qemu locks up on typing 41 characters at once into serial console
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
QEMU |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
I am running daily automated tests that involve booting a NetBSD 6.0.1
guest in qemu freshly built from git. The tests are scripted using
pexpect, which interacts with the NetBSD guest over the emulated
serial console. Recently, the tests stopped working; the guest boots
and pexpect is able to log in, but when it sends a long shell command
(more than 40 characters) to the guest, the command is neither echoed
nor executed, and no further output is seen from the guest.
The problem can be reproduced manually (without pexpect) as follows.
Run the following commands in a terminal window on a host of
your choice (Linux will do fine):
wget http://
gunzip NetBSD-
qemu-system-i386 -m 32 -nographic -snapshot -hda NetBSD-
This will download a disk image (some 144 MB compressed, 2 GB
uncompressed) containing a NetBSD system configured to use a serial
console, and boot it in qemu. Make sure the qemu-system-i386
in your PATH is one recently built from git, or adjust the command
as needed.
Once the VM has booted, log in as root (there is no password). You
will now be in a functional NetBSD root shell.
Now cut-and-paste a string containing at least 41 characters into the
terminal window. I used a string containing 41 copies of the letter
"X". You can use other strings, but beware of pasting strings
containing valid shell commands, as they may end up being executed on
the host (see below).
If your copy of qemu is suffering from the bug, it will lock up. Not
only will the virtual machine no longer respond to keystrokes, but
qemu itself will no longer respond to commands such as "control-a c".
You will have to kill it from a different terminal window. When the
qemu process is killed, any pasted characters after the first 40 will
be read and executed by the host shell, suggesting that they were never
even read by the qemu process. As I had typed a return after pasting
the 41 X:es, the host shell executed the command "X", thereby
accidentally attempting (unsuccessfully) to start an X server.
"git bisect" implicates the following commit:
commit a29753f8aa79a34
Author: Anthony Liguori <email address hidden>
Date: Tue Mar 5 23:21:19 2013 +0530
qemu-char: convert fd_chr to use a GIOChannel
This uses the newly introduced IOWatchPoll source.
Signed-
Signed-
Message-id: 0cb5d14510ee835
Signed-
Changed in qemu: | |
status: | New → Fix Committed |
Changed in qemu: | |
status: | Fix Committed → Fix Released |
My automated test is still hanging, but since commit 893986fe94eb229 f2317f50fac0e35 e068eb66ba,
it no longer hangs silently, but instead outputs a seemingly endless stream of assertion failure messages:
(process:5928): GLib-CRITICAL **: g_source_ get_context: assertion `!SOURCE_DESTROYED (source)' failed
(process:5928): GLib-CRITICAL **: g_source_ get_context: assertion `!SOURCE_DESTROYED (source)' failed
(process:5928): GLib-CRITICAL **: g_source_ get_context: assertion `!SOURCE_DESTROYED (source)' failed
(process:5928): GLib-CRITICAL **: g_source_attach: assertion `source->context == NULL' failed
(process:5928): GLib-CRITICAL **: g_source_ get_context: assertion `!SOURCE_DESTROYED (source)' failed
(process:5928): GLib-CRITICAL **: g_source_attach: assertion `source->context == NULL' failed
(process:5928): GLib-CRITICAL **: g_source_ get_context: assertion `!SOURCE_DESTROYED (source)' failed
(process:5928): GLib-CRITICAL **: g_source_attach: assertion `source->context == NULL' failed
(process:5928): GLib-CRITICAL **: g_source_ get_context: assertion `!SOURCE_DESTROYED (source)' failed