Bug 918472

Summary: [abrt] qemu-kvm-0.12.1.2-2.355.el6: getnameinfo: Process /usr/libexec/qemu-kvm was killed by signal 11 (SIGSEGV)
Product: Red Hat Enterprise Linux 6 Reporter: David Jaša <djasa>
Component: spice-serverAssignee: Uri Lublin <uril>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: low Docs Contact:
Priority: unspecified    
Version: 6.4CC: acathrow, bsarathy, cfergeau, dblechte, juzhang, mkenneth, psimerda, pvine, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:1f8c444b3744c7a7d3c986aa531d71067416280a
Fixed In Version: spice-server-0.12.3-1.el6 Doc Type: Bug Fix
Doc Text:
Cause: As part of initialization, spice server calls getaddrinfo(), so it can listen on socket(s) as provided in qemu-kvm command line. When getaddrinfo failed (e.g. due to a "bad" addr= option), only a warning was issued. Consequence: Spice initialization (reds_init_socket) continued and a call to getnameinfo() with bad parameters resulted in a segfault. Fix: When getaddrinfo() fails, spice fails reds_init_socket Result: Upon bad network params (such as "addr") option, spice fails it's initialization and does not segfault.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2013-11-21 07:39:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 952671    
Bug Blocks:    
Attachments:
Description Flags
File: maps
none
File: var_log_messages
none
File: open_fds
none
File: environ
none
File: dso_list
none
File: sosreport.tar.xz
none
File: backtrace
none
File: build_ids
none
File: limits
none
File: cgroup none

Description David Jaša 2013-03-06 10:27:02 UTC 
Description of problem:
1. run qemu with '-spice addr=[ipv6::in:brackets],<rest_of_options>'
2. qemu segfaults in getnameinfo()

This may be a bug in spice server that should reject or correct the value of addr= or in getnameinfo() that should be able to cope with such address


Version-Release number of selected component:
qemu-kvm-0.12.1.2-2.355.el6

Additional info:
libreport version: 2.0.9
abrt_version:   2.0.8
backtrace_rating: 4
cmdline:        qemu-kvm -monitor stdio -vga qxl -spice addr=[fe80::200:ff:fe00:0],disable-ticketing,x509-dir=/etc/pki/libvirt-spice,tls-port=5801,port=5800,tls-channel=main,tls-channel=inputs -incoming tcp:0:5701
crash_function: getnameinfo
kernel:         2.6.32-358.el6.x86_64

truncated backtrace:
:Thread no. 1 (7 frames)
: #0 getnameinfo at getnameinfo.c
: #1 reds_init_socket at reds.c
: #2 reds_init_net at reds.c
: #3 do_spice_init at reds.c
: #4 spice_server_init at reds.c
: #5 qemu_spice_init at /usr/src/debug/qemu-kvm-0.12.1.2/ui/spice-core.c
: #6 module_call_init at /usr/src/debug/qemu-kvm-0.12.1.2/module.c
Comment 1 David Jaša 2013-03-06 10:27:07 UTC 
Created attachment 705857 [details]
File: maps
Comment 2 David Jaša 2013-03-06 10:27:09 UTC 
Created attachment 705858 [details]
File: var_log_messages
Comment 3 David Jaša 2013-03-06 10:27:11 UTC 
Created attachment 705859 [details]
File: open_fds
Comment 4 David Jaša 2013-03-06 10:27:14 UTC 
Created attachment 705860 [details]
File: environ
Comment 5 David Jaša 2013-03-06 10:27:27 UTC 
Created attachment 705861 [details]
File: dso_list
Comment 6 David Jaša 2013-03-06 10:27:36 UTC 
Created attachment 705862 [details]
File: sosreport.tar.xz
Comment 7 David Jaša 2013-03-06 10:27:39 UTC 
Created attachment 705864 [details]
File: backtrace
Comment 8 David Jaša 2013-03-06 10:27:42 UTC 
Created attachment 705865 [details]
File: build_ids
Comment 9 David Jaša 2013-03-06 10:27:44 UTC 
Created attachment 705866 [details]
File: limits
Comment 10 David Jaša 2013-03-06 10:27:46 UTC 
Created attachment 705867 [details]
File: cgroup
Comment 11 Pavel Šimerda (pavlix) 2013-03-06 11:22:22 UTC 
I don't think spice should use getnameinfo() during initialization. Is there a valid reason for that? For any input from the user (including configuration), getaddrinfo() should be used to gather the necessary data.

During the initialization of a service, the only binary addressing data I could think of would come from the kernel through netlink. But these should rarely be used for any reverse lookup.
Comment 12 Christophe Fergeau 2013-03-15 23:09:37 UTC 
This is probably fixed by http://cgit.freedesktop.org/spice/spice/commit/?id=5a31221252b
Pavel, see http://cgit.freedesktop.org/~teuf/spice/commit/?id=79c3a97 for some kind of explanations on the getnameinfo() call (summary: there is such a call in the post-getaddrinfo() loop, but its result is unused)
Comment 18 errata-xmlrpc 2013-11-21 07:39:52 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1571.html