1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
|
permissions: 0.998
architecture: 0.998
device: 0.998
semantic: 0.998
socket: 0.997
register: 0.997
debug: 0.997
assembly: 0.997
kernel: 0.997
network: 0.997
performance: 0.997
PID: 0.997
graphic: 0.997
vnc: 0.997
files: 0.997
peripherals: 0.997
ppc: 0.996
x86: 0.996
virtual: 0.996
user-level: 0.996
arm: 0.996
TCG: 0.996
KVM: 0.995
mistranslation: 0.995
boot: 0.995
risc-v: 0.995
i386: 0.995
hypervisor: 0.995
VMM: 0.994
qemu-io-test 147 segfaults when configured with gcov
Head is at 3d7196d43bfe12efe98568cb60057e273652b99b
Steps to re-produce:
1. git clone
./configure --enable-gcov --target-list=ppc64-softmmu
make
cd tests/qemu-iotests
2. export qemu binary, in my environment
export QEMU_PROG=/home/nasastry/qemu_gcov/ppc64-softmmu/qemu-system-ppc64
3. Run test 147 with format qcow2
./check -qcow2 147
QEMU -- "/home/nasastry/qemu_gcov/ppc64-softmmu/qemu-system-ppc64" -nodefaults -machine accel=qtest
QEMU_IMG -- "/home/nasastry/qemu/qemu-img"
QEMU_IO -- "/home/nasastry/qemu/qemu-io" --cache writeback -f qcow2
QEMU_NBD -- "/home/nasastry/qemu/qemu-nbd"
IMGFMT -- qcow2 (compat=1.1)
IMGPROTO -- file
PLATFORM -- Linux/ppc64le zzfp365-lp1 4.13.0-4.rel.git49564cb.el7.centos.ppc64le
TEST_DIR -- /home/nasastry/qemu/tests/qemu-iotests/scratch
SOCKET_SCM_HELPER -- /home/nasastry/qemu/tests/qemu-iotests/socket_scm_helper
147 0s ... [failed, exit status 1] - output mismatch (see 147.out.bad)
--- /home/nasastry/qemu/tests/qemu-iotests/147.out 2017-10-25 14:04:54.978600753 +0530
+++ /home/nasastry/qemu/tests/qemu-iotests/147.out.bad 2017-10-25 14:09:53.769783770 +0530
@@ -1,5 +1,95 @@
-......
+WARNING:qemu:qemu received signal -11: /home/nasastry/qemu_gcov/ppc64-softmmu/qemu-system-ppc64 -chardev socket,id=mon,path=/home/nasastry/qemu/tests/qemu-iotests/scratch/qemu-28636-monitor.sock -mon chardev=mon,mode=control -display none -vga none -qtest unix:path=/home/nasastry/qemu/tests/qemu-iotests/scratch/qemu-28636-qtest.sock -machine accel=qtest -nodefaults -machine accel=qtest
+WARNING:qemu:qemu received signal -11: /home/nasastry/qemu_gcov/ppc64-softmmu/qemu-system-ppc64 -chardev socket,id=mon,path=/home/nasastry/qemu/tests/qemu-iotests/scratch/qemu-28636-monitor.sock -mon chardev=mon,mode=control -display none -vga none -qtest unix:path=/home/nasastry/qemu/tests/qemu-iotests/scratch/qemu-28636-qtest.sock -machine accel=qtest -nodefaults -machine accel=qtest
+WARNING:qemu:qemu received signal -11: /home/nasastry/qemu_gcov/ppc64-softmmu/qemu-system-ppc64 -chardev socket,id=mon,path=/home/nasastry/qemu/tests/qemu-iotests/scratch/qemu-28636-monitor.sock -mon chardev=mon,mode=control -display none -vga none -qtest unix:path=/home/nasastry/qemu/tests/qemu-iotests/scratch/qemu-28636-qtest.sock -machine accel=qtest -nodefaults -machine accel=qtest
+WARNING:qemu:qemu received signal -11: /home/nasastry/qemu_gcov/ppc64-softmmu/qemu-system-ppc64 -chardev socket,id=mon,path=/home/nasastry/qemu/tests/qemu-iotests/scratch/qemu-28636-monitor.sock -mon chardev=mon,mode=control -display none -vga none -qtest unix:path=/home/nasastry/qemu/tests/qemu-iotests/scratch/qemu-28636-qtest.sock -machine accel=qtest -nodefaults -machine accel=qtest
+WARNING:qemu:qemu received signal -11: /home/nasastry/qemu_gcov/ppc64-softmmu/qemu-system-ppc64 -chardev socket,id=mon,path=/home/nasastry/qemu/tests/qemu-iotests/scratch/qemu-28636-monitor.sock -mon chardev=mon,mode=control -display none -vga none -qtest unix:path=/home/nasastry/qemu/tests/qemu-iotests/scratch/qemu-28636-qtest.sock -machine accel=qtest -nodefaults -machine accel=qtest
+WARNING:qemu:qemu received signal -11: /home/nasastry/qemu_gcov/ppc64-softmmu/qemu-system-ppc64 -chardev socket,id=mon,path=/home/nasastry/qemu/tests/qemu-iotests/scratch/qemu-28636-monitor.sock -mon chardev=mon,mode=control -display none -vga none -qtest unix:path=/home/nasastry/qemu/tests/qemu-iotests/scratch/qemu-28636-qtest.sock -machine accel=qtest -nodefaults -machine accel=qtest
+FFFFFF
+======================================================================
+FAIL: test_fd (__main__.BuiltinNBD)
+----------------------------------------------------------------------
+Traceback (most recent call last):
+ File "147", line 203, in test_fd
+ self.client_test(filename, flatten_sock_addr(address), 'nbd-export')
+ File "147", line 55, in client_test
+ self.assert_qmp(result, 'return', {})
+ File "/home/nasastry/qemu/tests/qemu-iotests/iotests.py", line 315, in assert_qmp
+ result = self.dictpath(d, path)
+ File "/home/nasastry/qemu/tests/qemu-iotests/iotests.py", line 274, in dictpath
+ self.fail('failed path traversal for "%s" in "%s"' % (path, str(d)))
+AssertionError: failed path traversal for "return" in "None"
+
+======================================================================
+FAIL: test_inet (__main__.BuiltinNBD)
+----------------------------------------------------------------------
+Traceback (most recent call last):
+ File "147", line 146, in test_inet
+ flatten_sock_addr(address), 'nbd-export')
+ File "147", line 55, in client_test
+ self.assert_qmp(result, 'return', {})
+ File "/home/nasastry/qemu/tests/qemu-iotests/iotests.py", line 315, in assert_qmp
+ result = self.dictpath(d, path)
+ File "/home/nasastry/qemu/tests/qemu-iotests/iotests.py", line 274, in dictpath
+ self.fail('failed path traversal for "%s" in "%s"' % (path, str(d)))
+AssertionError: failed path traversal for "return" in "None"
+
+======================================================================
+FAIL: test_inet6 (__main__.BuiltinNBD)
+----------------------------------------------------------------------
+Traceback (most recent call last):
+ File "147", line 171, in test_inet6
+ self.client_test(filename, flatten_sock_addr(address), 'nbd-export')
+ File "147", line 55, in client_test
+ self.assert_qmp(result, 'return', {})
+ File "/home/nasastry/qemu/tests/qemu-iotests/iotests.py", line 315, in assert_qmp
+ result = self.dictpath(d, path)
+ File "/home/nasastry/qemu/tests/qemu-iotests/iotests.py", line 274, in dictpath
+ self.fail('failed path traversal for "%s" in "%s"' % (path, str(d)))
+AssertionError: failed path traversal for "return" in "None"
+
+======================================================================
+FAIL: test_unix (__main__.BuiltinNBD)
+----------------------------------------------------------------------
+Traceback (most recent call last):
+ File "147", line 179, in test_unix
+ flatten_sock_addr(address), 'nbd-export')
+ File "147", line 55, in client_test
+ self.assert_qmp(result, 'return', {})
+ File "/home/nasastry/qemu/tests/qemu-iotests/iotests.py", line 315, in assert_qmp
+ result = self.dictpath(d, path)
+ File "/home/nasastry/qemu/tests/qemu-iotests/iotests.py", line 274, in dictpath
+ self.fail('failed path traversal for "%s" in "%s"' % (path, str(d)))
+AssertionError: failed path traversal for "return" in "None"
+
+======================================================================
+FAIL: test_inet (__main__.QemuNBD)
+----------------------------------------------------------------------
+Traceback (most recent call last):
+ File "147", line 96, in test_inet
+ flatten_sock_addr(address))
+ File "147", line 55, in client_test
+ self.assert_qmp(result, 'return', {})
+ File "/home/nasastry/qemu/tests/qemu-iotests/iotests.py", line 315, in assert_qmp
+ result = self.dictpath(d, path)
+ File "/home/nasastry/qemu/tests/qemu-iotests/iotests.py", line 274, in dictpath
+ self.fail('failed path traversal for "%s" in "%s"' % (path, str(d)))
+AssertionError: failed path traversal for "return" in "None"
+
+======================================================================
+FAIL: test_unix (__main__.QemuNBD)
+----------------------------------------------------------------------
+Traceback (most recent call last):
+ File "147", line 103, in test_unix
+ flatten_sock_addr(address))
+ File "147", line 55, in client_test
+ self.assert_qmp(result, 'return', {})
+ File "/home/nasastry/qemu/tests/qemu-iotests/iotests.py", line 315, in assert_qmp
+ result = self.dictpath(d, path)
+ File "/home/nasastry/qemu/tests/qemu-iotests/iotests.py", line 274, in dictpath
+ self.fail('failed path traversal for "%s" in "%s"' % (path, str(d)))
+AssertionError: failed path traversal for "return" in "None"
+
----------------------------------------------------------------------
Ran 6 tests
-OK
+FAILED (failures=6)
Failures: 147
Failed 1 of 1 tests
With out gcov configured, the above test get pass.
export QEMU_PROG=/home/nasastry/qemu/ppc64-softmmu/qemu-system-ppc64
./check -qcow2 147
QEMU -- "/home/nasastry/qemu/ppc64-softmmu/qemu-system-ppc64" -nodefaults -machine accel=qtest
QEMU_IMG -- "/home/nasastry/qemu/qemu-img"
QEMU_IO -- "/home/nasastry/qemu/qemu-io" --cache writeback -f qcow2
QEMU_NBD -- "/home/nasastry/qemu/qemu-nbd"
IMGFMT -- qcow2 (compat=1.1)
IMGPROTO -- file
PLATFORM -- Linux/ppc64le zzfp365-lp1 4.13.0-4.rel.git49564cb.el7.centos.ppc64le
TEST_DIR -- /home/nasastry/qemu/tests/qemu-iotests/scratch
SOCKET_SCM_HELPER -- /home/nasastry/qemu/tests/qemu-iotests/socket_scm_helper
147
Passed all 1 tests
from dmesg:
[81791.481930] qemu-system-ppc[28640]: unhandled signal 11 at 0000000000000004 nip 00007fff9f82f7d4 lr 0000000010e182fc code 30001
[81791.649081] qemu-system-ppc[28651]: unhandled signal 11 at 0000000000000004 nip 00007fffbd94f7d4 lr 0000000010e182fc code 30001
[81791.817591] qemu-system-ppc[28660]: unhandled signal 11 at 0000000000000004 nip 00007fff8c1ff7d4 lr 0000000010e182fc code 30001
[81791.994442] qemu-system-ppc[28669]: unhandled signal 11 at 0000000000000004 nip 00007fffa6f1f7d4 lr 0000000010e182fc code 30001
[81792.121339] qemu-system-ppc[28678]: unhandled signal 11 at 0000000000000004 nip 00007fffb9abf7d4 lr 0000000010e182fc code 30001
[81792.205728] qemu-system-ppc[28687]: unhandled signal 11 at 0000000000000004 nip 00007fff8dccf7d4 lr 0000000010e182fc code 30001
from gdb:
(gdb) bt
#0 0x00007fffa4a3f7d4 in __strcmp_power9 () from /lib64/libc.so.6
#1 0x0000000010e182fc in find_desc_by_name (desc=0x11304690, name=0x3dfce1b0 "server.str") at util/qemu-option.c:166
#2 0x0000000010e1d814 in qemu_opts_absorb_qdict (opts=0x3e25b1c0, qdict=0x3e0bbd40, errp=0x7fffd055c678) at util/qemu-option.c:1026
#3 0x0000000010c5b2d0 in nbd_open (bs=0x3dfcaee0, options=0x3e0bbd40, flags=24578, errp=0x7fffd055c760) at block/nbd.c:406
#4 0x0000000010b454d4 in bdrv_open_driver (bs=0x3dfcaee0, drv=0x11305010 <bdrv_nbd_unix>, node_name=0x0, options=0x3e0bbd40, open_flags=24578, errp=0x7fffd055c930) at block.c:1135
#5 0x0000000010b46af0 in bdrv_open_common (bs=0x3dfcaee0, file=0x0, options=0x3e0bbd40, errp=0x7fffd055c930) at block.c:1395
#6 0x0000000010b4ced4 in bdrv_open_inherit (filename=0x0, reference=0x0, options=0x3e0bbd40, flags=40962, parent=0x3dfc4be0, child_role=0x11004bd8 <child_file>, errp=0x7fffd055cb30) at block.c:2615
#7 0x0000000010b4b60c in bdrv_open_child_bs (filename=0x0, options=0x3dfc8ea0, bdref_key=0x11005870 "file", parent=0x3dfc4be0, child_role=0x11004bd8 <child_file>, allow_none=true, errp=0x7fffd055cb30) at block.c:2314
#8 0x0000000010b4c9ac in bdrv_open_inherit (filename=0x0, reference=0x0, options=0x3dfc8ea0, flags=8194, parent=0x0, child_role=0x0, errp=0x7fffd055cd48) at block.c:2566
#9 0x0000000010b4d6f8 in bdrv_open (filename=0x0, reference=0x0, options=0x3e261380, flags=0, errp=0x7fffd055cd48) at block.c:2697
#10 0x00000000105a4684 in bds_tree_init (bs_opts=0x3e261380, errp=0x7fffd055cd48) at blockdev.c:652
#11 0x00000000105b5c9c in qmp_blockdev_add (options=0x7fffd055cd58, errp=0x7fffd055cd48) at blockdev.c:3920
#12 0x00000000105eea88 in qmp_marshal_blockdev_add (args=0x3e25e320, ret=0x7fffd055cec0, errp=0x7fffd055ceb8) at qmp-marshal.c:616
#13 0x0000000010db4de0 in do_qmp_dispatch (cmds=0x1136b198 <qmp_commands>, request=0x3e25d300, errp=0x7fffd055cf30) at qapi/qmp-dispatch.c:104
#14 0x0000000010db518c in qmp_dispatch (cmds=0x1136b198 <qmp_commands>, request=0x3e25d300) at qapi/qmp-dispatch.c:131
#15 0x00000000100c9470 in handle_qmp_command (parser=0x3dfd3350, tokens=0x3dfbef40) at /home/nasastry/qemu/monitor.c:3854
#16 0x0000000010dc8bcc in json_message_process_token (lexer=0x3dfd3358, input=0x3dfbdc80, type=JSON_RCURLY, x=273, y=0) at qobject/json-streamer.c:105
#17 0x0000000010e3dc98 in json_lexer_feed_char (lexer=0x3dfd3358, ch=125 '}', flush=false) at qobject/json-lexer.c:323
#18 0x0000000010e3dfe0 in json_lexer_feed (lexer=0x3dfd3358, buffer=0x7fffd055d2f8 "}", size=1) at qobject/json-lexer.c:373
#19 0x0000000010dc8d6c in json_message_parser_feed (parser=0x3dfd3350, buffer=0x7fffd055d2f8 "}", size=1) at qobject/json-streamer.c:124
#20 0x00000000100c99ac in monitor_qmp_read (opaque=0x3dfd32c0, buf=0x7fffd055d2f8 "}", size=1) at /home/nasastry/qemu/monitor.c:3896
#21 0x0000000010ca9430 in qemu_chr_be_write_impl (s=0x3dfce650, buf=0x7fffd055d2f8 "}", len=1) at chardev/char.c:167
#22 0x0000000010ca9594 in qemu_chr_be_write (s=0x3dfce650, buf=0x7fffd055d2f8 "}", len=1) at chardev/char.c:179
#23 0x0000000010cbf154 in tcp_chr_read (chan=0x3dfd2190, cond=G_IO_IN, opaque=0x3dfce650) at chardev/char-socket.c:440
#24 0x0000000010cf9b1c in qio_channel_fd_source_dispatch (source=0x3e259470, callback=0x10cbee50 <tcp_chr_read>, user_data=0x3dfce650) at io/channel-watch.c:84
#25 0x00007fffa4f13ab0 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#26 0x0000000010ddf918 in glib_pollfds_poll () at util/main-loop.c:214
#27 0x0000000010ddfcc8 in os_host_main_loop_wait (timeout=-1) at util/main-loop.c:261
#28 0x0000000010ddfeec in main_loop_wait (nonblocking=0) at util/main-loop.c:515
#29 0x00000000105d0afc in main_loop () at vl.c:1995
#30 0x00000000105e5cc4 in main (argc=16, argv=0x7fffd055ed08, envp=0x7fffd055ed90) at vl.c:4899
(gdb) bt full
#0 0x00007fffa4a3f7d4 in __strcmp_power9 () from /lib64/libc.so.6
No symbol table info available.
#1 0x0000000010e182fc in find_desc_by_name (desc=0x11304690, name=0x3dfce1b0 "server.str") at util/qemu-option.c:166
i = 7
#2 0x0000000010e1d814 in qemu_opts_absorb_qdict (opts=0x3e25b1c0, qdict=0x3e0bbd40, errp=0x7fffd055c678) at util/qemu-option.c:1026
local_err = 0x0
state = {opts = 0x3e25b1c0, errp = 0x7fffd055c5b0}
entry = 0x3dfce180
next = 0x3dfce220
#3 0x0000000010c5b2d0 in nbd_open (bs=0x3dfcaee0, options=0x3e0bbd40, flags=24578, errp=0x7fffd055c760) at block/nbd.c:406
s = 0x3e262d70
opts = 0x3e25b1c0
local_err = 0x0
sioc = 0x0
tlscreds = 0x0
hostname = 0x0
ret = -22
__func__ = "nbd_open"
#4 0x0000000010b454d4 in bdrv_open_driver (bs=0x3dfcaee0, drv=0x11305010 <bdrv_nbd_unix>, node_name=0x0, options=0x3e0bbd40, open_flags=24578, errp=0x7fffd055c930) at block.c:1135
local_err = 0x0
ret = 0
__PRETTY_FUNCTION__ = "bdrv_open_driver"
__func__ = "bdrv_open_driver"
#5 0x0000000010b46af0 in bdrv_open_common (bs=0x3dfcaee0, file=0x0, options=0x3e0bbd40, errp=0x7fffd055c930) at block.c:1395
ret = 0
open_flags = 24578
filename = 0x0
driver_name = 0x3e25b340 "nbd"
node_name = 0x0
discard = 0x3e25b460 "unmap"
detect_zeroes = 0x0
opts = 0x3e25b210
drv = 0x11305010 <bdrv_nbd_unix>
local_err = 0x0
__PRETTY_FUNCTION__ = "bdrv_open_common"
__func__ = "bdrv_open_common"
#6 0x0000000010b4ced4 in bdrv_open_inherit (filename=0x0, reference=0x0, options=0x3e0bbd40, flags=40962, parent=0x3dfc4be0, child_role=0x11004bd8 <child_file>, errp=0x7fffd055cb30) at block.c:2615
ret = 0
file = 0x0
bs = 0x3dfcaee0
drv = 0x11305010 <bdrv_nbd_unix>
drvname = 0x3e0e28c0 "nbd"
backing = 0x0
local_err = 0x0
snapshot_options = 0x0
snapshot_flags = 0
__PRETTY_FUNCTION__ = "bdrv_open_inherit"
__func__ = "bdrv_open_inherit"
#7 0x0000000010b4b60c in bdrv_open_child_bs (filename=0x0, options=0x3dfc8ea0, bdref_key=0x11005870 "file", parent=0x3dfc4be0, child_role=0x11004bd8 <child_file>, allow_none=true, errp=0x7fffd055cb30) at block.c:2314
bs = 0x0
image_options = 0x3dfc9ec0
bdref_key_dot = 0x3e25ae10 "\220\065\036>"
reference = 0x0
__PRETTY_FUNCTION__ = "bdrv_open_child_bs"
__func__ = "bdrv_open_child_bs"
#8 0x0000000010b4c9ac in bdrv_open_inherit (filename=0x0, reference=0x0, options=0x3dfc8ea0, flags=8194, parent=0x0, child_role=0x0, errp=0x7fffd055cd48) at block.c:2566
file_bs = 0x7fffd055cba0
ret = 0
file = 0x0
bs = 0x3dfc4be0
drv = 0x112ebae0 <bdrv_raw>
drvname = 0x3e0a78b0 "raw"
backing = 0x0
local_err = 0x0
snapshot_options = 0x0
snapshot_flags = 0
__PRETTY_FUNCTION__ = "bdrv_open_inherit"
__func__ = "bdrv_open_inherit"
---Type <return> to continue, or q <return> to quit---
#9 0x0000000010b4d6f8 in bdrv_open (filename=0x0, reference=0x0, options=0x3e261380, flags=0, errp=0x7fffd055cd48) at block.c:2697
No locals.
#10 0x00000000105a4684 in bds_tree_init (bs_opts=0x3e261380, errp=0x7fffd055cd48) at blockdev.c:652
bdrv_flags = 0
#11 0x00000000105b5c9c in qmp_blockdev_add (options=0x7fffd055cd58, errp=0x7fffd055cd48) at blockdev.c:3920
bs = 0x0
obj = 0x3e261380
v = 0x3e25a2d0
qdict = 0x3e261380
ent = 0x0
local_err = 0x0
__func__ = "qmp_blockdev_add"
#12 0x00000000105eea88 in qmp_marshal_blockdev_add (args=0x3e25e320, ret=0x7fffd055cec0, errp=0x7fffd055ceb8) at qmp-marshal.c:616
err = 0x0
v = 0x3e0a6e40
arg = {driver = BLOCKDEV_DRIVER_RAW, has_node_name = true, node_name = 0x3e25a930 "nbd-blockdev", has_discard = false, discard = BLOCKDEV_DISCARD_OPTIONS_IGNORE, has_cache = false, cache = 0x0, has_read_only = false,
read_only = false, has_force_share = false, force_share = false, has_detect_zeroes = false, detect_zeroes = BLOCKDEV_DETECT_ZEROES_OPTIONS_OFF, u = {blkdebug = {image = 0x3e200a70, has_config = false, config = 0x0,
has_align = false, align = 0, has_max_transfer = false, max_transfer = 0, has_opt_write_zero = false, opt_write_zero = 0, has_max_write_zero = false, max_write_zero = 0, has_opt_discard = false,
opt_discard = 0, has_max_discard = false, max_discard = 0, has_inject_error = false, inject_error = 0x0, has_set_state = false, set_state = 0x0}, blkverify = {test = 0x3e200a70, raw = 0x0}, bochs = {
file = 0x3e200a70}, cloop = {file = 0x3e200a70}, dmg = {file = 0x3e200a70}, file = {filename = 0x3e200a70 "\004", has_pr_manager = false, pr_manager = 0x0, has_locking = false, locking = ON_OFF_AUTO_AUTO,
has_aio = false, aio = BLOCKDEV_AIO_OPTIONS_THREADS}, ftp = {url = 0x3e200a70 "\004", has_readahead = false, readahead = 0, has_timeout = false, timeout = 0, has_username = false, username = 0x0,
has_password_secret = false, password_secret = 0x0, has_proxy_username = false, proxy_username = 0x0, has_proxy_password_secret = false, proxy_password_secret = 0x0}, ftps = {url = 0x3e200a70 "\004",
has_readahead = false, readahead = 0, has_timeout = false, timeout = 0, has_username = false, username = 0x0, has_password_secret = false, password_secret = 0x0, has_proxy_username = false,
proxy_username = 0x0, has_proxy_password_secret = false, proxy_password_secret = 0x0, has_sslverify = false, sslverify = false}, gluster = {volume = 0x3e200a70 "\004", path = 0x0, server = 0x0,
has_debug = false, debug = 0, has_logfile = false, logfile = 0x0}, host_cdrom = {filename = 0x3e200a70 "\004", has_pr_manager = false, pr_manager = 0x0, has_locking = false, locking = ON_OFF_AUTO_AUTO,
has_aio = false, aio = BLOCKDEV_AIO_OPTIONS_THREADS}, host_device = {filename = 0x3e200a70 "\004", has_pr_manager = false, pr_manager = 0x0, has_locking = false, locking = ON_OFF_AUTO_AUTO, has_aio = false,
aio = BLOCKDEV_AIO_OPTIONS_THREADS}, http = {url = 0x3e200a70 "\004", has_readahead = false, readahead = 0, has_timeout = false, timeout = 0, has_username = false, username = 0x0, has_password_secret = false,
password_secret = 0x0, has_proxy_username = false, proxy_username = 0x0, has_proxy_password_secret = false, proxy_password_secret = 0x0, has_cookie = false, cookie = 0x0, has_cookie_secret = false,
cookie_secret = 0x0}, https = {url = 0x3e200a70 "\004", has_readahead = false, readahead = 0, has_timeout = false, timeout = 0, has_username = false, username = 0x0, has_password_secret = false,
password_secret = 0x0, has_proxy_username = false, proxy_username = 0x0, has_proxy_password_secret = false, proxy_password_secret = 0x0, has_cookie = false, cookie = 0x0, has_sslverify = false,
sslverify = false, has_cookie_secret = false, cookie_secret = 0x0}, iscsi = {transport = (unknown: 1042287216), portal = 0x0, target = 0x0, has_lun = false, lun = 0, has_user = false, user = 0x0,
has_password_secret = false, password_secret = 0x0, has_initiator_name = false, initiator_name = 0x0, has_header_digest = false, header_digest = QAPI_ISCSI_HEADER_DIGEST_CRC32C, has_timeout = false,
timeout = 0}, luks = {file = 0x3e200a70, has_key_secret = false, key_secret = 0x0}, nbd = {server = 0x3e200a70, has_export = false, export = 0x0, has_tls_creds = false, tls_creds = 0x0}, nfs = {
server = 0x3e200a70, path = 0x0, has_user = false, user = 0, has_group = false, group = 0, has_tcp_syn_count = false, tcp_syn_count = 0, has_readahead_size = false, readahead_size = 0,
has_page_cache_size = false, page_cache_size = 0, has_debug = false, debug = 0}, null_aio = {has_size = 112, size = 0, has_latency_ns = false, latency_ns = 0}, null_co = {has_size = 112, size = 0,
has_latency_ns = false, latency_ns = 0}, parallels = {file = 0x3e200a70}, qcow2 = {file = 0x3e200a70, has_backing = false, backing = 0x0, has_lazy_refcounts = false, lazy_refcounts = false,
has_pass_discard_request = false, pass_discard_request = false, has_pass_discard_snapshot = false, pass_discard_snapshot = false, has_pass_discard_other = false, pass_discard_other = false,
has_overlap_check = false, overlap_check = 0x0, has_cache_size = false, cache_size = 0, has_l2_cache_size = false, l2_cache_size = 0, has_refcount_cache_size = false, refcount_cache_size = 0,
has_cache_clean_interval = false, cache_clean_interval = 0, has_encrypt = false, encrypt = 0x0}, qcow = {file = 0x3e200a70, has_backing = false, backing = 0x0, has_encrypt = false, encrypt = 0x0}, qed = {
file = 0x3e200a70, has_backing = false, backing = 0x0}, quorum = {has_blkverify = 112, blkverify = 10, children = 0x0, vote_threshold = 0, has_rewrite_corrupted = false, rewrite_corrupted = false,
has_read_pattern = false, read_pattern = QUORUM_READ_PATTERN_QUORUM}, raw = {file = 0x3e200a70, has_offset = false, offset = 0, has_size = false, size = 0}, rbd = {pool = 0x3e200a70 "\004", image = 0x0,
has_conf = false, conf = 0x0, has_snapshot = false, snapshot = 0x0, has_user = false, user = 0x0, has_server = false, server = 0x0}, replication = {file = 0x3e200a70, mode = REPLICATION_MODE_PRIMARY,
has_top_id = false, top_id = 0x0}, sheepdog = {server = 0x3e200a70, vdi = 0x0, has_snap_id = false, snap_id = 0, has_tag = false, tag = 0x0}, ssh = {server = 0x3e200a70, path = 0x0, has_user = false,
user = 0x0}, throttle = {throttle_group = 0x3e200a70 "\004", file = 0x0}, vdi = {file = 0x3e200a70}, vhdx = {file = 0x3e200a70}, vmdk = {file = 0x3e200a70, has_backing = false, backing = 0x0}, vpc = {
file = 0x3e200a70}, vvfat = {dir = 0x3e200a70 "\004", has_fat_type = false, fat_type = 0, has_floppy = false, floppy = false, has_label = false, label = 0x0, has_rw = false, rw = false}, vxhs = {
vdisk_id = 0x3e200a70 "\004", server = 0x0, has_tls_creds = false, tls_creds = 0x0}}}
#13 0x0000000010db4de0 in do_qmp_dispatch (cmds=0x1136b198 <qmp_commands>, request=0x3e25d300, errp=0x7fffd055cf30) at qapi/qmp-dispatch.c:104
local_err = 0x0
command = 0x3e25b660 "blockdev-add"
args = 0x3e25e320
dict = 0x3e25d300
cmd = 0x3def3920
ret = 0x0
__func__ = "do_qmp_dispatch"
__FUNCTION__ = "do_qmp_dispatch"
#14 0x0000000010db518c in qmp_dispatch (cmds=0x1136b198 <qmp_commands>, request=0x3e25d300) at qapi/qmp-dispatch.c:131
err = 0x0
ret = 0x3e25d300
rsp = 0x3e25a950
#15 0x00000000100c9470 in handle_qmp_command (parser=0x3dfd3350, tokens=0x3dfbef40) at /home/nasastry/qemu/monitor.c:3854
req = 0x3e25d300
rsp = 0x0
id = 0x0
qdict = 0x3e25d300
mon = 0x3dfd32c0
err = 0x0
__func__ = "handle_qmp_command"
#16 0x0000000010dc8bcc in json_message_process_token (lexer=0x3dfd3358, input=0x3dfbdc80, type=JSON_RCURLY, x=273, y=0) at qobject/json-streamer.c:105
---Type <return> to continue, or q <return> to quit---
parser = 0x3dfd3350
token = 0x3e25a930
tokens = 0x3dfbef40
#17 0x0000000010e3dc98 in json_lexer_feed_char (lexer=0x3dfd3358, ch=125 '}', flush=false) at qobject/json-lexer.c:323
char_consumed = 1
new_state = 101
__PRETTY_FUNCTION__ = "json_lexer_feed_char"
#18 0x0000000010e3dfe0 in json_lexer_feed (lexer=0x3dfd3358, buffer=0x7fffd055d2f8 "}", size=1) at qobject/json-lexer.c:373
err = 0
i = 0
#19 0x0000000010dc8d6c in json_message_parser_feed (parser=0x3dfd3350, buffer=0x7fffd055d2f8 "}", size=1) at qobject/json-streamer.c:124
No locals.
#20 0x00000000100c99ac in monitor_qmp_read (opaque=0x3dfd32c0, buf=0x7fffd055d2f8 "}", size=1) at /home/nasastry/qemu/monitor.c:3896
old_mon = 0x0
#21 0x0000000010ca9430 in qemu_chr_be_write_impl (s=0x3dfce650, buf=0x7fffd055d2f8 "}", len=1) at chardev/char.c:167
be = 0x3dfd32c0
#22 0x0000000010ca9594 in qemu_chr_be_write (s=0x3dfce650, buf=0x7fffd055d2f8 "}", len=1) at chardev/char.c:179
No locals.
#23 0x0000000010cbf154 in tcp_chr_read (chan=0x3dfd2190, cond=G_IO_IN, opaque=0x3dfce650) at chardev/char-socket.c:440
chr = 0x3dfce650
__func__ = "tcp_chr_read"
s = 0x3dfce650
buf = "}\000ʁ\377\177\000\000@\000\000\t\377\377\377\377\000\001\000\000\000\000\000\000\240\334\373=\000\000\000\000\300\334\373=\000\000\000\000`\234\364=\000\000\000\000\220\234\364=\000\000\000\000\340\201\375=", '\000' <repeats 12 times>, "pk\020>\000\000\000\000pk\020>\000\000\000\000\240\036\362=", '\000' <repeats 12 times>, "\300l\346=\000\000\000\000\360R\n>\000\000\000\000\370\324U\320\377\177\000\000\b", '\000' <repeats 16 times>, "\355\035\362M=\223~d\343U\320\377\177\000\000\240\323U\320\377\177\000\000\200\343U\320\377\177\000\000\000\251\065\021\002\000\000\000\340\252*\020\000\000\000\000\000\251\065\021\000\000\000\000\060"...
len = 1
size = 1
#24 0x0000000010cf9b1c in qio_channel_fd_source_dispatch (source=0x3e259470, callback=0x10cbee50 <tcp_chr_read>, user_data=0x3dfce650) at io/channel-watch.c:84
func = 0x10cbee50 <tcp_chr_read>
ssource = 0x3e259470
#25 0x00007fffa4f13ab0 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
No symbol table info available.
#26 0x0000000010ddf918 in glib_pollfds_poll () at util/main-loop.c:214
context = 0x3dfc1a50
pfds = 0x3e25bdf0
#27 0x0000000010ddfcc8 in os_host_main_loop_wait (timeout=-1) at util/main-loop.c:261
context = 0x3dfc1a50
ret = 1
spin_counter = 0
#28 0x0000000010ddfeec in main_loop_wait (nonblocking=0) at util/main-loop.c:515
ret = 1
timeout = 4294967295
timeout_ns = -1
#29 0x00000000105d0afc in main_loop () at vl.c:1995
No locals.
#30 0x00000000105e5cc4 in main (argc=16, argv=0x7fffd055ed08, envp=0x7fffd055ed90) at vl.c:4899
i = 1
snapshot = 0
linux_boot = 0
initrd_filename = 0x0
kernel_filename = 0x0
kernel_cmdline = 0x10eb5c88 ""
boot_order = 0x10e75568 ""
boot_once = 0x0
ds = 0x3e21dba0
cyls = 0
heads = 0
secs = 0
translation = 0
opts = 0x0
machine_opts = 0x3defabe0
hda_opts = 0x0
icount_opts = 0x0
accel_opts = 0x0
olist = 0x1112b3d8 <qemu_machine_opts>
optind = 16
optarg = 0x7fffd055f359 "accel=qtest"
loadvm = 0x0
---Type <return> to continue, or q <return> to quit---
machine_class = 0x3df4fd00
cpu_model = 0x0
vga_model = 0x7fffd055f2d4 "none"
qtest_chrdev = 0x7fffd055f2e0 "unix:path=/home/nasastry/qemu/tests/qemu-iotests/scratch/qemu-32241-qtest.sock"
qtest_log = 0x0
pid_file = 0x0
incoming = 0x0
userconfig = true
nographic = false
display_type = DT_NONE
display_remote = 0
log_mask = 0x0
log_file = 0x0
trace_file = 0x0
maxram_size = 536870912
ram_slots = 0
vmstate_dump_file = 0x0
main_loop_err = 0x0
err = 0x0
list_data_dirs = false
dirs = 0x3dfc4b20
bdo_queue = {sqh_first = 0x0, sqh_last = 0x7fffd055e7d8}
__func__ = "main"
__FUNCTION__ = "main"
qemu-iotest 194 also fails in the similar stack trace.
# ./check -qcow2 194
QEMU -- "/home/nasastry/qemu_gcov/ppc64-softmmu/qemu-system-ppc64" -nodefaults -machine accel=qtest
QEMU_IMG -- "/home/nasastry/qemu_gcov/qemu-img"
QEMU_IO -- "/home/nasastry/qemu_gcov/qemu-io" --cache writeback -f qcow2
QEMU_NBD -- "/home/nasastry/qemu_gcov/qemu-nbd"
IMGFMT -- qcow2 (compat=1.1)
IMGPROTO -- file
PLATFORM -- Linux/ppc64le zzfp365-lp1 4.13.0-4.rel.git49564cb.el7.centos.ppc64le
TEST_DIR -- /home/nasastry/qemu_gcov/tests/qemu-iotests/scratch
SOCKET_SCM_HELPER -- /home/nasastry/qemu_gcov/tests/qemu-iotests/socket_scm_helper
194 1s ... [failed, exit status 1] - output mismatch (see 194.out.bad)
--- /home/nasastry/qemu_gcov/tests/qemu-iotests/194.out 2017-10-09 14:09:04.272726282 +0530
+++ /home/nasastry/qemu_gcov/tests/qemu-iotests/194.out.bad 2017-10-25 15:13:26.630139740 +0530
@@ -1,18 +1,18 @@
+WARNING:qemu:qemu received signal -11: /home/nasastry/qemu_gcov/ppc64-softmmu/qemu-system-ppc64 -chardev socket,id=mon,path=/home/nasastry/qemu_gcov/tests/qemu-iotests/scratch/qemusource-38326-monitor.sock -mon chardev=mon,mode=control -display none -vga none -qtest unix:path=/home/nasastry/qemu_gcov/tests/qemu-iotests/scratch/qemusource-38326-qtest.sock -machine accel=qtest -nodefaults -machine accel=qtest -drive if=virtio,id=drive0,file=/home/nasastry/qemu_gcov/tests/qemu-iotests/scratch/38326-source.img,format=qcow2,cache=writeback
Launching VMs...
Launching NBD server on destination...
{u'return': {}}
{u'return': {}}
Starting `drive-mirror` on source...
-{u'return': {}}
+None
Waiting for `drive-mirror` to complete...
-{u'timestamp': {u'seconds': 'SECS', u'microseconds': 'USECS'}, u'data': {u'device': u'mirror-job0', u'type': u'mirror', u'speed': 0, u'len': 1073741824, u'offset': 1073741824}, u'event': u'BLOCK_JOB_READY'}
-Starting migration...
-{u'return': {}}
-{u'timestamp': {u'seconds': 'SECS', u'microseconds': 'USECS'}, u'data': {u'status': u'setup'}, u'event': u'MIGRATION'}
-{u'timestamp': {u'seconds': 'SECS', u'microseconds': 'USECS'}, u'data': {u'status': u'active'}, u'event': u'MIGRATION'}
-{u'timestamp': {u'seconds': 'SECS', u'microseconds': 'USECS'}, u'data': {u'status': u'completed'}, u'event': u'MIGRATION'}
-Gracefully ending the `drive-mirror` job on source...
-{u'return': {}}
-{u'timestamp': {u'seconds': 'SECS', u'microseconds': 'USECS'}, u'data': {u'device': u'mirror-job0', u'type': u'mirror', u'speed': 0, u'len': 1073741824, u'offset': 1073741824}, u'event': u'BLOCK_JOB_COMPLETED'}
-Stopping the NBD server on destination...
-{u'return': {}}
+Traceback (most recent call last):
+ File "194", line 60, in <module>
+ iotests.log(source_vm.event_wait('BLOCK_JOB_READY'),
+ File "/home/nasastry/qemu_gcov/tests/qemu-iotests/../../scripts/qemu.py", line 319, in event_wait
+ event = self._qmp.pull_event(wait=timeout)
+ File "/home/nasastry/qemu_gcov/tests/qemu-iotests/../../scripts/qmp/qmp.py", line 216, in pull_event
+ self.__get_events(wait)
+ File "/home/nasastry/qemu_gcov/tests/qemu-iotests/../../scripts/qmp/qmp.py", line 128, in __get_events
+ raise QMPConnectError("Error while reading from socket")
+qmp.qmp.QMPConnectError: Error while reading from socket
Failures: 194
Failed 1 of 1 tests
I confirmed that my patch http://lists.nongnu.org/archive/html/qemu-devel/2018-01/msg00883.html fixes this bug too.
The fix was committed:
https://git.qemu.org/?p=qemu.git;a=commitdiff;h=c4365735a7d38f4355c6f77e6670d3972315f7c2
commit c4365735a7d38f4355c6f77e6670d3972315f7c2
Author: Murilo Opsfelder Araujo <email address hidden>
Date: Fri Jan 5 11:32:41 2018 -0200
block/nbd: fix segmentation fault when .desc is not null-terminated
|