678229 – segfault when booting very big qcow2 image

Bug 678229 - segfault when booting very big qcow2 image

Summary: segfault when booting very big qcow2 image

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	qemu-kvm
Sub Component:
Version:	6.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Miroslav Rezanina
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	580953
TreeView+	depends on / blocked

Reported:	2011-02-17 08:32 UTC by Shirley Zhou
Modified:	2019-02-07 13:57 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-04-11 04:22:48 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Shirley Zhou 2011-02-17 08:32:37 UTC

Description of problem:
segfault when booting big qcow2 image

Version-Release number of selected component (if applicable):
qemu-kvm-0.12.1.2-2.145.el6.x86_64

How reproducible:
100%

Steps to Reproduce:
1.create big qcow2 file
# qemu-img create -f qcow2 test.img 1999999T
Formatting 'test.img', fmt=qcow2 size=2199022156040372224 encryption=off cluster_size=0 

2.boot this guest
/usr/libexec/qemu-kvm -enable-kvm -m 2G -smp 2,sockets=2,cores=1,threads=1 -name qcow2 -uuid bb340905-50b0-1234-111b-5c360a945678 -monitor stdio -rtc base=localtime -boot c -drive file=/home/test/test.img,if=none,id=drive-ide0-0-0,format=qcow2,cache=none -device virtio-blk-pci,drive=drive-ide0-0-0,id=ide0-0-0 -vga cirrus -vnc :1
Using CPU model "cpu64-rhel6"
Using CPU model "cpu64-rhel6"
Segmentation fault (core dumped)
  
Actual results:
segfault happens.
(gdb) bt
#0  0x0000000000495118 in qcow2_get_cluster_offset (bs=<value optimized out>, offset=0, num=0x1f98f4c, cluster_offset=0x1f98f58) at block/qcow2-cluster.c:425
Cannot access memory at address 0x7fff83d98c88

Expected results:
There should not be segfault, image should boot ok.

Additional info:

Comment 2 Shirley Zhou 2011-02-21 10:09:58 UTC

Additional info :

# qemu-img info test.img
image: test.img
file format: qcow2
virtual size: 1999999T (2199022156040372224 bytes)
disk size: 4.0K
cluster_size: 65536

When create big file ( smaller than image file in comment 0), core dumped.
# qemu-img create -f qcow2 big.qcow2 1048576T
Formatting 'big.qcow2', fmt=qcow2 size=1152921504606846976 encryption=off cluster_size=0 
Aborted (core dumped)

(gdb) bt
#0  0x0000003be70329e5 in raise () from /lib64/libc.so.6
#1  0x0000003be70341c5 in abort () from /lib64/libc.so.6
#2  0x000000000040624f in oom_check (size=18446744073709027328) at qemu-malloc.c:31
#3  qemu_malloc (size=18446744073709027328) at qemu-malloc.c:62
#4  0x0000000000406316 in qemu_mallocz (size=18446744073709027328) at qemu-malloc.c:85
#5  0x000000000041eaac in qcow_create2 (filename=0x7fffbdee27c1 "big.qcow2", total_size=<value optimized out>, backing_file=0x0, backing_format=0x0, flags=<value optimized out>, 
    cluster_size=<value optimized out>, prealloc=0) at block/qcow2.c:1068
#6  0x000000000041f182 in qcow_create (filename=0x7fffbdee27c1 "big.qcow2", options=<value optimized out>) at block/qcow2.c:1208
#7  0x000000000040c9e6 in bdrv_img_create (filename=0x7fffbdee27c1 "big.qcow2", fmt=0x7fffbdee27bb "qcow2", base_filename=<value optimized out>, base_fmt=<value optimized out>, 
    options=<value optimized out>, img_size=1152921504606846976, flags=64) at block.c:2741
#8  0x000000000040337b in img_create (argc=5, argv=0x7fffbdee0820) at qemu-img.c:348
#9  0x0000003be701ec9d in __libc_start_main () from /lib64/libc.so.6
#10 0x0000000000402d99 in _start ()

Comment 3 Brock Organ 2011-03-01 14:42:45 UTC

Reporter,

Could I please ask you to provide a priority assessment (set the priority field to one of urgent/high/medium/low) for the impact of this issue?  This will help us prioritize this issue with our other outstanding bugs for the current release cycle ...

Regards,

Brock

Comment 4 Shirley Zhou 2011-03-02 01:35:42 UTC

(In reply to comment #3)
> Reporter,
> 
> Could I please ask you to provide a priority assessment (set the priority field
> to one of urgent/high/medium/low) for the impact of this issue?  This will help
> us prioritize this issue with our other outstanding bugs for the current
> release cycle ...
> 
> Regards,
> 
> Brock

Hi, Brock

I am very sorry for empty priority and Severity field, and it is filled now. Thanks.

Comment 8 Miroslav Rezanina 2013-02-25 06:52:41 UTC

RHEL6.4 qemu-img has problems with such a big images. I hit two of them:

1.) If image size is big enough, conversion between uint64_t and int can cause allocation of array with 0 items -> this leads to work with NULL pointer and segmentation fault.

2.) qemu-img tries to allocate cluster table that can be very large (xx GB) so allocation fails due to not enough memory.

Upstream does not have this problem, at it does not fill cluster table, just create empty (invalid) qcow2 file with minimal header and than validate it. (commit a9420734b617be43d075c55b980479411807512e)

Comment 10 Miroslav Rezanina 2013-04-11 04:22:48 UTC

This problem is not worth fixing unless there's customer request for it. Such a big would require lots of memory for handling and provide poor performance. 

Core problem, crash when guest is started, affects upstream too and require fixing in there first. With this,backporting image creating is worthless.

Closing as WONTFIX after discussion with Ademar.

Comment 11 Ademar Reis 2013-04-11 15:15:17 UTC

(In reply to comment #10)
> Core problem, crash when guest is started, affects upstream too and require
> fixing in there first. With this,backporting image creating is worthless.

Please open a BZ for this problem, targeting RHEL7.

Note You need to log in before you can comment on or make changes to this bug.