-
Bug
-
Resolution: Done-Errata
-
Minor
-
rhel-8.9.0
-
None
-
Moderate
-
rhel-sst-virtualization
-
ssg_virtualization
-
18
-
21
-
None
-
False
-
-
None
-
Red Hat Enterprise Linux
-
None
-
Pass
-
None
-
-
Unspecified
-
None
What were you trying to do that didn't work?
qemu core dump occurs when client connects to VNC server because qemu cmd only adds vnc but without graphics device
Please provide the package NVR for which bug is seen:
qemu-kvm-6.2.0-39.module+el8.9.0+19787+17a83bb7.x86_64
kernel-4.18.0-512.el8.kpq0.x86_64
seabios-bin-1.16.0-4.module+el8.9.0+19570+14a90618.noarch
How reproducible:
100%
Steps to reproduce
1. Boot up guest, but only add vnc device and without graphics device
/usr/libexec/qemu-kvm \
-name guest=gg \
-machine pc-q35-rhel8.6.0,kernel_irqchip=split \
-cpu host \
-m 8192 \
-smp 4,maxcpus=4,cores=2,threads=1,dies=1,sockets=2 \
-nodefaults \
-boot menu=on \
-device pcie-root-port,port=16,chassis=1,id=pci.1,bus=pcie.0,addr=0x2 \
-blockdev '{"driver":"file","filename":"/home/kvm_autotest_root/images/rhel890-64-virtio-scsi.qcow2","node-name":"libvirt-1-storage","auto-read-only":true,"discard":"unmap"}' \
-blockdev '{"node-name":"libvirt-1-format","read-only":false,"driver":"qcow2","file":"libvirt-1-storage","backing":null}' \
-device virtio-blk-pci,bus=pci.1,addr=0x0,drive=libvirt-1-format,id=virtio-disk0 \
-enable-kvm \
-monitor stdio \
-vnc :0 \
2. Try to connect this guest
remote-viewer vnc://10.73.210.78:5900
3. About 10 seconds to trigger qemu core dump.
Expected results
Normally, a graphics device must be added to connect to VNC, but from the perspective of QE, if a graphics device is not added, the connection should be refused or an error message should be output. In any case qemu core dump is unreasonable
Actual results
Trigger qemu core dump
Additional info:
Core dump info:
(gdb) bt full
#0 dpy_ui_info_supported (con=0x0) at ../ui/console.c:1529
No locals.
#1 0x000055684009139f in protocol_client_msg (vs=0x5568418e57b0, data=<optimized out>, len=<optimized out>) at ../ui/vnc.c:2599
size = <optimized out>
screens = <optimized out>
w = 1024
h = 768
dlen = <optimized out>
i = <optimized out>
limit = <optimized out>
freq = <optimized out>
vd = <optimized out>
#2 0x000055684008f175 in vnc_client_read (vs=0x5568418e57b0) at ../ui/vnc.c:1621
len = 24
ret = <optimized out>
ret = <optimized out>
ret = <optimized out>
len = <optimized out>
ret = <optimized out>
#3 vnc_client_io (ioc=<optimized out>, condition=G_IO_IN, opaque=0x5568418e57b0) at ../ui/vnc.c:1649
vs = 0x5568418e57b0
_PRETTY_FUNCTION_ = "vnc_client_io"
#4 0x00007f8b0fe58aed in g_main_dispatch (context=0x556841693f80) at gmain.c:3193
dispatch = 0x55684031b2d0 <qio_channel_fd_source_dispatch>
prev_source = 0x0
was_in_call = 0
user_data = 0x5568418e57b0
callback = 0x55684008f080 <vnc_client_io>
cb_funcs = 0x7f8b10123280 <g_source_callback_funcs>
cb_data = 0x556841ce94d0
need_destroy = <optimized out>
source = 0x55684214ec20
current = 0x556841803170
i = 0
current = <optimized out>
i = <optimized out>
_func_ = "g_main_dispatch"
source = <optimized out>
_g_boolean_var_ = <optimized out>
was_in_call = <optimized out>
user_data = <optimized out>
callback = <optimized out>
cb_funcs = <optimized out>
cb_data = <optimized out>
need_destroy = <optimized out>
dispatch = <optimized out>
prev_source = <optimized out>
_g_boolean_var_ = <optimized out>
#5 g_main_context_dispatch (context=context@entry=0x556841693f80) at gmain.c:3873
No locals.
#6 0x0000556840449f90 in glib_pollfds_poll () at ../util/main-loop.c:232
context = 0x556841693f80
pfds = <optimized out>
context = <optimized out>
pfds = <optimized out>
#7 os_host_main_loop_wait (timeout=<optimized out>) at ../util/main-loop.c:255
context = 0x556841693f80
ret = 1
context = <optimized out>
ret = <optimized out>
#8 main_loop_wait (nonblocking=nonblocking@entry=0) at ../util/main-loop.c:531
mlpoll = {state = 0, timeout = 4294967295, pollfds = 0x556841693c00}
ret = <optimized out>
timeout_ns = <optimized out>
#9 0x0000556840242e59 in qemu_main_loop () at ../softmmu/runstate.c:726
No locals.
#10 0x0000556840076d02 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at ../softmmu/main.c:50
No locals.
- links to
-
RHSA-2023:120326
virt:rhel security bug fix and enhancement update
- mentioned on
[RHEL-2600] qemu core dump occurs when client connects to VNC server because qemu cmd only adds vnc but without graphics device
Reproduct this issue against qemu-kvm-6.2.0-42.module+el8.10.0+20739+e55434e6.x86_64:
Start qemu with below command:
# /usr/libexec/qemu-kvm -cpu host -nodefaults -m 2048 -machine q35 -vnc :0 -monitor stdio -hda /home/rhel.qcow2
After connecting the vnc client to this qemu process, qemu will crash
Verified this issue against qemu-kvm-6.2.0-45.module+el8.10.0+21081+45eafddd.x86_64, no qemu crash happen anymore
gitlab-bot
added a comment - Jon Maloy mentioned this issue in a commit of Red Hat / centos-stream / rpms / qemu-kvm on branch stream-virt-rhel-rhel-8.10.0:
- Wed Dec 06 2023 Jon Maloy <jmaloy@redhat.com> - 6.2.0-43
gitlab-bot
added a comment - Jon Maloy mentioned this issue in a commit of Red Hat / centos-stream / rpms / qemu-kvm on branch stream-virt-rhel-rhel-8.10.0 :
Wed Dec 06 2023 Jon Maloy <jmaloy@redhat.com> - 6.2.0-43
gitlab-bot
added a comment - Jon Maloy mentioned this issue in a merge request of Red Hat / centos-stream / rpms / qemu-kvm on branch next:
Update to qemu-kvm-6.2.0-43.el8
gitlab-bot
added a comment - Jon Maloy mentioned this issue in a merge request of Red Hat / centos-stream / rpms / qemu-kvm on branch next : Update to qemu-kvm-6.2.0-43.el8 
Marc-Andre Lureau
added a comment - patch on the qemu ML: "[PATCH] ui: fix crash when there are no active_console"
Marc-Andre Lureau
added a comment - patch on the qemu ML: " [PATCH] ui: fix crash when there are no active_console" rhn-support-zhguo Please check if the issue could be reproduced via libvirt, thanks.
Since the problem described in this issue should be resolved in a recent advisory, it has been closed.
For information on the advisory (Moderate: virt:rhel and virt-devel:rhel security and enhancement update), and where to find the updated files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2024:2962