Bug 490512

Summary: segfault in stw_kernel when qemu is run (gcc bug)
Product: [Fedora] Fedora Reporter: Eric Paris <eparis>
Component: qemuAssignee: Glauber Costa <gcosta>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: high    
Version: rawhideCC: dwmw2, gcosta, gerrit.slomma, lkundrak, markmc, virt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-04-02 12:39:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 490509    
Bug Blocks: 480593    

Description Eric Paris 2009-03-16 19:04:29 UTC 
[root@localhost ~]# LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin /usr/bin/qemu -M pc -no-kqemu -m 512 -smp 1 -name Windows -uuid 5afbae35-136b-95f7-43fd-548803955668 -monitor pty -pidfile /var/run/libvirt/qemu//Windows.pid -localtime -no-acpi -boot c -drive file=/var/lib/libvirt/images/Windows.img,if=ide,index=0,boot=on -drive file=/dev/sr0,if=ide,media=cdrom,index=2 -net nic,macaddr=54:52:00:42:c9:ee,vlan=0 -net tap,fd=18,script=,vlan=0,ifname=vnet0 -serial pty -parallel none -usb -usbdevice tablet -vnc 127.0.0.1:0 -k en-us
TUNGETIFF ioctl() failed: Bad file descriptor
char device redirected to /dev/pts/15
char device redirected to /dev/pts/16
Segmentation fault (core dumped)

qemu-0.10-0.9.kvm20090310git.fc11.i586
libvirt-0.6.1-3.fc11.i586
kernel-PAE-2.6.29-0.252.rc8.fc11.i686

Core was generated by `/usr/bin/qemu -M pc -no-kqemu -m 512 -smp 1 -name Windows -uuid 5afbae35-136b-9'.
Program terminated with signal 11, Segmentation fault.
#0  0x08168597 in stw_kernel (v=<value optimized out>, ptr=<value optimized out>) at ../softmmu_header.h:276
276	    if (unlikely(env->tlb_table[mmu_idx][page_index].addr_write !=
(gdb) bt
#0  0x08168597 in stw_kernel (v=<value optimized out>, ptr=<value optimized out>) at ../softmmu_header.h:276
#1  helper_lcall_real (v=<value optimized out>, ptr=<value optimized out>) at /usr/src/debug/kvm-84.git-snapshot-20090310/qemu/target-i386/op_helper.c:2273
#2  0x8e7368ef in ?? ()
(gdb) print mmu_idx
No symbol "mmu_idx" in current context.
(gdb) print page_index
$1 = <value optimized out>
(gdb) print env
$2 = (struct CPUX86State *) 0x0
(gdb) print env->tlb_table
Cannot access memory at address 0x30c
(gdb)
Comment 1 Glauber Costa 2009-03-16 19:13:16 UTC 
It is most likely a gcc bug.

See https://bugzilla.redhat.com/show_bug.cgi?id=490509
Comment 2 Mark McLoughlin 2009-04-02 12:39:05 UTC 
Supposedly the gcc bug was fixed in 4.4.0-0.29

qemu-0.10-0.12.kvm20090323git.fc11 was the first version of qemu built with that version of gcc, so it should have been fixed since then
Comment 3 Gerrit Slomma 2009-05-06 19:23:45 UTC 
Is there any effort underway to fix this bug for RHEL5?