Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1003162
Summary: | qemu segfaults when libvirt queries query-tpm-types (i686) | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Richard W.M. Jones <rjones> |
Component: | qemu | Assignee: | Fedora Virtualization Maintainers <virt-maint> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | rawhide | CC: | amit.shah, berrange, cfergeau, crobinso, dwmw2, itamar, john_antony40, pbonzini, rjones, scottt.tw, virt-maint |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-09-04 13:09:04 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 910269 |
Description
Richard W.M. Jones
2013-08-31 10:43:25 UTC
So I realized I had an out of date repository link, hence qemu wasn't fully up to date. However, this still happens with qemu-1.6.0-5.fc21.i686 which is the latest version. Finally I managed to get a stack trace. Rawhide is especially buggy today. Thread 1 (Thread 0xb3d5b900 (LWP 4581)): #0 output_type_enum (v=0xb9810590, obj=0x10, strings=0xb7817ea0 <TpmType_lookup>, kind=0xb76c7dd0 "TpmType", name=0x0, errp=0xbfa1ddf8) at qapi/qapi-visit-core.c:306 #1 0xb7674125 in visit_type_enum (v=v@entry=0xb9810590, obj=0x10, strings=0xb7817ea0 <TpmType_lookup>, kind=kind@entry=0xb76c7dd0 "TpmType", name=name@entry=0x0, errp=errp@entry=0xbfa1ddf8) at qapi/qapi-visit-core.c:114 #2 0xb7577b74 in visit_type_TpmType (errp=0xbfa1ddf8, name=0x0, obj=<optimized out>, m=0xb9810590) at qapi-visit.c:5220 #3 visit_type_TpmTypeList (m=0xb9810590, obj=obj@entry=0xbfa1de48, name=name@entry=0xb769f952 "unused", errp=errp@entry=0xbfa1de44) at qapi-visit.c:5206 #4 0xb759211e in qmp_marshal_output_query_tpm_types (errp=0xbfa1de44, ret_out=0xbfa1dea8, ret_in=0xb9811420) at qmp-marshal.c:3795 #5 qmp_marshal_input_query_tpm_types (mon=0xb98054d0, qdict=0xb9809cd8, ret=0xbfa1dea8) at qmp-marshal.c:3817 #6 0xb7637e6a in qmp_call_cmd (cmd=<optimized out>, params=0xb9809cd8, mon=0xb98054d0) at /usr/src/debug/qemu-1.6.0/monitor.c:4501 #7 handle_qmp_command (parser=0xb980552c, tokens=0xb9805078) at /usr/src/debug/qemu-1.6.0/monitor.c:4567 #8 0xb767a6df in json_message_process_token (lexer=0xb9805530, token=0xb980ff08, type=JSON_OPERATOR, x=47, y=26) at qobject/json-streamer.c:87 #9 0xb768e29b in json_lexer_feed_char (lexer=lexer@entry=0xb9805530, ch=<optimized out>, flush=flush@entry=false) at qobject/json-lexer.c:303 #10 0xb768e3c8 in json_lexer_feed (lexer=lexer@entry=0xb9805530, buffer=buffer@entry=0xbfa1e06c "}", size=size@entry=1) at qobject/json-lexer.c:356 #11 0xb767a8fb in json_message_parser_feed (parser=0xb980552c, buffer=buffer@entry=0xbfa1e06c "}", size=size@entry=1) at qobject/json-streamer.c:110 #12 0xb76368eb in monitor_control_read (opaque=0xb98054d0, buf=0xbfa1e06c "}", size=1) at /usr/src/debug/qemu-1.6.0/monitor.c:4588 #13 0xb757f6ba in qemu_chr_be_write (len=1, buf=0xbfa1e06c "}", s=0xb9803a00) at qemu-char.c:165 #14 tcp_chr_read (chan=0xb9805bc0, cond=G_IO_IN, opaque=0xb9803a00) at qemu-char.c:2509 #15 0xb72e0876 in g_io_unix_dispatch () from /usr/lib/libglib-2.0.so.0 #16 0xb729a286 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #17 0xb7547d9a in glib_pollfds_poll () at main-loop.c:188 #18 os_host_main_loop_wait (timeout=<optimized out>) at main-loop.c:233 #19 main_loop_wait (nonblocking=1) at main-loop.c:465 #20 0xb73edd21 in main_loop () at vl.c:2090 #21 main (argc=12, argv=0xbfa1f414, envp=0xbfa1f448) at vl.c:4432 Unfortunately the full monitor command is optimized out, but looking at the stack trace it seems as if libvirt is sending the json command "query-tpm-types", and qemu is segfaulting when trying to print the reply. OK, it's a qemu bug. Here is a simple reproducer: $ qemu-system-i386 -S -nodefaults -nographic -M none -qmp stdio {"QMP": {"version": {"qemu": {"micro": 0, "minor": 6, "major": 1}, "package": ""}, "capabilities": []}} {"execute":"qmp_capabilities"} {"return": {}} {"execute":"query-status"} {"return": {"status": "prelaunch", "singlestep": false, "running": false}} {"execute":"query-tpm-types"} Segmentation fault (core dumped) Reproducer in one (long) line of code: (sleep 5; printf '{"execute":"qmp_capabilities"}\n{"execute":"query-tpm-types"}\n') | qemu-system-i386 -S -nodefaults -nographic -M none -qmp stdio For me: - Fails: Fedora qemu-1.6.0-5.fc21.i686 - Works: upstream qemu git on x86-64 - Works: upstream qemu git on i686 - Works: qemu @ v1.6.0 on i686 So it must be a patch that we're applying in Fedora, or else some stack hardening stuff. Actually it's because Fedora uses ./configure --enable-tpm Building with that flag: - Fails: Fedora qemu-1.6.0-5.fc21.i686 - Works: upstream qemu git on x86-64 - Fails: upstream qemu git on i686 - Fails: qemu @ v1.6.0 on i686 Since this is an upstream bug, I have filed a bug there: https://bugs.launchpad.net/qemu/+bug/1219207 *** Bug 998759 has been marked as a duplicate of this bug. *** I've posted a patch upstream for this. Fixed in qemu-1.6.0-6.fc21 |