[Qemu-devel] [Bug 1594861] Re: QEMU crashes when slow VNC client disconnects

2016-09-02 Thread T. Huth 
Fix has been included in QEMU v2.7.0:
http://git.qemu.org/?p=qemu.git;a=commitdiff;h=ea697449884d83b83fefb

** Changed in: qemu
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1594861

Title:
  QEMU crashes when slow VNC client disconnects

Status in QEMU:
  Fix Released

Bug description:
  QEMU (at least 2.6.0 and today's git origin/master 
6f1d2d1c5ad20d464705b17318cb7ca495f8078a) crashes when a slow VNC client 
disconnects during a time of busy VNC updates, with:
  qemu_mutex_lock: Invalid argument

  This is easily repeatable:
- Start up a QEMU with the Finnix 1.10 CD-ROM, as below
- vnclient host:0 -shared  (remote X11-based vnc client, to make it "slow")
- On the Finnix command line, run: "while :; do ls -laRC /; done" to 
generate screen updates
- Close the vncclient
- QEMU crashes on locking an already free'd mutex (note that the VNC 
state's share_mode is DISCONNECTED)


  # gdb qemu-system-x86_64
  GNU gdb (GDB) 7.11.1
  Copyright (C) 2016 Free Software Foundation, Inc.
  License GPLv3+: GNU GPL version 3 or later 
  This is free software: you are free to change and redistribute it.
  There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
  and "show warranty" for details.
  This GDB was configured as "x86_64-pc-linux-gnu".
  Type "show configuration" for configuration details.
  For bug reporting instructions, please see:
  .
  Find the GDB manual and other documentation resources online at:
  .
  For help, type "help".
  Type "apropos word" to search for commands related to "word"...
  Reading symbols from qemu-system-x86_64...done.
  (gdb) run -cdrom finnix-110.iso -m 1G -vga cirrus -usbdevice tablet -net 
nic,model=e1000 -net user -rtc base=localtime,clock=host -enable-kvm -vnc 
:0,share=ignore -monitor stdio
  Starting program: qemu-system-x86_64 -cdrom finnix-110.iso -m 1G -vga cirrus 
-usbdevice tablet -net nic,model=e1000 -net user -rtc base=localtime,clock=host 
-enable-kvm -vnc :0,share=ignore -monitor stdio
  [Thread debugging using libthread_db enabled]
  Using host libthread_db library "/usr/lib/libthread_db.so.1".
  [New Thread 0x71ca2700 (LWP 25717)]
  Failed to initialize module: /usr/lib/qemu/block-dmg.so
  Note: only modules from the same build can be loaded.
  [New Thread 0x7129d700 (LWP 25718)]
  QEMU 2.6.50 monitor - type 'help' for more information
  (qemu) [New Thread 0x708ba700 (LWP 25719)]
  [New Thread 0x7fffaabff700 (LWP 25721)]
  [Thread 0x7129d700 (LWP 25718) exited]
  [New Thread 0x7129d700 (LWP 25724)]
  [Thread 0x7129d700 (LWP 25724) exited]
  [New Thread 0x7129d700 (LWP 25728)]
  qemu: qemu_mutex_lock: Invalid argument

  Thread 1 "qemu-system-x86" received signal SIGABRT, Aborted.
  0x748cc2a8 in raise () from /usr/lib/libc.so.6
  (gdb) thread apply all backtrace

  Thread 7 (Thread 0x7129d700 (LWP 25728)):
  #0  0x7634b5f5 in do_futex_wait () from /usr/lib/libpthread.so.0
  #1  0x7634b6bf in __new_sem_wait_slow () from /usr/lib/libpthread.so.0
  #2  0x7634b772 in sem_timedwait () from /usr/lib/libpthread.so.0
  #3  0x55a7fcb7 in qemu_sem_timedwait (sem=sem@entry=0x56518c38, 
ms=ms@entry=1)
  at util/qemu-thread-posix.c:245
  #4  0x559f281c in worker_thread (opaque=0x56518bd0) at 
thread-pool.c:92
  #5  0x76343424 in start_thread () from /usr/lib/libpthread.so.0
  #6  0x74980cbd in clone () from /usr/lib/libc.so.6

  Thread 5 (Thread 0x7fffaabff700 (LWP 25721)):
  #0  0x7634903f in pthread_cond_wait@@GLIBC_2.3.2 () from 
/usr/lib/libpthread.so.0
  #1  0x55a7fb69 in qemu_cond_wait (cond=cond@entry=0x56541790, 
mutex=mutex@entry=0x565417c0)
  at util/qemu-thread-posix.c:123
  #2  0x559ecb4b in vnc_worker_thread_loop 
(queue=queue@entry=0x56541790) at ui/vnc-jobs.c:228
  #3  0x559ed088 in vnc_worker_thread (arg=0x56541790) at 
ui/vnc-jobs.c:335
  #4  0x76343424 in start_thread () from /usr/lib/libpthread.so.0
  #5  0x74980cbd in clone () from /usr/lib/libc.so.6

  Thread 4 (Thread 0x708ba700 (LWP 25719)):
  #0  0x74979277 in ioctl () from /usr/lib/libc.so.6
  #1  0x557d3484 in kvm_vcpu_ioctl (cpu=cpu@entry=0x5651f2d0, 
type=type@entry=44672)
  at kvm-all.c:2057
  #2  0x557d353d in kvm_cpu_exec (cpu=cpu@entry=0x5651f2d0)
  at kvm-all.c:1907
  #3  0x557c1ea4 in qemu_kvm_cpu_thread_fn (arg=0x5651f2d0)
  at cpus.c:1078
  #4  0x76343424 in start_thread () from /usr/lib/libpthread.so.0
  #5  0x74980cbd in clone () from /usr/lib/libc.so.6

  Thread 2 (Thread 0x71ca2700 (LWP 25717)):
  #0  0x7497c7f9 in syscall () from

[Qemu-devel] [Bug 1594861] Re: QEMU crashes when slow VNC client disconnects

2016-06-28 Thread Daniel Berrange 
Potential fix posted

https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg07693.html

If you are able to test with this patch any feedback would be welcome.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1594861

Title:
  QEMU crashes when slow VNC client disconnects

Status in QEMU:
  New

Bug description:
  QEMU (at least 2.6.0 and today's git origin/master 
6f1d2d1c5ad20d464705b17318cb7ca495f8078a) crashes when a slow VNC client 
disconnects during a time of busy VNC updates, with:
  qemu_mutex_lock: Invalid argument

  This is easily repeatable:
- Start up a QEMU with the Finnix 1.10 CD-ROM, as below
- vnclient host:0 -shared  (remote X11-based vnc client, to make it "slow")
- On the Finnix command line, run: "while :; do ls -laRC /; done" to 
generate screen updates
- Close the vncclient
- QEMU crashes on locking an already free'd mutex (note that the VNC 
state's share_mode is DISCONNECTED)


  # gdb qemu-system-x86_64
  GNU gdb (GDB) 7.11.1
  Copyright (C) 2016 Free Software Foundation, Inc.
  License GPLv3+: GNU GPL version 3 or later 
  This is free software: you are free to change and redistribute it.
  There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
  and "show warranty" for details.
  This GDB was configured as "x86_64-pc-linux-gnu".
  Type "show configuration" for configuration details.
  For bug reporting instructions, please see:
  .
  Find the GDB manual and other documentation resources online at:
  .
  For help, type "help".
  Type "apropos word" to search for commands related to "word"...
  Reading symbols from qemu-system-x86_64...done.
  (gdb) run -cdrom finnix-110.iso -m 1G -vga cirrus -usbdevice tablet -net 
nic,model=e1000 -net user -rtc base=localtime,clock=host -enable-kvm -vnc 
:0,share=ignore -monitor stdio
  Starting program: qemu-system-x86_64 -cdrom finnix-110.iso -m 1G -vga cirrus 
-usbdevice tablet -net nic,model=e1000 -net user -rtc base=localtime,clock=host 
-enable-kvm -vnc :0,share=ignore -monitor stdio
  [Thread debugging using libthread_db enabled]
  Using host libthread_db library "/usr/lib/libthread_db.so.1".
  [New Thread 0x71ca2700 (LWP 25717)]
  Failed to initialize module: /usr/lib/qemu/block-dmg.so
  Note: only modules from the same build can be loaded.
  [New Thread 0x7129d700 (LWP 25718)]
  QEMU 2.6.50 monitor - type 'help' for more information
  (qemu) [New Thread 0x708ba700 (LWP 25719)]
  [New Thread 0x7fffaabff700 (LWP 25721)]
  [Thread 0x7129d700 (LWP 25718) exited]
  [New Thread 0x7129d700 (LWP 25724)]
  [Thread 0x7129d700 (LWP 25724) exited]
  [New Thread 0x7129d700 (LWP 25728)]
  qemu: qemu_mutex_lock: Invalid argument

  Thread 1 "qemu-system-x86" received signal SIGABRT, Aborted.
  0x748cc2a8 in raise () from /usr/lib/libc.so.6
  (gdb) thread apply all backtrace

  Thread 7 (Thread 0x7129d700 (LWP 25728)):
  #0  0x7634b5f5 in do_futex_wait () from /usr/lib/libpthread.so.0
  #1  0x7634b6bf in __new_sem_wait_slow () from /usr/lib/libpthread.so.0
  #2  0x7634b772 in sem_timedwait () from /usr/lib/libpthread.so.0
  #3  0x55a7fcb7 in qemu_sem_timedwait (sem=sem@entry=0x56518c38, 
ms=ms@entry=1)
  at util/qemu-thread-posix.c:245
  #4  0x559f281c in worker_thread (opaque=0x56518bd0) at 
thread-pool.c:92
  #5  0x76343424 in start_thread () from /usr/lib/libpthread.so.0
  #6  0x74980cbd in clone () from /usr/lib/libc.so.6

  Thread 5 (Thread 0x7fffaabff700 (LWP 25721)):
  #0  0x7634903f in pthread_cond_wait@@GLIBC_2.3.2 () from 
/usr/lib/libpthread.so.0
  #1  0x55a7fb69 in qemu_cond_wait (cond=cond@entry=0x56541790, 
mutex=mutex@entry=0x565417c0)
  at util/qemu-thread-posix.c:123
  #2  0x559ecb4b in vnc_worker_thread_loop 
(queue=queue@entry=0x56541790) at ui/vnc-jobs.c:228
  #3  0x559ed088 in vnc_worker_thread (arg=0x56541790) at 
ui/vnc-jobs.c:335
  #4  0x76343424 in start_thread () from /usr/lib/libpthread.so.0
  #5  0x74980cbd in clone () from /usr/lib/libc.so.6

  Thread 4 (Thread 0x708ba700 (LWP 25719)):
  #0  0x74979277 in ioctl () from /usr/lib/libc.so.6
  #1  0x557d3484 in kvm_vcpu_ioctl (cpu=cpu@entry=0x5651f2d0, 
type=type@entry=44672)
  at kvm-all.c:2057
  #2  0x557d353d in kvm_cpu_exec (cpu=cpu@entry=0x5651f2d0)
  at kvm-all.c:1907
  #3  0x557c1ea4 in qemu_kvm_cpu_thread_fn (arg=0x5651f2d0)
  at cpus.c:1078
  #4  0x76343424 in start_thread () from /usr/lib/libpthread.so.0
  #5  0x74980cbd in clone () from /usr/lib/libc.so.6

  Thread 2 (Thread 0x71ca2700 (LWP 25717)):
  #0  0x7497c7f9 in syscall () from

[Qemu-devel] [Bug 1594861] Re: QEMU crashes when slow VNC client disconnects

2016-06-24 Thread Daniel Berrange 
The only place we free the mutex is in vnc_disconnect_finish() which is
only ever called from vnc_client_read(), in turn called from
vnc_client_io().

We're crashing in vnc_client_write() which is called from
vnc_client_io().

The stack trace has optimized out the "condition" param in
vnc_client_io(), but what I'm guessing is that vnc_client_io() is
invoked with both G_IO_OUT and G_IO_IN set. We process G_IO_IN, calling
vnc_disconnect_finish, and then carry on to process G_IO_OUT.  It looks
like we need to skip the G_IO_OUT processing if we called
vnc_disconnect_finish during G_IO_IN handling

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1594861

Title:
  QEMU crashes when slow VNC client disconnects

Status in QEMU:
  New

Bug description:
  QEMU (at least 2.6.0 and today's git origin/master 
6f1d2d1c5ad20d464705b17318cb7ca495f8078a) crashes when a slow VNC client 
disconnects during a time of busy VNC updates, with:
  qemu_mutex_lock: Invalid argument

  This is easily repeatable:
- Start up a QEMU with the Finnix 1.10 CD-ROM, as below
- vnclient host:0 -shared  (remote X11-based vnc client, to make it "slow")
- On the Finnix command line, run: "while :; do ls -laRC /; done" to 
generate screen updates
- Close the vncclient
- QEMU crashes on locking an already free'd mutex (note that the VNC 
state's share_mode is DISCONNECTED)


  # gdb qemu-system-x86_64
  GNU gdb (GDB) 7.11.1
  Copyright (C) 2016 Free Software Foundation, Inc.
  License GPLv3+: GNU GPL version 3 or later 
  This is free software: you are free to change and redistribute it.
  There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
  and "show warranty" for details.
  This GDB was configured as "x86_64-pc-linux-gnu".
  Type "show configuration" for configuration details.
  For bug reporting instructions, please see:
  .
  Find the GDB manual and other documentation resources online at:
  .
  For help, type "help".
  Type "apropos word" to search for commands related to "word"...
  Reading symbols from qemu-system-x86_64...done.
  (gdb) run -cdrom finnix-110.iso -m 1G -vga cirrus -usbdevice tablet -net 
nic,model=e1000 -net user -rtc base=localtime,clock=host -enable-kvm -vnc 
:0,share=ignore -monitor stdio
  Starting program: qemu-system-x86_64 -cdrom finnix-110.iso -m 1G -vga cirrus 
-usbdevice tablet -net nic,model=e1000 -net user -rtc base=localtime,clock=host 
-enable-kvm -vnc :0,share=ignore -monitor stdio
  [Thread debugging using libthread_db enabled]
  Using host libthread_db library "/usr/lib/libthread_db.so.1".
  [New Thread 0x71ca2700 (LWP 25717)]
  Failed to initialize module: /usr/lib/qemu/block-dmg.so
  Note: only modules from the same build can be loaded.
  [New Thread 0x7129d700 (LWP 25718)]
  QEMU 2.6.50 monitor - type 'help' for more information
  (qemu) [New Thread 0x708ba700 (LWP 25719)]
  [New Thread 0x7fffaabff700 (LWP 25721)]
  [Thread 0x7129d700 (LWP 25718) exited]
  [New Thread 0x7129d700 (LWP 25724)]
  [Thread 0x7129d700 (LWP 25724) exited]
  [New Thread 0x7129d700 (LWP 25728)]
  qemu: qemu_mutex_lock: Invalid argument

  Thread 1 "qemu-system-x86" received signal SIGABRT, Aborted.
  0x748cc2a8 in raise () from /usr/lib/libc.so.6
  (gdb) thread apply all backtrace

  Thread 7 (Thread 0x7129d700 (LWP 25728)):
  #0  0x7634b5f5 in do_futex_wait () from /usr/lib/libpthread.so.0
  #1  0x7634b6bf in __new_sem_wait_slow () from /usr/lib/libpthread.so.0
  #2  0x7634b772 in sem_timedwait () from /usr/lib/libpthread.so.0
  #3  0x55a7fcb7 in qemu_sem_timedwait (sem=sem@entry=0x56518c38, 
ms=ms@entry=1)
  at util/qemu-thread-posix.c:245
  #4  0x559f281c in worker_thread (opaque=0x56518bd0) at 
thread-pool.c:92
  #5  0x76343424 in start_thread () from /usr/lib/libpthread.so.0
  #6  0x74980cbd in clone () from /usr/lib/libc.so.6

  Thread 5 (Thread 0x7fffaabff700 (LWP 25721)):
  #0  0x7634903f in pthread_cond_wait@@GLIBC_2.3.2 () from 
/usr/lib/libpthread.so.0
  #1  0x55a7fb69 in qemu_cond_wait (cond=cond@entry=0x56541790, 
mutex=mutex@entry=0x565417c0)
  at util/qemu-thread-posix.c:123
  #2  0x559ecb4b in vnc_worker_thread_loop 
(queue=queue@entry=0x56541790) at ui/vnc-jobs.c:228
  #3  0x559ed088 in vnc_worker_thread (arg=0x56541790) at 
ui/vnc-jobs.c:335
  #4  0x76343424 in start_thread () from /usr/lib/libpthread.so.0
  #5  0x74980cbd in clone () from /usr/lib/libc.so.6

  Thread 4 (Thread 0x708ba700 (LWP 25719)):
  #0  0x74979277 in ioctl () from /usr/lib/libc.so.6
  #1  0x557d3484 in kvm_vcpu_ioctl (cpu=cpu@entry=0x5651f2d0, 
type=type@entry=44672)
  at