* [Qemu-devel] Supplying QCOW2 as 'file' driver to `blockdev-add` results in a QEMU crash
@ 2016-06-15 9:58 Kashyap Chamarthy
2016-06-15 12:02 ` [Qemu-devel] [Qemu-block] " Kashyap Chamarthy
2016-06-15 15:17 ` [Qemu-devel] " Max Reitz
0 siblings, 2 replies; 5+ messages in thread
From: Kashyap Chamarthy @ 2016-06-15 9:58 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-block, armbru, eblake
Seems like supplying "qcow2" file BlockdevDriver option to QMP
`blockdev-add` results in a SIGSEGV:
[...]
Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
0x0000555555a0121f in visit_type_BlockdevRef ()
[...]
Reproducer
----------
Tested with: qemu-2.6.0-3.fc24
Invoke this QEMU command-line (QMP server over Unix socket) in GDB:
$ gdb /usr/bin/qemu-system-x86_64
[...]
(gdb) run -machine accel=kvm -name cirrvm -S -machine pc-i440fx-2.1,accel=kvm,usb=off -cpu SandyBridge -m 977 -realtime mlock=off -smp 1,sockets=1,cores=1,threads=1 -nographic -no-user-confi
g -nodefaults -chardev socket,id=charmonitor,path=/var/tmp/cirrvm.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew -global kvm-pit.lost_tick
_policy=discard -no-hpet -no-shutdown -boot strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x3.0x7 -drive file=./cirros-0.3.3.qcow2,if=none,id=drive-ide0-0-0,driver=qcow2 -device ide
-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -device virtio-balloon-pci,id=balloon0,bus=pci
.0,addr=0x4 -msg timestamp=on -qmp unix:./qmp-sock,server --monitor stdio
[...]
Then, invoke the 'blockdev-add' QMP command with these arguments and options:
$ socat UNIX:/export/qmp-sock READLINE,history=$HOME/.qmp_history,prompt='QMP> '
{"QMP": {"version": {"qemu": {"micro": 0, "minor": 6, "major": 2}, "package": " (qemu-2.6.0-3.fc24)"}, "capabilities": []}}
QMP> {"execute":"qmp_capabilities"}
{"return": {}}
QMP> { "execute": "blockdev-add",
"arguments": { "options" : { "driver": "qcow2",
"id": "drive-ide1-0-0",
"file": { "driver": "qcow2",
"filename": "backup1.qcow2" } } } }
Backtrace
---------
[...]
Starting program: /usr/bin/qemu-system-x86_64 -machine accel=kvm -name cirrvm -S -machine pc-i440fx-2.1,accel=kvm,usb=off -cpu SandyBridge -m 977 -realtime mlock=off -smp 1,sockets=1,cores=1
,threads=1 -nographic -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/tmp/cirrvm.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,dri
ftfix=slew -global kvm-pit.lost_tick_policy=discard -no-hpet -no-shutdown -boot strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x3.0x7 -drive file=./cirros-0.3.3.qcow2,if=none,id=dri
ve-ide0-0-0,driver=qcow2 -device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -device vi
rtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x4 -msg timestamp=on -qmp unix:./qmp-sock,server --monitor stdio
[...]
[New Thread 0x7fffcb792700 (LWP 2169)]
char device redirected to /dev/pts/50 (label charserial0)
QEMU waiting for connection on: disconnected:unix:./qmp-sock,server
[New Thread 0x7fffcad7f700 (LWP 2234)]
QEMU 2.6.0 monitor - type 'help' for more information
(qemu) [New Thread 0x7fffca57e700 (LWP 2235)]
[Thread 0x7fffcad7f700 (LWP 2234) exited]
Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
0x0000555555a0121f in visit_type_BlockdevRef ()
(gdb) thread apply all bt full
Thread 4 (Thread 0x7fffca57e700 (LWP 2235)):
#0 0x00007fffdabf4bd0 in pthread_cond_wait@@GLIBC_2.3.2 () at /lib64/libpthread.so.0
#1 0x0000555555a199e9 in qemu_cond_wait ()
#2 0x000055555571e26f in qemu_kvm_cpu_thread_fn ()
#3 0x00007fffdabef5ca in start_thread () at /lib64/libpthread.so.0
#4 0x00007fffda928ead in clone () at /lib64/libc.so.6
Thread 2 (Thread 0x7fffcb792700 (LWP 2169)):
#0 0x00007fffda922ff9 in syscall () at /lib64/libc.so.6
#1 0x0000555555a19cf8 in qemu_event_wait ()
#2 0x0000555555a27e6e in call_rcu_thread ()
#3 0x00007fffdabef5ca in start_thread () at /lib64/libpthread.so.0
#4 0x00007fffda928ead in clone () at /lib64/libc.so.6
Thread 1 (Thread 0x7ffff7ed0f80 (LWP 2162)):
#0 0x0000555555a0121f in visit_type_BlockdevRef ()
#1 0x0000555555a016a2 in visit_type_BlockdevOptionsGenericFormat_members ()
#2 0x0000555555a01903 in visit_type_BlockdevOptionsGenericCOWFormat_members ()
#3 0x0000555555a01a53 in visit_type_BlockdevOptionsQcow2_members ()
#4 0x0000555555a010d5 in visit_type_BlockdevOptions_members ()
#5 0x0000555555a012c8 in visit_type_BlockdevRef ()
#6 0x0000555555a016a2 in visit_type_BlockdevOptionsGenericFormat_members ()
#7 0x0000555555a01903 in visit_type_BlockdevOptionsGenericCOWFormat_members ()
#8 0x0000555555a01a53 in visit_type_BlockdevOptionsQcow2_members ()
#9 0x0000555555a010d5 in visit_type_BlockdevOptions_members ()
#10 0x0000555555a0116f in visit_type_BlockdevOptions ()
#11 0x0000555555a077a2 in visit_type_q_obj_blockdev_add_arg_members ()
#12 0x000055555580691b in qmp_marshal_blockdev_add ()
#13 0x0000555555721460 in handle_qmp_command ()
#14 0x0000555555a15858 in json_message_process_token ()
---Type <return> to continue, or q <return> to quit---
#15 0x0000555555a29bcd in json_lexer_feed_char ()
#16 0x0000555555a29cde in json_lexer_feed ()
#17 0x000055555571fedb in monitor_qmp_read ()
#18 0x00005555557fd2a0 in tcp_chr_read ()
#19 0x00007fffde6a9703 in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#20 0x0000555555987163 in main_loop_wait ()
#21 0x00005555556eadbd in main ()
(gdb)
--
/kashyap
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] [Qemu-block] Supplying QCOW2 as 'file' driver to `blockdev-add` results in a QEMU crash
2016-06-15 9:58 [Qemu-devel] Supplying QCOW2 as 'file' driver to `blockdev-add` results in a QEMU crash Kashyap Chamarthy
@ 2016-06-15 12:02 ` Kashyap Chamarthy
2016-06-15 15:17 ` [Qemu-devel] " Max Reitz
1 sibling, 0 replies; 5+ messages in thread
From: Kashyap Chamarthy @ 2016-06-15 12:02 UTC (permalink / raw)
To: qemu-devel; +Cc: armbru, qemu-block
On Wed, Jun 15, 2016 at 11:58:31AM +0200, Kashyap Chamarthy wrote:
> Seems like supplying "qcow2" file BlockdevDriver option to QMP
> `blockdev-add` results in a SIGSEGV:
>
> [...]
> Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
> 0x0000555555a0121f in visit_type_BlockdevRef ()
> [...]
>
[...]
> Then, invoke the 'blockdev-add' QMP command with these arguments and options:
>
> $ socat UNIX:/export/qmp-sock READLINE,history=$HOME/.qmp_history,prompt='QMP> '
> {"QMP": {"version": {"qemu": {"micro": 0, "minor": 6, "major": 2}, "package": " (qemu-2.6.0-3.fc24)"}, "capabilities": []}}
> QMP> {"execute":"qmp_capabilities"}
> {"return": {}}
>
> QMP> { "execute": "blockdev-add",
> "arguments": { "options" : { "driver": "qcow2",
> "id": "drive-ide1-0-0",
> "file": { "driver": "qcow2",
> "filename": "backup1.qcow2" } } } }
>
[...]
Related SIGSEGV case:
(1) driver: raw, file: driver: raw
QMP> { "execute": "blockdev-add",
"arguments": { "options" : { "driver": "raw",
"id": "drive-ide1-0-0",
"file": { "driver": "raw",
"filename": "/tmp/test1.raw" } } } }
And the below are the *good* cases, where the block device is added
successfully:
(2) driver: qcow2, file: driver: file
$ qemu-img create -f qcow2 /tmp/test2.qcow2 512M
QMP> { "execute": "blockdev-add",
"arguments": { "options" : { "driver": "qcow2",
"id": "drive-ide2-0-0",
"file": { "driver": "file",
"filename": "/tmp/test2.qcow2" } } } }
{"return": {}}
(3) driver: raw, file: driver: file
$ qemu-img create -f raw /tmp/test3.raw 512M
QMP> { "execute": "blockdev-add",
"arguments": { "options" : { "driver": "raw",
"id": "drive-ide3-0-0",
"file": { "driver": "file",
"filename": "/tmp/test3.raw" } } } }
{"return": {}}
--
/kashyap
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] Supplying QCOW2 as 'file' driver to `blockdev-add` results in a QEMU crash
2016-06-15 9:58 [Qemu-devel] Supplying QCOW2 as 'file' driver to `blockdev-add` results in a QEMU crash Kashyap Chamarthy
2016-06-15 12:02 ` [Qemu-devel] [Qemu-block] " Kashyap Chamarthy
@ 2016-06-15 15:17 ` Max Reitz
2016-06-15 15:38 ` Eric Blake
1 sibling, 1 reply; 5+ messages in thread
From: Max Reitz @ 2016-06-15 15:17 UTC (permalink / raw)
To: Kashyap Chamarthy, qemu-devel; +Cc: armbru, qemu-block, Eric Blake
[-- Attachment #1: Type: text/plain, Size: 566 bytes --]
On 15.06.2016 11:58, Kashyap Chamarthy wrote:
> Seems like supplying "qcow2" file BlockdevDriver option to QMP
> `blockdev-add` results in a SIGSEGV:
>
> [...]
> Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
> 0x0000555555a0121f in visit_type_BlockdevRef ()
> [...]
>
> Reproducer
> ----------
Even simpler reproducer:
{'execute':'blockdev-add','arguments':{'options':{'driver':'raw'}}}
Seems like a QAPI problem to me, and bisecting yields
dbf11922622685934bfb41e7cf2be9bd4a0405c0 as the culprit.
Max
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 473 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] Supplying QCOW2 as 'file' driver to `blockdev-add` results in a QEMU crash
2016-06-15 15:17 ` [Qemu-devel] " Max Reitz
@ 2016-06-15 15:38 ` Eric Blake
2016-06-15 16:10 ` Eric Blake
0 siblings, 1 reply; 5+ messages in thread
From: Eric Blake @ 2016-06-15 15:38 UTC (permalink / raw)
To: Max Reitz, Kashyap Chamarthy, qemu-devel; +Cc: armbru, qemu-block
[-- Attachment #1: Type: text/plain, Size: 785 bytes --]
On 06/15/2016 09:17 AM, Max Reitz wrote:
> On 15.06.2016 11:58, Kashyap Chamarthy wrote:
>> Seems like supplying "qcow2" file BlockdevDriver option to QMP
>> `blockdev-add` results in a SIGSEGV:
>>
>> [...]
>> Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
>> 0x0000555555a0121f in visit_type_BlockdevRef ()
>> [...]
>>
>> Reproducer
>> ----------
>
> Even simpler reproducer:
>
> {'execute':'blockdev-add','arguments':{'options':{'driver':'raw'}}}
>
> Seems like a QAPI problem to me, and bisecting yields
> dbf11922622685934bfb41e7cf2be9bd4a0405c0 as the culprit.
I'm looking into it. Thanks for the testcase.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] Supplying QCOW2 as 'file' driver to `blockdev-add` results in a QEMU crash
2016-06-15 15:38 ` Eric Blake
@ 2016-06-15 16:10 ` Eric Blake
0 siblings, 0 replies; 5+ messages in thread
From: Eric Blake @ 2016-06-15 16:10 UTC (permalink / raw)
To: Max Reitz, Kashyap Chamarthy, qemu-devel; +Cc: armbru, qemu-block
[-- Attachment #1: Type: text/plain, Size: 1197 bytes --]
On 06/15/2016 09:38 AM, Eric Blake wrote:
> On 06/15/2016 09:17 AM, Max Reitz wrote:
>> On 15.06.2016 11:58, Kashyap Chamarthy wrote:
>>> Seems like supplying "qcow2" file BlockdevDriver option to QMP
>>> `blockdev-add` results in a SIGSEGV:
>>>
>>> [...]
>>> Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
>>> 0x0000555555a0121f in visit_type_BlockdevRef ()
>>> [...]
>>>
>>> Reproducer
>>> ----------
>>
>> Even simpler reproducer:
>>
>> {'execute':'blockdev-add','arguments':{'options':{'driver':'raw'}}}
>>
>> Seems like a QAPI problem to me, and bisecting yields
>> dbf11922622685934bfb41e7cf2be9bd4a0405c0 as the culprit.
>
> I'm looking into it. Thanks for the testcase.
Okay, the problem is based on error handling - you have a missing 'file'
argument. That patch consolidated things to do two things at once
instead of two calls where the second was skipped if the first failed;
and now ends up dereferencing NULL. I didn't notice or test it at the
time, so I get to enhance the testsuite as part of my patch.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-06-15 16:10 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-15 9:58 [Qemu-devel] Supplying QCOW2 as 'file' driver to `blockdev-add` results in a QEMU crash Kashyap Chamarthy
2016-06-15 12:02 ` [Qemu-devel] [Qemu-block] " Kashyap Chamarthy
2016-06-15 15:17 ` [Qemu-devel] " Max Reitz
2016-06-15 15:38 ` Eric Blake
2016-06-15 16:10 ` Eric Blake
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.