Comment 6 for bug 1630226

For comparison I built qemu-2.5.1.1 from the release tarball at http://wiki.qemu.org/Download, using the same configure options. (I picked that one as being closest to what's in xenial)

And it crashes in exactly the same place:

Program received signal SIGSEGV, Segmentation fault.
tcp_output (tp=tp@entry=0x563e2b3ae180) at slirp/tcp_output.c:127
127 len = min(so->so_snd.sb_cc, win) - off;
(gdb) bt
#0 tcp_output (tp=tp@entry=0x563e2b3ae180) at slirp/tcp_output.c:127
#1 0x0000563e28bdce4a in tcp_drop (tp=tp@entry=0x563e2b3ae180,
    err=err@entry=0) at slirp/tcp_subr.c:232
#2 0x0000563e28bde172 in tcp_timers (timer=2, tp=0x563e2b3ae180)
    at slirp/tcp_timer.c:287
#3 tcp_slowtimo (slirp=slirp@entry=0x563e2a2bffd0) at slirp/tcp_timer.c:88
#4 0x0000563e28bd7988 in slirp_pollfds_poll (pollfds=0x563e2a2ac200,
    select_error=select_error@entry=0) at slirp/slirp.c:486
#5 0x0000563e28c11b21 in main_loop_wait (nonblocking=<optimised out>)
    at main-loop.c:506
#6 0x0000563e2897730f in main_loop () at vl.c:1923
#7 main (argc=<optimised out>, argv=<optimised out>, envp=<optimised out>)
    at vl.c:4699
(gdb)

Then I built 2.7.0, the latest release. This time the build ran successfully past where it was crashing before - so it looks like the fix occurred somewhere on the 2.6 or 2.7 branch - and indeed almost to the end.

It then crashed with a different problem:

Program received signal SIGSEGV, Segmentation fault.
_int_malloc (av=av@entry=0x7f55445b9760 <main_arena>, bytes=bytes@entry=96)
    at malloc.c:3389
3389 malloc.c: No such file or directory.
(gdb) bt
#0 _int_malloc (av=av@entry=0x7f55445b9760 <main_arena>, bytes=bytes@entry=96)
    at malloc.c:3389
#1 0x00007f554427e1dc in __libc_calloc (n=<optimised out>,
    elem_size=<optimised out>) at malloc.c:3219
#2 0x00007f5544f50669 in g_malloc0 ()
   from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3 0x000055ee83c2375c in handle_alloc (m=0x55ee896442d8,
    bytes=<synthetic pointer>, host_offset=<synthetic pointer>,
    guest_offset=5247094784, bs=0x55ee852b43c0) at block/qcow2-cluster.c:1219
#4 qcow2_alloc_cluster_offset (bs=bs@entry=0x55ee852b43c0,
    offset=offset@entry=5247094784, bytes=bytes@entry=0x55ee896442cc,
    host_offset=host_offset@entry=0x55ee896442d0, m=m@entry=0x55ee896442d8)
    at block/qcow2-cluster.c:1361
#5 0x000055ee83c1652f in qcow2_co_pwritev (bs=0x55ee852b43c0,
    offset=5247094784, bytes=45056, qiov=0x55ee8572ecf0, flags=<optimised out>)
    at block/qcow2.c:1589
#6 0x000055ee83c445b1 in bdrv_driver_pwritev (bs=bs@entry=0x55ee852b43c0,
    offset=offset@entry=5247094784, bytes=bytes@entry=45056,
    qiov=qiov@entry=0x55ee8572ecf0, flags=flags@entry=0) at block/io.c:856
#7 0x000055ee83c454f1 in bdrv_aligned_pwritev (bs=bs@entry=0x55ee852b43c0,
    req=req@entry=0x55ee896444d0, offset=offset@entry=5247094784,
    bytes=bytes@entry=45056, align=align@entry=1, qiov=0x55ee8572ecf0,
    flags=flags@entry=0) at block/io.c:1320
#8 0x000055ee83c46337 in bdrv_co_pwritev (child=<optimised out>,
    offset=offset@entry=5247094784, bytes=bytes@entry=45056,
    qiov=qiov@entry=0x55ee8572ecf0, flags=0) at block/io.c:1569
#9 0x000055ee83c36e3f in blk_co_pwritev (blk=0x55ee852b4200,
    offset=5247094784, bytes=45056, qiov=0x55ee8572ecf0, flags=<optimised out>)
    at block/block-backend.c:788
#10 0x000055ee83c36f7e in blk_aio_write_entry (opaque=0x55ee866efce0)
    at block/block-backend.c:982
#11 0x000055ee83cb52ea in coroutine_trampoline (i0=<optimised out>,
    i1=<optimised out>) at util/coroutine-ucontext.c:78
#12 0x00007f5544244800 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#13 0x00007ffc813491a0 in ?? ()
#14 0x0000000000000000 in ?? ()
(gdb)

This doesn't make any sense to me. ENOENT in malloc.c ? But I wasn't able to reproduce this one.

I suspect that qemu 2.5.0 which comes with xenial has similar problems, unless it has had a fix backported. I'll be able to tell when I rebuild this system with xenial (planned but won't take place immediately)

I would in any case be interested in seeing qemu 2.7.0 in xenial-backports.