Bug 542923 - Get segmentation fault when running with ide block on kvm-83-136.el5
Summary: Get segmentation fault when running with ide block on kvm-83-136.el5
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kvm
Version: 5.5
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: rc
: ---
Assignee: Kevin Wolf
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-12-01 08:32 UTC by Golita Yue
Modified: 2013-01-09 22:05 UTC (History)
7 users (show)

Fixed In Version: kvm-83-137.el5
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-03-30 07:52:43 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:0271 0 normal SHIPPED_LIVE Important: kvm security, bug fix and enhancement update 2010-03-29 13:19:48 UTC

Description Golita Yue 2009-12-01 08:32:26 UTC
Description of problem:
Get segmentation fault

Version-Release number of selected component (if applicable):
kmod-kvm-83-136.el5
kernel: 2.6.18-175.el5

How reproducible:
100%

Steps to Reproduce:
1. use the installed image (install with kvm-83-105.el5_4.12) 
#qemu-img info win28k-64-virtio.qcow2
file format: qcow2
virtual size: 20G (21474836480 bytes)
disk size: 12G
cluster_size: 4096

2.on host (kvm-83-136.el5 kernel: 2.6.18-175.el5)
  start guest with the following command:
/usr/libexec/qemu-kvm -rtc-td-hack -usbdevice tablet -no-hpet -cpu qemu64,+sse2 -no-kvm-pit-reinjection -drive file=/root/win28k-64-virtio.qcow2 -smp 2 -m 2G -net nic,macaddr=00:21:02:4d:9b:2c,vlan=0 -net tap,script=/etc/qemu-ifup,vlan=0 -uuid `uuidgen` -vnc :1 -boot c -monitor stdio

  
Actual results:
segmentation fault

Expected results:
the guest could boot up, no segmentation fault

Additional info:

#gdb /usr/libexec/qemu-kvm
GNU gdb Fedora (6.8-37.el5)
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...
(gdb) r -rtc-td-hack -usbdevice tablet -no-hpet -cpu qemu64,+sse2 -no-kvm-pit-reinjection -drive file=/root/win28k-64-virtio.qcow2 -smp 2 -m 2G -net nic,macaddr=00:21:02:4d:9b:2c,vlan=0 -net tap,script=/etc/qemu-ifup,vlan=0 -uuid `uuidgen` -vnc :1 -boot c -monitor stdio
Starting program: /usr/libexec/qemu-kvm -rtc-td-hack -usbdevice tablet -no-hpet -cpu qemu64,+sse2 -no-kvm-pit-reinjection -drive file=/root/win28k-64-virtio.qcow2 -smp 2 -m 2G -net nic,macaddr=00:21:02:4d:9b:2c,vlan=0 -net tap,script=/etc/qemu-ifup,vlan=0 -uuid `uuidgen` -vnc :1 -boot c -monitor stdio
[Thread debugging using libthread_db enabled]
Detaching after fork from child process 3929.
[New Thread 0x2b74e2397f90 (LWP 3926)]
[New Thread 0x40a95940 (LWP 3935)]
[New Thread 0x416f2940 (LWP 3937)]
[New Thread 0x426e5940 (LWP 3938)]
[New Thread 0x430e6940 (LWP 3939)]
QEMU 0.9.1 monitor - type 'help' for more information
(qemu) [New Thread 0x43ae7940 (LWP 3940)]
[Thread 0x430e6940 (LWP 3939) exited]
[New Thread 0x430e6940 (LWP 3948)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x416f2940 (LWP 3937)]
qemu_bh_schedule (bh=0x5e0810)
    at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/vl.c:3606
3606        if (bh->scheduled)
(gdb) bt
#0  qemu_bh_schedule (bh=0x5e0810)
    at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/vl.c:3606
#1  0x00000000004616c8 in bdrv_aio_flush_em (bs=0x1fb5c5a0, 
    cb=<value optimized out>, opaque=<value optimized out>) at block.c:1552
#2  0x00000000004fddb8 in kvm_outb (opaque=<value optimized out>, addr=36032, 
    data=2 '\002')
    at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/qemu-kvm.c:684
#3  0x00000000005292c8 in handle_io (kvm=0x1fb49780, run=0x2aaaaabfa000, 
    vcpu=0) at libkvm.c:735
#4  0x0000000000529bb2 in kvm_run (kvm=0x1fb49780, vcpu=0, env=0x1fbceb60)
    at libkvm.c:964
#5  0x00000000004fe4f9 in kvm_cpu_exec (env=0x2)
    at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/qemu-kvm.c:206
#6  0x00000000004fe783 in ap_main_loop (_env=<value optimized out>)
    at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/qemu-kvm.c:402
#7  0x00000035c56064a7 in start_thread () from /lib64/libpthread.so.0
#8  0x00000035c4ad3c2d in clone () from /lib64/libc.so.6

Comment 1 Golita Yue 2009-12-01 09:28:36 UTC
No segmentation fault when start guest with virtio block: -drive file=/root/win28k-64-virtio.qcow2,if=virtio,boot=on

Comment 2 Qunfang Zhang 2009-12-01 09:33:49 UTC
No segmentation fault when running RHEL guest with virtio block.
/usr/libexec/qemu-kvm -no-hpet -usbdevice tablet -rtc-td-hack -smp 2 -m 2G -drive file=/root/test190/rhel5.4-4k.qcow2,media=disk,if=virtio,index=0,boot=on -net nic,vlan=0,macaddr=10:1a:4a:10:20:4d,model=virtio -net tap,vlan=0,script=/etc/qemu-ifup -uuid `uuidgen` -cpu qemu64,+sse2 -boot c -balloon none -monitor stdio -vnc :10 -name 190host-4k

Comment 3 Miya Chen 2009-12-01 10:21:50 UTC
Segmentation fault happened when using the following combination:

kvm: kvm-83-136.el5
image cluster_size: Both 64k and 4k
block: ide


kvm-83-135.el5 does not have this problem.

Comment 4 Dor Laor 2009-12-01 12:30:41 UTC
Is that reproducible? Anything special on this image? Did the guest managed to boot?

Comment 5 Kevin Wolf 2009-12-01 13:27:41 UTC
Does qcow2 vs. raw make a difference?

Comment 6 Golita Yue 2009-12-02 06:15:44 UTC
(In reply to comment #4)
> Is that reproducible? Anything special on this image? Did the guest managed to
> boot?  

Yes, it could be reproducible. 
Not special thing on this image.
The guest could not boot up, this error happened during guest booting up.


(In reply to comment #5)
> Does qcow2 vs. raw make a difference? 

Try the following combination: 
guest    raw/qcow2   ide/virtio  segmentation-fault?   boot-up?
win2008   raw         ide         no                    yes 
rhel5u4   raw         ide         no                    yes
win2003   qcow2       virtio      no                    yes
win2003   qcow2       ide         yes                   no 
win2008   qcow2       ide         yes                   no

Comment 7 Kevin Wolf 2009-12-02 13:42:53 UTC
The segfault happens in bdrv_aio_flush_em, so I suspect it's related to Christoph's patch series that introduced this function in kvm-83-136.el5.

It doesn't happen with raw because this implements an own aio_flush operation whereas qcow2 uses the default implementation. Not sure why virtio isn't affected, maybe old guest drivers that don't use flushing?

Comment 8 Kevin Wolf 2009-12-02 15:17:10 UTC
Found the problem (a QCowAIOCB being interpreted as BlockDriverAIOCBSync), need to find the best way of fixing it now.

Comment 16 errata-xmlrpc 2010-03-30 07:52:43 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2010-0271.html


Note You need to log in before you can comment on or make changes to this bug.