Description of problem: Program terminated with signal 11, Segmentation fault. #0 qemu_co_queue_next (queue=queue@entry=0x7f010cfb4480) at qemu-coroutine-lock.c:70 70 QTAILQ_REMOVE(&queue->entries, next, co_queue_next); (gdb) bt #0 qemu_co_queue_next (queue=queue@entry=0x7f010cfb4480) at qemu-coroutine-lock.c:70 #1 0x00007f010be65de8 in qemu_co_mutex_unlock (mutex=mutex@entry= 0x7f010cfb4478) at qemu-coroutine-lock.c:115 #2 0x00007f010bdaf18d in qcow2_co_writev (bs=0x7f010cfb3a90, sector_num= 749472, remaining_sectors=1008, qiov=0x7f00f033e1c8) at block/qcow2.c:612 #3 0x00007f010bd9f1bc in bdrv_co_do_writev (bs=0x7f010cfb3a90, sector_num= 749472, nb_sectors=1008, qiov=<optimized out>) at block.c:1300 #4 0x00007f010bd9f412 in bdrv_co_do_rw (opaque=0x7f00f033e290) at block.c:2606 #5 0x00007f010bdd6a0a in coroutine_trampoline (i0=<optimized out>, i1=<optimized out>) at coroutine-ucontext.c:129 #6 0x00007f01064ef450 in ?? () from /lib64/libc.so.6 #7 0x00007f00fef021f0 in ?? () #8 0xc5c5c5c5c5c5c5c5 in ?? () #9 0x0000000000000000 in ?? () (gdb) info threads Id Target Id Frame 19 Thread 0x7f00bbfff700 (LWP 12334) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 18 Thread 0x7f00ba7fc700 (LWP 12337) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 17 Thread 0x7f00bb7fe700 (LWP 12335) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 16 Thread 0x7f00d09fe700 (LWP 12333) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 15 Thread 0x7f00f5ffb700 (LWP 12329) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 14 Thread 0x7f00ff905700 (LWP 12319) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 13 Thread 0x7f00f77fe700 (LWP 12326) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 12 Thread 0x7f00f7fff700 (LWP 12325) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 11 Thread 0x7f00baffd700 (LWP 12336) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 10 Thread 0x7f00f57fa700 (LWP 12330) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 9 Thread 0x7f00fda1e700 (LWP 12322) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 8 Thread 0x7f00fef03700 (LWP 12320) __lll_lock_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:135 7 Thread 0x7f00f67fc700 (LWP 12328) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 6 Thread 0x7f00f4ff9700 (LWP 12331) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 5 Thread 0x7f00f6ffd700 (LWP 12327) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 4 Thread 0x7f00fca1c700 (LWP 12324) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 3 Thread 0x7f00fe21f700 (LWP 12321) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 2 Thread 0x7f00fd21d700 (LWP 12323) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 * 1 Thread 0x7f010bcd2a00 (LWP 12316) qemu_co_queue_next (queue=queue@entry= 0x7f010cfb4480) at qemu-coroutine-lock.c:70 Version-Release number of selected component (if applicable): qemu-system-x86-1.0-17.fc18.x86_64 How reproducible: Unknown Steps to Reproduce: Unknown, but I got the bug when I turned on core dumps and ran some aggressive libguestfs tests here: https://bugzilla.redhat.com/show_bug.cgi?id=836710#c5
Here's a slightly different variation of what looks like the same bug: Program terminated with signal 11, Segmentation fault. #0 0x00007f712dc8fe08 in qcow2_cache_do_get (bs=bs@entry=0x7f712f3cfa90, c=0x7f712f3d1790, offset=140123986749816, table=table@entry=0x7f71176ab530, read_from_disk=read_from_disk@entry=true) at block/qcow2-cache.c:253 253 c->entries[i].cache_hits = 32; (gdb) bt #0 0x00007f712dc8fe08 in qcow2_cache_do_get (bs=bs@entry=0x7f712f3cfa90, c= 0x7f712f3d1790, offset=140123986749816, table=table@entry=0x7f71176ab530, read_from_disk=read_from_disk@entry=true) at block/qcow2-cache.c:253 #1 0x00007f712dc8ffa3 in qcow2_cache_get (bs=bs@entry=0x7f712f3cfa90, c=<optimized out>, offset=<optimized out>, table=table@entry= 0x7f71176ab530) at block/qcow2-cache.c:267 #2 0x00007f712dc90afc in l2_load (l2_table=0x7f71176ab530, l2_offset=<optimized out>, bs=0x7f712f3cfa90) at block/qcow2-cluster.c:121 #3 qcow2_get_cluster_offset (bs=bs@entry=0x7f712f3cfa90, offset=offset@entry= 377987072, num=num@entry=0x7f71176ab5c4, cluster_offset=cluster_offset@entry=0x7f71176ab5c8) at block/qcow2-cluster.c:442 #4 0x00007f712dc91381 in qcow2_read (nb_sectors=48, buf= 0x7f7120dea200 <Address 0x7f7120dea200 out of bounds>, sector_num=738256, bs=0x7f712f3cfa90) at block/qcow2-cluster.c:305 #5 copy_sectors (bs=bs@entry=0x7f712f3cfa90, start_sect=<optimized out>, cluster_offset=345899008, n_start=80, n_end=<optimized out>) at block/qcow2-cluster.c:360 #6 0x00007f712dc917b6 in qcow2_alloc_cluster_link_l2 (bs=bs@entry= 0x7f712f3cfa90, m=m@entry=0x7f71176ab720) at block/qcow2-cluster.c:631 #7 0x00007f712dc95088 in qcow2_co_writev (bs=0x7f712f3cfa90, sector_num= 737280, remaining_sectors=976, qiov=0x7f7114006f18) at block/qcow2.c:596 #8 0x00007f712dc851bc in bdrv_co_do_writev (bs=0x7f712f3cfa90, sector_num= 737248, nb_sectors=1008, qiov=<optimized out>) at block.c:1300 #9 0x00007f712dc85412 in bdrv_co_do_rw (opaque=0x7f7114019b20) at block.c:2606 #10 0x00007f712dcbca0a in coroutine_trampoline (i0=<optimized out>, i1=<optimized out>) at coroutine-ucontext.c:129 #11 0x00007f71283d5450 in ?? () from /lib64/libc.so.6 #12 0x00007f7120de81f0 in ?? () #13 0x7b7b7b7b7b7b7b7b in ?? () #14 0x0000000000000000 in ?? () (gdb) info threads Id Target Id Frame 6 Thread 0x7f711b7fe700 (LWP 1466) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 5 Thread 0x7f7120de9700 (LWP 1464) 0x00007f712847baa7 in ioctl () at ../sysdeps/unix/syscall-template.S:81 4 Thread 0x7f711affd700 (LWP 1467) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 3 Thread 0x7f711bfff700 (LWP 1465) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 2 Thread 0x7f71217eb700 (LWP 1463) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 * 1 Thread 0x7f712dbb8a00 (LWP 1460) 0x00007f712dc8fe08 in qcow2_cache_do_get (bs=bs@entry=0x7f712f3cfa90, c=0x7f712f3d1790, offset=140123986749816, table=table@entry=0x7f71176ab530, read_from_disk=read_from_disk@entry=true) at block/qcow2-cache.c:253
Another one: Program terminated with signal 11, Segmentation fault. #0 qcow2_cache_entry_flush (bs=bs@entry=0x7f31ec9f2a90, c=c@entry=0x7f31ec9f11a0, i=i@entry=2) at block/qcow2-cache.c:116 116 if (c == s->refcount_block_cache) { (gdb) bt #0 qcow2_cache_entry_flush (bs=bs@entry=0x7f31ec9f2a90, c=c@entry= 0x7f31ec9f11a0, i=i@entry=2) at block/qcow2-cache.c:116 #1 0x00007f31eb548b2d in qcow2_cache_flush (bs=bs@entry=0x7f31ec9f2a90, c= 0x7f31ec9f11a0) at block/qcow2-cache.c:140 #2 0x00007f31eb54969f in l2_allocate (table=0x7f31d305f9f8, l1_index=0, bs= 0x7f31ec9f2a90) at block/qcow2-cluster.c:180 #3 get_cluster_table (bs=bs@entry=0x7f31ec9f2a90, offset=382205952, new_l2_table=new_l2_table@entry=0x7f31d305fa70, new_l2_offset=new_l2_offset@entry=0x7f31d305fa68, new_l2_index=new_l2_index@entry=0x7f31d305fa64) at block/qcow2-cluster.c:519 #4 0x00007f31eb54a66a in qcow2_alloc_cluster_link_l2 (bs=bs@entry= 0x7f31ec9f2a90, m=m@entry=0x7f31d305fb30) at block/qcow2-cluster.c:649 #5 0x00007f31eb54e088 in qcow2_co_writev (bs=0x7f31ec9f2a90, sector_num= 746496, remaining_sectors=960, qiov=0x7f31d0006918) at block/qcow2.c:596 #6 0x00007f31eb53e1bc in bdrv_co_do_writev (bs=0x7f31ec9f2a90, sector_num= 746448, nb_sectors=1008, qiov=<optimized out>) at block.c:1300 #7 0x00007f31eb53e412 in bdrv_co_do_rw (opaque=0x7f31d0006850) at block.c:2606 #8 0x00007f31eb575a0a in coroutine_trampoline (i0=<optimized out>, i1=<optimized out>) at coroutine-ucontext.c:129 #9 0x00007f31e5c8e450 in ?? () from /lib64/libc.so.6 #10 0x00007f31de6a11f0 in ?? () #11 0xd2d2d2d2d2d2d2d2 in ?? () #12 0x0000000000000000 in ?? () (gdb) info threads Id Target Id Frame 14 Thread 0x7f31ad1f7700 (LWP 26072) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 13 Thread 0x7f31af1fb700 (LWP 26068) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 12 Thread 0x7f31ad9f8700 (LWP 26071) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 11 Thread 0x7f31ae9fa700 (LWP 26069) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 10 Thread 0x7f31dd1bd700 (LWP 26063) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 9 Thread 0x7f31df0a4700 (LWP 25969) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 8 Thread 0x7f31de6a2700 (LWP 25970) __lll_lock_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:135 7 Thread 0x7f31b01fd700 (LWP 26066) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 6 Thread 0x7f31ae1f9700 (LWP 26070) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 5 Thread 0x7f31dc9bc700 (LWP 26064) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 4 Thread 0x7f31af9fc700 (LWP 26067) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 3 Thread 0x7f31dd9be700 (LWP 26060) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 2 Thread 0x7f31b09fe700 (LWP 26065) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217 * 1 Thread 0x7f31eb471a00 (LWP 25966) qcow2_cache_entry_flush (bs=bs@entry= 0x7f31ec9f2a90, c=c@entry=0x7f31ec9f11a0, i=i@entry=2) at block/qcow2-cache.c:116 (gdb) frame 0 #0 qcow2_cache_entry_flush (bs=bs@entry=0x7f31ec9f2a90, c=c@entry= 0x7f31ec9f11a0, i=i@entry=2) at block/qcow2-cache.c:116 116 if (c == s->refcount_block_cache) { (gdb) print c $1 = (Qcow2Cache *) 0x7f31ec9f11a0 (gdb) print *s Cannot access memory at address 0x0
Another one: Program terminated with signal 11, Segmentation fault. #0 qcow2_cache_do_get (bs=bs@entry=0x7f3aaa028a90, c=0xa8a8a8a8a8a8a8a8, offset=offset@entry=353894400, table=table@entry=0x7f3a8e3c7978, read_from_disk=read_from_disk@entry=false) at block/qcow2-cache.c:222 222 for (i = 0; i < c->size; i++) { (gdb) bt #0 qcow2_cache_do_get (bs=bs@entry=0x7f3aaa028a90, c=0xa8a8a8a8a8a8a8a8, offset=offset@entry=353894400, table=table@entry=0x7f3a8e3c7978, read_from_disk=read_from_disk@entry=false) at block/qcow2-cache.c:222 #1 0x00007f3aa815ffe0 in qcow2_cache_get_empty (bs=bs@entry=0x7f3aaa028a90, c=<optimized out>, offset=offset@entry=353894400, table=table@entry= 0x7f3a8e3c7978) at block/qcow2-cache.c:273 #2 0x00007f3aa81606c6 in l2_allocate (table=0x7f3a8e3c7978, l1_index=0, bs= 0x7f3aaa028a90) at block/qcow2-cluster.c:187 #3 get_cluster_table (bs=bs@entry=0x7f3aaa028a90, offset=385417216, new_l2_table=new_l2_table@entry=0x7f3a8e3c79f0, new_l2_offset=new_l2_offset@entry=0x7f3a8e3c79e8, new_l2_index=new_l2_index@entry=0x7f3a8e3c79e4) at block/qcow2-cluster.c:519 #4 0x00007f3aa816166a in qcow2_alloc_cluster_link_l2 (bs=bs@entry= 0x7f3aaa028a90, m=m@entry=0x7f3a8e3c7ab0) at block/qcow2-cluster.c:649 #5 0x00007f3aa8165088 in qcow2_co_writev (bs=0x7f3aaa028a90, sector_num= 752768, remaining_sectors=992, qiov=0x7f3a8c341308) at block/qcow2.c:596 #6 0x00007f3aa81551bc in bdrv_co_do_writev (bs=0x7f3aaa028a90, sector_num= 752752, nb_sectors=1008, qiov=<optimized out>) at block.c:1300 #7 0x00007f3aa8155412 in bdrv_co_do_rw (opaque=0x7f3a8c883370) at block.c:2606 #8 0x00007f3aa818ca0a in coroutine_trampoline (i0=<optimized out>, i1=<optimized out>) at coroutine-ucontext.c:129 #9 0x00007f3aa28a5450 in ?? () from /lib64/libc.so.6 #10 0x00007f3a9b2b81f0 in ?? () #11 0x5757575757575757 in ?? () #12 0x0000000000000000 in ?? () (gdb) frame 0 #0 qcow2_cache_do_get (bs=bs@entry=0x7f3aaa028a90, c=0xa8a8a8a8a8a8a8a8, offset=offset@entry=353894400, table=table@entry=0x7f3a8e3c7978, read_from_disk=read_from_disk@entry=false) at block/qcow2-cache.c:222 222 for (i = 0; i < c->size; i++) { (gdb) print c $1 = (Qcow2Cache *) 0xa8a8a8a8a8a8a8a8 (gdb) print *bs $2 = { total_sectors = 1024000, read_only = 0, keep_read_only = 0, open_flags = 98, encrypted = 0, valid_key = 0, sg = 0, drv = 0x0, opaque = 0x0, dev = 0x7f3aaa758da0, dev_ops = 0x0, dev_opaque = 0x0, filename = "/tmp/test.img", '\000' <repeats 1010 times>, backing_file = '\000' <repeats 1023 times>, backing_format = '\000' <repeats 15 times>, is_temporary = 0, backing_hd = 0x0, file = 0x7f3aaa0296b0, sync_aiocb = 0x0, nr_bytes = {2804224, 351936512, 0}, nr_ops = {560, 693, 10}, total_time_ns = {40245897, 105952906262, 11386858}, wr_highest_sector = 1023999, growable = 0, buffer_alignment = 512, enable_write_cache = 1, cyls = 1015, heads = 16, secs = 63, translation = 0, on_read_error = BLOCK_ERR_REPORT, on_write_error = BLOCK_ERR_STOP_ENOSPC, iostatus_enabled = true, iostatus = BLOCK_DEVICE_IO_STATUS_OK, device_name = "hd0", '\000' <repeats 28 times>, dirty_bitmap = 0x0, dirty_count = 0, in_use = 0, list = { tqe_next = 0x7f3aaa18d030, tqe_prev = 0x7f3aa86e1130 }, private = 0x0 }
Rich, have you seen this with 1.1 currently in rawhide, or on F17? qemu-system-x86-1.0-17.fc18.x86_64 is basically what's in F17 now, so reassigning there.
I strongly suspect this was simply another aspect of bug 836913. So I'm going to tentatively mark it as a duplicate. *** This bug has been marked as a duplicate of bug 836913 ***