[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug 1916501] Re: qemu-img convert segfaults with specific URL
|
From: |
Max Reitz |
|
Subject: |
[Bug 1916501] Re: qemu-img convert segfaults with specific URL |
|
Date: |
Wed, 03 Mar 2021 12:48:25 -0000 |
Yes, as I wrote in comment 1, curl reports CURLMSG_DONE, the socket is
freed, but then curl_multi_do() is called again for that socket (despite
the CURLMSG_DONE).
I suspect that qemu has interpreted the curl interface differently than
curl itself (i.e., qemu has probably understood something wrong), which
led to some change in curl breaking qemu’s curl module. (Because I
can’t find an old qemu version that doesn’t break, and so can’t find a
change in qemu that broke it.)
So if indeed a change to the curl library is what causes this segfault,
or at least made the underlying issue visible, I’d like to know which
change that is, so we can try to infer what qemu does wrong. But I
can’t find that change, because if I compile libcurl myself, I don’t get
a segfault (nor valgrind errors in curl).
Perhaps there’s something special about the server serving the image
(although it just looks like AWS to me), i.e. it was always broken and
we’ve just never seen it with other servers. If so, debugging will be
more difficult because we’d really need to take a detailed look into all
our curl driver does.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1916501
Title:
qemu-img convert segfaults with specific URL
Status in QEMU:
New
Bug description:
Using what is currently the latest git: (commit
00d8ba9e0d62ea1c7459c25aeabf9c8bb7659462, Date: Sun Feb 21 19:52:58
2021 +0000)
$ ./build/qemu-img convert -f qcow2 -O raw
https://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img out.img
Segmentation fault (core dumped)
Backtrace for convenience:
qemu: qemu_mutex_lock_impl: Invalid argument
Thread 1 "qemu-img" received signal SIGABRT, Aborted.
0x00007ffff77c59d5 in raise () from /lib64/libc.so.6
(gdb) bt
#0 0x00007ffff77c59d5 in raise () from /lib64/libc.so.6
#1 0x00007ffff77ae8a4 in abort () from /lib64/libc.so.6
#2 0x00005555556705b2 in error_exit (err=<optimized out>,
msg=msg@entry=0x5555556b69a0 <__func__.31> "qemu_mutex_lock_impl") at
../util/qemu-thread-posix.c:37
#3 0x0000555555670945 in qemu_mutex_lock_impl (mutex=0x555555ae3758,
file=0x5555556827a2 "../block/curl.c", line=406) at
../util/qemu-thread-posix.c:81
#4 0x000055555559a05b in curl_multi_do (arg=0x555555aad2a0) at
../block/curl.c:406
#5 0x000055555566193a in aio_dispatch_handler (ctx=ctx@entry=0x555555737790,
node=0x555555b14150) at ../util/aio-posix.c:329
#6 0x0000555555662072 in aio_dispatch_handlers (ctx=0x555555737790) at
../util/aio-posix.c:372
#7 aio_dispatch (ctx=0x555555737790) at ../util/aio-posix.c:382
#8 0x000055555564442e in aio_ctx_dispatch (source=<optimized out>,
callback=<optimized out>, user_data=<optimized out>) at ../util/async.c:306
#9 0x00007ffff7cfda9f in g_main_context_dispatch () from
/lib64/libglib-2.0.so.0
#10 0x000055555566f2c8 in glib_pollfds_poll () at ../util/main-loop.c:232
#11 os_host_main_loop_wait (timeout=4397000000) at ../util/main-loop.c:255
#12 main_loop_wait (nonblocking=nonblocking@entry=0) at
../util/main-loop.c:531
#13 0x0000555555581edd in convert_do_copy (s=0x7fffffffd3a0) at
../qemu-img.c:2139
#14 img_convert (argc=<optimized out>, argv=<optimized out>) at
../qemu-img.c:2738
#15 0x00005555555783b1 in main (argc=7, argv=<optimized out>) at
../qemu-img.c:5536
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1916501/+subscriptions