Bug 678229

Summary: segfault when booting very big qcow2 image
Product: Red Hat Enterprise Linux 6 Reporter: Shirley Zhou <szhou>
Component: qemu-kvmAssignee: Miroslav Rezanina <mrezanin>
Status: CLOSED WONTFIX QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.1CC: areis, juzhang, mkenneth, mrezanin, mshao, tburke, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-04-11 04:22:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 580953    

Description Shirley Zhou 2011-02-17 08:32:37 UTC 
Description of problem:
segfault when booting big qcow2 image

Version-Release number of selected component (if applicable):
qemu-kvm-0.12.1.2-2.145.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1.create big qcow2 file
# qemu-img create -f qcow2 test.img 1999999T
Formatting 'test.img', fmt=qcow2 size=2199022156040372224 encryption=off cluster_size=0 

2.boot this guest
/usr/libexec/qemu-kvm -enable-kvm -m 2G -smp 2,sockets=2,cores=1,threads=1 -name qcow2 -uuid bb340905-50b0-1234-111b-5c360a945678 -monitor stdio -rtc base=localtime -boot c -drive file=/home/test/test.img,if=none,id=drive-ide0-0-0,format=qcow2,cache=none -device virtio-blk-pci,drive=drive-ide0-0-0,id=ide0-0-0 -vga cirrus -vnc :1
Using CPU model "cpu64-rhel6"
Using CPU model "cpu64-rhel6"
Segmentation fault (core dumped)
  
Actual results:
segfault happens.
(gdb) bt
#0  0x0000000000495118 in qcow2_get_cluster_offset (bs=<value optimized out>, offset=0, num=0x1f98f4c, cluster_offset=0x1f98f58) at block/qcow2-cluster.c:425
Cannot access memory at address 0x7fff83d98c88

Expected results:
There should not be segfault, image should boot ok.

Additional info:
Comment 2 Shirley Zhou 2011-02-21 10:09:58 UTC 
Additional info :

# qemu-img info test.img
image: test.img
file format: qcow2
virtual size: 1999999T (2199022156040372224 bytes)
disk size: 4.0K
cluster_size: 65536

When create big file ( smaller than image file in comment 0), core dumped.
# qemu-img create -f qcow2 big.qcow2 1048576T
Formatting 'big.qcow2', fmt=qcow2 size=1152921504606846976 encryption=off cluster_size=0 
Aborted (core dumped)

(gdb) bt
#0  0x0000003be70329e5 in raise () from /lib64/libc.so.6
#1  0x0000003be70341c5 in abort () from /lib64/libc.so.6
#2  0x000000000040624f in oom_check (size=18446744073709027328) at qemu-malloc.c:31
#3  qemu_malloc (size=18446744073709027328) at qemu-malloc.c:62
#4  0x0000000000406316 in qemu_mallocz (size=18446744073709027328) at qemu-malloc.c:85
#5  0x000000000041eaac in qcow_create2 (filename=0x7fffbdee27c1 "big.qcow2", total_size=<value optimized out>, backing_file=0x0, backing_format=0x0, flags=<value optimized out>, 
    cluster_size=<value optimized out>, prealloc=0) at block/qcow2.c:1068
#6  0x000000000041f182 in qcow_create (filename=0x7fffbdee27c1 "big.qcow2", options=<value optimized out>) at block/qcow2.c:1208
#7  0x000000000040c9e6 in bdrv_img_create (filename=0x7fffbdee27c1 "big.qcow2", fmt=0x7fffbdee27bb "qcow2", base_filename=<value optimized out>, base_fmt=<value optimized out>, 
    options=<value optimized out>, img_size=1152921504606846976, flags=64) at block.c:2741
#8  0x000000000040337b in img_create (argc=5, argv=0x7fffbdee0820) at qemu-img.c:348
#9  0x0000003be701ec9d in __libc_start_main () from /lib64/libc.so.6
#10 0x0000000000402d99 in _start ()
Comment 3 Brock Organ 2011-03-01 14:42:45 UTC 
Reporter,

Could I please ask you to provide a priority assessment (set the priority field to one of urgent/high/medium/low) for the impact of this issue?  This will help us prioritize this issue with our other outstanding bugs for the current release cycle ...

Regards,

Brock
Comment 4 Shirley Zhou 2011-03-02 01:35:42 UTC 
(In reply to comment #3)
> Reporter,
> 
> Could I please ask you to provide a priority assessment (set the priority field
> to one of urgent/high/medium/low) for the impact of this issue?  This will help
> us prioritize this issue with our other outstanding bugs for the current
> release cycle ...
> 
> Regards,
> 
> Brock

Hi, Brock

I am very sorry for empty priority and Severity field, and it is filled now. Thanks.
Comment 8 Miroslav Rezanina 2013-02-25 06:52:41 UTC 
RHEL6.4 qemu-img has problems with such a big images. I hit two of them:

1.) If image size is big enough, conversion between uint64_t and int can cause allocation of array with 0 items -> this leads to work with NULL pointer and segmentation fault.

2.) qemu-img tries to allocate cluster table that can be very large (xx GB) so allocation fails due to not enough memory.

Upstream does not have this problem, at it does not fill cluster table, just create empty (invalid) qcow2 file with minimal header and than validate it. (commit a9420734b617be43d075c55b980479411807512e)
Comment 10 Miroslav Rezanina 2013-04-11 04:22:48 UTC 
This problem is not worth fixing unless there's customer request for it. Such a big would require lots of memory for handling and provide poor performance. 

Core problem, crash when guest is started, affects upstream too and require fixing in there first. With this,backporting image creating is worthless.

Closing as WONTFIX after discussion with Ademar.
Comment 11 Ademar Reis 2013-04-11 15:15:17 UTC 
(In reply to comment #10)
> Core problem, crash when guest is started, affects upstream too and require
> fixing in there first. With this,backporting image creating is worthless.

Please open a BZ for this problem, targeting RHEL7.