Bug 918472 - [abrt] qemu-kvm-0.12.1.2-2.355.el6: getnameinfo: Process /usr/libexec/qemu-kvm was killed by signal 11 (SIGSEGV)
Summary: [abrt] qemu-kvm-0.12.1.2-2.355.el6: getnameinfo: Process /usr/libexec/qemu-kv...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: spice-server
Version: 6.4
Hardware: x86_64
OS: Unspecified
unspecified
low
Target Milestone: rc
: ---
Assignee: Uri Lublin
QA Contact: Desktop QE
URL:
Whiteboard: abrt_hash:1f8c444b3744c7a7d3c986aa531...
Depends On: 952671
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-03-06 10:27 UTC by David Jaša
Modified: 2013-11-21 07:39 UTC (History)
9 users (show)

Fixed In Version: spice-server-0.12.3-1.el6
Doc Type: Bug Fix
Doc Text:
Cause: As part of initialization, spice server calls getaddrinfo(), so it can listen on socket(s) as provided in qemu-kvm command line. When getaddrinfo failed (e.g. due to a "bad" addr= option), only a warning was issued. Consequence: Spice initialization (reds_init_socket) continued and a call to getnameinfo() with bad parameters resulted in a segfault. Fix: When getaddrinfo() fails, spice fails reds_init_socket Result: Upon bad network params (such as "addr") option, spice fails it's initialization and does not segfault.
Clone Of:
Environment:
Last Closed: 2013-11-21 07:39:52 UTC


Attachments (Terms of Use)
File: maps (21.07 KB, text/plain)
2013-03-06 10:27 UTC, David Jaša
no flags Details
File: var_log_messages (2.02 KB, text/plain)
2013-03-06 10:27 UTC, David Jaša
no flags Details
File: open_fds (358 bytes, text/plain)
2013-03-06 10:27 UTC, David Jaša
no flags Details
File: environ (2.01 KB, text/plain)
2013-03-06 10:27 UTC, David Jaša
no flags Details
File: dso_list (4.76 KB, text/plain)
2013-03-06 10:27 UTC, David Jaša
no flags Details
File: sosreport.tar.xz (1.46 MB, text/plain)
2013-03-06 10:27 UTC, David Jaša
no flags Details
File: backtrace (41.68 KB, text/plain)
2013-03-06 10:27 UTC, David Jaša
no flags Details
File: build_ids (2.32 KB, text/plain)
2013-03-06 10:27 UTC, David Jaša
no flags Details
File: limits (1.29 KB, text/plain)
2013-03-06 10:27 UTC, David Jaša
no flags Details
File: cgroup (88 bytes, text/plain)
2013-03-06 10:27 UTC, David Jaša
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2013:1571 normal SHIPPED_LIVE spice-server bug fix and enhancement update 2013-11-20 21:39:57 UTC

Description David Jaša 2013-03-06 10:27:02 UTC
Description of problem:
1. run qemu with '-spice addr=[ipv6::in:brackets],<rest_of_options>'
2. qemu segfaults in getnameinfo()

This may be a bug in spice server that should reject or correct the value of addr= or in getnameinfo() that should be able to cope with such address


Version-Release number of selected component:
qemu-kvm-0.12.1.2-2.355.el6

Additional info:
libreport version: 2.0.9
abrt_version:   2.0.8
backtrace_rating: 4
cmdline:        qemu-kvm -monitor stdio -vga qxl -spice addr=[fe80::200:ff:fe00:0],disable-ticketing,x509-dir=/etc/pki/libvirt-spice,tls-port=5801,port=5800,tls-channel=main,tls-channel=inputs -incoming tcp:0:5701
crash_function: getnameinfo
kernel:         2.6.32-358.el6.x86_64

truncated backtrace:
:Thread no. 1 (7 frames)
: #0 getnameinfo at getnameinfo.c
: #1 reds_init_socket at reds.c
: #2 reds_init_net at reds.c
: #3 do_spice_init at reds.c
: #4 spice_server_init at reds.c
: #5 qemu_spice_init at /usr/src/debug/qemu-kvm-0.12.1.2/ui/spice-core.c
: #6 module_call_init at /usr/src/debug/qemu-kvm-0.12.1.2/module.c

Comment 1 David Jaša 2013-03-06 10:27:07 UTC
Created attachment 705857 [details]
File: maps

Comment 2 David Jaša 2013-03-06 10:27:09 UTC
Created attachment 705858 [details]
File: var_log_messages

Comment 3 David Jaša 2013-03-06 10:27:11 UTC
Created attachment 705859 [details]
File: open_fds

Comment 4 David Jaša 2013-03-06 10:27:14 UTC
Created attachment 705860 [details]
File: environ

Comment 5 David Jaša 2013-03-06 10:27:27 UTC
Created attachment 705861 [details]
File: dso_list

Comment 6 David Jaša 2013-03-06 10:27:36 UTC
Created attachment 705862 [details]
File: sosreport.tar.xz

Comment 7 David Jaša 2013-03-06 10:27:39 UTC
Created attachment 705864 [details]
File: backtrace

Comment 8 David Jaša 2013-03-06 10:27:42 UTC
Created attachment 705865 [details]
File: build_ids

Comment 9 David Jaša 2013-03-06 10:27:44 UTC
Created attachment 705866 [details]
File: limits

Comment 10 David Jaša 2013-03-06 10:27:46 UTC
Created attachment 705867 [details]
File: cgroup

Comment 11 Pavel Šimerda (pavlix) 2013-03-06 11:22:22 UTC
I don't think spice should use getnameinfo() during initialization. Is there a valid reason for that? For any input from the user (including configuration), getaddrinfo() should be used to gather the necessary data.

During the initialization of a service, the only binary addressing data I could think of would come from the kernel through netlink. But these should rarely be used for any reverse lookup.

Comment 12 Christophe Fergeau 2013-03-15 23:09:37 UTC
This is probably fixed by http://cgit.freedesktop.org/spice/spice/commit/?id=5a31221252b
Pavel, see http://cgit.freedesktop.org/~teuf/spice/commit/?id=79c3a97 for some kind of explanations on the getnameinfo() call (summary: there is such a call in the post-getaddrinfo() loop, but its result is unused)

Comment 18 errata-xmlrpc 2013-11-21 07:39:52 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1571.html


Note You need to log in before you can comment on or make changes to this bug.