Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2000814

Summary: qemu-kvm crashes after I use virt-viewer/virt-manager connect to a vnc vm which listening on unix socket
Product: Red Hat Enterprise Linux 9 Reporter: zhoujunqin <juzhou>
Component: qemu-kvmAssignee: Marc-Andre Lureau <marcandre.lureau>
qemu-kvm sub component: Graphics QA Contact: zhoujunqin <juzhou>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: unspecified CC: ahuang12, bfu, chhu, coli, fjin, hongzliu, lcheng, lethalwp, lijin, marcandre.lureau, mkrajnak, mrezanin, smitterl, tyan, tzheng, virt-maint, xiaodwan, yafu, yicui, zhetang
Version: 9.0Keywords: Triaged
Target Milestone: rcFlags: pm-rhel: mirror+
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qemu-kvm-6.2.0-1.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2003679 (view as bug list) Environment:
Last Closed: 2022-05-17 12:24:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2003679    

Description zhoujunqin 2021-09-03 04:40:44 UTC 
Description of problem:
qemu-kvm crashes after I use virt-viewer/virt-manager connect to a vnc vm which listening on unix socket

Version-Release number of selected component (if applicable):
libvirt-7.6.0-2.el9.x86_64
qemu-kvm-6.1.0-1.el9.x86_64
virt-viewer-10.0-3.el9.x86_64


How reproducible:
100%

Steps to Reproduce:
1. Edit the xml of the vnc guest and set listen to type to 'socket'
...
    <graphics type='vnc' port='-1' autoport='yes'>
      <listen type='socket'/>
    </graphics>
...

2.  Start the guest.
# virsh start $vncguest

3. Check the xml of the guest, verify a socket file is generated for the vnc guest.
...
    <graphics type='vnc' socket='/var/lib/libvirt/qemu/domain-4-7vnc1/vnc.sock'>
      <listen type='socket' socket='/var/lib/libvirt/qemu/domain-4-7vnc1/vnc.sock'/>
    </graphics>
...

4. Run virt-viewer to connect the guest by root user.
# virt-viewer $vncguest

Error message prompts by virt-viewer:
"""
Unable to connect to the graphics server localhost:/var/lib/libvirt/qemu/domain-4-7vnc1/vnc.sock

Server closed the connection.
"""

Test result: Failed to connect to the VM's console, and the running VM will be shut down immediately.

# virsh domstate 7vnc1
shut off

Actual results:
As the description.

Expected results:
Fix it.

Additional info:
# coredumpctl  debug
           PID: 5522 (qemu-kvm)
           UID: 107 (qemu)
           GID: 107 (qemu)
        Signal: 6 (ABRT)
     Timestamp: Fri 2021-09-03 00:36:30 EDT (2min 25s ago)
  Command Line: /usr/libexec/qemu-kvm -name guest=7vnc1,debug-threads=on -S -object $'{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain-4-7vnc1/master-key.aes"}' -machine pc-q35-rhel8.5.0,accel=kvm,usb=off,dump-guest-core=off,memory-backend=pc.ram -cpu Skylake-Client-IBRS,ss=on,vmx=on,pdcm=on,hypervisor=on,tsc-adjust=on,clflushopt=on,umip=on,md-clear=on,stibp=on,arch-capabilities=on,ssbd=on,xsaves=on,pdpe1gb=on,ibpb=on,ibrs=on,amd-stibp=on,amd-ssbd=on,skip-l1dfl-vmentry=on,pschange-mc-no=on,hle=off,rtm=off -m 1024 -object $'{"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824}' -overcommit mem-lock=off -smp 2,sockets=2,cores=1,threads=1 -uuid 51b3dcb2-b0ec-46ae-a76f-e402b3bce38b -no-user-config -nodefaults -chardev socket,id=charmonitor,fd=32,server=on,wait=off -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=delay -no-hpet -no-shutdown -global ICH9-LPC.disable_s3=1 -global ICH9-LPC.disable_s4=1 -boot strict=on -device pcie-root-port,port=0x10,chassis=1,id=pci.1,bus=pcie.0,multifunction=on,addr=0x2 -device pcie-root-port,port=0x11,chassis=2,id=pci.2,bus=pcie.0,addr=0x2.0x1 -device pcie-root-port,port=0x12,chassis=3,id=pci.3,bus=pcie.0,addr=0x2.0x2 -device pcie-root-port,port=0x13,chassis=4,id=pci.4,bus=pcie.0,addr=0x2.0x3 -device pcie-root-port,port=0x14,chassis=5,id=pci.5,bus=pcie.0,addr=0x2.0x4 -device pcie-root-port,port=0x15,chassis=6,id=pci.6,bus=pcie.0,addr=0x2.0x5 -device pcie-root-port,port=0x16,chassis=7,id=pci.7,bus=pcie.0,addr=0x2.0x6 -device qemu-xhci,p2=15,p3=15,id=usb,bus=pci.2,addr=0x0 -device virtio-serial-pci,id=virtio-serial0,bus=pci.3,addr=0x0 -device virtio-serial-pci,id=virtio-serial1,bus=pci.7,addr=0x0 -blockdev $'{"driver":"file","filename":"/var/lib/libvirt/images/7vnc1.qcow2","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' -blockdev $'{"node-name":"libvirt-1-format","read-only":false,"driver":"qcow2","file":"libvirt-1-storage","backing":null}' -device virtio-blk-pci,bus=pci.4,addr=0x0,drive=libvirt-1-format,id=virtio-disk0,bootindex=1 -netdev tap,fd=34,id=hostnet0,vhost=on,vhostfd=35 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:93:c0:a6,bus=pci.1,addr=0x0 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -chardev socket,id=charchannel0,fd=36,server=on,wait=off -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0 -device usb-tablet,id=input0,bus=usb.0,port=1 -audiodev id=audio1,driver=none -vnc vnc=unix:/var/lib/libvirt/qemu/domain-4-7vnc1/vnc.sock,audiodev=audio1 -device VGA,id=video0,vgamem_mb=16,bus=pcie.0,addr=0x1 -device virtio-balloon-pci,id=balloon0,bus=pci.5,addr=0x0 -object $'{"qom-type":"rng-random","id":"objrng0","filename":"/dev/urandom"}' -device virtio-rng-pci,rng=objrng0,id=rng0,bus=pci.6,addr=0x0 -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny -msg timestamp=on
    Executable: /usr/libexec/qemu-kvm
 Control Group: /machine.slice/machine-qemu\x2d4\x2d7vnc1.scope/libvirt/emulator
          Unit: machine-qemu\x2d4\x2d7vnc1.scope
         Slice: machine.slice
       Boot ID: a4d2138faa5441ee82c162125dff01f6
    Machine ID: 6e3ff601a3c94dd3913478317e81b21f
      Hostname: juzhou-rhel9
       Storage: none
       Message: Process 5522 (qemu-kvm) of user 107 dumped core.

Coredump entry has no core attached (neither internally in the journal nor externally on disk).
Comment 3 Marc-Andre Lureau 2021-09-03 16:02:28 UTC 
This is fixed by "[PATCH v3] qemu-sockets: fix unix socket path copy (again)" upstream, pending merge.
We will have to backport it ince it is merged.

please qa ack
Comment 4 Marc-Andre Lureau 2021-09-07 16:05:06 UTC 
https://gitlab.com/redhat/centos-stream/src/qemu-kvm/-/merge_requests/42

waiting for CI & acks
Comment 5 yicui 2021-09-13 07:41:31 UTC 
Hi,
This issue can be reproduced in rhel 8.6 with qemu-kvm 6.1.0-1.
Could you please help check if we need to clone this bug to rhel 8.6? 


Thanks,
Yingshun
Comment 7 Marc-Andre Lureau 2021-09-13 08:03:10 UTC 
(In reply to yicui from comment #5)
> Hi,
> This issue can be reproduced in rhel 8.6 with qemu-kvm 6.1.0-1.
> Could you please help check if we need to clone this bug to rhel 8.6? 

yes, thanks
Comment 8 zhoujunqin 2021-09-13 09:48:34 UTC 
Add additional info:
output for command "# ps -ef |grep 7vnc1"


qemu       86718       1  0 Sep07 ?        00:14:28 /usr/libexec/qemu-kvm -name guest=7vnc1,debug-threads=on -S -object {"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain-2-7vnc1/master-key.aes"} -machine pc-q35-rhel8.5.0,accel=kvm,usb=off,dump-guest-core=off,memory-backend=pc.ram -cpu Skylake-Client-IBRS,ss=on,vmx=on,pdcm=on,hypervisor=on,tsc-adjust=on,clflushopt=on,umip=on,md-clear=on,stibp=on,arch-capabilities=on,ssbd=on,xsaves=on,pdpe1gb=on,ibpb=on,ibrs=on,amd-stibp=on,amd-ssbd=on,skip-l1dfl-vmentry=on,pschange-mc-no=on,hle=off,rtm=off -m 1024 -object {"qom-type":"memory-backend-ram","id":"pc.ram","size":1073741824} -overcommit mem-lock=off -smp 2,sockets=2,cores=1,threads=1 -uuid 51b3dcb2-b0ec-46ae-a76f-e402b3bce38b -no-user-config -nodefaults -chardev socket,id=charmonitor,fd=37,server=on,wait=off -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=delay -no-hpet -no-shutdown -global ICH9-LPC.disable_s3=1 -global ICH9-LPC.disable_s4=1 -boot strict=on -device pcie-root-port,port=0x10,chassis=1,id=pci.1,bus=pcie.0,multifunction=on,addr=0x2 -device pcie-root-port,port=0x11,chassis=2,id=pci.2,bus=pcie.0,addr=0x2.0x1 -device pcie-root-port,port=0x12,chassis=3,id=pci.3,bus=pcie.0,addr=0x2.0x2 -device pcie-root-port,port=0x13,chassis=4,id=pci.4,bus=pcie.0,addr=0x2.0x3 -device pcie-root-port,port=0x14,chassis=5,id=pci.5,bus=pcie.0,addr=0x2.0x4 -device pcie-root-port,port=0x15,chassis=6,id=pci.6,bus=pcie.0,addr=0x2.0x5 -device pcie-root-port,port=0x16,chassis=7,id=pci.7,bus=pcie.0,addr=0x2.0x6 -device qemu-xhci,p2=15,p3=15,id=usb,bus=pci.2,addr=0x0 -device virtio-serial-pci,id=virtio-serial0,bus=pci.3,addr=0x0 -device virtio-serial-pci,id=virtio-serial1,bus=pci.7,addr=0x0 -blockdev {"driver":"file","filename":"/var/lib/libvirt/images/7vnc1.qcow2","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"} -blockdev {"node-name":"libvirt-1-format","read-only":false,"driver":"qcow2","file":"libvirt-1-storage","backing":null} -device virtio-blk-pci,bus=pci.4,addr=0x0,drive=libvirt-1-format,id=virtio-disk0,bootindex=1 -netdev tap,fd=39,id=hostnet0,vhost=on,vhostfd=40 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:93:c0:a6,bus=pci.1,addr=0x0 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -chardev socket,id=charchannel0,fd=41,server=on,wait=off -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0 -device usb-tablet,id=input0,bus=usb.0,port=1 -audiodev id=audio1,driver=none -vnc vnc=unix:/var/lib/libvirt/qemu/domain-2-7vnc1/vnc.sock,audiodev=audio1 -device VGA,id=video0,vgamem_mb=16,bus=pcie.0,addr=0x1 -device virtio-balloon-pci,id=balloon0,bus=pci.5,addr=0x0 -object {"qom-type":"rng-random","id":"objrng0","filename":"/dev/urandom"} -device virtio-rng-pci,rng=objrng0,id=rng0,bus=pci.6,addr=0x0 -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny -msg timestamp=on
Comment 9 John Ferlan 2021-09-13 12:22:39 UTC 
Update to be included in the qemu-6.2 rebase planned for Nov/Dec
Comment 10 CongLi 2021-09-25 06:37:50 UTC 
*** Bug 2007640 has been marked as a duplicate of this bug. ***
Comment 12 CongLi 2021-12-16 00:20:38 UTC 
*** Bug 2032974 has been marked as a duplicate of this bug. ***
Comment 13 Yanan Fu 2021-12-20 12:44:59 UTC 
QE bot(pre verify): Set 'Verified:Tested,SanityOnly' as gating/tier1 test pass.
Comment 16 Hongzhou Liu 2022-01-05 05:21:34 UTC 
Verify this bug on rhel9.0

packages:
qemu-kvm-6.2.0-1.el9.x86_64
virt-viewer-11.0-1.el9.x86_64
libvirt-7.10.0-1.el9.x86_64

1. prepare a vm, use virsh edit edit the xml of the vnc guest and set listen to type to 'socket'

<graphics type='vnc'>
      <listen type='socket'/>
    </graphics>

2. start the guest and check the xml
# virsh domstate rhel9.0 
>
running
# virsh dumpxml rhel9.0  | grep grap -C2
> 
     <alias name='input2'/>
    </input>
    <graphics type='vnc' socket='/var/lib/libvirt/qemu/domain-16-rhel9.0/vnc.sock'>
      <listen type='socket' socket='/var/lib/libvirt/qemu/domain-16-rhel9.0/vnc.sock'/>
    </graphics>
    <audio id='1' type='none'/>
    <video>
3. connect the guest via virt-viewer
# virt-viewer rhel9.0

result: virt-viewer can connect the guest correctly, the result is as expected so I change the status to verified. Thanks!
Comment 17 zhoujunqin 2022-01-27 05:44:21 UTC 
*** Bug 2027966 has been marked as a duplicate of this bug. ***
Comment 19 errata-xmlrpc 2022-05-17 12:24:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: qemu-kvm), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:2307