Bug 210422

Summary: QEMU always crashes
Product: [Fedora] Fedora Reporter: Jan Kratochvil <jan.kratochvil>
Component: kernel-xenAssignee: Xen Maintainance List <xen-maint>
Status: CLOSED CURRENTRELEASE QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: bstein
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Fixed In Version: FC6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-09-25 13:24:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 212625    
Description Flags
core.gz of: qemu -cdrom /dev/zero -net none -m 1 none

Description Jan Kratochvil 2006-10-11 22:54:52 UTC
Description of problem:
Started running on kernel-xen (in Domain-0) and QEMU no longer works.
No kqemu used, qemu runs fully as a non-privileged user, just completely regular
qemu ran in XEN domain on the same host with kernel-2.6.16 built from
linux-2.6-xen.hg works.
Both Domain-0 and the XEN domain run RawHide.i386.

Version-Release number of selected component (if applicable):


How reproducible:

Steps to Reproduce:
1. qemu -cdrom /dev/zero -net none -m 1
Actual results:
Could not open '/dev/kqemu' - QEMU acceleration layer not activated

Expected results:
Could not open '/dev/kqemu' - QEMU acceleration layer not activated
[displayed window containing Bochs BIOS screen with failed boot]

Additional info:
core file etc. upon request but you should easily reproduce it yourself.
Not fully certain it is XEN specific but I use QEMU pretty often and it worked
last time on non-XEN kernel.

Program terminated with signal 11, Segmentation fault.
#0  cpu_x86_exec (env1=0x9d70998) at /usr/src/debug/qemu-0.8.2/cpu-exec.c:772
b772                    gen_func();
(gdb) bt
#0  cpu_x86_exec (env1=0x9d70998) at /usr/src/debug/qemu-0.8.2/cpu-exec.c:772
#1  0x08050968 in main_loop () at /usr/src/debug/qemu-0.8.2/vl.c:5069
#2  0x08051de3 in main (argc=1536, argv=0x0) at /usr/src/debug/qemu-0.8.2/vl.c:6221
Previous frame inner to this frame (corrupt stack?)

Comment 1 Steven Rostedt 2006-10-17 01:55:35 UTC
I just tried this with


And it worked for me.  Could you verify that the latest kernel-xen fixes this

Comment 2 Jan Kratochvil 2006-10-17 18:09:45 UTC
Created attachment 138700 [details]
core.gz of: qemu -cdrom /dev/zero -net none -m 1


It is sad you could not reproduce it.  Really running i386 (32-bit)?

Comment 3 Jan Kratochvil 2006-10-19 18:00:31 UTC
It is workaroundable by
  echo 0 >/proc/sys/kernel/exec-shield
(still on that kernel-xen-2.6.18-1.2798.fc6.i686)
as suggested by Caolan McNamara in Bug 210748. Still not aware of the specific
cause but I assume you already know.

Comment 4 Steven Rostedt 2006-10-21 01:55:26 UTC
No I didn't notice that this was for i386 only. You did mention that you were
using that, but I wasn't. So I was able to get it to seg fault.  OK, now that I
have something that doesn't work, I can take a closer look at it.  I also
switched this BZ to state that this is not for all hardware, but for i686.

Comment 5 Steven Rostedt 2006-10-24 16:19:13 UTC
The fix for bz 200382 seems to have caused this bug. Will look into it further.

Comment 6 Steven Rostedt 2006-10-25 14:26:47 UTC
OK, I've confirmed that the fix for 200382 caused this problem. I have a patch
that has already been submitted to the maintainers.  But I must first confirm
that the patch doesn't break 200382 before I close this.

Comment 8 Red Hat Bugzilla 2007-07-25 01:34:04 UTC
change QA contact

Comment 9 Stephen Tweedie 2007-09-25 13:20:46 UTC
Tried with 2.6.20-1.2933.fc6xen.i686, with execshield enabled; seems to work fine.

Comment 10 Chris Lalancette 2007-09-25 13:24:46 UTC
Since this seems to work on FC6 and RHEL-5, closing this bug out.  Please
re-open if you still have problems.

Chris Lalancette