Description of problem: Was running a netinstall of anaconda with a kicstart file, and qemu crashes every time. Version-Release number of selected component: qemu-system-x86-1.2.0-16.fc18 Additional info: libreport version: 2.0.17 abrt_version: 2.0.17 backtrace_rating: 4 cmdline: /usr/bin/qemu-kvm -name kickstart -S -M pc-1.2 -enable-kvm -m 1024 -smp 1,sockets=1,cores=1,threads=1 -uuid 7d14ab71-9d49-dfa9-11e1-0fa9ddb03e28 -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/kickstart.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown -boot menu=off -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x5 -drive file=/opt/vm/kickstart.img,if=none,id=drive-virtio-disk0,format=raw -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x6,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=2 -drive file=/data/downloads/Fedora-20121009-x86_64-9564fab-netinst.iso,if=none,id=drive-ide0-1-0,readonly=on,format=raw -device ide-cd,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0,bootindex=1 -netdev tap,fd=23,id=hostnet0 -device rtl8139,netdev=hostnet0,id=net0,mac=52:54:00:93:8f:74,bus=pci.0,addr=0x3 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -device usb-tablet,id=input0 -vnc 127.0.0.1:0 -vga qxl -global qxl-vga.vram_size=67108864 -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x7 crash_function: qxl_send_events kernel: 3.6.3-3.fc18.x86_64 truncated backtrace: :Thread no. 1 (0 frames)
Created attachment 634946 [details] File: core_backtrace
Created attachment 634947 [details] File: environ
Created attachment 634948 [details] File: limits
Created attachment 634949 [details] File: backtrace
Created attachment 634950 [details] File: smolt_data
Created attachment 634951 [details] File: cgroup
Created attachment 634952 [details] File: executable
Created attachment 634953 [details] File: maps
Created attachment 634954 [details] File: dso_list
Created attachment 634955 [details] File: build_ids
Created attachment 634956 [details] File: proc_pid_status
Created attachment 634957 [details] File: var_log_messages
Created attachment 634958 [details] File: open_fds
I tried using this build (pointed out to me on IRC), but it didn't fix the problem: http://koji.fedoraproject.org/koji/buildinfo?buildID=362914 For reference, here's what I have installed after using that koji build: # yum list qemu* Loaded plugins: auto-update-debuginfo, langpacks, presto, refresh-packagekit Installed Packages qemu.x86_64 2:1.2.0-17.fc18 @/qemu-1.2.0-17.fc18.x86_64 (1) qemu-common.x86_64 2:1.2.0-17.fc18 @/qemu-common-1.2.0-17.fc18.x86_64 qemu-debuginfo.x86_64 2:1.2.0-17.fc18 @/qemu-debuginfo-1.2.0-17.fc18.x86_64 qemu-guest-agent.x86_64 2:1.2.0-17.fc18 @/qemu-guest-agent-1.2.0-17.fc18.x86_64 qemu-img.x86_64 2:1.2.0-17.fc18 @/qemu-img-1.2.0-17.fc18.x86_64 qemu-kvm.x86_64 2:1.2.0-17.fc18 @/qemu-kvm-1.2.0-17.fc18.x86_64 qemu-kvm-tools.x86_64 2:1.2.0-17.fc18 @/qemu-kvm-tools-1.2.0-17.fc18.x86_64 qemu-system-alpha.x86_64 2:1.2.0-17.fc18 @/qemu-system-alpha-1.2.0-17.fc18.x86_64 qemu-system-arm.x86_64 2:1.2.0-17.fc18 @/qemu-system-arm-1.2.0-17.fc18.x86_64 qemu-system-cris.x86_64 2:1.2.0-17.fc18 @/qemu-system-cris-1.2.0-17.fc18.x86_64 qemu-system-lm32.x86_64 2:1.2.0-17.fc18 @/qemu-system-lm32-1.2.0-17.fc18.x86_64 qemu-system-m68k.x86_64 2:1.2.0-17.fc18 @/qemu-system-m68k-1.2.0-17.fc18.x86_64 qemu-system-microblaze.x86_64 2:1.2.0-17.fc18 @/qemu-system-microblaze-1.2.0-17.fc18.x86_64 qemu-system-mips.x86_64 2:1.2.0-17.fc18 @/qemu-system-mips-1.2.0-17.fc18.x86_64 qemu-system-or32.x86_64 2:1.2.0-17.fc18 @/qemu-system-or32-1.2.0-17.fc18.x86_64 qemu-system-ppc.x86_64 2:1.2.0-17.fc18 @/qemu-system-ppc-1.2.0-17.fc18.x86_64 qemu-system-s390x.x86_64 2:1.2.0-17.fc18 @/qemu-system-s390x-1.2.0-17.fc18.x86_64 qemu-system-sh4.x86_64 2:1.2.0-17.fc18 @/qemu-system-sh4-1.2.0-17.fc18.x86_64 qemu-system-sparc.x86_64 2:1.2.0-17.fc18 @/qemu-system-sparc-1.2.0-17.fc18.x86_64 qemu-system-unicore32.x86_64 2:1.2.0-17.fc18 @/qemu-system-unicore32-1.2.0-17.fc18.x86_64 qemu-system-x86.x86_64 2:1.2.0-17.fc18 @/qemu-system-x86-1.2.0-17.fc18.x86_64 qemu-system-xtensa.x86_64 2:1.2.0-17.fc18 @/qemu-system-xtensa-1.2.0-17.fc18.x86_64 qemu-user.x86_64 2:1.2.0-17.fc18 @/qemu-user-1.2.0-17.fc18.x86_64
#0 0x00007f9750119ba5 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:63 resultvar = 0 pid = 3422 selftid = 3425 #1 0x00007f975011b358 in __GI_abort () at abort.c:90 save_stage = 2 act = {__sigaction_handler = {sa_handler = 0x7fffd3c39a96, sa_sigaction = 0x7fffd3c39a96}, sa_mask = {__val = {140287861435101, 140287957703928, 1717, 140286414186808, 140287860098065, 32, 140286317827648, 400, 4, 140286414186704, 0, 0, 0, 140287861434907, 140287954276352, 140287861445192}}, sa_flags = 1440914952, sa_restorer = 0x7f9755e2a3f0 <__PRETTY_FUNCTION__.31648>} sigs = {__val = {32, 0 <repeats 15 times>}} #2 0x00007f9750112972 in __assert_fail_base (fmt=0x7f975025d248 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x7f9755e29e08 "qemu_spice_display_is_running(&d->ssd)", file=file@entry=0x7f9755e29cf8 "/builddir/build/BUILD/qemu-kvm-1.2.0/hw/i386/../qxl.c", line=line@entry=1717, function=function@entry=0x7f9755e2a3f0 <__PRETTY_FUNCTION__.31648> "qxl_send_events") at assert.c:92 str = 0x7f96f4241830 "qemu-kvm: /builddir/build/BUILD/qemu-kvm-1.2.0/hw/i386/../qxl.c:1717: qxl_send_events: Assertion `qemu_spice_display_is_running(&d->ssd)' failed.\n" total = 4096 #3 0x00007f9750112a22 in __GI___assert_fail (assertion=assertion@entry=0x7f9755e29e08 "qemu_spice_display_is_running(&d->ssd)", file=file@entry=0x7f9755e29cf8 "/builddir/build/BUILD/qemu-kvm-1.2.0/hw/i386/../qxl.c", line=line@entry=1717, function=function@entry=0x7f9755e2a3f0 <__PRETTY_FUNCTION__.31648> "qxl_send_events") at assert.c:101 No locals. #4 0x00007f9755d30aad in qxl_send_events (d=d@entry=0x7f9757956610, events=events@entry=4) at /usr/src/debug/qemu-kvm-1.2.0/hw/qxl.c:1717 old_pending = <optimized out> le_events = 4 __PRETTY_FUNCTION__ = "qxl_send_events" __func__ = "qxl_send_events" #5 0x00007f9755d30de5 in interface_async_complete_io (cookie=0x7f9744000b20, qxl=0x7f9757956610) at /usr/src/debug/qemu-kvm-1.2.0/hw/qxl.c:881 current_async = 17 #6 interface_async_complete (sin=0x7f9757956ba8, cookie_token=140287657642784) at /usr/src/debug/qemu-kvm-1.2.0/hw/qxl.c:936 qxl = 0x7f9757956610 cookie = 0x7f9744000b20 __func__ = "interface_async_complete" #7 0x00007f9750bdc8dc in red_dispatcher_async_complete (dispatcher=0x7f9757978fb0, async_command=0x7f97440026a0) at red_dispatcher.c:1036 __FUNCTION__ = "red_dispatcher_async_complete" #8 0x00007f9750bdae55 in dispatcher_handle_single_read (dispatcher=0x7f9757979038) at dispatcher.c:150 ret = <optimized out> type = 27 msg = 0x7f97579793d8 ack = 4294967295 payload = 0x7f96f41d80a0 "\240&" #9 dispatcher_handle_recv_read (dispatcher=0x7f9757979038) at dispatcher.c:162 No locals. #10 0x00007f9750bfb8cc in red_worker_main (arg=<optimized out>) at red_worker.c:11782 events = <optimized out> i = <optimized out> num_events = 1 worker = 0x7f96f40008c0 __FUNCTION__ = "red_worker_main" #11 0x00007f9753d70d15 in start_thread (arg=0x7f96f9e27700) at pthread_create.c:308 __res = <optimized out> pd = 0x7f96f9e27700 now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140286414190336, -6688166254476074285, 0, 140287954321408, 140286414190336, 140287986269488, 6630195847824073427, 6629434527118582483}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = 0 pagesize_m1 = <optimized out> sp = <optimized out> freesize = <optimized out> #12 0x00007f97501d62cd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:114 Alon, here's another crash in qxl_send_events, but the reproducer and stack trace are different. Separate issue or just different manifestation of 870811? Also, if you send a patch upstream, please CC me on it. The virt test day is this thursday and I'd like to get a fix in ASAP
Cole, My connection for uploading the built packages somewhere is really slow, so if you can try this patch (on fedpkg f18 branch) and let me know if it fixes the problem I'll appreciate it: commit 3b5089c6ca808ffa7f6439f2930ea10eb61d5786 Author: Alon Levy <alevy> Date: Tue Oct 30 18:07:45 2012 +0200 wip 870811 v1 diff --git a/0001-wip-hw-qxl-inject-interrupts-in-any-state.patch b/0001-wip-hw-qxl-inject-interrupts-in-any-state.patch new file mode 100644 index 0000000..c496ddb --- /dev/null +++ b/0001-wip-hw-qxl-inject-interrupts-in-any-state.patch @@ -0,0 +1,24 @@ +From d1e800f22a4c02efd595bc558055e442e4b7b713 Mon Sep 17 00:00:00 2001 +From: Alon Levy <alevy> +Date: Tue, 30 Oct 2012 18:00:33 +0200 +Subject: [PATCH] wip: hw/qxl: inject interrupts in any state + +--- + hw/qxl.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/hw/qxl.c b/hw/qxl.c +index 620b476..aed0454 100644 +--- a/hw/qxl.c ++++ b/hw/qxl.c +@@ -1739,7 +1739,6 @@ static void qxl_send_events(PCIQXLDevice *d, uint32_t events) + uint32_t le_events = cpu_to_le32(events); + + trace_qxl_send_events(d->id, events); +- assert(qemu_spice_display_is_running(&d->ssd)); + old_pending = __sync_fetch_and_or(&d->ram->int_pending, le_events); + if ((old_pending & le_events) == le_events) { + return; +-- +1.7.12.1 + diff --git a/qemu.spec b/qemu.spec index a596ecf..e7b3d85 100644 --- a/qemu.spec +++ b/qemu.spec @@ -109,7 +109,7 @@ Summary: QEMU is a FAST! processor emulator Name: qemu Version: 1.2.0 -Release: 17%{?dist} +Release: 17wip870811v1%{?dist} # Epoch because we pushed a qemu-1.0 package. AIUI this can't ever be dropped Epoch: 2 License: GPLv2+ and LGPLv2+ and BSD @@ -467,6 +467,8 @@ Patch0800: 0800-mips-Fix-link-error-with-piix4_pm_init.patch # keep: Carrying locally until qemu-kvm is fully merged into qemu.git Patch0801: 0801-configure-Add-disable-kvm-options.patch +# Testing Testing Testing +Patch1000: 0001-wip-hw-qxl-inject-interrupts-in-any-sta.patch BuildRequires: SDL-devel BuildRequires: zlib-devel @@ -1199,6 +1201,7 @@ such as kvm_stat. %patch0800 -p1 %patch0801 -p1 +%patch1000 -p1 %build %if %{with kvmonly} @@ -1790,6 +1793,9 @@ fi %{_mandir}/man1/qemu-img.1* %changelog +* Tue Oct 30 2012 Alon Levy <alevy> - 2:1.2.0-17wip870811v1% +- Test removing assert on qxl_set_event, bz 870811 + * Sun Oct 28 2012 Cole Robinson <crobinso> - 2:1.2.0-17 - Pull patches queued for qemu 1.2.1 Alon
p.s. I see it's via a different path, but still the same underlying cause, the patch should fix it.
Alon, that seems to fix things for me, thanks! I'll push a qemu update shortly.
*** Bug 870811 has been marked as a duplicate of this bug. ***
qemu-1.2.0-18.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/qemu-1.2.0-18.fc18
Package qemu-1.2.0-18.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing qemu-1.2.0-18.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-17353/qemu-1.2.0-18.fc18 then log in and leave karma (feedback).
qemu-1.2.0-19.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/qemu-1.2.0-19.fc18
This, http://www.kraxel.org/cgit/qemu/commit/?h=rebase/spice-next&id=ee018daed87b38c28702386aaceb071d6c67a3a8 , is what's going into upstream, it is slightly different. Also, the actual fix is in spice-server, waiting for review: http://lists.freedesktop.org/archives/spice-devel/2012-November/011346.html Alon
In stable now