Description of problem: Get segmentation fault Version-Release number of selected component (if applicable): kmod-kvm-83-136.el5 kernel: 2.6.18-175.el5 How reproducible: 100% Steps to Reproduce: 1. use the installed image (install with kvm-83-105.el5_4.12) #qemu-img info win28k-64-virtio.qcow2 file format: qcow2 virtual size: 20G (21474836480 bytes) disk size: 12G cluster_size: 4096 2.on host (kvm-83-136.el5 kernel: 2.6.18-175.el5) start guest with the following command: /usr/libexec/qemu-kvm -rtc-td-hack -usbdevice tablet -no-hpet -cpu qemu64,+sse2 -no-kvm-pit-reinjection -drive file=/root/win28k-64-virtio.qcow2 -smp 2 -m 2G -net nic,macaddr=00:21:02:4d:9b:2c,vlan=0 -net tap,script=/etc/qemu-ifup,vlan=0 -uuid `uuidgen` -vnc :1 -boot c -monitor stdio Actual results: segmentation fault Expected results: the guest could boot up, no segmentation fault Additional info: #gdb /usr/libexec/qemu-kvm GNU gdb Fedora (6.8-37.el5) Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu"... (gdb) r -rtc-td-hack -usbdevice tablet -no-hpet -cpu qemu64,+sse2 -no-kvm-pit-reinjection -drive file=/root/win28k-64-virtio.qcow2 -smp 2 -m 2G -net nic,macaddr=00:21:02:4d:9b:2c,vlan=0 -net tap,script=/etc/qemu-ifup,vlan=0 -uuid `uuidgen` -vnc :1 -boot c -monitor stdio Starting program: /usr/libexec/qemu-kvm -rtc-td-hack -usbdevice tablet -no-hpet -cpu qemu64,+sse2 -no-kvm-pit-reinjection -drive file=/root/win28k-64-virtio.qcow2 -smp 2 -m 2G -net nic,macaddr=00:21:02:4d:9b:2c,vlan=0 -net tap,script=/etc/qemu-ifup,vlan=0 -uuid `uuidgen` -vnc :1 -boot c -monitor stdio [Thread debugging using libthread_db enabled] Detaching after fork from child process 3929. [New Thread 0x2b74e2397f90 (LWP 3926)] [New Thread 0x40a95940 (LWP 3935)] [New Thread 0x416f2940 (LWP 3937)] [New Thread 0x426e5940 (LWP 3938)] [New Thread 0x430e6940 (LWP 3939)] QEMU 0.9.1 monitor - type 'help' for more information (qemu) [New Thread 0x43ae7940 (LWP 3940)] [Thread 0x430e6940 (LWP 3939) exited] [New Thread 0x430e6940 (LWP 3948)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x416f2940 (LWP 3937)] qemu_bh_schedule (bh=0x5e0810) at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/vl.c:3606 3606 if (bh->scheduled) (gdb) bt #0 qemu_bh_schedule (bh=0x5e0810) at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/vl.c:3606 #1 0x00000000004616c8 in bdrv_aio_flush_em (bs=0x1fb5c5a0, cb=<value optimized out>, opaque=<value optimized out>) at block.c:1552 #2 0x00000000004fddb8 in kvm_outb (opaque=<value optimized out>, addr=36032, data=2 '\002') at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/qemu-kvm.c:684 #3 0x00000000005292c8 in handle_io (kvm=0x1fb49780, run=0x2aaaaabfa000, vcpu=0) at libkvm.c:735 #4 0x0000000000529bb2 in kvm_run (kvm=0x1fb49780, vcpu=0, env=0x1fbceb60) at libkvm.c:964 #5 0x00000000004fe4f9 in kvm_cpu_exec (env=0x2) at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/qemu-kvm.c:206 #6 0x00000000004fe783 in ap_main_loop (_env=<value optimized out>) at /usr/src/debug/kvm-83-maint-snapshot-20090205/qemu/qemu-kvm.c:402 #7 0x00000035c56064a7 in start_thread () from /lib64/libpthread.so.0 #8 0x00000035c4ad3c2d in clone () from /lib64/libc.so.6
No segmentation fault when start guest with virtio block: -drive file=/root/win28k-64-virtio.qcow2,if=virtio,boot=on
No segmentation fault when running RHEL guest with virtio block. /usr/libexec/qemu-kvm -no-hpet -usbdevice tablet -rtc-td-hack -smp 2 -m 2G -drive file=/root/test190/rhel5.4-4k.qcow2,media=disk,if=virtio,index=0,boot=on -net nic,vlan=0,macaddr=10:1a:4a:10:20:4d,model=virtio -net tap,vlan=0,script=/etc/qemu-ifup -uuid `uuidgen` -cpu qemu64,+sse2 -boot c -balloon none -monitor stdio -vnc :10 -name 190host-4k
Segmentation fault happened when using the following combination: kvm: kvm-83-136.el5 image cluster_size: Both 64k and 4k block: ide kvm-83-135.el5 does not have this problem.
Is that reproducible? Anything special on this image? Did the guest managed to boot?
Does qcow2 vs. raw make a difference?
(In reply to comment #4) > Is that reproducible? Anything special on this image? Did the guest managed to > boot? Yes, it could be reproducible. Not special thing on this image. The guest could not boot up, this error happened during guest booting up. (In reply to comment #5) > Does qcow2 vs. raw make a difference? Try the following combination: guest raw/qcow2 ide/virtio segmentation-fault? boot-up? win2008 raw ide no yes rhel5u4 raw ide no yes win2003 qcow2 virtio no yes win2003 qcow2 ide yes no win2008 qcow2 ide yes no
The segfault happens in bdrv_aio_flush_em, so I suspect it's related to Christoph's patch series that introduced this function in kvm-83-136.el5. It doesn't happen with raw because this implements an own aio_flush operation whereas qcow2 uses the default implementation. Not sure why virtio isn't affected, maybe old guest drivers that don't use flushing?
Found the problem (a QCowAIOCB being interpreted as BlockDriverAIOCBSync), need to find the best way of fixing it now.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2010-0271.html