Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-2600

qemu core dump occurs when client connects to VNC server because qemu cmd only adds vnc but without graphics device

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: Generate New Ti...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • None
    • Moderate
    • rhel-virt-core
    • ssg_virtualization
    • 18
    • 21
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • Unspecified
    • None

      What were you trying to do that didn't work?
      qemu core dump occurs when client connects to VNC server because qemu cmd only adds vnc but without graphics device

      Please provide the package NVR for which bug is seen:
      qemu-kvm-6.2.0-39.module+el8.9.0+19787+17a83bb7.x86_64
      kernel-4.18.0-512.el8.kpq0.x86_64
      seabios-bin-1.16.0-4.module+el8.9.0+19570+14a90618.noarch

      How reproducible:
      100%

      Steps to reproduce
      1. Boot up guest, but only add vnc device and without graphics device
      /usr/libexec/qemu-kvm \
      -name guest=gg \
      -machine pc-q35-rhel8.6.0,kernel_irqchip=split \
      -cpu host \
      -m 8192 \
      -smp 4,maxcpus=4,cores=2,threads=1,dies=1,sockets=2  \
      -nodefaults \
      -boot menu=on \
      -device pcie-root-port,port=16,chassis=1,id=pci.1,bus=pcie.0,addr=0x2 \
      -blockdev '{"driver":"file","filename":"/home/kvm_autotest_root/images/rhel890-64-virtio-scsi.qcow2","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
      -blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"qcow2","file":"libvirt-1-storage","backing":null}' \
      -device virtio-blk-pci,bus=pci.1,addr=0x0,drive=libvirt-1-format,id=virtio-disk0 \
      -enable-kvm \
      -monitor stdio \
      -vnc :0 \

      2. Try to connect this guest
      remote-viewer vnc://10.73.210.78:5900

      3. About 10 seconds to trigger qemu core dump.

      Expected results
      Normally, a graphics device must be added to connect to VNC, but from the perspective of QE, if a graphics device is not added, the connection should be refused or an error message should be output. In any case qemu core dump is unreasonable

      Actual results
      Trigger qemu core dump

      Additional info:
      Core dump info:

      (gdb) bt full
#0  dpy_ui_info_supported (con=0x0) at ../ui/console.c:1529
No locals.
#1  0x000055684009139f in protocol_client_msg (vs=0x5568418e57b0, data=<optimized out>, len=<optimized out>) at ../ui/vnc.c:2599
        size = <optimized out>
        screens = <optimized out>
        w = 1024
        h = 768
        dlen = <optimized out>
        i = <optimized out>
        limit = <optimized out>
        freq = <optimized out>
        vd = <optimized out>
#2  0x000055684008f175 in vnc_client_read (vs=0x5568418e57b0) at ../ui/vnc.c:1621
        len = 24
        ret = <optimized out>
        ret = <optimized out>
        ret = <optimized out>
        len = <optimized out>
        ret = <optimized out>
#3  vnc_client_io (ioc=<optimized out>, condition=G_IO_IN, opaque=0x5568418e57b0) at ../ui/vnc.c:1649
        vs = 0x5568418e57b0
        _PRETTY_FUNCTION_ = "vnc_client_io"
#4  0x00007f8b0fe58aed in g_main_dispatch (context=0x556841693f80) at gmain.c:3193
        dispatch = 0x55684031b2d0 <qio_channel_fd_source_dispatch>
        prev_source = 0x0
        was_in_call = 0
        user_data = 0x5568418e57b0
        callback = 0x55684008f080 <vnc_client_io>
        cb_funcs = 0x7f8b10123280 <g_source_callback_funcs>
        cb_data = 0x556841ce94d0
        need_destroy = <optimized out>
        source = 0x55684214ec20
        current = 0x556841803170
        i = 0
        current = <optimized out>
        i = <optimized out>
        _func_ = "g_main_dispatch"
        source = <optimized out>
        _g_boolean_var_ = <optimized out>
        was_in_call = <optimized out>
        user_data = <optimized out>
        callback = <optimized out>
        cb_funcs = <optimized out>
        cb_data = <optimized out>
        need_destroy = <optimized out>
        dispatch = <optimized out>
        prev_source = <optimized out>
        _g_boolean_var_ = <optimized out>
#5  g_main_context_dispatch (context=context@entry=0x556841693f80) at gmain.c:3873
No locals.
#6  0x0000556840449f90 in glib_pollfds_poll () at ../util/main-loop.c:232
        context = 0x556841693f80
        pfds = <optimized out>
        context = <optimized out>
        pfds = <optimized out>
#7  os_host_main_loop_wait (timeout=<optimized out>) at ../util/main-loop.c:255
        context = 0x556841693f80
        ret = 1
        context = <optimized out>
        ret = <optimized out>
#8  main_loop_wait (nonblocking=nonblocking@entry=0) at ../util/main-loop.c:531
        mlpoll = {state = 0, timeout = 4294967295, pollfds = 0x556841693c00}
        ret = <optimized out>
        timeout_ns = <optimized out>
#9  0x0000556840242e59 in qemu_main_loop () at ../softmmu/runstate.c:726
No locals.
#10 0x0000556840076d02 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at ../softmmu/main.c:50
No locals.

              mlureau Marc-Andre Lureau
              rhn-support-leiyang Lei Yang
              virt-maint virt-maint
              Zhiyi Guo Zhiyi Guo
              Votes:
              0 Vote for this issue
              Watchers:
              13 Start watching this issue

                Created:
                Updated:
                Resolved: