qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] Supplying QCOW2 as 'file' driver to `blockdev-add` results

From: Kashyap Chamarthy
Subject: [Qemu-devel] Supplying QCOW2 as 'file' driver to `blockdev-add` results in a QEMU crash
Date: Wed, 15 Jun 2016 11:58:31 +0200
User-agent: Mutt/1.6.0.1 (2016-04-01) 
Seems like supplying "qcow2" file BlockdevDriver option to QMP
`blockdev-add` results in a SIGSEGV:

        [...]
    Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
    0x0000555555a0121f in visit_type_BlockdevRef ()
        [...]

Reproducer
----------

Tested with: qemu-2.6.0-3.fc24

Invoke this QEMU command-line (QMP server over Unix socket) in GDB:

$ gdb /usr/bin/qemu-system-x86_64
[...]
(gdb) run -machine accel=kvm -name cirrvm -S -machine 
pc-i440fx-2.1,accel=kvm,usb=off -cpu SandyBridge -m 977 -realtime mlock=off 
-smp 1,sockets=1,cores=1,threads=1 -nographic -no-user-confi
g -nodefaults -chardev 
socket,id=charmonitor,path=/var/tmp/cirrvm.monitor,server,nowait -mon 
chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew -global 
kvm-pit.lost_tick
_policy=discard -no-hpet -no-shutdown -boot strict=on -device 
ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x3.0x7 -drive 
file=./cirros-0.3.3.qcow2,if=none,id=drive-ide0-0-0,driver=qcow2 -device ide
-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -chardev 
pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -device 
virtio-balloon-pci,id=balloon0,bus=pci
.0,addr=0x4 -msg timestamp=on -qmp unix:./qmp-sock,server --monitor stdio
[...]

Then, invoke the 'blockdev-add' QMP command with these arguments and options:

    $ socat UNIX:/export/qmp-sock 
READLINE,history=$HOME/.qmp_history,prompt='QMP> '
    {"QMP": {"version": {"qemu": {"micro": 0, "minor": 6, "major": 2}, 
"package": " (qemu-2.6.0-3.fc24)"}, "capabilities": []}}
    QMP> {"execute":"qmp_capabilities"}
    {"return": {}}
    
    QMP> { "execute": "blockdev-add",
         "arguments": { "options" : { "driver": "qcow2", 
                                     "id": "drive-ide1-0-0",
                                     "file": { "driver": "qcow2",
                                               "filename": "backup1.qcow2" } } 
} }


Backtrace
---------

[...]
Starting program: /usr/bin/qemu-system-x86_64 -machine accel=kvm -name cirrvm 
-S -machine pc-i440fx-2.1,accel=kvm,usb=off -cpu SandyBridge -m 977 -realtime 
mlock=off -smp 1,sockets=1,cores=1
,threads=1 -nographic -no-user-config -nodefaults -chardev 
socket,id=charmonitor,path=/var/tmp/cirrvm.monitor,server,nowait -mon 
chardev=charmonitor,id=monitor,mode=control -rtc base=utc,dri
ftfix=slew -global kvm-pit.lost_tick_policy=discard -no-hpet -no-shutdown -boot 
strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x3.0x7 -drive 
file=./cirros-0.3.3.qcow2,if=none,id=dri
ve-ide0-0-0,driver=qcow2 -device 
ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -chardev 
pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -device vi
rtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x4 -msg timestamp=on -qmp 
unix:./qmp-sock,server --monitor stdio
[...]

[New Thread 0x7fffcb792700 (LWP 2169)]
char device redirected to /dev/pts/50 (label charserial0)
QEMU waiting for connection on: disconnected:unix:./qmp-sock,server
[New Thread 0x7fffcad7f700 (LWP 2234)]
QEMU 2.6.0 monitor - type 'help' for more information
(qemu) [New Thread 0x7fffca57e700 (LWP 2235)]
[Thread 0x7fffcad7f700 (LWP 2234) exited]

Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
0x0000555555a0121f in visit_type_BlockdevRef ()
(gdb) thread apply all bt full

Thread 4 (Thread 0x7fffca57e700 (LWP 2235)):
#0  0x00007fffdabf4bd0 in pthread_cond_wait@@GLIBC_2.3.2 () at 
/lib64/libpthread.so.0
#1  0x0000555555a199e9 in qemu_cond_wait ()
#2  0x000055555571e26f in qemu_kvm_cpu_thread_fn ()
#3  0x00007fffdabef5ca in start_thread () at /lib64/libpthread.so.0
#4  0x00007fffda928ead in clone () at /lib64/libc.so.6

Thread 2 (Thread 0x7fffcb792700 (LWP 2169)):
#0  0x00007fffda922ff9 in syscall () at /lib64/libc.so.6
#1  0x0000555555a19cf8 in qemu_event_wait ()
#2  0x0000555555a27e6e in call_rcu_thread ()
#3  0x00007fffdabef5ca in start_thread () at /lib64/libpthread.so.0
#4  0x00007fffda928ead in clone () at /lib64/libc.so.6

Thread 1 (Thread 0x7ffff7ed0f80 (LWP 2162)):
#0  0x0000555555a0121f in visit_type_BlockdevRef ()
#1  0x0000555555a016a2 in visit_type_BlockdevOptionsGenericFormat_members ()
#2  0x0000555555a01903 in visit_type_BlockdevOptionsGenericCOWFormat_members ()
#3  0x0000555555a01a53 in visit_type_BlockdevOptionsQcow2_members ()
#4  0x0000555555a010d5 in visit_type_BlockdevOptions_members ()
#5  0x0000555555a012c8 in visit_type_BlockdevRef ()
#6  0x0000555555a016a2 in visit_type_BlockdevOptionsGenericFormat_members ()
#7  0x0000555555a01903 in visit_type_BlockdevOptionsGenericCOWFormat_members ()
#8  0x0000555555a01a53 in visit_type_BlockdevOptionsQcow2_members ()
#9  0x0000555555a010d5 in visit_type_BlockdevOptions_members ()
#10 0x0000555555a0116f in visit_type_BlockdevOptions ()
#11 0x0000555555a077a2 in visit_type_q_obj_blockdev_add_arg_members ()
#12 0x000055555580691b in qmp_marshal_blockdev_add ()
#13 0x0000555555721460 in handle_qmp_command ()
#14 0x0000555555a15858 in json_message_process_token ()
---Type <return> to continue, or q <return> to quit---
#15 0x0000555555a29bcd in json_lexer_feed_char ()
#16 0x0000555555a29cde in json_lexer_feed ()
#17 0x000055555571fedb in monitor_qmp_read ()
#18 0x00005555557fd2a0 in tcp_chr_read ()
#19 0x00007fffde6a9703 in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#20 0x0000555555987163 in main_loop_wait ()
#21 0x00005555556eadbd in main ()
(gdb) 

-- 
/kashyap
reply via email to
[Prev in Thread] Current Thread [Next in Thread]