[Qemu-devel] [Bug 1721468] Re: Free invalid pointer crash in vnc

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [Bug 1721468] Re: Free invalid pointer crash in vnc

From:	Thomas Huth
Subject:	[Qemu-devel] [Bug 1721468] Re: Free invalid pointer crash in vnc
Date:	Thu, 05 Oct 2017 09:14:08 -0000

** Project changed: qemu => qemu (Ubuntu)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1721468

Title:
  Free invalid pointer crash in vnc

Status in qemu package in Ubuntu:
  New

Bug description:
  Attempt to send qemu monitor command crashed the VM. I have sent the
  following qemu monitor command to a running instance:

  virsh qemu-monitor-command --hmp instance-xxxxxxx 'change vnc none'

  At the time I was connected via VNC. Closing my xvncviewer resulted
  in a crash of the VM. 

  Backtrace:

  *** Error in `/usr/bin/qemu-system-x86_64': free(): invalid pointer: 
0x0000564f887a87e0 ***
  ======= Backtrace: =========
  /lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7fa18b38b7e5]
  /lib/x86_64-linux-gnu/libc.so.6(+0x8037a)[0x7fa18b39437a]
  /lib/x86_64-linux-gnu/libc.so.6(cfree+0x4c)[0x7fa18b39853c]
  /usr/bin/qemu-system-x86_64(+0x4b25dd)[0x564f871a75dd]
  /usr/bin/qemu-system-x86_64(visit_type_VncServerInfo+0xa2)[0x564f871b9612]
  /usr/bin/qemu-system-x86_64(qapi_free_VncServerInfo+0x30)[0x564f871a6be0]
  /usr/bin/qemu-system-x86_64(+0x441bca)[0x564f87136bca]
  /usr/bin/qemu-system-x86_64(vnc_disconnect_finish+0x37)[0x564f87137bf7]
  /usr/bin/qemu-system-x86_64(aio_dispatch+0x68)[0x564f8715dcb8]
  /usr/bin/qemu-system-x86_64(+0x45bf9e)[0x564f87150f9e]
  
/lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_context_dispatch+0x2a7)[0x7fa18c06c197]
  /usr/bin/qemu-system-x86_64(main_loop_wait+0x18b)[0x564f8715c5bb]
  /usr/bin/qemu-system-x86_64(main+0x17b4)[0x564f86ed64e4]
  /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7fa18b334830]
  /usr/bin/qemu-system-x86_64(_start+0x29)[0x564f86edbb79]

  
  Version info:

  ii  qemu-system                          1:2.5+dfsg-5ubuntu10.16              
      amd64        QEMU full system emulation binaries
  ii  qemu-system-x86                      1:2.5+dfsg-5ubuntu10.16              
      amd64        QEMU full system emulation binaries (x86)
  ii  qemu-utils                           1:2.5+dfsg-5ubuntu10.16              
      amd64        QEMU utilities
  ii  libvirt-bin                          1.3.1-1ubuntu10.14                   
      amd64        programs for the libvirt library
  ii  libvirt0:amd64                       1.3.1-1ubuntu10.14                   
      amd64        library for interfacing with different virtualization systems
  ii  nova-compute-libvirt                 2:13.1.4-0ubuntu3                    
      all          OpenStack Compute - compute node libvirt support
  ii  python-libvirt                       1.3.1-1ubuntu1                       
      amd64        libvirt Python bindings

  uname -a
  Linux <redacted> 4.10.0-32-generic #36~16.04.1-Ubuntu SMP Wed Aug 9 09:19:02 
UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

  
  Qemu startup:

  starting up libvirt version: 1.3.1, package: 1ubuntu10.14 (Jorge Niedbalski 
<address@hidden> Thu, 10 Aug 2017 22:50:46 -0400), qemu version: 2.5.0 (Debian 
1:2.5+dfsg-5ubuntu10.14), hostname: <redacted>
  LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 
QEMU_AUDIO_DRV=none /usr/bin/qemu-system-x86_64 -name instance-000015ea -S 
-machine pc-i440fx-xenial,accel=kvm,usb=off -cpu 
Haswell-noTSX,+abm,+pdpe1gb,+rdrand,+f16c,+osxsave,+dca,+pdcm,+xtpr,+tm2,+est,+smx,+vmx,+ds_cpl,+dtes64,+pbe,+tm,+ht,+ss,+acpi,+ds,+vme
 -m 32768 -realtime mlock=off -smp 10,sockets=5,cores=1,threads=2 -object 
memory-backend-file,id=ram-node0,prealloc=yes,mem-path=/dev/hugepages/libvirt/qemu,share=yes,size=34359738368,host-nodes=0,policy=bind
 -numa node,nodeid=0,cpus=0-9,memdev=ram-node0 -uuid 
9c2c7bdb-baae-45e7-888f-d090b3d331be -smbios 'type=1,manufacturer=OpenStack 
Foundation,product=OpenStack 
Nova,version=13.1.4,serial=24efafa3-b4a7-4489-a06a-17f23a63ff2b,uuid=9c2c7bdb-baae-45e7-888f-d090b3d331be,family=Virtual
 Machine' -no-user-config -nodefaults -chardev 
socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-instance-000015ea/monitor.sock,server,nowait
 -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew 
-global kvm-pit.lost_tick_policy=discard -no-hpet -no-shutdown -boot strict=on 
-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive 
file=/srv/nova/instances/9c2c7bdb-baae-45e7-888f-d090b3d331be/disk,format=qcow2,if=none,id=drive-virtio-disk0,cache=none
 -device 
virtio-blk-pci,scsi=off,bus=pci.0,addr=0xd,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1
 -drive 
file=/srv/nova/instances/9c2c7bdb-baae-45e7-888f-d090b3d331be/disk.eph0,format=qcow2,if=none,id=drive-virtio-disk1,cache=none
 -device 
virtio-blk-pci,scsi=off,bus=pci.0,addr=0xe,drive=drive-virtio-disk1,id=virtio-disk1
 -drive 
file=/srv/nova/instances/9c2c7bdb-baae-45e7-888f-d090b3d331be/disk.swap,format=qcow2,if=none,id=drive-virtio-disk2,cache=none
 -device 
virtio-blk-pci,scsi=off,bus=pci.0,addr=0xf,drive=drive-virtio-disk2,id=virtio-disk2
 -drive 
file=/srv/nova/instances/9c2c7bdb-baae-45e7-888f-d090b3d331be/disk.config,format=raw,if=none,id=drive-ide0-1-1,readonly=on,cache=none
 -device ide-cd,bus=ide.1,unit=1,drive=drive-ide0-1-1,id=ide0-1-1 -netdev 
tap,fd=27,id=hostnet0,vhost=on,vhostfd=29 -device 
virtio-net-pci,netdev=hostnet0,id=net0,mac=fa:16:3e:94:ae:0c,bus=pci.0,addr=0x3 
-netdev tap,fd=30,id=hostnet1,vhost=on,vhostfd=31 -device 
virtio-net-pci,netdev=hostnet1,id=net1,mac=fa:16:3e:0e:c5:cc,bus=pci.0,addr=0x4 
-netdev tap,fd=32,id=hostnet2,vhost=on,vhostfd=33 -device 
virtio-net-pci,netdev=hostnet2,id=net2,mac=fa:16:3e:7a:1f:cf,bus=pci.0,addr=0x5 
-netdev tap,fd=34,id=hostnet3,vhost=on,vhostfd=35 -device 
virtio-net-pci,netdev=hostnet3,id=net3,mac=fa:16:3e:70:8a:21,bus=pci.0,addr=0x6 
-netdev tap,fd=36,id=hostnet4,vhost=on,vhostfd=37 -device 
virtio-net-pci,netdev=hostnet4,id=net4,mac=fa:16:3e:41:2a:c9,bus=pci.0,addr=0x7 
-netdev tap,fd=38,id=hostnet5,vhost=on,vhostfd=39 -device 
virtio-net-pci,netdev=hostnet5,id=net5,mac=fa:16:3e:da:e5:4c,bus=pci.0,addr=0x8 
-netdev tap,fd=40,id=hostnet6,vhost=on,vhostfd=41 -device 
virtio-net-pci,netdev=hostnet6,id=net6,mac=fa:16:3e:c5:0f:8d,bus=pci.0,addr=0x9 
-netdev tap,fd=42,id=hostnet7,vhost=on,vhostfd=43 -device 
virtio-net-pci,netdev=hostnet7,id=net7,mac=fa:16:3e:db:c5:4a,bus=pci.0,addr=0xa 
-netdev tap,fd=44,id=hostnet8,vhost=on,vhostfd=45 -device 
virtio-net-pci,netdev=hostnet8,id=net8,mac=fa:16:3e:9f:b6:15,bus=pci.0,addr=0xb 
-netdev tap,fd=46,id=hostnet9,vhost=on,vhostfd=47 -device 
virtio-net-pci,netdev=hostnet9,id=net9,mac=fa:16:3e:df:f2:0b,bus=pci.0,addr=0xc 
-chardev 
file,id=charserial0,path=/srv/nova/instances/9c2c7bdb-baae-45e7-888f-d090b3d331be/console.log
 -device isa-serial,chardev=charserial0,id=serial0 -chardev pty,id=charserial1 
-device isa-serial,chardev=charserial1,id=serial1 -device usb-tablet,id=input0 
-vnc 0.0.0.0:0 -k en-us -device cirrus-vga,id=video0,bus=pci.0,addr=0x2 -device 
virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x10 -msg timestamp=on
  char device redirected to /dev/pts/1 (label charserial1)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1721468/+subscriptions

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [Bug 1721468] [NEW] Free invalid pointer crash in vnc, Peter Sabaini, 2017/10/05
- [Qemu-devel] [Bug 1721468] Re: Free invalid pointer crash in vnc, Thomas Huth <=

Prev by Date: Re: [Qemu-devel] [PATCH] qdev: Check for the availability of a hotplug controller before adding a device
Next by Date: Re: [Qemu-devel] loading bitmaps in invalidate_cache fails
Previous by thread: [Qemu-devel] [Bug 1721468] [NEW] Free invalid pointer crash in vnc
Next by thread: [Qemu-devel] [PATCH] hw/s390x: Mark the "sclpquiesce" device with user_creatable = false
Index(es):
- Date
- Thread