From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:35161) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bD7b0-0005I8-Jj for qemu-devel@nongnu.org; Wed, 15 Jun 2016 05:58:51 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bD7az-0004lY-9J for qemu-devel@nongnu.org; Wed, 15 Jun 2016 05:58:50 -0400 Date: Wed, 15 Jun 2016 11:58:31 +0200 From: Kashyap Chamarthy Message-ID: <20160615095831.h3da5z7jm3xmwtog@eukaryote> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: [Qemu-devel] Supplying QCOW2 as 'file' driver to `blockdev-add` results in a QEMU crash List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: qemu-block@nongnu.org, armbru@redhat.com, eblake@redhat.com Seems like supplying "qcow2" file BlockdevDriver option to QMP `blockdev-add` results in a SIGSEGV: [...] Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault. 0x0000555555a0121f in visit_type_BlockdevRef () [...] Reproducer ---------- Tested with: qemu-2.6.0-3.fc24 Invoke this QEMU command-line (QMP server over Unix socket) in GDB: $ gdb /usr/bin/qemu-system-x86_64 [...] (gdb) run -machine accel=kvm -name cirrvm -S -machine pc-i440fx-2.1,accel=kvm,usb=off -cpu SandyBridge -m 977 -realtime mlock=off -smp 1,sockets=1,cores=1,threads=1 -nographic -no-user-confi g -nodefaults -chardev socket,id=charmonitor,path=/var/tmp/cirrvm.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew -global kvm-pit.lost_tick _policy=discard -no-hpet -no-shutdown -boot strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x3.0x7 -drive file=./cirros-0.3.3.qcow2,if=none,id=drive-ide0-0-0,driver=qcow2 -device ide -hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -device virtio-balloon-pci,id=balloon0,bus=pci .0,addr=0x4 -msg timestamp=on -qmp unix:./qmp-sock,server --monitor stdio [...] Then, invoke the 'blockdev-add' QMP command with these arguments and options: $ socat UNIX:/export/qmp-sock READLINE,history=$HOME/.qmp_history,prompt='QMP> ' {"QMP": {"version": {"qemu": {"micro": 0, "minor": 6, "major": 2}, "package": " (qemu-2.6.0-3.fc24)"}, "capabilities": []}} QMP> {"execute":"qmp_capabilities"} {"return": {}} QMP> { "execute": "blockdev-add", "arguments": { "options" : { "driver": "qcow2", "id": "drive-ide1-0-0", "file": { "driver": "qcow2", "filename": "backup1.qcow2" } } } } Backtrace --------- [...] Starting program: /usr/bin/qemu-system-x86_64 -machine accel=kvm -name cirrvm -S -machine pc-i440fx-2.1,accel=kvm,usb=off -cpu SandyBridge -m 977 -realtime mlock=off -smp 1,sockets=1,cores=1 ,threads=1 -nographic -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/tmp/cirrvm.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,dri ftfix=slew -global kvm-pit.lost_tick_policy=discard -no-hpet -no-shutdown -boot strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x3.0x7 -drive file=./cirros-0.3.3.qcow2,if=none,id=dri ve-ide0-0-0,driver=qcow2 -device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -device vi rtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x4 -msg timestamp=on -qmp unix:./qmp-sock,server --monitor stdio [...] [New Thread 0x7fffcb792700 (LWP 2169)] char device redirected to /dev/pts/50 (label charserial0) QEMU waiting for connection on: disconnected:unix:./qmp-sock,server [New Thread 0x7fffcad7f700 (LWP 2234)] QEMU 2.6.0 monitor - type 'help' for more information (qemu) [New Thread 0x7fffca57e700 (LWP 2235)] [Thread 0x7fffcad7f700 (LWP 2234) exited] Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault. 0x0000555555a0121f in visit_type_BlockdevRef () (gdb) thread apply all bt full Thread 4 (Thread 0x7fffca57e700 (LWP 2235)): #0 0x00007fffdabf4bd0 in pthread_cond_wait@@GLIBC_2.3.2 () at /lib64/libpthread.so.0 #1 0x0000555555a199e9 in qemu_cond_wait () #2 0x000055555571e26f in qemu_kvm_cpu_thread_fn () #3 0x00007fffdabef5ca in start_thread () at /lib64/libpthread.so.0 #4 0x00007fffda928ead in clone () at /lib64/libc.so.6 Thread 2 (Thread 0x7fffcb792700 (LWP 2169)): #0 0x00007fffda922ff9 in syscall () at /lib64/libc.so.6 #1 0x0000555555a19cf8 in qemu_event_wait () #2 0x0000555555a27e6e in call_rcu_thread () #3 0x00007fffdabef5ca in start_thread () at /lib64/libpthread.so.0 #4 0x00007fffda928ead in clone () at /lib64/libc.so.6 Thread 1 (Thread 0x7ffff7ed0f80 (LWP 2162)): #0 0x0000555555a0121f in visit_type_BlockdevRef () #1 0x0000555555a016a2 in visit_type_BlockdevOptionsGenericFormat_members () #2 0x0000555555a01903 in visit_type_BlockdevOptionsGenericCOWFormat_members () #3 0x0000555555a01a53 in visit_type_BlockdevOptionsQcow2_members () #4 0x0000555555a010d5 in visit_type_BlockdevOptions_members () #5 0x0000555555a012c8 in visit_type_BlockdevRef () #6 0x0000555555a016a2 in visit_type_BlockdevOptionsGenericFormat_members () #7 0x0000555555a01903 in visit_type_BlockdevOptionsGenericCOWFormat_members () #8 0x0000555555a01a53 in visit_type_BlockdevOptionsQcow2_members () #9 0x0000555555a010d5 in visit_type_BlockdevOptions_members () #10 0x0000555555a0116f in visit_type_BlockdevOptions () #11 0x0000555555a077a2 in visit_type_q_obj_blockdev_add_arg_members () #12 0x000055555580691b in qmp_marshal_blockdev_add () #13 0x0000555555721460 in handle_qmp_command () #14 0x0000555555a15858 in json_message_process_token () ---Type to continue, or q to quit--- #15 0x0000555555a29bcd in json_lexer_feed_char () #16 0x0000555555a29cde in json_lexer_feed () #17 0x000055555571fedb in monitor_qmp_read () #18 0x00005555557fd2a0 in tcp_chr_read () #19 0x00007fffde6a9703 in g_main_context_dispatch () at /lib64/libglib-2.0.so.0 #20 0x0000555555987163 in main_loop_wait () #21 0x00005555556eadbd in main () (gdb) -- /kashyap