Bug 442062 - coredump with qemu_mod_timer
Summary: coredump with qemu_mod_timer
Alias: None
Product: Fedora
Classification: Fedora
Component: kvm
Version: 9
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Glauber Costa
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2008-04-11 15:14 UTC by Zdenek Kabelac
Modified: 2009-06-11 08:26 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-06-11 08:26:59 UTC
Type: ---

Attachments (Terms of Use)

Description Zdenek Kabelac 2008-04-11 15:14:37 UTC
Description of problem:

KVM generated another different coredump with user network

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:

Core was generated by `qemu-kvm -s -m 320 -smp 2 -net nic,model=pcnet -net user
-redir tcp:2222::22 -s'.
Program terminated with signal 11, Segmentation fault.
[New process 32224]
[New process 32233]
[New process 32219]
#0  0x0000000000407a49 in qemu_mod_timer (ts=0x2e94080,
expire_time=3155428127584) at /usr/src/debug/kvm-64/qemu/vl.c:1072
1072	    if ((alarm_timer->flags & ALARM_FLAG_EXPIRED) == 0 &&
Missing separate debuginfos, use: debuginfo-install SDL.x86_64 alsa-lib.x86_64
gnutls.x86_64 libX11.x86_64 libXau.x86_64 libXcursor.x86_64 libXdmcp.x86_64
libXext.x86_64 libXfixes.x86_64 libXrandr.x86_64 libXrender.x86_64
libgcrypt.x86_64 libgpg-error.x86_64 libtasn1.x86_64 libxcb.x86_64 zlib.x86_64
(gdb) bt
#0  0x0000000000407a49 in qemu_mod_timer (ts=0x2e94080,
expire_time=3155428127584) at /usr/src/debug/kvm-64/qemu/vl.c:1072
#1  0x0000000000425c10 in pcnet_ioport_writew (opaque=0x0, addr=2922132320,
    at /usr/src/debug/kvm-64/qemu/hw/pcnet.c:1617
#2  0x0000000000503521 in kvm_outw (opaque=<value optimized out>, addr=13152,
    at /usr/src/debug/kvm-64/qemu/qemu-kvm.c:466
#3  0x000000000051fb70 in kvm_run (kvm=0x2dbd030, vcpu=1) at libkvm.c:724
#4  0x0000000000502e56 in kvm_cpu_exec (env=<value optimized out>) at
#5  0x00000000005039f5 in kvm_main_loop_cpu (env=0x2e85010) at
#6  0x0000000000503b70 in ap_main_loop (_env=<value optimized out>) at
#7  0x000000303c60740a in start_thread (arg=<value optimized out>) at
#8  0x000000303bae678d in clone () from /lib64/libc.so.6

Comment 1 Jeremy Katz 2008-04-11 15:23:30 UTC
Can you see if kvm-65 helps?

Comment 2 Zdenek Kabelac 2008-04-12 08:40:00 UTC
I will see, but I do not have a testcase, to easily check that bug will not
happen again. BTW - I've already tested kvm-65 build by myself from git - and
there was still present my other reported coredump  with user network.

Comment 3 Zdenek Kabelac 2008-04-29 13:32:51 UTC
Happened to me again with kvm-65 (using very latest Linus git kernel tree)
Using bridged networking

warning: Can't read pathname for load map: Input/output error.
Core was generated by `qemu-kvm -boot n -s -M pc -monitor stdio -m 260 -smp 2
-net nic,model=pcnet,mac'.
Program terminated with signal 11, Segmentation fault.
[New process 14733]
[New process 14759]
[New process 14734]
[New process 14709]
#0  0x00000000004079f9 in qemu_mod_timer (ts=0x2e5ea30, expire_time=228088830895)
    at /usr/src/debug/kvm-65/qemu/vl.c:1072
1072	    if ((alarm_timer->flags & ALARM_FLAG_EXPIRED) == 0 &&
(gdb) bt
#0  0x00000000004079f9 in qemu_mod_timer (ts=0x2e5ea30, expire_time=228088830895)
    at /usr/src/debug/kvm-65/qemu/vl.c:1072
#1  0x0000000000425c6d in pcnet_ioport_readw (opaque=0x0, addr=455564207) at
#2  0x000000000050356e in kvm_inw (opaque=<value optimized out>, addr=23471,
    at /usr/src/debug/kvm-65/qemu/qemu-kvm.c:466
#3  0x000000000051fb68 in kvm_run (kvm=0x2dbb040, vcpu=0) at libkvm.c:704
#4  0x0000000000502f16 in kvm_cpu_exec (env=<value optimized out>) at
#5  0x0000000000503ba0 in ap_main_loop (_env=<value optimized out>) at
#6  0x0000003a6d80729a in ?? ()
#7  0x0000000040ccc950 in ?? ()
#8  0x0000000000000000 in ?? ()

Comment 4 Zdenek Kabelac 2008-04-29 13:35:52 UTC
I should add that this crash dump might not be related to the previous - as it
happened during qemu exit.

(gdb) print alarm_timer
$1 = (struct qemu_alarm_timer *) 0x0

Thus it looks like access to most probably already destroyed structure.
Assuming some wrong close order.

Comment 5 Bug Zapper 2008-05-14 09:18:52 UTC
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:

Comment 6 Bug Zapper 2009-06-10 00:08:43 UTC
This message is a reminder that Fedora 9 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 9.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '9'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 9's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 9 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 

Comment 7 Zdenek Kabelac 2009-06-11 08:01:01 UTC
This bugzilla is fixed in the F11 - and could be probably closed

Comment 8 Mark McLoughlin 2009-06-11 08:26:59 UTC
Thanks Zdenek, sorry we let this one drop

Note You need to log in before you can comment on or make changes to this bug.