For comparison I built qemu-2.5.1.1 from the release tarball at http://wiki.qemu.org/Download, using the same configure options. (I picked that one as being closest to what's in xenial)
And it crashes in exactly the same place:
Program received signal SIGSEGV, Segmentation fault.
tcp_output (tp=tp@entry=0x563e2b3ae180) at slirp/tcp_output.c:127
127 len = min(so->so_snd.sb_cc, win) - off;
(gdb) bt
#0 tcp_output (tp=tp@entry=0x563e2b3ae180) at slirp/tcp_output.c:127
#1 0x0000563e28bdce4a in tcp_drop (tp=tp@entry=0x563e2b3ae180,
err=err@entry=0) at slirp/tcp_subr.c:232
#2 0x0000563e28bde172 in tcp_timers (timer=2, tp=0x563e2b3ae180)
at slirp/tcp_timer.c:287
#3 tcp_slowtimo (slirp=slirp@entry=0x563e2a2bffd0) at slirp/tcp_timer.c:88
#4 0x0000563e28bd7988 in slirp_pollfds_poll (pollfds=0x563e2a2ac200,
select_error=select_error@entry=0) at slirp/slirp.c:486
#5 0x0000563e28c11b21 in main_loop_wait (nonblocking=<optimised out>)
at main-loop.c:506
#6 0x0000563e2897730f in main_loop () at vl.c:1923
#7 main (argc=<optimised out>, argv=<optimised out>, envp=<optimised out>)
at vl.c:4699
(gdb)
Then I built 2.7.0, the latest release. This time the build ran successfully past where it was crashing before - so it looks like the fix occurred somewhere on the 2.6 or 2.7 branch - and indeed almost to the end.
It then crashed with a different problem:
Program received signal SIGSEGV, Segmentation fault.
_int_malloc (av=av@entry=0x7f55445b9760 <main_arena>, bytes=bytes@entry=96)
at malloc.c:3389
3389 malloc.c: No such file or directory.
(gdb) bt
#0 _int_malloc (av=av@entry=0x7f55445b9760 <main_arena>, bytes=bytes@entry=96)
at malloc.c:3389
#1 0x00007f554427e1dc in __libc_calloc (n=<optimised out>,
elem_size=<optimised out>) at malloc.c:3219
#2 0x00007f5544f50669 in g_malloc0 ()
from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3 0x000055ee83c2375c in handle_alloc (m=0x55ee896442d8,
bytes=<synthetic pointer>, host_offset=<synthetic pointer>,
guest_offset=5247094784, bs=0x55ee852b43c0) at block/qcow2-cluster.c:1219
#4 qcow2_alloc_cluster_offset (bs=bs@entry=0x55ee852b43c0,
offset=offset@entry=5247094784, bytes=bytes@entry=0x55ee896442cc,
host_offset=host_offset@entry=0x55ee896442d0, m=m@entry=0x55ee896442d8)
at block/qcow2-cluster.c:1361
#5 0x000055ee83c1652f in qcow2_co_pwritev (bs=0x55ee852b43c0,
offset=5247094784, bytes=45056, qiov=0x55ee8572ecf0, flags=<optimised out>)
at block/qcow2.c:1589
#6 0x000055ee83c445b1 in bdrv_driver_pwritev (bs=bs@entry=0x55ee852b43c0,
offset=offset@entry=5247094784, bytes=bytes@entry=45056,
qiov=qiov@entry=0x55ee8572ecf0, flags=flags@entry=0) at block/io.c:856
#7 0x000055ee83c454f1 in bdrv_aligned_pwritev (bs=bs@entry=0x55ee852b43c0,
req=req@entry=0x55ee896444d0, offset=offset@entry=5247094784,
bytes=bytes@entry=45056, align=align@entry=1, qiov=0x55ee8572ecf0,
flags=flags@entry=0) at block/io.c:1320
#8 0x000055ee83c46337 in bdrv_co_pwritev (child=<optimised out>,
offset=offset@entry=5247094784, bytes=bytes@entry=45056,
qiov=qiov@entry=0x55ee8572ecf0, flags=0) at block/io.c:1569
#9 0x000055ee83c36e3f in blk_co_pwritev (blk=0x55ee852b4200,
offset=5247094784, bytes=45056, qiov=0x55ee8572ecf0, flags=<optimised out>)
at block/block-backend.c:788
#10 0x000055ee83c36f7e in blk_aio_write_entry (opaque=0x55ee866efce0)
at block/block-backend.c:982
#11 0x000055ee83cb52ea in coroutine_trampoline (i0=<optimised out>,
i1=<optimised out>) at util/coroutine-ucontext.c:78
#12 0x00007f5544244800 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#13 0x00007ffc813491a0 in ?? ()
#14 0x0000000000000000 in ?? ()
(gdb)
This doesn't make any sense to me. ENOENT in malloc.c ? But I wasn't able to reproduce this one.
I suspect that qemu 2.5.0 which comes with xenial has similar problems, unless it has had a fix backported. I'll be able to tell when I rebuild this system with xenial (planned but won't take place immediately)
I would in any case be interested in seeing qemu 2.7.0 in xenial-backports.
For comparison I built qemu-2.5.1.1 from the release tarball at http:// wiki.qemu. org/Download, using the same configure options. (I picked that one as being closest to what's in xenial)
And it crashes in exactly the same place:
Program received signal SIGSEGV, Segmentation fault. entry=0x563e2b3 ae180) at slirp/tcp_ output. c:127 >so_snd. sb_cc, win) - off; entry=0x563e2b3 ae180) at slirp/tcp_ output. c:127 entry=0x563e2b3 ae180, err@entry= 0) at slirp/tcp_ subr.c: 232 timer.c: 287 slirp@entry= 0x563e2a2bffd0) at slirp/tcp_ timer.c: 88 0x563e2a2ac200, error=select_ error@entry= 0) at slirp/slirp.c:486 <optimised out>)
tcp_output (tp=tp@
127 len = min(so-
(gdb) bt
#0 tcp_output (tp=tp@
#1 0x0000563e28bdce4a in tcp_drop (tp=tp@
err=
#2 0x0000563e28bde172 in tcp_timers (timer=2, tp=0x563e2b3ae180)
at slirp/tcp_
#3 tcp_slowtimo (slirp=
#4 0x0000563e28bd7988 in slirp_pollfds_poll (pollfds=
select_
#5 0x0000563e28c11b21 in main_loop_wait (nonblocking=
at main-loop.c:506
#6 0x0000563e2897730f in main_loop () at vl.c:1923
#7 main (argc=<optimised out>, argv=<optimised out>, envp=<optimised out>)
at vl.c:4699
(gdb)
Then I built 2.7.0, the latest release. This time the build ran successfully past where it was crashing before - so it looks like the fix occurred somewhere on the 2.6 or 2.7 branch - and indeed almost to the end.
It then crashed with a different problem:
Program received signal SIGSEGV, Segmentation fault. entry=0x7f55445 b9760 <main_arena>, bytes=bytes@ entry=96) entry=0x7f55445 b9760 <main_arena>, bytes=bytes@ entry=96) size=<optimised out>) at malloc.c:3219 64-linux- gnu/libglib- 2.0.so. 0 <synthetic pointer>, host_offset= <synthetic pointer>, offset= 5247094784, bs=0x55ee852b43c0) at block/qcow2- cluster. c:1219 cluster_ offset (bs=bs@ entry=0x55ee852 b43c0, offset@ entry=524709478 4, bytes=bytes@ entry=0x55ee896 442cc, offset= host_offset@ entry=0x55ee896 442d0, m=m@entry= 0x55ee896442d8) cluster. c:1361 5247094784, bytes=45056, qiov=0x55ee8572 ecf0, flags=<optimised out>) entry=0x55ee852 b43c0, offset@ entry=524709478 4, bytes=bytes@ entry=45056, qiov@entry= 0x55ee8572ecf0, flags=flags@ entry=0) at block/io.c:856 pwritev (bs=bs@ entry=0x55ee852 b43c0, req@entry= 0x55ee896444d0, offset= offset@ entry=524709478 4, bytes@entry= 45056, align=align@ entry=1, qiov=0x55ee8572 ecf0, flags@entry= 0) at block/io.c:1320 offset@ entry=524709478 4, bytes=bytes@ entry=45056, qiov@entry= 0x55ee8572ecf0, flags=0) at block/io.c:1569 4200, 5247094784, bytes=45056, qiov=0x55ee8572 ecf0, flags=<optimised out>) backend. c:788 0x55ee866efce0) backend. c:982 trampoline (i0=<optimised out>, ucontext. c:78 64-linux- gnu/libc. so.6
_int_malloc (av=av@
at malloc.c:3389
3389 malloc.c: No such file or directory.
(gdb) bt
#0 _int_malloc (av=av@
at malloc.c:3389
#1 0x00007f554427e1dc in __libc_calloc (n=<optimised out>,
elem_
#2 0x00007f5544f50669 in g_malloc0 ()
from /lib/x86_
#3 0x000055ee83c2375c in handle_alloc (m=0x55ee896442d8,
bytes=
guest_
#4 qcow2_alloc_
offset=
host_
at block/qcow2-
#5 0x000055ee83c1652f in qcow2_co_pwritev (bs=0x55ee852b43c0,
offset=
at block/qcow2.c:1589
#6 0x000055ee83c445b1 in bdrv_driver_pwritev (bs=bs@
offset=
qiov=
#7 0x000055ee83c454f1 in bdrv_aligned_
req=
bytes=
flags=
#8 0x000055ee83c46337 in bdrv_co_pwritev (child=<optimised out>,
offset=
qiov=
#9 0x000055ee83c36e3f in blk_co_pwritev (blk=0x55ee852b
offset=
at block/block-
#10 0x000055ee83c36f7e in blk_aio_write_entry (opaque=
at block/block-
#11 0x000055ee83cb52ea in coroutine_
i1=<optimised out>) at util/coroutine-
#12 0x00007f5544244800 in ?? () from /lib/x86_
#13 0x00007ffc813491a0 in ?? ()
#14 0x0000000000000000 in ?? ()
(gdb)
This doesn't make any sense to me. ENOENT in malloc.c ? But I wasn't able to reproduce this one.
I suspect that qemu 2.5.0 which comes with xenial has similar problems, unless it has had a fix backported. I'll be able to tell when I rebuild this system with xenial (planned but won't take place immediately)
I would in any case be interested in seeing qemu 2.7.0 in xenial-backports.