Description of problem: When 32 bit rawhide boots, you can see lots of segfaults (apparently coming from libvirtd as it tries to test for capabilities): [ 88.578661] qemu-system-alp[995]: segfault at 10 ip b7641bd9 sp bfbf1a60 error 4 in qemu-system-alpha[b737f000+3c3000] [ 89.270417] qemu-system-arm[999]: segfault at 10 ip b75f8bc9 sp bff75fe0 error 4 in qemu-system-arm[b725f000+4de000] [ 90.353598] qemu-system-cri[1005]: segfault at 10 ip b7684039 sp bf8f2990 error 4 in qemu-system-cris[b749f000+2a1000] [ 91.350915] qemu-system-i38[1023]: segfault at 10 ip b75f0459 sp bfe10d80 error 4 in qemu-system-i386[b727d000+495000] [ 92.324018] qemu-system-lm3[1035]: segfault at 10 ip b771c569 sp bf97e760 error 4 in qemu-system-lm32[b7543000+294000] [ 93.246371] qemu-system-m68[1041]: segfault at 10 ip b7669169 sp bfdb3c30 error 4 in qemu-system-m68k[b73de000+380000] [ 94.066910] qemu-system-mic[1045]: segfault at 10 ip b7720219 sp bf9ea0c0 error 4 in qemu-system-microblaze[b7542000+298000] [ 94.824833] qemu-system-mic[1055]: segfault at 10 ip b7733ef9 sp bfcbca00 error 4 in qemu-system-microblazeel[b7556000+298000] [ 95.392414] qemu-system-mip[1081]: segfault at 10 ip b7697a79 sp bf80e6a0 error 4 in qemu-system-mips[b7344000+467000] [ 95.979270] qemu-system-mip[1089]: segfault at 10 ip b76c6669 sp bfcd1900 error 4 in qemu-system-mipsel[b7373000+467000] [ 96.558308] qemu-system-mip[1121]: segfault at 10 ip b76975a9 sp bfddfec0 error 4 in qemu-system-mips64[b72c6000+4e8000] [ 97.102704] qemu-system-mip[1129]: segfault at 10 ip b76cf139 sp bfba8540 error 4 in qemu-system-mips64el[b72fb000+4eb000] [ 97.664494] qemu-system-ppc[1161]: segfault at 10 ip b75f21a9 sp bfef3fb0 error 4 in qemu-system-ppc[b7226000+500000] [ 98.753931] qemu-system-ppc[1183]: segfault at 10 ip b766ab69 sp bfd75fa0 error 4 in qemu-system-ppc64[b71b2000+5f7000] [ 99.352690] qemu-system-ppc[1204]: segfault at 10 ip b7626439 sp bfb8b6f0 error 4 in qemu-system-ppcemb[b725d000+4fd000] [ 99.884794] qemu-system-s39[1233]: segfault at 10 ip b7693329 sp bfe74650 error 4 in qemu-system-s390x[b7472000+2ec000] [ 100.426612] qemu-system-sh4[1244]: segfault at 10 ip b7654f79 sp bfd95340 error 4 in qemu-system-sh4[b73bc000+38e000] [ 101.036654] qemu-system-sh4[1268]: segfault at 10 ip b76b7369 sp bfb338b0 error 4 in qemu-system-sh4eb[b741e000+38e000] [ 101.816074] qemu-system-spa[1303]: segfault at 10 ip b7717cb9 sp bf91d8f0 error 4 in qemu-system-sparc[b7517000+2c1000] [ 102.381421] qemu-system-spa[1352]: segfault at 10 ip b76311b9 sp bfdfd370 error 4 in qemu-system-sparc64[b735b000+3d0000] [ 102.888573] qemu-system-uni[1358]: segfault at 10 ip b7689679 sp bf86de30 error 4 in qemu-system-unicore32[b74bb000+285000] [ 103.326221] qemu-system-x86[1366]: segfault at 10 ip b7680869 sp bffb88e0 error 4 in qemu-system-x86_64[b72d1000+4d2000] [ 103.837951] qemu-system-xte[1398]: segfault at 10 ip b7704a79 sp bfaf10e0 error 4 in qemu-system-xtensa[b752a000+294000] [ 104.329860] qemu-system-xte[1406]: segfault at 10 ip b7726c19 sp bffd4150 error 4 in qemu-system-xtensaeb[b754c000+294000] However just running qemu works OK, so still investigating. Version-Release number of selected component (if applicable): qemu-1.6.0-1.fc20.i686 How reproducible: Unknown. Steps to Reproduce: Unknown.
So I realized I had an out of date repository link, hence qemu wasn't fully up to date. However, this still happens with qemu-1.6.0-5.fc21.i686 which is the latest version.
Finally I managed to get a stack trace. Rawhide is especially buggy today. Thread 1 (Thread 0xb3d5b900 (LWP 4581)): #0 output_type_enum (v=0xb9810590, obj=0x10, strings=0xb7817ea0 <TpmType_lookup>, kind=0xb76c7dd0 "TpmType", name=0x0, errp=0xbfa1ddf8) at qapi/qapi-visit-core.c:306 #1 0xb7674125 in visit_type_enum (v=v@entry=0xb9810590, obj=0x10, strings=0xb7817ea0 <TpmType_lookup>, kind=kind@entry=0xb76c7dd0 "TpmType", name=name@entry=0x0, errp=errp@entry=0xbfa1ddf8) at qapi/qapi-visit-core.c:114 #2 0xb7577b74 in visit_type_TpmType (errp=0xbfa1ddf8, name=0x0, obj=<optimized out>, m=0xb9810590) at qapi-visit.c:5220 #3 visit_type_TpmTypeList (m=0xb9810590, obj=obj@entry=0xbfa1de48, name=name@entry=0xb769f952 "unused", errp=errp@entry=0xbfa1de44) at qapi-visit.c:5206 #4 0xb759211e in qmp_marshal_output_query_tpm_types (errp=0xbfa1de44, ret_out=0xbfa1dea8, ret_in=0xb9811420) at qmp-marshal.c:3795 #5 qmp_marshal_input_query_tpm_types (mon=0xb98054d0, qdict=0xb9809cd8, ret=0xbfa1dea8) at qmp-marshal.c:3817 #6 0xb7637e6a in qmp_call_cmd (cmd=<optimized out>, params=0xb9809cd8, mon=0xb98054d0) at /usr/src/debug/qemu-1.6.0/monitor.c:4501 #7 handle_qmp_command (parser=0xb980552c, tokens=0xb9805078) at /usr/src/debug/qemu-1.6.0/monitor.c:4567 #8 0xb767a6df in json_message_process_token (lexer=0xb9805530, token=0xb980ff08, type=JSON_OPERATOR, x=47, y=26) at qobject/json-streamer.c:87 #9 0xb768e29b in json_lexer_feed_char (lexer=lexer@entry=0xb9805530, ch=<optimized out>, flush=flush@entry=false) at qobject/json-lexer.c:303 #10 0xb768e3c8 in json_lexer_feed (lexer=lexer@entry=0xb9805530, buffer=buffer@entry=0xbfa1e06c "}", size=size@entry=1) at qobject/json-lexer.c:356 #11 0xb767a8fb in json_message_parser_feed (parser=0xb980552c, buffer=buffer@entry=0xbfa1e06c "}", size=size@entry=1) at qobject/json-streamer.c:110 #12 0xb76368eb in monitor_control_read (opaque=0xb98054d0, buf=0xbfa1e06c "}", size=1) at /usr/src/debug/qemu-1.6.0/monitor.c:4588 #13 0xb757f6ba in qemu_chr_be_write (len=1, buf=0xbfa1e06c "}", s=0xb9803a00) at qemu-char.c:165 #14 tcp_chr_read (chan=0xb9805bc0, cond=G_IO_IN, opaque=0xb9803a00) at qemu-char.c:2509 #15 0xb72e0876 in g_io_unix_dispatch () from /usr/lib/libglib-2.0.so.0 #16 0xb729a286 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #17 0xb7547d9a in glib_pollfds_poll () at main-loop.c:188 #18 os_host_main_loop_wait (timeout=<optimized out>) at main-loop.c:233 #19 main_loop_wait (nonblocking=1) at main-loop.c:465 #20 0xb73edd21 in main_loop () at vl.c:2090 #21 main (argc=12, argv=0xbfa1f414, envp=0xbfa1f448) at vl.c:4432
Unfortunately the full monitor command is optimized out, but looking at the stack trace it seems as if libvirt is sending the json command "query-tpm-types", and qemu is segfaulting when trying to print the reply.
OK, it's a qemu bug. Here is a simple reproducer: $ qemu-system-i386 -S -nodefaults -nographic -M none -qmp stdio {"QMP": {"version": {"qemu": {"micro": 0, "minor": 6, "major": 1}, "package": ""}, "capabilities": []}} {"execute":"qmp_capabilities"} {"return": {}} {"execute":"query-status"} {"return": {"status": "prelaunch", "singlestep": false, "running": false}} {"execute":"query-tpm-types"} Segmentation fault (core dumped)
Reproducer in one (long) line of code: (sleep 5; printf '{"execute":"qmp_capabilities"}\n{"execute":"query-tpm-types"}\n') | qemu-system-i386 -S -nodefaults -nographic -M none -qmp stdio For me: - Fails: Fedora qemu-1.6.0-5.fc21.i686 - Works: upstream qemu git on x86-64 - Works: upstream qemu git on i686 - Works: qemu @ v1.6.0 on i686 So it must be a patch that we're applying in Fedora, or else some stack hardening stuff.
Actually it's because Fedora uses ./configure --enable-tpm Building with that flag: - Fails: Fedora qemu-1.6.0-5.fc21.i686 - Works: upstream qemu git on x86-64 - Fails: upstream qemu git on i686 - Fails: qemu @ v1.6.0 on i686 Since this is an upstream bug, I have filed a bug there: https://bugs.launchpad.net/qemu/+bug/1219207
*** Bug 998759 has been marked as a duplicate of this bug. ***
I've posted a patch upstream for this.
Fixed in qemu-1.6.0-6.fc21