Bug 804066

Summary: qemu-kvm core dumps when set password to vnc protocol while boot with spice
Product: Red Hat Enterprise Linux 7 Reporter: Xiaoqing Wei <xwei>
Component: qemu-kvmAssignee: Gerd Hoffmann <kraxel>
Status: CLOSED CURRENTRELEASE QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: hhuang, juzhang, knoel, mazhang, michen, shuang, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1099339 (view as bug list) Environment:
Last Closed: 2014-06-13 10:58:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
gdb-output detail none

Description Xiaoqing Wei 2012-03-16 13:08:10 UTC 
Description of problem:

qemu-kvm core dumps when set password to vnc protocol while boot with spice
Version-Release number of selected component (if applicable):

qemu-kvm-0.15.1-3.3.el7.x86_64
How reproducible:
100%

Steps to Reproduce:
1.boot guest with spice   
 qemu-kvm -monitor stdio -S -spice port=8010,disable-ticketing ......
2.(qemu) set_password vnc helo
(qemu) expire_password vnc +53
Segmentation fault (core dumped)

3.
  
Actual results:
qemu-kvm core dump

Expected results:
qemu-kvm raise warning or error like [there's not boot with vnc, so can not set password to vnc protocol]

Additional info:


#0  vnc_display_pw_expire (ds=0x0, expires=1331925755) at ui/vnc.c:2690
2690	    vs->expires = expires;
(gdb) bt
#0  vnc_display_pw_expire (ds=0x0, expires=1331925755) at ui/vnc.c:2690
#1  0x00007f4430d75a75 in handle_user_command (mon=0x7f44330f17c0, cmdline=<optimized out>)
    at /usr/src/debug/qemu-kvm-0.15.1/monitor.c:4530
#2  0x00007f4430d75ece in monitor_command_cb (mon=0x7f44330f17c0, cmdline=<optimized out>, 
    opaque=<optimized out>) at /usr/src/debug/qemu-kvm-0.15.1/monitor.c:5176
#3  0x00007f4430dd2fba in readline_handle_byte (rs=0x7f44330f1c30, ch=<optimized out>)
    at readline.c:370
#4  0x00007f4430d75c79 in monitor_read (opaque=<optimized out>, 
    buf=0x7fffae58dd80 "\n\036\222,D\177", size=1) at /usr/src/debug/qemu-kvm-0.15.1/monitor.c:5162
#5  0x00007f4430df8b65 in qemu_chr_read (len=<optimized out>, buf=0x7fffae58dd80 "\n\036\222,D\177", 
    s=0x7f4432f77cd0) at qemu-char.c:179
#6  tcp_chr_read (opaque=0x7f4432f77cd0) at qemu-char.c:2229
#7  0x00007f4430e06f8a in qemu_iohandler_poll (readfds=0x7fffae58ee30, writefds=0x7fffae58eeb0, 
    xfds=<optimized out>, ret=<optimized out>) at iohandler.c:155
#8  0x00007f4430d7b309 in main_loop_wait (nonblocking=<optimized out>)
    at /usr/src/debug/qemu-kvm-0.15.1/vl.c:1348
#9  0x00007f4430d65449 in main_loop () at /usr/src/debug/qemu-kvm-0.15.1/vl.c:1392
#10 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>)
    at /usr/src/debug/qemu-kvm-0.15.1/vl.c:3378
Comment 1 Xiaoqing Wei 2012-03-16 13:12:19 UTC 
Created attachment 570606 [details]
gdb-output detail

gdb thread apply all bt full
Comment 2 Xiaoqing Wei 2012-03-19 02:22:37 UTC 
aha, forgot to say:

if boot guest with " -vnc :0", it doesn't core dump, just work well.

Best Regards,
Xiaoqing Wei.
Comment 4 Xiaoqing Wei 2012-04-10 09:52:28 UTC 
able to reproduce on version qemu-kvm-1.0-9.2.el7.x86_64
Comment 5 Gerd Hoffmann 2012-05-09 11:56:09 UTC 
Patch posted upstream.
http://patchwork.ozlabs.org/patch/157888/
Comment 9 Gerd Hoffmann 2013-03-20 14:47:22 UTC 
Patch is upstream.
Comment 11 mazhang 2014-01-21 03:27:24 UTC 
Too old to find qemu-kvm-1.0-9.2.el7.x86_64, try reproduce on qemu-kvm-1.3.0-3.el7.x86_64, but not found this problem.

Steps:
Starting program: /usr/libexec/qemu-kvm -name vm1 -nodefaults -chardev socket,id=qmp_id_qmpmonitor1,path=/tmp/monitor-qmpmonitor1-20130218-133213-tne4yYwu,server,nowait -mon chardev=qmp_id_qmpmonitor1,mode=control -drive file=/home/rhel6u1-64.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,werror=stop,rerror=stop,aio=threads -device virtio-blk-pci,scsi=off,bus=pci.0,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 -netdev tap,id=hostnet0 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:39:13:2c -m 4096 -smp 4,maxcpus=4,cores=2,threads=1,sockets=2 -cpu SandyBridge,hv_relaxed -M pc -rtc base=localtime,clock=host,driftfix=slew -boot menu=on -enable-kvm -monitor stdio -vga qxl -spice port=5900,disable-ticketing -drive file=/home/boot.iso,if=none,id=drive-ide0-0-1,media=cdrom,format=raw -device ide-drive,bus=ide.0,unit=1,drive=drive-ide0-0-1,bootindex=0 -S
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Detaching after fork from child process 19035.

(qemu) QEMU 1.3.0 monitor - type 'help' for more information
(qemu) 
(qemu) set
set_link      set_password  
(qemu) set_password vnc[Thread 0x7fffeb89f700 (LWP 19040) exited]
set_password vnc helo
Could not set password
(qemu) expire_password vnc +23
Could not set password
(qemu) 


Update qemu-kvm to the latest version and test it, not found the problem.
Host:
RHEL-7.0-20131222.0
kernel-3.10.0-69.el7.x86_64
qemu-kvm-1.5.3-38.el7.x86_64

Steps:
Starting program: /usr/libexec/qemu-kvm -name vm1 -nodefaults -chardev socket,id=qmp_id_qmpmonitor1,path=/tmp/monitor-qmpmonitor1-20130218-133213-tne4yYwu,server,nowait -mon chardev=qmp_id_qmpmonitor1,mode=control -drive file=/home/rhel7-64.raw,if=none,id=drive-virtio-disk0,format=raw,cache=none,werror=stop,rerror=stop,aio=threads -device virtio-blk-pci,scsi=off,bus=pci.0,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 -netdev tap,id=hostnet0 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:39:13:2c -m 4096 -smp 4,maxcpus=4,cores=2,threads=1,sockets=2 -cpu Opteron_G1 -M pc -rtc base=localtime,clock=host,driftfix=slew -boot menu=on -enable-kvm -monitor stdio -vga qxl -spice port=5900,disable-ticketing -S
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Detaching after fork from child process 32556.
QEMU 1.5.3 monitor - type 'help' for more information
(qemu) [New Thread 0x7fffeaeb4700 (LWP 32562)]
[New Thread 0x7fffea6b3700 (LWP 32563)]
[New Thread 0x7fffe9eb2700 (LWP 32564)]
[New Thread 0x7fffe96b1700 (LWP 32565)]
[New Thread 0x7fffdaffe700 (LWP 32566)]
[New Thread 0x7fffda7fd700 (LWP 32568)]

(qemu) [Thread 0x7fffda7fd700 (LWP 32568) exited]

(qemu) set
set_link      set_password  
(qemu) set_password vnc hhh
Could not set password
(qemu) expire_password vnc +32
Could not set password
(qemu) 
(qemu) set_password vnc sadferf
Could not set password
(qemu) expire_password vnc 23153454
Could not set password

This problem has gone.
Comment 13 Ludek Smid 2014-06-13 10:58:30 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.