Bug 442049 - User network crashes
Summary: User network crashes
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: kvm
Version: 9
Hardware: x86_64
OS: Linux
low
low
Target Milestone: ---
Assignee: Glauber Costa
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-04-11 14:18 UTC by Zdenek Kabelac
Modified: 2009-07-14 15:21 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-07-14 15:21:10 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Zdenek Kabelac 2008-04-11 14:18:19 UTC 
Description of problem:

Occasionaly amongst other problems with KVM I get sometimes this crash related
to my  -net user usage on 64bit platform
Backtrace included

Version-Release number of selected component (if applicable):
kvm-64-3.fc9.x86_64

How reproducible:


Steps to Reproduce:
1.qemu-kvm -s -m 320 -smp 2 -net nic,model=pcnet -net user -redir tcp:2222::22 -s
2.
3.
  
Actual results:


Expected results:


Additional info:

Core was generated by `qemu-kvm -s -m 320 -smp 2 -net nic,model=pcnet -net user
-redir tcp:2222::22 -s'.
Program terminated with signal 11, Segmentation fault.
[New process 26454]
[New process 26468]
[New process 26459]
#0  0x000000000047c33c in tcp_reass (tp=0x7f5250001860, ti=0x50001860, m=0x0) at
slirp/tcp_input.c:208
208		if (ti == (struct tcpiphdr *)tp || ti->ti_seq != tp->rcv_nxt)
Missing separate debuginfos, use: debuginfo-install SDL.x86_64 alsa-lib.x86_64
gnutls.x86_64 libX11.x86_64 libXau.x86_64 libXcursor.x86_64 libXdmcp.x86_64
libXext.x86_64 libXfixes.x86_64 libXrandr.x86_64 libXrender.x86_64
libgcrypt.x86_64 libgpg-error.x86_64 libtasn1.x86_64 libxcb.x86_64 zlib.x86_64

#0  0x000000000047c33c in tcp_reass (tp=0x7f5250001860, ti=0x50001860, m=0x0) at
slirp/tcp_input.c:208
#1  0x000000000047d098 in tcp_input (m=0x30ac020, iphlen=<value optimized out>,
inso=<value optimized out>)
    at slirp/tcp_input.c:1052
#2  0x000000000040ab01 in qemu_send_packet (vc1=0x2e940b0, buf=0x2f96d58 "RT",
size=54) at /usr/src/debug/kvm-64/qemu/vl.c:3758
#3  0x0000000000424517 in pcnet_transmit (s=0x2f96990) at
/usr/src/debug/kvm-64/qemu/hw/pcnet.c:1272
#4  0x0000000000425498 in pcnet_poll_timer (opaque=<value optimized out>) at
/usr/src/debug/kvm-64/qemu/hw/pcnet.c:1335
#5  0x0000000000425c10 in pcnet_ioport_writew (opaque=0x7f5250001860, addr=0,
val=1341216394)
    at /usr/src/debug/kvm-64/qemu/hw/pcnet.c:1617
#6  0x0000000000503521 in kvm_outw (opaque=<value optimized out>, addr=0,
data=22154)
    at /usr/src/debug/kvm-64/qemu/qemu-kvm.c:466
#7  0x000000000051fb70 in kvm_run (kvm=0x2dbd030, vcpu=0) at libkvm.c:724
#8  0x0000000000502e56 in kvm_cpu_exec (env=<value optimized out>) at
/usr/src/debug/kvm-64/qemu/qemu-kvm.c:134
#9  0x00000000005039f5 in kvm_main_loop_cpu (env=0x2e59300) at
/usr/src/debug/kvm-64/qemu/qemu-kvm.c:314
#10 0x00000000004129e5 in main (argc=<value optimized out>, argv=<value
optimized out>) at /usr/src/debug/kvm-64/qemu/vl.c:7975
Comment 1 Zdenek Kabelac 2008-04-16 15:47:17 UTC 
add with new lastest kvm-65

happend again:
Core was generated by `qemu-kvm -s -m 260 -smp 2 -net nic,model=pcnet -net user
-redir tcp:2222::22 -s'.
Program terminated with signal 11, Segmentation fault.
[New process 19992]
[New process 20002]
[New process 19986]
[New process 19991]
#0  0x000000000047c3bc in tcp_reass (tp=0x7febcc092e50, ti=0xcc092e50, m=0x0) at
slirp/tcp_input.c:208
208		if (ti == (struct tcpiphdr *)tp || ti->ti_seq != tp->rcv_nxt)
Missing separate debuginfos, use: debuginfo-install SDL.x86_64 alsa-lib.x86_64
gnutls.x86_64 libX11.x86_64 libXau.x86_64 libXcursor.x86_64 libXdmcp.x86_64
libXext.x86_64 libXfixes.x86_64 libXrandr.x86_64 libXrender.x86_64
libgcrypt.x86_64 libgpg-error.x86_64 libtasn1.x86_64 libxcb.x86_64 zlib.x86_64
(gdb) bt
#0  0x000000000047c3bc in tcp_reass (tp=0x7febcc092e50, ti=0xcc092e50, m=0x0) at
slirp/tcp_input.c:208
#1  0x000000000047d118 in tcp_input (m=0x2ea2680, iphlen=<value optimized out>,
inso=<value optimized out>) at slirp/tcp_input.c:1052
#2  0x0000000000409b81 in qemu_send_packet (vc1=0x2e90630, buf=0x2f65d58 "RT",
size=54) at /usr/src/debug/kvm-65/qemu/vl.c:3758
#3  0x00000000004244c7 in pcnet_transmit (s=0x2f65990) at
/usr/src/debug/kvm-65/qemu/hw/pcnet.c:1272
#4  0x0000000000425448 in pcnet_poll_timer (opaque=<value optimized out>) at
/usr/src/debug/kvm-65/qemu/hw/pcnet.c:1335
#5  0x0000000000425bc0 in pcnet_ioport_writew (opaque=0x7febcc092e50, addr=0,
val=1267826001) at /usr/src/debug/kvm-65/qemu/hw/pcnet.c:1617
#6  0x0000000000503631 in kvm_outw (opaque=<value optimized out>, addr=0,
data=32081) at /usr/src/debug/kvm-65/qemu/qemu-kvm.c:515
#7  0x000000000051fc30 in kvm_run (kvm=0x2dbd030, vcpu=1) at libkvm.c:721
#8  0x0000000000502f16 in kvm_cpu_exec (env=<value optimized out>) at
/usr/src/debug/kvm-65/qemu/qemu-kvm.c:146
#9  0x0000000000503ba0 in ap_main_loop (_env=<value optimized out>) at
/usr/src/debug/kvm-65/qemu/qemu-kvm.c:330
#10 0x0000003a6d80729a in start_thread (arg=<value optimized out>) at
pthread_create.c:297
#11 0x0000003a6cce42bd in clone () from /lib64/libc.so.6
Comment 2 Daniel Berrangé 2008-04-16 15:56:39 UTC 
SLIRP  networking found to be broken on 64-bit. News at 11.

Seriously though, QEMU's  user networking uses 'slirp'. This is some of the most
unmaitaininable code around and has lots of bad assumptions about pointer vs
integer sizes. Many people have tried to make it work reliably on 64bit and
basically failed.

The only viable solution is to simply not use 'user' networking in QEMU.
Comment 3 Bug Zapper 2008-05-14 09:18:40 UTC 
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 4 Bug Zapper 2009-06-10 00:08:36 UTC 
This message is a reminder that Fedora 9 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 9.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '9'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 9's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 9 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 5 Bug Zapper 2009-07-14 15:21:10 UTC 
Fedora 9 changed to end-of-life (EOL) status on 2009-07-10. Fedora 9 is 
no longer maintained, which means that it will not receive any further 
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of 
Fedora please feel free to reopen this bug against that version.

Thank you for reporting this bug and we are sorry it could not be fixed.
Note You need to log in before you can comment on or make changes to this bug.