QEMU

qemu-io-test 58 segfaults when configured with gcov

Bug #1727259 reported by R.Nageswara Sastry
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
QEMU
Fix Released
Undecided
Murilo Opsfelder Araújo

Bug Description

Head is at 3d7196d43bfe12efe98568cb60057e273652b99b

Steps to re-produce:
1. git clone
./configure --enable-gcov --target-list=ppc64-softmmu
make
cd tests/qemu-iotests

2. export qemu binary, in my environment
export QEMU_PROG=/home/nasastry/qemu_gcov/ppc64-softmmu/qemu-system-ppc64

3. Run test 58 with format qcow2
./check -qcow2 58

QEMU -- "/home/nasastry/qemu_gcov/ppc64-softmmu/qemu-system-ppc64" -nodefaults -machine accel=qtest
QEMU_IMG -- "/home/nasastry/qemu_gcov/qemu-img"
QEMU_IO -- "/home/nasastry/qemu_gcov/qemu-io" --cache writeback -f qcow2
QEMU_NBD -- "/home/nasastry/qemu_gcov/qemu-nbd"
IMGFMT -- qcow2 (compat=1.1)
IMGPROTO -- file
PLATFORM -- Linux/ppc64le zzfp365-lp1 4.13.0-4.rel.git49564cb.el7.centos.ppc64le
TEST_DIR -- /home/nasastry/qemu_gcov/tests/qemu-iotests/scratch
SOCKET_SCM_HELPER -- /home/nasastry/qemu_gcov/tests/qemu-iotests/socket_scm_helper

058 1s ... - output mismatch (see 058.out.bad)
--- /home/nasastry/qemu_gcov/tests/qemu-iotests/058.out 2017-10-09 14:09:04.262726912 +0530
+++ /home/nasastry/qemu_gcov/tests/qemu-iotests/058.out.bad 2017-10-25 15:00:52.037515025 +0530
@@ -19,16 +19,28 @@
 4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)

 == verifying the exported snapshot with patterns, method 1 ==
-read 4096/4096 bytes at offset 4096
-4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-read 4096/4096 bytes at offset 8192
-4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+./common.rc: line 66: 36255 Segmentation fault (core dumped) ( if [ "${VALGRIND_QEMU}" == "y" ]; then
+ exec valgrind --log-file="${VALGRIND_LOGFILE}" --error-exitcode=99 "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@";
+else
+ exec "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@";
+fi )
+./common.rc: line 66: 36262 Segmentation fault (core dumped) ( if [ "${VALGRIND_QEMU}" == "y" ]; then
+ exec valgrind --log-file="${VALGRIND_LOGFILE}" --error-exitcode=99 "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@";
+else
+ exec "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@";
+fi )

 == verifying the exported snapshot with patterns, method 2 ==
-read 4096/4096 bytes at offset 4096
-4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
-read 4096/4096 bytes at offset 8192
-4 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+./common.rc: line 66: 36274 Segmentation fault (core dumped) ( if [ "${VALGRIND_QEMU}" == "y" ]; then
+ exec valgrind --log-file="${VALGRIND_LOGFILE}" --error-exitcode=99 "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@";
+else
+ exec "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@";
+fi )
+./common.rc: line 66: 36282 Segmentation fault (core dumped) ( if [ "${VALGRIND_QEMU}" == "y" ]; then
+ exec valgrind --log-file="${VALGRIND_LOGFILE}" --error-exitcode=99 "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@";
+else
+ exec "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@";
+fi )

 == verifying the converted snapshot with patterns, method 1 ==
 read 4096/4096 bytes at offset 4096
Failures: 058
Failed 1 of 1 tests

with out gcov configured this test case is pass.
# ./check -qcow2 58
QEMU -- "/home/nasastry/qemu/ppc64-softmmu/qemu-system-ppc64" -nodefaults -machine accel=qtest
QEMU_IMG -- "/home/nasastry/qemu/qemu-img"
QEMU_IO -- "/home/nasastry/qemu/qemu-io" --cache writeback -f qcow2
QEMU_NBD -- "/home/nasastry/qemu/qemu-nbd"
IMGFMT -- qcow2 (compat=1.1)
IMGPROTO -- file
PLATFORM -- Linux/ppc64le zzfp365-lp1 4.13.0-4.rel.git49564cb.el7.centos.ppc64le
TEST_DIR -- /home/nasastry/qemu/tests/qemu-iotests/scratch
SOCKET_SCM_HELPER -- /home/nasastry/qemu/tests/qemu-iotests/socket_scm_helper

058 0s ...
Passed all 1 tests

Revision history for this message
R.Nageswara Sastry (nasastry) wrote :
Download full text (8.6 KiB)

from demsg:
[84831.506917] qemu-io[35971]: unhandled signal 11 at 0000000000000004 nip 00007fffae20f7d4 lr 00000000102d3ec8 code 30001
[84831.519551] qemu-io[35977]: unhandled signal 11 at 0000000000000004 nip 00007fff9925f7d4 lr 00000000102d3ec8 code 30001
[84831.634000] qemu-io[35990]: unhandled signal 11 at 0000000000000004 nip 00007fff86b4f7d4 lr 00000000102d3ec8 code 30001
[84831.646318] qemu-io[35997]: unhandled signal 11 at 0000000000000004 nip 00007fffa165f7d4 lr 00000000102d3ec8 code 30001

from gdb:
(gdb) bt
#0 0x00007fff8c75f7d4 in __strcmp_power9 () from /lib64/libc.so.6
#1 0x00000000102d3ec8 in find_desc_by_name (desc=0x1036d6f0, name=0x28e46670 "server.path") at util/qemu-option.c:166
#2 0x00000000102d93e0 in qemu_opts_absorb_qdict (opts=0x28e47a80, qdict=0x28e469a0, errp=0x7fffec247c98) at util/qemu-option.c:1026
#3 0x000000001012a2e4 in nbd_open (bs=0x28e42290, options=0x28e469a0, flags=24578, errp=0x7fffec247d80) at block/nbd.c:406
#4 0x00000000100144e8 in bdrv_open_driver (bs=0x28e42290, drv=0x1036e070 <bdrv_nbd_unix>, node_name=0x0, options=0x28e469a0, open_flags=24578, errp=0x7fffec247f50) at block.c:1135
#5 0x0000000010015b04 in bdrv_open_common (bs=0x28e42290, file=0x0, options=0x28e469a0, errp=0x7fffec247f50) at block.c:1395
#6 0x000000001001bee8 in bdrv_open_inherit (filename=0x7fffec24f2c2 "nbd:unix:/home/nasastry/qemu_gcov/tests/qemu-iotests/scratch/test_qemu_nbd_socket", reference=0x0, options=0x28e469a0, flags=57346, parent=0x28e3bf90,
    child_role=0x102fa980 <child_file>, errp=0x7fffec248150) at block.c:2615
#7 0x000000001001a620 in bdrv_open_child_bs (filename=0x7fffec24f2c2 "nbd:unix:/home/nasastry/qemu_gcov/tests/qemu-iotests/scratch/test_qemu_nbd_socket", options=0x28e40250, bdref_key=0x102fb618 "file", parent=0x28e3bf90,
    child_role=0x102fa980 <child_file>, allow_none=true, errp=0x7fffec248150) at block.c:2314
#8 0x000000001001b9c0 in bdrv_open_inherit (filename=0x7fffec24f2c2 "nbd:unix:/home/nasastry/qemu_gcov/tests/qemu-iotests/scratch/test_qemu_nbd_socket", reference=0x0, options=0x28e40250, flags=24578, parent=0x0,
    child_role=0x0, errp=0x7fffec248310) at block.c:2566
#9 0x000000001001c70c in bdrv_open (filename=0x7fffec24f2c2 "nbd:unix:/home/nasastry/qemu_gcov/tests/qemu-iotests/scratch/test_qemu_nbd_socket", reference=0x0, options=0x28e3af70, flags=16386, errp=0x7fffec248310)
    at block.c:2697
#10 0x00000000100e7664 in blk_new_open (filename=0x7fffec24f2c2 "nbd:unix:/home/nasastry/qemu_gcov/tests/qemu-iotests/scratch/test_qemu_nbd_socket", reference=0x0, options=0x28e3af70, flags=16386, errp=0x7fffec248310)
    at block/block-backend.c:321
#11 0x000000001000b57c in openfile (name=0x7fffec24f2c2 "nbd:unix:/home/nasastry/qemu_gcov/tests/qemu-iotests/scratch/test_qemu_nbd_socket", flags=16386, writethrough=false, force_share=false, opts=0x28e3af70) at qemu-io.c:81
#12 0x000000001000e388 in main (argc=11, argv=0x7fffec248a38) at qemu-io.c:624
(gdb) bt full
#0 0x00007fff8c75f7d4 in __strcmp_power9 () from /lib64/libc.so.6
No symbol table info available.
#1 0x00000000102d3ec8 in find_desc_by_name (desc=0x1036d6f0, name=0x28e46670 "server.path") at util/qemu-option.c:166
        i = 7
#2 ...

Read more...

Revision history for this message
Murilo Opsfelder Araújo (mopsfelder) wrote :

I'll work on this.

Changed in qemu:
assignee: nobody → Murilo Opsfelder Araújo (mopsfelder)
Revision history for this message
Murilo Opsfelder Araújo (mopsfelder) wrote :

Patch sent:
http://lists.nongnu.org/archive/html/qemu-devel/2018-01/msg00883.html

Changed in qemu:
status: New → In Progress
Revision history for this message
Murilo Opsfelder Araújo (mopsfelder) wrote :

The fix was committed:

https://git.qemu.org/?p=qemu.git;a=commitdiff;h=c4365735a7d38f4355c6f77e6670d3972315f7c2

commit c4365735a7d38f4355c6f77e6670d3972315f7c2
Author: Murilo Opsfelder Araujo <email address hidden>
Date: Fri Jan 5 11:32:41 2018 -0200

    block/nbd: fix segmentation fault when .desc is not null-terminated

Changed in qemu:
status: In Progress → Fix Committed
Thomas Huth (th-huth)
Changed in qemu:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.