Subject: kqemu raises kernel bug, crashed qemu with segfault Package: kqemu Version: 1.4.0~pre1-1 Severity: important
With the kqemu module already installed (with no options, just
"modprobe -v kqemu"), I launched qemu as a non-privileged user like
this and immediately got a segmentation fault:
qemu -vnc 127.0.1.17:1236 -cdrom /srv/isos/openbsd/install43.iso -boot d -name
openbsdtest -net nic -net user,hostname=openbsdtest -redir tcp:1265::22
-no-reboot -serial stdio -hdachs 6000,16,63 hda
even more worrisomely, this raised the kernel's console contains this
information:
[ 101.581665] QEMU Accelerator Module version 1.4.0, Copyright (c) 2005-2008
Fabrice Bellard
[ 101.590428] KQEMU installed, max_locked_mem=188964kB.
[ 181.199505] BUG: unable to handle kernel NULL pointer dereference at 00000001
[ 181.208824] IP: [<d8242d68>] :kqemu:memcpy+0x18/0x30
[ 181.214074] *pde = 00000000
[ 181.216270] Oops: 0002 [#1]
[ 181.216270] Modules linked in: kqemu ipv6 video output ac battery loop
button snd_via82xx gameport snd_ac97_codec ac97_bus snd_pcm snd_timer
snd_page_alloc snd_mpu401_uart via_ircc snd_rawmidi snd_seq_device i2c_viapro
i2c_core snd irda soundcore crc_ccitt vt8231 via_agp parport_pc agpgart shpchp
parport pci_hotplug pcspkr evdev ext3 jbd mbcache ide_disk ata_generic libata
scsi_mod dock ide_pci_generic uhci_hcd via82cxxx via_rhine mii ide_core usbcore
thermal processor fan thermal_sys
[ 181.216270]
[ 181.216270] Pid: 1834, comm: qemu Not tainted (2.6.26-1-486 #1)
[ 181.216270] EIP: 0060:[<d8242d68>] EFLAGS: 00210246 CPU: 0
[ 181.216270] EIP is at memcpy+0x18/0x30 [kqemu]
[ 181.216270] EAX: 0000002f EBX: d5f877e4 ECX: d5f877e4 EDX: 00000000
[ 181.216270] ESI: 00000001 EDI: d6341960 EBP: d6674974 ESP: d6e3de78
[ 181.216270] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068
[ 181.216270] Process qemu (pid: 1834, ti=d6e3c000 task=d6c7f000
task.ti=d6e3c000)
[ 181.216270] Stack: d5f877e0 d6341960 d82420c3 00000001 d5f877e4 d5f877e4
c02c26a0 00000000
[ 181.216270] c0214684 00000000 d6ca2a20 d6674974 d6341960 c016788c
0000003c d6341960
[ 181.216270] d6674974 00000000 c01677cb c01642ce d6c0d0a0 d6a3fbd4
d6e3df14 d6341960
[ 181.216270] Call Trace:
[ 181.216270] [<d82420c3>] kqemu_open+0x41/0x53 [kqemu]
[ 181.216270] [<c0214684>] misc_open+0xe6/0x13a
[ 181.216270] [<c016788c>] chrdev_open+0xc1/0xf6
[ 181.216270] [<c01677cb>] chrdev_open+0x0/0xf6
[ 181.216270] [<c01642ce>] __dentry_open+0xff/0x1e7
[ 181.216270] [<c01643d2>] nameidata_to_filp+0x1c/0x2c
[ 181.216270] [<c016e285>] do_filp_open+0x33d/0x648
[ 181.216270] [<c0155ceb>] handle_mm_fault+0x28e/0x5d2
[ 181.216270] [<c011388e>] do_page_fault+0x0/0x5ea
[ 181.216270] [<c01640f3>] do_sys_open+0x40/0xb6
[ 181.216270] [<c01641ad>] sys_open+0x1e/0x23
[ 181.216270] [<c01037b2>] syscall_call+0x7/0xb
[ 181.216270] =======================
[ 181.216270] Code: 81 5c 88 00 00 89 d0 c1 e0 0c 03 01 f3 c3 90 8d 74 26 00
56 53 8b 4c 24 14 8b 74 24 0c 8b 5c 24 10 85 c9 74 10 31 d2 0f b6 04 1a <88> 04
32 83 c2 01 39 ca 75 f2 89 f0 5b 5e c3 89 f6 8d bc 27 00
[ 181.216270] EIP: [<d8242d68>] memcpy+0x18/0x30 [kqemu] SS:ESP 0068:d6e3de78
[ 181.429379] ---[ end trace 3bf003b0170603af ]---
fwiw, this is on a machine with a VIA Samuel processor with 384MB of
RAM:
0 [EMAIL PROTECTED]:~$ cat /proc/cpuinfo
processor : 0
vendor_id : CentaurHauls
cpu family : 6
model : 7
model name : VIA Samuel 2
stepping : 3
cpu MHz : 800.063
cache size : 64 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu de tsc msr cx8 mtrr pge mmx 3dnow
bogomips : 1602.40
clflush size : 32
power management:
0 [EMAIL PROTECTED]:~$ cat /proc/meminfo
MemTotal: 377932 kB
MemFree: 134332 kB
Buffers: 62884 kB
Cached: 152648 kB
SwapCached: 0 kB
Active: 167796 kB
Inactive: 62768 kB
SwapTotal: 489972 kB
SwapFree: 489972 kB
Dirty: 84 kB
Writeback: 0 kB
AnonPages: 15052 kB
Mapped: 7972 kB
Slab: 9184 kB
SReclaimable: 6876 kB
SUnreclaim: 2308 kB
PageTables: 424 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
WritebackTmp: 0 kB
CommitLimit: 678936 kB
Committed_AS: 55416 kB
VmallocTotal: 655044 kB
VmallocUsed: 2456 kB
VmallocChunk: 652340 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
HugePages_Surp: 0
Hugepagesize: 4096 kB
0 [EMAIL PROTECTED]:~$ cat /etc/modprobe.d/kqemu
options kqemu major=0
0 [EMAIL PROTECTED]:~$ COLUMNS=130 dpkg -l | grep qemu
ii kqemu-common 1.3.0~pre11-8 Common files for the
QEMU Accelerator module
ii kqemu-modules-2.6.26-1-486 1.4.0~pre1-1+2.6.26-9 kqemu modules for
Linux (kernel 2.6.26-1-486).
ii kqemu-source 1.4.0~pre1-1 Source for the QEMU
Accelerator module
ii qemu 0.9.1-7 fast processor
emulator
0 [EMAIL PROTECTED]:~$
I experienced the same results with the lenny versions of the kernel,
kqemu, and qemu, but upgraded to unstable to test these too. So both
the "before" and "after" version sets of the following upgrade are
relevant to this bug:
0 [EMAIL PROTECTED]:~$ egrep '(linux|qemu)' /var/log/dpkg.log | grep upgrade
2008-10-25 02:33:36 upgrade linux-image-2.6.26-1-486 2.6.26-8 2.6.26-9
2008-10-25 02:34:15 upgrade kqemu-source 1.3.0~pre11-8 1.4.0~pre1-1
2008-10-25 02:34:15 upgrade linux-headers-2.6.26-1-486 2.6.26-8 2.6.26-9
2008-10-25 02:34:23 upgrade linux-headers-2.6.26-1-common 2.6.26-8 2.6.26-9
2008-10-25 02:34:41 upgrade qemu 0.9.1-6 0.9.1-7
2008-10-25 02:45:19 upgrade kqemu-modules-2.6.26-1-486 1.3.0~pre11-8+2.6.26-8
1.4.0~pre1-1+2.6.26-9
0 [EMAIL PROTECTED]:~$
I can test other combinations, if that would be useful.
Regards,
--dkg
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-486
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages kqemu-source depends on:
ii bzip2 1.0.5-1 high-quality block-sorting file co
ii debhelper 7.0.15 helper programs for debian/rules
ii dpatch 2.0.30 patch maintenance system for Debia
ii make 3.81-5 The GNU version of the "make" util
Versions of packages kqemu-source recommends:
ii module-assistant 0.10.11.0 tool to make module package creati
kqemu-source suggests no packages.
-- no debconf information
pgpXgHPnaDsBs.pgp
Description: PGP signature
