Bug 837021
| Summary: | qemu segmentation faults in qcow2_co_writev | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Richard W.M. Jones <rjones> |
| Component: | qemu | Assignee: | Fedora Virtualization Maintainers <virt-maint> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 17 | CC: | amit.shah, berrange, cfergeau, crobinso, dwmw2, ehabkost, itamar, knoel, pbonzini, scottt.tw, virt-maint |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-07-10 12:32:53 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Here's a slightly different variation of what
looks like the same bug:
Program terminated with signal 11, Segmentation fault.
#0 0x00007f712dc8fe08 in qcow2_cache_do_get (bs=bs@entry=0x7f712f3cfa90,
c=0x7f712f3d1790, offset=140123986749816,
table=table@entry=0x7f71176ab530, read_from_disk=read_from_disk@entry=true)
at block/qcow2-cache.c:253
253 c->entries[i].cache_hits = 32;
(gdb) bt
#0 0x00007f712dc8fe08 in qcow2_cache_do_get (bs=bs@entry=0x7f712f3cfa90, c=
0x7f712f3d1790, offset=140123986749816, table=table@entry=0x7f71176ab530,
read_from_disk=read_from_disk@entry=true) at block/qcow2-cache.c:253
#1 0x00007f712dc8ffa3 in qcow2_cache_get (bs=bs@entry=0x7f712f3cfa90,
c=<optimized out>, offset=<optimized out>, table=table@entry=
0x7f71176ab530) at block/qcow2-cache.c:267
#2 0x00007f712dc90afc in l2_load (l2_table=0x7f71176ab530,
l2_offset=<optimized out>, bs=0x7f712f3cfa90) at block/qcow2-cluster.c:121
#3 qcow2_get_cluster_offset (bs=bs@entry=0x7f712f3cfa90, offset=offset@entry=
377987072, num=num@entry=0x7f71176ab5c4,
cluster_offset=cluster_offset@entry=0x7f71176ab5c8)
at block/qcow2-cluster.c:442
#4 0x00007f712dc91381 in qcow2_read (nb_sectors=48, buf=
0x7f7120dea200 <Address 0x7f7120dea200 out of bounds>, sector_num=738256,
bs=0x7f712f3cfa90) at block/qcow2-cluster.c:305
#5 copy_sectors (bs=bs@entry=0x7f712f3cfa90, start_sect=<optimized out>,
cluster_offset=345899008, n_start=80, n_end=<optimized out>)
at block/qcow2-cluster.c:360
#6 0x00007f712dc917b6 in qcow2_alloc_cluster_link_l2 (bs=bs@entry=
0x7f712f3cfa90, m=m@entry=0x7f71176ab720) at block/qcow2-cluster.c:631
#7 0x00007f712dc95088 in qcow2_co_writev (bs=0x7f712f3cfa90, sector_num=
737280, remaining_sectors=976, qiov=0x7f7114006f18) at block/qcow2.c:596
#8 0x00007f712dc851bc in bdrv_co_do_writev (bs=0x7f712f3cfa90, sector_num=
737248, nb_sectors=1008, qiov=<optimized out>) at block.c:1300
#9 0x00007f712dc85412 in bdrv_co_do_rw (opaque=0x7f7114019b20) at block.c:2606
#10 0x00007f712dcbca0a in coroutine_trampoline (i0=<optimized out>,
i1=<optimized out>) at coroutine-ucontext.c:129
#11 0x00007f71283d5450 in ?? () from /lib64/libc.so.6
#12 0x00007f7120de81f0 in ?? ()
#13 0x7b7b7b7b7b7b7b7b in ?? ()
#14 0x0000000000000000 in ?? ()
(gdb) info threads
Id Target Id Frame
6 Thread 0x7f711b7fe700 (LWP 1466) pthread_cond_timedwait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217
5 Thread 0x7f7120de9700 (LWP 1464) 0x00007f712847baa7 in ioctl ()
at ../sysdeps/unix/syscall-template.S:81
4 Thread 0x7f711affd700 (LWP 1467) pthread_cond_timedwait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217
3 Thread 0x7f711bfff700 (LWP 1465) pthread_cond_timedwait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217
2 Thread 0x7f71217eb700 (LWP 1463) pthread_cond_timedwait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217
* 1 Thread 0x7f712dbb8a00 (LWP 1460) 0x00007f712dc8fe08 in qcow2_cache_do_get (bs=bs@entry=0x7f712f3cfa90, c=0x7f712f3d1790, offset=140123986749816,
table=table@entry=0x7f71176ab530, read_from_disk=read_from_disk@entry=true)
at block/qcow2-cache.c:253
Another one:
Program terminated with signal 11, Segmentation fault.
#0 qcow2_cache_entry_flush (bs=bs@entry=0x7f31ec9f2a90,
c=c@entry=0x7f31ec9f11a0, i=i@entry=2) at block/qcow2-cache.c:116
116 if (c == s->refcount_block_cache) {
(gdb) bt
#0 qcow2_cache_entry_flush (bs=bs@entry=0x7f31ec9f2a90, c=c@entry=
0x7f31ec9f11a0, i=i@entry=2) at block/qcow2-cache.c:116
#1 0x00007f31eb548b2d in qcow2_cache_flush (bs=bs@entry=0x7f31ec9f2a90, c=
0x7f31ec9f11a0) at block/qcow2-cache.c:140
#2 0x00007f31eb54969f in l2_allocate (table=0x7f31d305f9f8, l1_index=0, bs=
0x7f31ec9f2a90) at block/qcow2-cluster.c:180
#3 get_cluster_table (bs=bs@entry=0x7f31ec9f2a90, offset=382205952,
new_l2_table=new_l2_table@entry=0x7f31d305fa70,
new_l2_offset=new_l2_offset@entry=0x7f31d305fa68,
new_l2_index=new_l2_index@entry=0x7f31d305fa64)
at block/qcow2-cluster.c:519
#4 0x00007f31eb54a66a in qcow2_alloc_cluster_link_l2 (bs=bs@entry=
0x7f31ec9f2a90, m=m@entry=0x7f31d305fb30) at block/qcow2-cluster.c:649
#5 0x00007f31eb54e088 in qcow2_co_writev (bs=0x7f31ec9f2a90, sector_num=
746496, remaining_sectors=960, qiov=0x7f31d0006918) at block/qcow2.c:596
#6 0x00007f31eb53e1bc in bdrv_co_do_writev (bs=0x7f31ec9f2a90, sector_num=
746448, nb_sectors=1008, qiov=<optimized out>) at block.c:1300
#7 0x00007f31eb53e412 in bdrv_co_do_rw (opaque=0x7f31d0006850) at block.c:2606
#8 0x00007f31eb575a0a in coroutine_trampoline (i0=<optimized out>,
i1=<optimized out>) at coroutine-ucontext.c:129
#9 0x00007f31e5c8e450 in ?? () from /lib64/libc.so.6
#10 0x00007f31de6a11f0 in ?? ()
#11 0xd2d2d2d2d2d2d2d2 in ?? ()
#12 0x0000000000000000 in ?? ()
(gdb) info threads
Id Target Id Frame
14 Thread 0x7f31ad1f7700 (LWP 26072) pthread_cond_timedwait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217
13 Thread 0x7f31af1fb700 (LWP 26068) pthread_cond_timedwait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217
12 Thread 0x7f31ad9f8700 (LWP 26071) pthread_cond_timedwait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217
11 Thread 0x7f31ae9fa700 (LWP 26069) pthread_cond_timedwait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217
10 Thread 0x7f31dd1bd700 (LWP 26063) pthread_cond_timedwait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217
9 Thread 0x7f31df0a4700 (LWP 25969) pthread_cond_timedwait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217
8 Thread 0x7f31de6a2700 (LWP 25970) __lll_lock_wait ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:135
7 Thread 0x7f31b01fd700 (LWP 26066) pthread_cond_timedwait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217
6 Thread 0x7f31ae1f9700 (LWP 26070) pthread_cond_timedwait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217
5 Thread 0x7f31dc9bc700 (LWP 26064) pthread_cond_timedwait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217
4 Thread 0x7f31af9fc700 (LWP 26067) pthread_cond_timedwait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217
3 Thread 0x7f31dd9be700 (LWP 26060) pthread_cond_timedwait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217
2 Thread 0x7f31b09fe700 (LWP 26065) pthread_cond_timedwait@@GLIBC_2.3.2 ()
at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217
* 1 Thread 0x7f31eb471a00 (LWP 25966) qcow2_cache_entry_flush (bs=bs@entry=
0x7f31ec9f2a90, c=c@entry=0x7f31ec9f11a0, i=i@entry=2)
at block/qcow2-cache.c:116
(gdb) frame 0
#0 qcow2_cache_entry_flush (bs=bs@entry=0x7f31ec9f2a90, c=c@entry=
0x7f31ec9f11a0, i=i@entry=2) at block/qcow2-cache.c:116
116 if (c == s->refcount_block_cache) {
(gdb) print c
$1 = (Qcow2Cache *) 0x7f31ec9f11a0
(gdb) print *s
Cannot access memory at address 0x0
Another one:
Program terminated with signal 11, Segmentation fault.
#0 qcow2_cache_do_get (bs=bs@entry=0x7f3aaa028a90, c=0xa8a8a8a8a8a8a8a8,
offset=offset@entry=353894400, table=table@entry=0x7f3a8e3c7978,
read_from_disk=read_from_disk@entry=false) at block/qcow2-cache.c:222
222 for (i = 0; i < c->size; i++) {
(gdb) bt
#0 qcow2_cache_do_get (bs=bs@entry=0x7f3aaa028a90, c=0xa8a8a8a8a8a8a8a8,
offset=offset@entry=353894400, table=table@entry=0x7f3a8e3c7978,
read_from_disk=read_from_disk@entry=false) at block/qcow2-cache.c:222
#1 0x00007f3aa815ffe0 in qcow2_cache_get_empty (bs=bs@entry=0x7f3aaa028a90,
c=<optimized out>, offset=offset@entry=353894400, table=table@entry=
0x7f3a8e3c7978) at block/qcow2-cache.c:273
#2 0x00007f3aa81606c6 in l2_allocate (table=0x7f3a8e3c7978, l1_index=0, bs=
0x7f3aaa028a90) at block/qcow2-cluster.c:187
#3 get_cluster_table (bs=bs@entry=0x7f3aaa028a90, offset=385417216,
new_l2_table=new_l2_table@entry=0x7f3a8e3c79f0,
new_l2_offset=new_l2_offset@entry=0x7f3a8e3c79e8,
new_l2_index=new_l2_index@entry=0x7f3a8e3c79e4)
at block/qcow2-cluster.c:519
#4 0x00007f3aa816166a in qcow2_alloc_cluster_link_l2 (bs=bs@entry=
0x7f3aaa028a90, m=m@entry=0x7f3a8e3c7ab0) at block/qcow2-cluster.c:649
#5 0x00007f3aa8165088 in qcow2_co_writev (bs=0x7f3aaa028a90, sector_num=
752768, remaining_sectors=992, qiov=0x7f3a8c341308) at block/qcow2.c:596
#6 0x00007f3aa81551bc in bdrv_co_do_writev (bs=0x7f3aaa028a90, sector_num=
752752, nb_sectors=1008, qiov=<optimized out>) at block.c:1300
#7 0x00007f3aa8155412 in bdrv_co_do_rw (opaque=0x7f3a8c883370) at block.c:2606
#8 0x00007f3aa818ca0a in coroutine_trampoline (i0=<optimized out>,
i1=<optimized out>) at coroutine-ucontext.c:129
#9 0x00007f3aa28a5450 in ?? () from /lib64/libc.so.6
#10 0x00007f3a9b2b81f0 in ?? ()
#11 0x5757575757575757 in ?? ()
#12 0x0000000000000000 in ?? ()
(gdb) frame 0
#0 qcow2_cache_do_get (bs=bs@entry=0x7f3aaa028a90, c=0xa8a8a8a8a8a8a8a8,
offset=offset@entry=353894400, table=table@entry=0x7f3a8e3c7978,
read_from_disk=read_from_disk@entry=false) at block/qcow2-cache.c:222
222 for (i = 0; i < c->size; i++) {
(gdb) print c
$1 = (Qcow2Cache *) 0xa8a8a8a8a8a8a8a8
(gdb) print *bs
$2 = {
total_sectors = 1024000,
read_only = 0,
keep_read_only = 0,
open_flags = 98,
encrypted = 0,
valid_key = 0,
sg = 0,
drv = 0x0,
opaque = 0x0,
dev = 0x7f3aaa758da0,
dev_ops = 0x0,
dev_opaque = 0x0,
filename = "/tmp/test.img", '\000' <repeats 1010 times>,
backing_file = '\000' <repeats 1023 times>,
backing_format = '\000' <repeats 15 times>,
is_temporary = 0,
backing_hd = 0x0,
file = 0x7f3aaa0296b0,
sync_aiocb = 0x0,
nr_bytes = {2804224, 351936512, 0},
nr_ops = {560, 693, 10},
total_time_ns = {40245897, 105952906262, 11386858},
wr_highest_sector = 1023999,
growable = 0,
buffer_alignment = 512,
enable_write_cache = 1,
cyls = 1015,
heads = 16,
secs = 63,
translation = 0,
on_read_error = BLOCK_ERR_REPORT,
on_write_error = BLOCK_ERR_STOP_ENOSPC,
iostatus_enabled = true,
iostatus = BLOCK_DEVICE_IO_STATUS_OK,
device_name = "hd0", '\000' <repeats 28 times>,
dirty_bitmap = 0x0,
dirty_count = 0,
in_use = 0,
list = {
tqe_next = 0x7f3aaa18d030,
tqe_prev = 0x7f3aa86e1130
},
private = 0x0
}
Rich, have you seen this with 1.1 currently in rawhide, or on F17? qemu-system-x86-1.0-17.fc18.x86_64 is basically what's in F17 now, so reassigning there. I strongly suspect this was simply another aspect of bug 836913. So I'm going to tentatively mark it as a duplicate. *** This bug has been marked as a duplicate of bug 836913 *** |
Description of problem: Program terminated with signal 11, Segmentation fault. #0 qemu_co_queue_next (queue=queue@entry=0x7f010cfb4480) at qemu-coroutine-lock.c:70 70 QTAILQ_REMOVE(&queue->entries, next, co_queue_next); (gdb) bt #0 qemu_co_queue_next (queue=queue@entry=0x7f010cfb4480) at qemu-coroutine-lock.c:70 #1 0x00007f010be65de8 in qemu_co_mutex_unlock (mutex=mutex@entry= 0x7f010cfb4478) at qemu-coroutine-lock.c:115 #2 0x00007f010bdaf18d in qcow2_co_writev (bs=0x7f010cfb3a90, sector_num= 749472, remaining_sectors=1008, qiov=0x7f00f033e1c8) at block/qcow2.c:612 #3 0x00007f010bd9f1bc in bdrv_co_do_writev (bs=0x7f010cfb3a90, sector_num= 749472, nb_sectors=1008, qiov=<optimized out>) at block.c:1300 #4 0x00007f010bd9f412 in bdrv_co_do_rw (opaque=0x7f00f033e290) at block.c:2606 #5 0x00007f010bdd6a0a in coroutine_trampoline (i0=<optimized out>, i1=<optimized out>) at coroutine-ucontext.c:129 #6 0x00007f01064ef450 in ?? () from /lib64/libc.so.6 #7 0x00007f00fef021f0 in ?? () #8 0xc5c5c5c5c5c5c5c5 in ?? () #9 0x0000000000000000 in ?? () (gdb) info threads Id Target Id Frame 19 Thread 0x7f00bbfff700 (LWP 12334) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 18 Thread 0x7f00ba7fc700 (LWP 12337) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 17 Thread 0x7f00bb7fe700 (LWP 12335) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 16 Thread 0x7f00d09fe700 (LWP 12333) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 15 Thread 0x7f00f5ffb700 (LWP 12329) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 14 Thread 0x7f00ff905700 (LWP 12319) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 13 Thread 0x7f00f77fe700 (LWP 12326) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 12 Thread 0x7f00f7fff700 (LWP 12325) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 11 Thread 0x7f00baffd700 (LWP 12336) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 10 Thread 0x7f00f57fa700 (LWP 12330) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 9 Thread 0x7f00fda1e700 (LWP 12322) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 8 Thread 0x7f00fef03700 (LWP 12320) __lll_lock_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:135 7 Thread 0x7f00f67fc700 (LWP 12328) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 6 Thread 0x7f00f4ff9700 (LWP 12331) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 5 Thread 0x7f00f6ffd700 (LWP 12327) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 4 Thread 0x7f00fca1c700 (LWP 12324) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 3 Thread 0x7f00fe21f700 (LWP 12321) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 2 Thread 0x7f00fd21d700 (LWP 12323) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 * 1 Thread 0x7f010bcd2a00 (LWP 12316) qemu_co_queue_next (queue=queue@entry= 0x7f010cfb4480) at qemu-coroutine-lock.c:70 Version-Release number of selected component (if applicable): qemu-system-x86-1.0-17.fc18.x86_64 How reproducible: Unknown Steps to Reproduce: Unknown, but I got the bug when I turned on core dumps and ran some aggressive libguestfs tests here: https://bugzilla.redhat.com/show_bug.cgi?id=836710#c5