RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1207034 - QEMU segfault when doing unaligned zero write to non-512 disk
Summary: QEMU segfault when doing unaligned zero write to non-512 disk
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: qemu-kvm-rhev
Version: 7.2
Hardware: All
OS: All
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Fam Zheng
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On: 1200295
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-03-30 06:10 UTC by Fam Zheng
Modified: 2015-12-04 16:33 UTC (History)
13 users (show)

Fixed In Version: qemu-kvm-rhev-2.3.0-8.el7
Doc Type: Bug Fix
Doc Text:
Clone Of: 1200295
Environment:
Last Closed: 2015-12-04 16:33:00 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:2546 0 normal SHIPPED_LIVE qemu-kvm-rhev bug fix and enhancement update 2015-12-04 21:11:56 UTC

Comment 1 Fam Zheng 2015-03-30 06:12:18 UTC 
The upstream fix is merged for 2.3.
Comment 3 Fam Zheng 2015-05-27 06:54:06 UTC 
Extra patches from upstream need to be manually backported. Patches sent to internal list for review.
Comment 4 Miroslav Rezanina 2015-07-08 10:53:53 UTC 
Fix included in qemu-kvm-rhev-2.3.0-8.el7
Comment 6 mazhang 2015-08-04 02:24:46 UTC 
Reproduce this bug on qemu-kvm-rhev-2.1.2-16.el7.

Steps:
1. Create a raw image with 100M.
# qemu-img create -f raw t.img 100M

2. write unaligned zero to this image.

Result:
Starting program: /usr/bin/qemu-io 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
qemu-io> open -o file.align=4k blkdebug::t.img
[New Thread 0x7fffed9b9700 (LWP 27645)]
qemu-io> write -z 512 1024

Program received signal SIGSEGV, Segmentation fault.
bdrv_co_do_pwritev (bs=0x555555c617d0, offset=512, bytes=1024, qiov=0x0, flags=BDRV_REQ_ZERO_WRITE) at block.c:3402
3402	        qemu_iovec_init(&local_qiov, qiov->niov + 2);
Missing separate debuginfos, use: debuginfo-install boost-system-1.53.0-24.el7.x86_64 boost-thread-1.53.0-24.el7.x86_64 cyrus-sasl-lib-2.1.26-18.el7.x86_64 glib2-2.42.2-2.el7.x86_64 glibc-2.17-101.el7.x86_64 glusterfs-api-3.6.0.29-2.el7.x86_64 glusterfs-libs-3.6.0.29-2.el7.x86_64 gmp-6.0.0-11.el7.x86_64 gnutls-3.3.8-12.el7_1.1.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.13.2-3.el7.x86_64 libaio-0.3.109-13.el7.x86_64 libcom_err-1.42.9-7.el7.x86_64 libcurl-7.29.0-25.el7.x86_64 libffi-3.0.13-16.el7.x86_64 libgcc-4.8.5-3.el7.x86_64 libgcrypt-1.5.3-12.el7_1.1.x86_64 libgpg-error-1.12-3.el7.x86_64 libibverbs-1.1.8-6.el7.x86_64 libidn-1.28-4.el7.x86_64 libiscsi-1.9.0-6.el7.x86_64 libnl-1.1.4-3.el7.x86_64 librados2-0.80.7-3.el7.x86_64 librbd1-0.80.7-3.el7.x86_64 librdmacm-1.0.21-1.el7.x86_64 libseccomp-2.2.1-1.el7.x86_64 libselinux-2.2.2-6.el7.x86_64 libssh2-1.4.3-10.el7.x86_64 libstdc++-4.8.5-3.el7.x86_64 libtasn1-3.8-2.el7.x86_64 libuuid-2.23.2-24.el7.x86_64 lzo-2.06-6.el7_0.2.x86_64 nettle-2.7.1-4.el7.x86_64 nspr-4.10.8-1.el7_1.x86_64 nss-3.19.1-7.el7.x86_64 nss-softokn-freebl-3.16.2.3-12.el7.x86_64 nss-util-3.19.1-3.el7.x86_64 openldap-2.4.40-4.el7.x86_64 openssl-libs-1.0.1e-42.el7_1.9.x86_64 p11-kit-0.20.7-3.el7.x86_64 pcre-8.32-15.el7.x86_64 snappy-1.1.0-3.el7.x86_64 trousers-0.3.11.2-4.el7_1.x86_64 xz-libs-5.1.2-9alpha.el7.x86_64 zlib-1.2.7-15.el7.x86_64
(gdb) bt
#0  bdrv_co_do_pwritev (bs=0x555555c617d0, offset=512, bytes=1024, qiov=0x0, flags=BDRV_REQ_ZERO_WRITE) at block.c:3402
#1  0x000055555556ff7f in bdrv_co_do_write_zeroes (bs=bs@entry=0x555555c5ec50, sector_num=sector_num@entry=1, nb_sectors=nb_sectors@entry=2, flags=flags@entry=BDRV_REQ_ZERO_WRITE)
    at block.c:3250
#2  0x0000555555573f62 in bdrv_aligned_pwritev (flags=<optimized out>, qiov=0x0, bytes=1024, offset=512, req=0x7ffff7fbff20, bs=0x555555c5ec50) at block.c:3319
#3  bdrv_co_do_pwritev (bs=0x555555c5ec50, offset=512, bytes=1024, qiov=qiov@entry=0x0, flags=BDRV_REQ_ZERO_WRITE) at block.c:3448
#4  0x0000555555574a1a in bdrv_co_do_writev (flags=<optimized out>, qiov=0x0, nb_sectors=<optimized out>, sector_num=<optimized out>, bs=<optimized out>) at block.c:3472
#5  bdrv_co_write_zeroes (bs=<optimized out>, sector_num=<optimized out>, nb_sectors=<optimized out>, flags=<optimized out>, flags@entry=(unknown: 0)) at block.c:3494
#6  0x000055555559baae in co_write_zeroes_entry (opaque=0x7fffffffe0d0) at qemu-io-cmds.c:460
#7  0x000055555559f53a in coroutine_trampoline (i0=<optimized out>, i1=<optimized out>) at coroutine-ucontext.c:118
#8  0x00007ffff311b0f0 in ?? () from /lib64/libc.so.6
#9  0x00007fffffffcfc0 in ?? ()
#10 0x0000000000000000 in ?? ()


Verify this bug on qemu-kvm-rhev-2.3.0-14.el7

Result:
No longer segment fault.
Starting program: /usr/bin/qemu-io 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
qemu-io> open -o file.align=4k blkdebug::t.img
[New Thread 0x7fffed62d700 (LWP 27748)]
WARNING: Image format was not specified for 'json:{"image": {"driver": "file", "filename": "t.img"}, "driver": "blkdebug", "align": "4k"}' and probing guessed raw.
         Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted.
         Specify the 'raw' format explicitly to remove the restrictions.
qemu-io> write -z 512 1024
wrote 1024/1024 bytes at offset 512
1 KiB, 1 ops; 0.0210 sec (47.560 KiB/sec and 47.5602 ops/sec)

This bug has been fixed.
Comment 8 errata-xmlrpc 2015-12-04 16:33:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2546.html
Note You need to log in before you can comment on or make changes to this bug.