the it > > cannot solve the issue addressed by comment 8 > > My bad, I didn't study enough the current situation. > > I cannot reproduce the behaviour described in comment 8 on fedora. > > I suggest we open a different bug for it. @ Should we still report a new bug to track the deadlock fix or use this bug to track all of the fixes related with VNC clipboard? It seems either way is fine here. https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=43113252 [ ... no repo yet, aarch64 still building atm ... ] > Should we still report a new bug to track the deadlock fix or use this bug > to track all of the fixes related with VNC clipboard? It seems either way is > fine here. Using this bug is fine. When the tests pass I'll submit a pull req with all fixes tomorrow. (In reply to Gerd Hoffmann from comment #29) > http://brew-task-repos.usersys.redhat.com/repos/scratch/ghoffman/qemu-kvm/6. > 2.0/7.el9.bz2042820.5/ All of the issues are gone with this scratch build! QE bot(pre verify): Set 'Verified:Tested,SanityOnly' as gating/tier1 test pass. Test against qemu-kvm-6.2.0-10.el9.x86_64, all issues are fixed, both rhel9 VM and windows 10 VM are tested. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (new packages: qemu-kvm), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:2307 |
Description of problem: qemu crash when try to copy and paste contents from client to VM Version-Release number of selected component (if applicable): qemu-kvm-6.2.0-4.el9.x86_64 kernel-5.14.0-42.el9.x86_64 tigervnc-1.11.0-9.el8.x86_64 How reproducible: 100% Steps to Reproduce: 1.Boot rhel 9 VM with qemu cli: /usr/libexec/qemu-kvm \ -S \ -name guest=rhel9GA-qemu-vdagent,debug-threads=on \ -machine pc-q35-rhel8.5.0,usb=off,dump-guest-core=off,memory-backend=pc.ram \ -accel kvm \ -cpu Cascadelake-Server,ss=on,vmx=on,pdcm=on,hypervisor=on,tsc-adjust=on,umip=on,pku=on,md-clear=on,stibp=on,arch-capabilities=on,xsaves=on,ibpb=on,ibrs=on,amd-stibp=on,amd-ssbd=on,rdctl-no=on,ibrs-all=on,skip-l1dfl-vmentry=on,mds-no=on,pschange-mc-no=on,tsx-ctrl=on,hle=off,rtm=off \ -m 8192 \ -object '{"qom-type":"memory-backend-ram","id":"pc.ram","size":8589934592}' \ -overcommit mem-lock=off \ -smp 2,sockets=1,dies=1,cores=1,threads=2 \ -uuid e4a61f53-d23f-4fc7-a648-d24798509e48 \ -no-user-config \ -nodefaults \ -rtc base=utc,driftfix=slew \ -global kvm-pit.lost_tick_policy=delay \ -no-hpet \ -no-shutdown \ -global ICH9-LPC.disable_s3=1 \ -global ICH9-LPC.disable_s4=1 \ -boot strict=on \ -device pcie-root-port,port=16,chassis=1,id=pci.1,bus=pcie.0,multifunction=on,addr=0x2 \ -device pcie-root-port,port=17,chassis=2,id=pci.2,bus=pcie.0,addr=0x2.0x1 \ -device pcie-root-port,port=18,chassis=3,id=pci.3,bus=pcie.0,addr=0x2.0x2 \ -device pcie-root-port,port=19,chassis=4,id=pci.4,bus=pcie.0,addr=0x2.0x3 \ -device ich9-usb-ehci1,id=usb,bus=pcie.0,addr=0x1d.0x7 \ -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pcie.0,multifunction=on,addr=0x1d \ -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pcie.0,addr=0x1d.0x1 \ -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pcie.0,addr=0x1d.0x2 \ -device virtio-scsi-pci,id=scsi0,bus=pci.2,addr=0x0 \ -blockdev '{"driver":"file","filename":"/home/rhel9GA-qemu-vdagent.qcow2","node-name":"libvirt-1-storage","cache":{"direct":true,"no-flush":false},"auto-read-only":true,"discard":"unmap"}' \ -blockdev '{"node-name":"libvirt-1-format","read-only":false,"cache":{"direct":true,"no-flush":false},"driver":"raw","file":"libvirt-1-storage"}' \ -device scsi-hd,bus=scsi0.0,channel=0,scsi-id=0,lun=0,device_id=drive-scsi0-0-0-0,drive=libvirt-1-format,id=scsi0-0-0-0,bootindex=1,write-cache=on \ -device usb-tablet,id=input0,bus=usb.0,port=1 \ -audiodev '{"id":"audio1","driver":"none"}' \ -vnc 0.0.0.0:0,audiodev=audio1 \ -device virtio-vga,id=video0,max_outputs=1,bus=pcie.0,addr=0x1 \ -device virtio-balloon-pci,id=balloon0,bus=pci.3,addr=0x0 \ -device virtio-serial-pci \ -device virtserialport,chardev=ch1,id=ch1,name=com.redhat.spice.0 \ -chardev qemu-vdagent,id=ch1,name=vdagent,clipboard=on \ -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ -monitor stdio \ 2.Connect vncviewer to VM 3.Now on client, use gedit open a file, type "Français" and copy the content. On VM, create an empty file called French.txt, open it with gedit and paste the content 4. Actual results: After step 3, meet two different crash: 1:free(): double free detected in tcache 2 --Type <RET> for more, q to quit, c to continue without paging-- Thread 1 "qemu-kvm" received signal SIGABRT, Aborted. [Switching to Thread 0x7ffff67a2ec0 (LWP 19741)] 0x00007ffff78017fc in __pthread_kill_implementation () from /lib64/libc.so.6 (gdb) bt #0 0x00007ffff78017fc in __pthread_kill_implementation () from /lib64/libc.so.6 #1 0x00007ffff77b4676 in raise () from /lib64/libc.so.6 #2 0x00007ffff779e7d3 in abort () from /lib64/libc.so.6 #3 0x00007ffff77f59d7 in __libc_message () from /lib64/libc.so.6 #4 0x00007ffff780b7ec in malloc_printerr () from /lib64/libc.so.6 #5 0x00007ffff780d70f in _int_free () from /lib64/libc.so.6 #6 0x00007ffff780fb75 in free () from /lib64/libc.so.6 #7 0x00007ffff7ad8ccd in g_free () from /lib64/libglib-2.0.so.0 #8 0x00005555558ee298 in qemu_clipboard_update (info=0x5555569459d0) at ../ui/clipboard.c:54 #9 vnc_client_cut_text_ext (vs=<optimized out>, len=<optimized out>, flags=<optimized out>, data=<optimized out>) at ../ui/vnc-clipboard.c:256 #10 0x00005555558ce46b in protocol_client_msg (vs=0x555557049000, data=<optimized out>, len=12) at ../ui/vnc.c:2459 #11 0x00005555558cbb2c in vnc_client_io (ioc=<optimized out>, condition=G_IO_IN, opaque=0x555557049000) at ../ui/vnc.c:1621 #12 0x00007ffff7ad3f6f in g_main_context_dispatch () from /lib64/libglib-2.0.so.0 #13 0x0000555555eddbc3 in main_loop_wait (nonblocking=<optimized out>) at ../util/main-loop.c:232 #14 0x0000555555b57d57 in qemu_main_loop () at ../softmmu/runstate.c:726 #15 0x00005555558b06f2 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at ../softmmu/main.c:50 2:malloc_consolidate(): unaligned fastbin chunk detected Thread 1 "qemu-kvm" received signal SIGABRT, Aborted. [Switching to Thread 0x7ffff67a2ec0 (LWP 19939)] 0x00007ffff78017fc in __pthread_kill_implementation () from /lib64/libc.so.6 (gdb) bt #0 0x00007ffff78017fc in __pthread_kill_implementation () from /lib64/libc.so.6 #1 0x00007ffff77b4676 in raise () from /lib64/libc.so.6 #2 0x00007ffff779e7d3 in abort () from /lib64/libc.so.6 #3 0x00007ffff77f59d7 in __libc_message () from /lib64/libc.so.6 #4 0x00007ffff780b7ec in malloc_printerr () from /lib64/libc.so.6 #5 0x00007ffff780c55c in malloc_consolidate () from /lib64/libc.so.6 #6 0x00007ffff780e138 in _int_malloc () from /lib64/libc.so.6 #7 0x00007ffff780f649 in malloc () from /lib64/libc.so.6 #8 0x00007ffff7ecd2c9 in deflateInit2_ () from /lib64/libz.so.1 #9 0x00007ffff7ecd4f2 in deflateInit_ () from /lib64/libz.so.1 #10 0x00005555558ee543 in vnc_clipboard_provide (vs=0x555557049000, info=<optimized out>, type=QEMU_CLIPBOARD_TYPE_TEXT) at ../ui/vnc-clipboard.c:97 #11 0x00005555558eec9c in vnc_clipboard_notify (notifier=<optimized out>, data=0x555556dac650) at ../ui/vnc-clipboard.c:221 #12 0x00005555558bb289 in qemu_clipboard_set_data (peer=<optimized out>, info=0x555556dac650, type=<optimized out>, size=2, data=0x55555740731c, update=true) at ../util/notify.c:39 #13 0x00005555558c7fd3 in vdagent_chr_recv_msg (vd=<optimized out>, msg=<optimized out>) at ../ui/vdagent.c:544 #14 0x00005555558c7a8b in vdagent_chr_write (chr=0x55555673c610, buf=<optimized out>, len=0) at ../ui/vdagent.c:698 #15 0x0000555555d9ae21 in qemu_chr_write_buffer (s=0x55555673c610, buf=0x7ffe91f03ac0 "\001", len=38, offset=0x7ffff679fd74, write_all=<optimized out>) at ../chardev/char.c:121 #16 0x0000555555d9abb4 in qemu_chr_write (s=0x55555673c610, buf=0x7ffe91f03ac0 "\001", len=38, write_all=<optimized out>) at ../chardev/char.c:173 #17 0x00005555559b2f2c in qemu_chr_fe_write (buf=0x4de3 <error: Cannot access memory at address 0x4de3>, len=38, be=<optimized out>) at ../chardev/char-fe.c:42 #18 flush_buf (port=0x555556de82c0, buf=0x4de3 <error: Cannot access memory at address 0x4de3>, len=38) at ../hw/char/virtio-console.c:63 #19 0x0000555555b9af5b in do_flush_queued_data (port=0x555556de82c0, vq=0x7fffefe5b330, vdev=0x5555578ab850) at ../hw/char/virtio-serial-bus.c:188 #20 0x0000555555bd6372 in virtio_queue_host_notifier_read (n=<optimized out>) at ../hw/virtio/virtio.c:2331 #21 0x0000555555eb6e5f in aio_dispatch_handler (ctx=0x5555565e21c0, node=0x7ffde10ffdd0) at ../util/aio-posix.c:329 #22 0x0000555555eb6d0c in aio_dispatch_handlers (ctx=0x5555565e21c0) at ../util/aio-posix.c:372 #23 aio_dispatch (ctx=0x5555565e21c0) at ../util/aio-posix.c:382 #24 0x0000555555ed0f02 in aio_ctx_dispatch (source=0x4de3, callback=0x4de3, user_data=0x6) at ../util/async.c:311 #25 0x00007ffff7ad3f6f in g_main_context_dispatch () from /lib64/libglib-2.0.so.0 #26 0x0000555555eddbc3 in main_loop_wait (nonblocking=<optimized out>) at ../util/main-loop.c:232 #27 0x0000555555b57d57 in qemu_main_loop () at ../softmmu/runstate.c:726 #28 0x00005555558b06f2 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at ../softmmu/main.c:50 Expected results: No qemu crash happen Additional info: Seems no other kinds of crash found here...