Bug 1359655 - Qemu crashes when connecting to a guest started with "-vnc none" by virt-viewer
Summary: Qemu crashes when connecting to a guest started with "-vnc none" by virt-viewer
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: qemu-kvm-rhev
Version: 7.3
Hardware: x86_64
OS: Linux
Target Milestone: rc
: ---
Assignee: Gerd Hoffmann
QA Contact: Guo, Zhiyi
Depends On:
TreeView+ depends on / blocked
Reported: 2016-07-25 08:57 UTC by Fangge Jin
Modified: 2016-11-07 21:25 UTC (History)
16 users (show)

Fixed In Version: qemu-kvm-rhev-2.6.0-21.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2016-11-07 21:25:58 UTC
Target Upstream Version:

Attachments (Terms of Use)
The debug log of virt-viewer (1.09 KB, text/plain)
2016-07-25 08:57 UTC, Fangge Jin
no flags Details
The full backtrace of coredump (6.41 KB, text/plain)
2016-07-25 08:57 UTC, Fangge Jin
no flags Details

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2673 0 normal SHIPPED_LIVE qemu-kvm-rhev bug fix and enhancement update 2016-11-08 01:06:13 UTC

Description Fangge Jin 2016-07-25 08:57:02 UTC
Created attachment 1183636 [details]
The debug log of virt-viewer

Description of problem:
Start a guest with vnc listen type='none'( qemu command line is: -vnc none), then use virt-viewer to connect to the guest, qemu will crash.

Version-Release number of selected component:

How reproducible:

Steps to Reproduce:
1. Define a guest with vnc listen type='none':
    <graphics type='vnc' port='-1' autoport='yes'>
      <listen type='none'/>

2. Start the guest, check qemu command line:
...-vnc none ...

3. Use virt-viewer to connect to guest, guest crashes during the connecting:
# virt-viewer rhel7.2 --attach --debug
(virt-viewer:15148): virt-viewer-DEBUG: Error Unable to read from monitor: Connection reset by peer
(virt-viewer:15148): virt-viewer-DEBUG: After open connection callback fd=-1

4.Guest has been shutoff
# virsh list
 Id    Name                           State
 -     rhel7.2                        shut off

5.There is coredump generated by abrt, the backtrace is as below:
#0  qio_channel_socket_get_local_address (ioc=0x0, errp=errp@entry=0x7ffd5b8aa0f0) at io/channel-socket.c:33
#1  0x00007f4b9a297d6f in vnc_init_basic_info_from_server_addr (errp=0x7ffd5b8aa0f0, info=0x7f4b9d425460, ioc=<optimized out>) at ui/vnc.c:146
#2  vnc_server_info_get (vd=0x7f4b9e858000) at ui/vnc.c:223
#3  0x00007f4b9a29d318 in vnc_qmp_event (vs=0x7f4b9ef82000, vs=0x7f4b9ef82000, event=QAPI_EVENT_VNC_CONNECTED) at ui/vnc.c:279
#4  vnc_connect (vd=vd@entry=0x7f4b9e858000, sioc=sioc@entry=0x7f4b9e8b3a20, skipauth=skipauth@entry=true, websocket=websocket@entry=false) at ui/vnc.c:2994
#5  0x00007f4b9a29e8c8 in vnc_display_add_client (id=<optimized out>, csock=<optimized out>, skipauth=<optimized out>) at ui/vnc.c:3825
#6  0x00007f4b9a18d8a1 in qmp_marshal_add_client (args=<optimized out>, ret=<optimized out>, errp=0x7ffd5b8aa230) at qmp-marshal.c:123
#7  0x00007f4b9a0b53f5 in handle_qmp_command (parser=<optimized out>, tokens=<optimized out>) at /usr/src/debug/qemu-2.6.0/monitor.c:3922
#8  0x00007f4b9a348580 in json_message_process_token (lexer=0x7f4b9c78dfe8, input=0x7f4b9c7350e0, type=JSON_RCURLY, x=111, y=59) at qobject/json-streamer.c:94
#9  0x00007f4b9a35cfeb in json_lexer_feed_char (lexer=lexer@entry=0x7f4b9c78dfe8, ch=125 '}', flush=flush@entry=false) at qobject/json-lexer.c:310
#10 0x00007f4b9a35d0ae in json_lexer_feed (lexer=0x7f4b9c78dfe8, buffer=<optimized out>, size=<optimized out>) at qobject/json-lexer.c:360
#11 0x00007f4b9a348679 in json_message_parser_feed (parser=<optimized out>, buffer=<optimized out>, size=<optimized out>) at qobject/json-streamer.c:114
#12 0x00007f4b9a0b3a1b in monitor_qmp_read (opaque=<optimized out>, buf=<optimized out>, size=<optimized out>) at /usr/src/debug/qemu-2.6.0/monitor.c:3938
#13 0x00007f4b9a186751 in tcp_chr_read (chan=<optimized out>, cond=<optimized out>, opaque=0x7f4b9c7add40) at qemu-char.c:2895
#14 0x00007f4b92b5c79a in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#15 0x00007f4b9a2bb0c0 in glib_pollfds_poll () at main-loop.c:213
#16 os_host_main_loop_wait (timeout=<optimized out>) at main-loop.c:258
#17 main_loop_wait (nonblocking=<optimized out>) at main-loop.c:506
#18 0x00007f4b9a0835cf in main_loop () at vl.c:1934
#19 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4667

Actual results:
Qemu crashes when connecting to guest by virt-viewer

Expected results:
Qemu doesn't crash and virt-viewer connects to guest successfully.

Additional info:
1) Change graphic type to spice, no problem appears.

Comment 1 Fangge Jin 2016-07-25 08:57:51 UTC
Created attachment 1183637 [details]
The full backtrace of coredump

Comment 3 Gerd Hoffmann 2016-08-01 18:17:37 UTC
Daniel?  Seems to be caused by the switch to qio channels.  There is no listening vnc socket in the first place, causing struggles.  I think the cleanest solution would be a SOCKET_ADDRESS_KIND_NONE.  What do you think?

Comment 4 Daniel Berrangé 2016-08-02 10:47:11 UTC
It turns out its been broken in 3 distinct ways, dating back to 2.3.0 series. I've sent trivial patches for the problems which take us back to the original behaviour without needing to introduce a new socket kind

Comment 6 Gerd Hoffmann 2016-08-11 12:49:30 UTC
test build:

Comment 7 Gerd Hoffmann 2016-08-11 12:53:49 UTC
patches posted.

Comment 8 Miroslav Rezanina 2016-08-16 11:23:37 UTC
Fix included in qemu-kvm-rhev-2.6.0-21.el7

Comment 10 Fangge Jin 2016-08-17 01:18:08 UTC
I did a simple test with build qemu-kvm-rhev-2.6.0-21.el7, no crash happened.

Comment 13 errata-xmlrpc 2016-11-07 21:25:58 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.