I have tried to repeat this bug on latest snapshot of kvm, and kvm get fall in same places.
I talked with Jan Kiszka. bt commands on three experiments in same conditions:
-------------------------------------------------
(gdb) bt
#0 0xb7412500 in main_arena () from /lib/tls/i686/cmov/libc.so.6
#1 0x080b1a36 in scsi_write_complete (opaque=0x9f4bef0, ret=0) at /home/mmarkk/src/KVM/Latest/qemu-kvm-d4adede/hw/scsi-disk.c:231
#2 0x08095281 in qcow_aio_write_cb (opaque=0x9fef530, ret=0) at block/qcow2.c:640
#3 0x080849bf in posix_aio_process_queue (opaque=0x9ddb798) at posix-aio-compat.c:460
#4 0x08084a77 in posix_aio_read (opaque=0x9ddb798) at posix-aio-compat.c:501
#5 0x0805e3d8 in main_loop_wait (nonblocking=0) at /home/mmarkk/src/KVM/Latest/qemu-kvm-d4adede/vl.c:1300
#6 0x0806ea84 in kvm_main_loop () at /home/mmarkk/src/KVM/Latest/qemu-kvm-d4adede/qemu-kvm.c:1710
#7 0x08060a73 in main_loop (argc=14, argv=0xbf959ef4, envp=0xbf959f30) at /home/mmarkk/src/KVM/Latest/qemu-kvm-d4adede/vl.c:1340
#8 main (argc=14, argv=0xbf959ef4, envp=0xbf959f30) at /home/mmarkk/src/KVM/Latest/qemu-kvm-d4adede/vl.c:3069
-------------------------------------------------
(gdb) bt
#0 0xb7778430 in __kernel_vsyscall ()
#1 0xb7309651 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2 0xb730ca82 in *__GI_abort () at abort.c:92
#3 0xb734049d in __libc_message (do_abort=2, fmt=0xb7414f98 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps unix/sysv/linux/libc_fatal.c:189
#4 0xb734a591 in malloc_printerr (action=<value optimized out>, str=0x6 <Address 0x6 out of bounds>, ptr=0x9aca398) at malloc.c:6264
#5 0xb734bde8 in _int_free (av=<value optimized out>, p=<value optimized out>) at malloc.c:4792
#6 0xb734eecd in *__GI___libc_free (mem=0x9aca398) at malloc.c:3738
#7 0x080b186c in scsi_remove_request (r=0x9aca398) at /home/mmarkk/src/KVM/Latest/qemu-kvm-d4adede/hw/scsi-disk.c:86
#8 0x08095281 in qcow_aio_write_cb (opaque=0x9abee58, ret=0) at block/qcow2.c:640
#9 0x080849bf in posix_aio_process_queue (opaque=0x994e798) at posix-aio-compat.c:460
#10 0x08084a77 in posix_aio_read (opaque=0x994e798) at posix-aio-compat.c:501
#11 0x0805e3d8 in main_loop_wait (nonblocking=0) at /home/mmarkk/src/KVM/Latest/qemu-kvm-d4adede/vl.c:1300
#12 0x0806ea84 in kvm_main_loop () at /home/mmarkk/src/KVM/Latest/qemu-kvm-d4adede/qemu-kvm.c:1710
#13 0x08060a73 in main_loop (argc=14, argv=0xbffb66e4, envp=0xbffb6720) at /home/mmarkk/src/KVM/Latest/qemu-kvm-d4adede/vl.c:1340
#14 main (argc=14, argv=0xbffb66e4, envp=0xbffb6720) at /home/mmarkk/src/KVM/Latest/qemu-kvm-d4adede/vl.c:3069
--------------------------------------------------------
#0 0x08d134f0 in ?? ()
#1 0x080b1936 in scsi_command_complete (r=0x8d083f0, status=<value optimized out>, sense=<value optimized out>) at home/mmarkk/src/KVM/Latest/qemu-kvm-d4adede/hw/scsi-disk.c:106
#2 0x08095281 in qcow_aio_write_cb (opaque=0x8dab488, ret=0) at block/qcow2.c:640
#3 0x080849bf in posix_aio_process_queue (opaque=0x8b97798) at posix-aio-compat.c:460
#4 0x08084a77 in posix_aio_read (opaque=0x8b97798) at posix-aio-compat.c:501
#5 0x0805e3d8 in main_loop_wait (nonblocking=0) at /home/mmarkk/src/KVM/Latest/qemu-kvm-d4adede/vl.c:1300
#6 0x0806ea84 in kvm_main_loop () at /home/mmarkk/src/KVM/Latest/qemu-kvm-d4adede/qemu-kvm.c:1710
#7 0x08060a73 in main_loop (argc=14, argv=0xbffa54e4, envp=0xbffa5520) at /home/mmarkk/src/KVM/Latest/qemu-kvm-d4adede/vl.c:1340
#8 main (argc=14, argv=0xbffa54e4, envp=0xbffa5520) at /home/mmarkk/src/KVM/Latest/qemu-kvm-d4adede/vl.c:3069
-------------------------------------------------
I have tried to repeat this bug on latest snapshot of kvm, and kvm get fall in same places.
I talked with Jan Kiszka. bt commands on three experiments in same conditions:
------- ------- ------- ------- ------- ------- ------- i686/cmov/ libc.so. 6 src/KVM/ Latest/ qemu-kvm- d4adede/ hw/scsi- disk.c: 231 process_ queue (opaque=0x9ddb798) at posix-aio- compat. c:460 compat. c:501 src/KVM/ Latest/ qemu-kvm- d4adede/ vl.c:1300 src/KVM/ Latest/ qemu-kvm- d4adede/ qemu-kvm. c:1710 src/KVM/ Latest/ qemu-kvm- d4adede/ vl.c:1340 src/KVM/ Latest/ qemu-kvm- d4adede/ vl.c:3069 ------- ------- ------- ------- ------- ------- sysdeps/ unix/sysv/ linux/raise. c:64 linux/libc_ fatal.c: 189 src/KVM/ Latest/ qemu-kvm- d4adede/ hw/scsi- disk.c: 86 process_ queue (opaque=0x994e798) at posix-aio- compat. c:460 compat. c:501 src/KVM/ Latest/ qemu-kvm- d4adede/ vl.c:1300 src/KVM/ Latest/ qemu-kvm- d4adede/ qemu-kvm. c:1710 src/KVM/ Latest/ qemu-kvm- d4adede/ vl.c:1340 src/KVM/ Latest/ qemu-kvm- d4adede/ vl.c:3069 ------- ------- ------- ------- ------- ------- ------- complete (r=0x8d083f0, status=<value optimized out>, sense=<value optimized out>) at home/mmarkk/ src/KVM/ Latest/ qemu-kvm- d4adede/ hw/scsi- disk.c: 106 process_ queue (opaque=0x8b97798) at posix-aio- compat. c:460 compat. c:501 src/KVM/ Latest/ qemu-kvm- d4adede/ vl.c:1300 src/KVM/ Latest/ qemu-kvm- d4adede/ qemu-kvm. c:1710 src/KVM/ Latest/ qemu-kvm- d4adede/ vl.c:1340 src/KVM/ Latest/ qemu-kvm- d4adede/ vl.c:3069 ------- ------- ------- ------- ------- -------
(gdb) bt
#0 0xb7412500 in main_arena () from /lib/tls/
#1 0x080b1a36 in scsi_write_complete (opaque=0x9f4bef0, ret=0) at /home/mmarkk/
#2 0x08095281 in qcow_aio_write_cb (opaque=0x9fef530, ret=0) at block/qcow2.c:640
#3 0x080849bf in posix_aio_
#4 0x08084a77 in posix_aio_read (opaque=0x9ddb798) at posix-aio-
#5 0x0805e3d8 in main_loop_wait (nonblocking=0) at /home/mmarkk/
#6 0x0806ea84 in kvm_main_loop () at /home/mmarkk/
#7 0x08060a73 in main_loop (argc=14, argv=0xbf959ef4, envp=0xbf959f30) at /home/mmarkk/
#8 main (argc=14, argv=0xbf959ef4, envp=0xbf959f30) at /home/mmarkk/
-------
(gdb) bt
#0 0xb7778430 in __kernel_vsyscall ()
#1 0xb7309651 in *__GI_raise (sig=6) at ../nptl/
#2 0xb730ca82 in *__GI_abort () at abort.c:92
#3 0xb734049d in __libc_message (do_abort=2, fmt=0xb7414f98 "*** glibc detected *** %s: %s: 0x%s ***\n") at ../sysdeps unix/sysv/
#4 0xb734a591 in malloc_printerr (action=<value optimized out>, str=0x6 <Address 0x6 out of bounds>, ptr=0x9aca398) at malloc.c:6264
#5 0xb734bde8 in _int_free (av=<value optimized out>, p=<value optimized out>) at malloc.c:4792
#6 0xb734eecd in *__GI___libc_free (mem=0x9aca398) at malloc.c:3738
#7 0x080b186c in scsi_remove_request (r=0x9aca398) at /home/mmarkk/
#8 0x08095281 in qcow_aio_write_cb (opaque=0x9abee58, ret=0) at block/qcow2.c:640
#9 0x080849bf in posix_aio_
#10 0x08084a77 in posix_aio_read (opaque=0x994e798) at posix-aio-
#11 0x0805e3d8 in main_loop_wait (nonblocking=0) at /home/mmarkk/
#12 0x0806ea84 in kvm_main_loop () at /home/mmarkk/
#13 0x08060a73 in main_loop (argc=14, argv=0xbffb66e4, envp=0xbffb6720) at /home/mmarkk/
#14 main (argc=14, argv=0xbffb66e4, envp=0xbffb6720) at /home/mmarkk/
-------
#0 0x08d134f0 in ?? ()
#1 0x080b1936 in scsi_command_
#2 0x08095281 in qcow_aio_write_cb (opaque=0x8dab488, ret=0) at block/qcow2.c:640
#3 0x080849bf in posix_aio_
#4 0x08084a77 in posix_aio_read (opaque=0x8b97798) at posix-aio-
#5 0x0805e3d8 in main_loop_wait (nonblocking=0) at /home/mmarkk/
#6 0x0806ea84 in kvm_main_loop () at /home/mmarkk/
#7 0x08060a73 in main_loop (argc=14, argv=0xbffa54e4, envp=0xbffa5520) at /home/mmarkk/
#8 main (argc=14, argv=0xbffa54e4, envp=0xbffa5520) at /home/mmarkk/
-------