abrt 1.1.1 detected a crash. architecture: x86_64 Attached file: backtrace cmdline: qemu-system-x86_64 -hda vista.img -hdb fat:rw:/tmp/share -boot c -m 1024 -monitor stdio -S component: qemu crash_function: raise executable: /usr/bin/qemu-system-x86_64 global_uuid: fef9cf2900e541145bd05df5e0c14ce067ccfec1 kernel: 2.6.33.5-124.fc13.x86_64 package: qemu-system-x86-2:0.12.3-8.fc13 rating: 4 reason: Process /usr/bin/qemu-system-x86_64 was killed by signal 6 (SIGABRT) release: Fedora release 13 (Goddard) How to reproduce ----- 1. see bug 604762 2. 3.
Created attachment 424785 [details] File: backtrace
Hm, this is fixed in 0.12.4 upstream, but we don't seem to have updated Fedora with that release. Justin, can you spin a new rpm with 0.12.4?
Ah, it's not. Justin, we need 2dedf83ef0cc3463783d6b71bf1b25476f691f3a from upstream.
Hello Tobias, Can you try out the rpm from http://koji.fedoraproject.org/koji/taskinfo?taskID=2264646 and report success or failure? Thanks.
Hey Amit. Sorry to annoy you with such a basic question, but I can't install the RPM: getfile?taskID=2264646&name=qemu-common-0.12.3-7.fc14.x86_64.rpm: does not update installed package. Examining getfile?taskID=2264646&name=qemu-system-x86-0.12.3-7.fc14.x86_64.rpm: 2:qemu-system-x86-0.12.3-7.fc14.x86_64 getfile?taskID=2264646&name=qemu-system-x86-0.12.3-7.fc14.x86_64.rpm: does not update installed package. btw: it's very cumbersome to get hold of the RPMs :( The webapp should give the correct name (i.e. not "getfile...") and it'd be nice if it didn't use ampersands and other crappy characters. Anyway, how would I test those RPMs? I can't even use rpm -i *.rpm. I wouldn't even mind building something out of spec file but I couldn't find any...
Can you try this link: http://koji.fedoraproject.org/koji/buildinfo?buildID=179153 rpm -U should succeed with the packages from there.
hm. it didn't. But I yum removed qemu and then yum installed the RPMs. Was tedious :( According to yum info qemu, I have Name : qemu Arch : x86_64 Epoch : 2 Version : 0.12.3 Release : 7.fc14 Size : 0.0 Repo : installed installed. This version, however, crashes, too. But not with a segfault but rather a double free: *** glibc detected *** qemu-system-x86_64: double free or corruption (!prev): 0x0000000000f4cac0 *** ======= Backtrace: ========= /lib64/libc.so.6[0x3021075726] qemu-system-x86_64[0x467bb1] qemu-system-x86_64[0x467b55] qemu-system-x86_64[0x4694fc] qemu-system-x86_64[0x40c7a9] qemu-system-x86_64[0x40cab6] qemu-system-x86_64[0x46425a] qemu-system-x86_64[0x40da05] /lib64/libc.so.6(__libc_start_main+0xfd)[0x302101ec5d] qemu-system-x86_64[0x4083a9] ======= Memory map: ======== 00400000-00643000 r-xp 00000000 fd:01 258076 /usr/bin/qemu-system-x86_64 00843000-00867000 rw-p 00243000 fd:01 258076 /usr/bin/qemu-system-x86_64 00867000-00c52000 rw-p 00000000 00:00 0 00c52000-00c54000 rwxp 00000000 00:00 0 00c54000-00c6d000 rw-p 00000000 00:00 0 00e90000-00faa000 rw-p 00000000 00:00 0 [heap] 419d8000-519d8000 rwxp 00000000 00:00 0 3020800000-302081e000 r-xp 00000000 fd:01 2148268579 /lib64/ld-2.12.so 3020a1e000-3020a1f000 r--p 0001e000 fd:01 2148268579 /lib64/ld-2.12.so 3020a1f000-3020a20000 rw-p 0001f000 fd:01 2148268579 /lib64/ld-2.12.so 3020a20000-3020a21000 rw-p 00000000 00:00 0 3020c00000-3020c01000 r-xp 00000000 fd:01 2159428767 /lib64/libaio.so.1.0.1 3020c01000-3020e00000 ---p 00001000 fd:01 2159428767 /lib64/libaio.so.1.0.1 3020e00000-3020e01000 rw-p 00000000 fd:01 2159428767 /lib64/libaio.so.1.0.1 3021000000-3021175000 r-xp 00000000 fd:01 2148268596 /lib64/libc-2.12.so 3021175000-3021375000 ---p 00175000 fd:01 2148268596 /lib64/libc-2.12.so 3021375000-3021379000 r--p 00175000 fd:01 2148268596 /lib64/libc-2.12.so 3021379000-302137a000 rw-p 00179000 fd:01 2148268596 /lib64/libc-2.12.so 302137a000-302137f000 rw-p 00000000 00:00 0 3021400000-3021483000 r-xp 00000000 fd:01 2148268600 /lib64/libm-2.12.so 3021483000-3021682000 ---p 00083000 fd:01 2148268600 /lib64/libm-2.12.so 3021682000-3021683000 r--p 00082000 fd:01 2148268600 /lib64/libm-2.12.so 3021683000-3021684000 rw-p 00083000 fd:01 2148268600 /lib64/libm-2.12.so 3021800000-3021817000 r-xp 00000000 fd:01 2148268623 /lib64/libpthread-2.12.so 3021817000-3021a16000 ---p 00017000 fd:01 2148268623 /lib64/libpthread-2.12.so 3021a16000-3021a17000 r--p 00016000 fd:01 2148268623 /lib64/libpthread-2.12.so 3021a17000-3021a18000 rw-p 00017000 fd:01 2148268623 /lib64/libpthread-2.12.so 3021a18000-3021a1c000 rw-p 00000000 00:00 0 3021c00000-3021c02000 r-xp 00000000 fd:01 2147828382 /lib64/libdl-2.12.so 3021c02000-3021e02000 ---p 00002000 fd:01 2147828382 /lib64/libdl-2.12.so 3021e02000-3021e03000 r--p 00002000 fd:01 2147828382 /lib64/libdl-2.12.so 3021e03000-3021e04000 rw-p 00003000 fd:01 2147828382 /lib64/libdl-2.12.so 3022000000-3022015000 r-xp 00000000 fd:01 2148268599 /lib64/libz.so.1.2.3 3022015000-3022214000 ---p 00015000 fd:01 2148268599 /lib64/libz.so.1.2.3 3022214000-3022215000 rw-p 00014000 fd:01 2148268599 /lib64/libz.so.1.2.3 3022400000-3022407000 r-xp 00000000 fd:01 2148942904 /lib64/librt-2.12.so 3022407000-3022606000 ---p 00007000 fd:01 2148942904 /lib64/librt-2.12.so 3022606000-3022607000 r--p 00006000 fd:01 2148942904 /lib64/librt-2.12.so 3022607000-3022608000 rw-p 00007000 fd:01 2148942904 /lib64/librt-2.12.so 3022800000-3022803000 r-xp 00000000 fd:01 2159432977 /usr/lib64/libpulse-simple.so.0.0.3 3022803000-3022a03000 ---p 00003000 fd:01 2159432977 /usr/lib64/libpulse-simple.so.0.0.3 3022a03000-3022a04000 rw-p 00003000 fd:01 2159432977 /usr/lib64/libpulse-simple.so.0.0.3 3022c00000-3022c16000 r-xp 00000000 fd:01 2148268634 /lib64/libresolv-2.12.so 3022c16000-3022e16000 ---p 00016000 fd:01 2148268634 /lib64/libresolv-2.12.so 3022e16000-3022e17000 r--p 00016000 fd:01 2148268634 /lib64/libresolv-2.12.so 3022e17000-3022e18000 rw-p 00017000 fd:01 2148268634 /lib64/libresolv-2.12.so 3022e18000-3022e1a000 rw-p 00000000 00:00 0 3023800000-3023939000 r-xp 00000000 fd:01 2148268607 /usr/lib64/libX11.so.6.3.0 3023939000-3023b39000 ---p 00139000 fd:01 2148268607 /usr/lib64/libX11.so.6.3.0 3023b39000-3023b3f000 rw-p 00139000 fd:01 2148268607 /usr/lib64/libX11.so.6.3.0 3023c00000-3023c1b000 r-xp 00000000 fd:01 2148268606 /usr/lib64/libxcb.so.1.1.0 3023c1b000-3023e1a000 ---p 0001b000 fd:01 2148268606 /usr/lib64/libxcb.so.1.1.0 3023e1a000-3023e1b000 rw-p 0001a000 fd:01 2148268606 /usr/lib64/libxcb.so.1.1.0 3024000000-3024002000 r-xp 00000000 fd:01 2148268605 /usr/lib64/libXau.so.6.0.0 3024002000-3024202000 ---p 00002000 fd:01 2148268605 /usr/lib64/libXau.so.6.0.0 3024202000-3024203000 rw-p 00002000 fd:01 2148268605 /usr/lib64/libXau.so.6.0.0 3024400000-302440b000 r-xp 00000000 fd:01 2148024525 /lib64/libpci.so.3.1.6 302440b000-302460b000 ---p 0000b000 fd:01 2148024525 /lib64/libpci.so.3.1.6 302460b000-302460c000 rw-p 0000b000 fd:01 2148024525 /lib64/libpci.so.3.1.6 3024800000-3024811000 r-xp 00000000 fd:01 2148268609 /usr/lib64/libXext.so.6.4.0 3024811000-3024a11000 ---p 00011000 fd:01 2148268609 /usr/lib64/libXext.so.6.4.0 3024a11000-3024a12000 rw-p 00011000 fd:01 2148268609 /usr/lib64/libXext.so.6.4.0 3025c00000-3025c0f000 r-xp 00000000 fd:01 2148268610 /usr/lib64/libXi.so.6.1.0 3025c0f000-3025e0e000 ---p 0000f000 fd:01 2148268610 /usr/lib64/libXi.so.6.1.0 3025e0e000-3025e0f000 rw-p 0000e000 fd:01 2148268610 /usr/lib64/libXi.so.6.1.0 3026000000-3026016000 r-xp 00000000 fd:01 2148268624 /lib64/libgcc_s-4.4.4-20100503.so.1 3026016000-3026215000 ---p 00016000 fd:01 2148268624 /lib64/libgcc_s-4.4.4-20100503.so.1./run.sh: line 4: 14917 Aborted (core dumped) $QEMU -hda vista.img -hdb fat:rw:/tmp/share -boot c -m 1024 -monitor stdio -S "$@" abrt doesn't show up though. muelli@bigbox ~/VirtualMachines/vista64 $ ./run.sh -snapshot GNU gdb (GDB) Fedora (7.1-26.fc13) Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/bin/qemu-system-x86_64...Reading symbols from /usr/lib/debug/usr/bin/qemu-system-x86_64.debug...done. done. (gdb) r Starting program: /usr/bin/qemu-system-x86_64 -hda vista.img -hdb fat:rw:/tmp/share -boot c -m 1024 -monitor stdio -S -snapshot [Thread debugging using libthread_db enabled] *** glibc detected *** /usr/bin/qemu-system-x86_64: double free or corruption (!prev): 0x00000000011aaac0 *** ======= Backtrace: ========= /lib64/libc.so.6[0x3021075726] /usr/bin/qemu-system-x86_64[0x467bb1] /usr/bin/qemu-system-x86_64[0x467b55] /usr/bin/qemu-system-x86_64[0x4694fc] /usr/bin/qemu-system-x86_64[0x40c7a9] /usr/bin/qemu-system-x86_64[0x40cab6] /usr/bin/qemu-system-x86_64[0x46425a] /usr/bin/qemu-system-x86_64[0x40da05] /lib64/libc.so.6(__libc_start_main+0xfd)[0x302101ec5d] /usr/bin/qemu-system-x86_64[0x4083a9] ======= Memory map: ======== 00400000-00643000 r-xp 00000000 fd:01 258076 /usr/bin/qemu-system-x86_64 00843000-00867000 rw-p 00243000 fd:01 258076 /usr/bin/qemu-system-x86_64 00867000-00c52000 rw-p 00000000 00:00 0 00c52000-00c54000 rwxp 00000000 00:00 0 00c54000-00c6d000 rw-p 00000000 00:00 0 010ee000-01208000 rw-p 00000000 00:00 0 [heap] 41398000-51398000 rwxp 00000000 00:00 0 3020800000-302081e000 r-xp 00000000 fd:01 2148268579 /lib64/ld-2.12.so 3020a1e000-3020a1f000 r--p 0001e000 fd:01 2148268579 /lib64/ld-2.12.so 3020a1f000-3020a20000 rw-p 0001f000 fd:01 2148268579 /lib64/ld-2.12.so 3020a20000-3020a21000 rw-p 00000000 00:00 0 3020c00000-3020c01000 r-xp 00000000 fd:01 2159428767 /lib64/libaio.so.1.0.1 3020c01000-3020e00000 ---p 00001000 fd:01 2159428767 /lib64/libaio.so.1.0.1 3020e00000-3020e01000 rw-p 00000000 fd:01 2159428767 /lib64/libaio.so.1.0.1 3021000000-3021175000 r-xp 00000000 fd:01 2148268596 /lib64/libc-2.12.so 3021175000-3021375000 ---p 00175000 fd:01 2148268596 /lib64/libc-2.12.so 3021375000-3021379000 r--p 00175000 fd:01 2148268596 /lib64/libc-2.12.so 3021379000-302137a000 rw-p 00179000 fd:01 2148268596 /lib64/libc-2.12.so 302137a000-302137f000 rw-p 00000000 00:00 0 3021400000-3021483000 r-xp 00000000 fd:01 2148268600 /lib64/libm-2.12.so 3021483000-3021682000 ---p 00083000 fd:01 2148268600 /lib64/libm-2.12.so 3021682000-3021683000 r--p 00082000 fd:01 2148268600 /lib64/libm-2.12.so 3021683000-3021684000 rw-p 00083000 fd:01 2148268600 /lib64/libm-2.12.so 3021800000-3021817000 r-xp 00000000 fd:01 2148268623 /lib64/libpthread-2.12.so 3021817000-3021a16000 ---p 00017000 fd:01 2148268623 /lib64/libpthread-2.12.so 3021a16000-3021a17000 r--p 00016000 fd:01 2148268623 /lib64/libpthread-2.12.so 3021a17000-3021a18000 rw-p 00017000 fd:01 2148268623 /lib64/libpthread-2.12.so 3021a18000-3021a1c000 rw-p 00000000 00:00 0 3021c00000-3021c02000 r-xp 00000000 fd:01 2147828382 /lib64/libdl-2.12.so 3021c02000-3021e02000 ---p 00002000 fd:01 2147828382 /lib64/libdl-2.12.so 3021e02000-3021e03000 r--p 00002000 fd:01 2147828382 /lib64/libdl-2.12.so 3021e03000-3021e04000 rw-p 00003000 fd:01 2147828382 /lib64/libdl-2.12.so 3022000000-3022015000 r-xp 00000000 fd:01 2148268599 /lib64/libz.so.1.2.3 3022015000-3022214000 ---p 00015000 fd:01 2148268599 /lib64/libz.so.1.2.3 3022214000-3022215000 rw-p 00014000 fd:01 2148268599 /lib64/libz.so.1.2.3 3022400000-3022407000 r-xp 00000000 fd:01 2148942904 /lib64/librt-2.12.so 3022407000-3022606000 ---p 00007000 fd:01 2148942904 /lib64/librt-2.12.so 3022606000-3022607000 r--p 00006000 fd:01 2148942904 /lib64/librt-2.12.so 3022607000-3022608000 rw-p 00007000 fd:01 2148942904 /lib64/librt-2.12.so 3022800000-3022803000 r-xp 00000000 fd:01 2159432977 /usr/lib64/libpulse-simple.so.0.0.3 3022803000-3022a03000 ---p 00003000 fd:01 2159432977 /usr/lib64/libpulse-simple.so.0.0.3 3022a03000-3022a04000 rw-p 00003000 fd:01 2159432977 /usr/lib64/libpulse-simple.so.0.0.3 3022c00000-3022c16000 r-xp 00000000 fd:01 2148268634 /lib64/libresolv-2.12.so 3022c16000-3022e16000 ---p 00016000 fd:01 2148268634 /lib64/libresolv-2.12.so 3022e16000-3022e17000 r--p 00016000 fd:01 2148268634 /lib64/libresolv-2.12.so 3022e17000-3022e18000 rw-p 00017000 fd:01 2148268634 /lib64/libresolv-2.12.so 3022e18000-3022e1a000 rw-p 00000000 00:00 0 3023800000-3023939000 r-xp 00000000 fd:01 2148268607 /usr/lib64/libX11.so.6.3.0 3023939000-3023b39000 ---p 00139000 fd:01 2148268607 /usr/lib64/libX11.so.6.3.0 3023b39000-3023b3f000 rw-p 00139000 fd:01 2148268607 /usr/lib64/libX11.so.6.3.0 3023c00000-3023c1b000 r-xp 00000000 fd:01 2148268606 /usr/lib64/libxcb.so.1.1.0 3023c1b000-3023e1a000 ---p 0001b000 fd:01 2148268606 /usr/lib64/libxcb.so.1.1.0 3023e1a000-3023e1b000 rw-p 0001a000 fd:01 2148268606 /usr/lib64/libxcb.so.1.1.0 3024000000-3024002000 r-xp 00000000 fd:01 2148268605 /usr/lib64/libXau.so.6.0.0 3024002000-3024202000 ---p 00002000 fd:01 2148268605 /usr/lib64/libXau.so.6.0.0 3024202000-3024203000 rw-p 00002000 fd:01 2148268605 /usr/lib64/libXau.so.6.0.0 3024400000-302440b000 r-xp 00000000 fd:01 2148024525 /lib64/libpci.so.3.1.6 302440b000-302460b000 ---p 0000b000 fd:01 2148024525 /lib64/libpci.so.3.1.6 302460b000-302460c000 rw-p 0000b000 fd:01 2148024525 /lib64/libpci.so.3.1.6 3024800000-3024811000 r-xp 00000000 fd:01 2148268609 /usr/lib64/libXext.so.6.4.0 3024811000-3024a11000 ---p 00011000 fd:01 2148268609 /usr/lib64/libXext.so.6.4.0 3024a11000-3024a12000 rw-p 00011000 fd:01 2148268609 /usr/lib64/libXext.so.6.4.0 3025c00000-3025c0f000 r-xp 00000000 fd:01 2148268610 /usr/lib64/libXi.so.6.1.0 3025c0f000-3025e0e000 ---p 0000f000 fd:01 2148268610 /usr/lib64/libXi.so.6.1.0 3025e0e000-3025e0f000 rw-p 0000e000 fd:01 2148268610 /usr/lib64/libXi.so.6.1.0 3026000000-3026016000 r-xp 00000000 fd:01 2148268624 /lib64/libgcc_s-4.4.4-20100503.so.1 3026016000-3026215000 ---p 00016000 fd:01 2148268624 /lib64/libgcc_s-4.4.4-20100503.so.1 Program received signal SIGABRT, Aborted. 0x00000030210329a5 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 64 return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig); Missing separate debuginfos, use: debuginfo-install libaio-0.3.109-2.fc13.x86_64 nss-softokn-freebl-3.12.6-3.fc13.x86_64 tcp_wrappers-libs-7.6-58.fc13.x86_64 (gdb) info threads * 1 Thread 0x7fb229ec7740 (LWP 23037) 0x00000030210329a5 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 (gdb) t a a bt full Thread 1 (Thread 0x7fb229ec7740 (LWP 23037)): #0 0x00000030210329a5 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 resultvar = 0 pid = 23037 selftid = 23037 #1 0x0000003021034185 in abort () at abort.c:92 save_stage = 2 act = {__sigaction_handler = {sa_handler = 0x7fff47a150a8, sa_sigaction = 0x7fff47a150a8}, sa_mask = {__val = {140734395142288, 140734395163541, 27, 206713399489, 3, 140734395142298, 6, 206713399493, 2, 140734395142286, 2, 206713392804, 1, 206713399489, 3, 140734395142294}}, sa_flags = 10, sa_restorer = 0x30211428c5} sigs = {__val = {32, 0 <repeats 15 times>}} #2 0x000000302106fe0b in __libc_message (do_abort=2, fmt=0x3021143ab8 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:186 ap = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fff47a15a10, reg_save_area = 0x7fff47a15920}} ap_copy = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fff47a15a10, reg_save_area = 0x7fff47a15920}} fd = 12 on_2 = <value optimized out> ---Type <return> to continue, or q <return> to quit--- list = <value optimized out> nlist = <value optimized out> cp = <value optimized out> written = <value optimized out> #3 0x0000003021075726 in malloc_printerr (action=3, str=0x3021143d60 "double free or corruption (!prev)", ptr=<value optimized out>) at malloc.c:6283 buf = "00000000011aaac0" cp = <value optimized out> #4 0x0000000000467bb1 in bdrv_close (bs=0x11aa1d0) at block.c:513 No locals. #5 0x0000000000467b55 in bdrv_delete (bs=0x11aa1d0) at block.c:539 pbs = <value optimized out> #6 0x00000000004694fc in bdrv_open2 (bs=0x11a98e0, filename=0x10ef170 "fat:rw:/tmp/share", flags=72, drv=0x0) at block.c:391 total_size = 1032192 is_protocol = 1 bs1 = <value optimized out> bdrv_qcow2 = <value optimized out> options = <value optimized out> ret = <value optimized out> open_flags = <value optimized out> try_rw = <value optimized out> ---Type <return> to continue, or q <return> to quit--- tmp_filename = "/tmp/vl.AZRBQv\000\377\000\000V\301\001A`\000\260\225\241G\377\177\000\000 \226\241G\377\177\000\000\001\000\000\000\000\000\000\000@l\241G\377\177\000\000\n\v@+0\000\000\000\250\006\355)\262\177\000\000}\302\200 0", '\000' <repeats 27 times>"\306, \340\200 0\000\000\000\270\377\241 0\000\000\000ؕ\241G\377\177\000\000\340\225\241G\377\177\000\000G\377\177\000\000@\302\200 0\000\000\000\260\225\241G\377\177\000\000\000\000\000\000\000\000\000\000\070\022\241$0\000\000\000 \226\241G\377\177\000\000dʀ 0\000\000\000\000`\355)\262\177\000\000\220i\355)\262\177\000\000\000\000\000\000\000\000\000\000\n\v@+0\000\000\000\250\006\355)\262\177\000\000\000\000 \326B\217\376\377\000\000V\301\001A`\000N\000\000\000\022", '\000' <repeats 11 times>"\260, \225\241G\377\177\000\000 \226\241G\377\177\000\000"... backing_filename = "/home/muelli/VirtualMachines/vista64/vista.img", '\000' <repeats 922 times>"\314, \355\200 0", '\000' <repeats 11 times>"\251, \a\000$0\000\000\000\000\300\354)\262\177\000\000B|\200 0", '\000' <repeats 35 times>"\205, \070@!0\000\000\000\001", '\000' <repeats 143 times>"\314, \355\200 0", '\000' <repeats 11 times>, "P\f\340\301\066\000\000\000\340\325\354)\262\177\000\000B|\200 0", '\000' <repeats 35 times>"\205, \070@!0\000\000\000\001", '\000' <repeats 175 times>"\314, \355\200 0", '\000' <repeats 11 times>, "K\021\300\061\060\000\000\000\000\320\354)\262\177\000\000B|\200 0", '\000' <repeats 35 times>"\205"... #7 0x000000000040c7a9 in drive_init (opts=<value optimized out>, opaque=<value optimized out>, fatal_error=0x7fff47a1847c) at /usr/src/debug/qemu-kvm-0.12.3/vl.c:2474 buf = <value optimized out> file = 0x10ef170 "fat:rw:/tmp/share" ---Type <return> to continue, or q <return> to quit--- devname = "ide\000\000\000\000\000\200\256\067!0\000\000\000c\352Z\000\000\000\000\000\003\000\000\000\000\000\000\000\t\000\000\000\000\000\000\000\t\000\000\000\000\000\000\000\340\377\205\000\000\000\000\000\355\232\a!0\000\000\000\060\061\017\001\000\000\000\000c\352Z\000\000\000\000\000\003\000\000\000\000\000\000\000\020JF", '\000' <repeats 13 times>, "x@F\000\000\000\000\000\060\061\017\001\000\000\000\000\060\061\017\001\000\000\000" serial = 0x0 mediastr = <value optimized out> type = IF_IDE media = MEDIA_DISK bus_id = <value optimized out> unit_id = <value optimized out> cyls = 0 heads = 0 secs = 0 translation = 0 drv = 0x0 machine = <value optimized out> max_devs = <value optimized out> index = 1 cache = 1 aio = 0 ro = 0 ---Type <return> to continue, or q <return> to quit--- bdrv_flags = 72 on_read_error = <value optimized out> on_write_error = 2 devaddr = 0x0 dinfo = 0x10f4d00 is_extboot = 0 snapshot = 1 #8 0x000000000040cab6 in drive_init_func (opts=<value optimized out>, opaque=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.3/vl.c:2491 machine = <value optimized out> fatal_error = 1 #9 0x000000000046425a in qemu_opts_foreach (list=<value optimized out>, func=0x40caa0 <drive_init_func>, opaque=0x854040, abort_on_failure=<value optimized out>) at qemu-option.c:817 opts = 0x10eefd0 rc = <value optimized out> #10 0x000000000040da05 in main (argc=13, argv=<value optimized out>, envp=<value optimized out>) at /usr/src/debug/qemu-kvm-0.12.3/vl.c:5995 gdbstub_dev = <value optimized out> i = <value optimized out> snapshot = <value optimized out> linux_boot = 0 initrd_filename = <value optimized out> ---Type <return> to continue, or q <return> to quit--- kernel_filename = <value optimized out> kernel_cmdline = <value optimized out> boot_devices = "c\000d", '\000' <repeats 29 times> ds = <value optimized out> dcl = <value optimized out> cyls = <value optimized out> heads = <value optimized out> secs = <value optimized out> translation = <value optimized out> hda_opts = <value optimized out> opts = <value optimized out> optind = <value optimized out> r = <value optimized out> optarg = <value optimized out> loadvm = <value optimized out> machine = 0x854040 cpu_model = <value optimized out> fds = {1201768112, 32767} tb_size = <value optimized out> pid_file = <value optimized out> incoming = <value optimized out> fd = 0 pwd = 0x0 ---Type <return> to continue, or q <return> to quit--- chroot_dir = <value optimized out> run_as = <value optimized out> env = <value optimized out> (gdb) (gdb) If I don't give the -snapshot parameter, it seems to work though. The vvfat thing seems to be fixed as it works if I give that parameter alone. Also, -snapshot works if I give it w/o the vvfat parameter.
OK; I'll have to see if this is already fixed or if this is a new thing -- but as long as the vvfat thing is fixed, it's all good. I'll push the fix to the F13 build as well, so that the update process doesn't have to be tedious for others.
FWIW: I've just built qemu from git and it crashes with that double-free, too.
seabios-0.6.0-1.fc13,gpxe-1.0.1-1.fc13,qemu-0.12.5-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/seabios-0.6.0-1.fc13,gpxe-1.0.1-1.fc13,qemu-0.12.5-1.fc13
seabios-0.6.0-1.fc13, gpxe-1.0.1-1.fc13, qemu-0.12.5-1.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update seabios gpxe qemu'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/seabios-0.6.0-1.fc13,gpxe-1.0.1-1.fc13,qemu-0.12.5-1.fc13
seabios-0.6.0-1.fc13, gpxe-1.0.1-1.fc13, qemu-0.12.5-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.