From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35559)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dgilbert@redhat.com>) id 1a4PoQ-0007Ce-Ms
	for qemu-devel@nongnu.org; Thu, 03 Dec 2015 04:04:29 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <dgilbert@redhat.com>) id 1a4PoM-0004nm-AY
	for qemu-devel@nongnu.org; Thu, 03 Dec 2015 04:04:26 -0500
Received: from mx1.redhat.com ([209.132.183.28]:58000)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dgilbert@redhat.com>) id 1a4PoM-0004ni-1S
	for qemu-devel@nongnu.org; Thu, 03 Dec 2015 04:04:22 -0500
Date: Thu, 3 Dec 2015 09:04:17 +0000
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Message-ID: <20151203090416.GA2591@work-vm>
References: <6A17C71B52524C408E7AAF69103E9E490F14E9F4@fabamailserver.fabagl.fabasoft.com>
	<20151117095920.GB2498@work-vm>
	<6A17C71B52524C408E7AAF69103E9E490F153F45@fabamailserver.fabagl.fabasoft.com>
	<20151117113601.GD2498@work-vm>
	<6A17C71B52524C408E7AAF69103E9E490F15520E@fabamailserver.fabagl.fabasoft.com>
	<6A17C71B52524C408E7AAF69103E9E490F1552E7@fabamailserver.fabagl.fabasoft.com>
	<20151117144225.GH2498@work-vm>
	<6A17C71B52524C408E7AAF69103E9E490F15ECE9@fabamailserver.fabagl.fabasoft.com>
	<564E00A4.7070207@redhat.com>
	<6A17C71B52524C408E7AAF69103E9E490F1C71EB@fabamailserver.fabagl.fabasoft.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <6A17C71B52524C408E7AAF69103E9E490F1C71EB@fabamailserver.fabagl.fabasoft.com>
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] WG: [ovirt-users] Segmentation fault in libtcmalloc
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Grundmann, Christian" <Christian.Grundmann@fabasoft.com>
Cc: 'Paolo Bonzini' <pbonzini@redhat.com>, "'qemu-devel@nongnu.org'" <qemu-devel@nongnu.org>, "stefanha@redhat.com" <stefanha@redhat.com>

* Grundmann, Christian (Christian.Grundmann@fabasoft.com) wrote:
> Hi again,
> got a Segfault today without virtio :-( (one IDE Disk and one virtio-sc=
si)
>=20
> Core was generated by `/usr/libexec/qemu-kvm -name vmname -S -machine p=
c-i440fx-rhel7.2.0,accel=3D'.

Can you confirm the package version you were using; if you're running the=
 pc-i440fx-rhel7.2.0 machine
type it must be pretty new.

Dave

> Program terminated with signal 11, Segmentation fault.
> #0  0x00007fb299cbd3ab in tcmalloc::ThreadCache::ReleaseToCentralCache(=
tcmalloc::ThreadCache::FreeList*, unsigned long, int) () from /lib64/libt=
cmalloc.so.4
>=20
> Thread 6 (Thread 0x7fb28d0c5700 (LWP 29423)):
> #0  0x00007fb29cc85ac3 in pread64 () at ../sysdeps/unix/syscall-templat=
e.S:81
> No locals.
> #1  0x00007fb29e37c2a3 in pread (__offset=3D<optimized out>, __nbytes=3D=
<optimized out>, __buf=3D0x7fb2a3e21a00, __fd=3D<optimized out>) at /usr/=
include/bits/unistd.h:99
> No locals.
> #2  handle_aiocb_rw_linear (aiocb=3Daiocb@entry=3D0x7fb2a1474340, buf=3D=
buf@entry=3D0x7fb2a3e21a00 "QF", <incomplete sequence \373>) at block/raw=
-posix.c:909
>         offset =3D 0
>         len =3D <optimized out>
> #3  0x00007fb29e37c3d1 in handle_aiocb_rw (aiocb=3D0x7fb2a1474340) at b=
lock/raw-posix.c:992
>         nbytes =3D <optimized out>
>         buf =3D 0x7fb2a3e21a00 "QF", <incomplete sequence \373>
>         __PRETTY_FUNCTION__ =3D "handle_aiocb_rw"
> #4  0x00007fb29e37d945 in aio_worker (arg=3D0x7fb2a1474340) at block/ra=
w-posix.c:1204
>         aiocb =3D 0x7fb2a1474340
>         ret =3D 0
> #5  0x00007fb29e33d91b in worker_thread (opaque=3D0x7fb2a148d450) at th=
read-pool.c:105
>         req =3D 0x7fb2a1474b30
>         ret =3D <optimized out>
>         pool =3D 0x7fb2a148d450
> #6  0x00007fb29cc7edf5 in start_thread (arg=3D0x7fb28d0c5700) at pthrea=
d_create.c:308
>         __res =3D <optimized out>
>         pd =3D 0x7fb28d0c5700
>         now =3D <optimized out>
>         unwind_buf =3D {cancel_jmp_buf =3D {{jmp_buf =3D {1404048473024=
00, -4522449750849005939, 0, 140404847303104, 140404847302400, 26, 449237=
3549408278157, 4492409237274449549}, mask_was_saved =3D 0}}, priv =3D {pa=
d =3D {0x0, 0x0, 0x0, 0x0}, data =3D {prev =3D 0x0, cleanup =3D 0x0, canc=
eltype =3D 0}}}
>         not_first_call =3D <optimized out>
>         pagesize_m1 =3D <optimized out>
>         sp =3D <optimized out>
>         freesize =3D <optimized out>
> #7  0x00007fb29688c1ad in clone () at ../sysdeps/unix/sysv/linux/x86_64=
/clone.S:113
> No locals.
>=20
> Thread 5 (Thread 0x7fb104fff700 (LWP 29084)):
> #0  0x00007fb296881b7d in poll () at ../sysdeps/unix/syscall-template.S=
:81
> No locals.
> #1  0x00007fb2977d6fe7 in red_worker_main () from /lib64/libspice-serve=
r.so.1
> No symbol table info available.
> #2  0x00007fb29cc7edf5 in start_thread (arg=3D0x7fb104fff700) at pthrea=
d_create.c:308
>         __res =3D <optimized out>
>         pd =3D 0x7fb104fff700
>         now =3D <optimized out>
>         unwind_buf =3D {cancel_jmp_buf =3D {{jmp_buf =3D {1403982698227=
20, -4522449750849005939, 0, 140398269823424, 140398269822720, 1404052456=
97216, 4494326442046740109, 4492409237274449549}, mask_was_saved =3D 0}},=
 priv =3D {pad =3D {0x0, 0x0, 0x0, 0x0}, data =3D {prev =3D 0x0, cleanup =
=3D 0x0, canceltype =3D 0}}}
>         not_first_call =3D <optimized out>
>         pagesize_m1 =3D <optimized out>
>         sp =3D <optimized out>
>         freesize =3D <optimized out>
> #3  0x00007fb29688c1ad in clone () at ../sysdeps/unix/sysv/linux/x86_64=
/clone.S:113
> No locals.
>=20
> Thread 4 (Thread 0x7fb28c8c4700 (LWP 29081)):
> #0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linu=
x/x86_64/pthread_cond_wait.S:185
> No locals.
> #1  0x00007fb29e3b9f79 in qemu_cond_wait (cond=3D<optimized out>, mutex=
=3Dmutex@entry=3D0x7fb29e866d40 <qemu_global_mutex>) at util/qemu-thread-=
posix.c:132
>         err =3D <optimized out>
>         __func__ =3D "qemu_cond_wait"
> #2  0x00007fb29e172d3b in qemu_kvm_wait_io_event (cpu=3D<optimized out>=
) at /usr/src/debug/qemu-2.3.0/cpus.c:912
> No locals.
> #3  qemu_kvm_cpu_thread_fn (arg=3D0x7fb2a3d2e000) at /usr/src/debug/qem=
u-2.3.0/cpus.c:949
>         cpu =3D 0x7fb2a3d2e000
>         r =3D <optimized out>
> #4  0x00007fb29cc7edf5 in start_thread (arg=3D0x7fb28c8c4700) at pthrea=
d_create.c:308
>         __res =3D <optimized out>
>         pd =3D 0x7fb28c8c4700
>         now =3D <optimized out>
>         unwind_buf =3D {cancel_jmp_buf =3D {{jmp_buf =3D {1404048389096=
96, -4522449750849005939, 0, 140404838910400, 140404838909696, 1407352723=
59936, 4492374652678002317, 4492409237274449549}, mask_was_saved =3D 0}},=
 priv =3D {pad =3D {0x0, 0x0, 0x0, 0x0}, data =3D {prev =3D 0x0, cleanup =
=3D 0x0, canceltype =3D 0}}}
>         not_first_call =3D <optimized out>
>         pagesize_m1 =3D <optimized out>
>         sp =3D <optimized out>
>         freesize =3D <optimized out>
> #5  0x00007fb29688c1ad in clone () at ../sysdeps/unix/sysv/linux/x86_64=
/clone.S:113
> No locals.
>=20
> Thread 3 (Thread 0x7fb28c0c3700 (LWP 29082)):
> #0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linu=
x/x86_64/pthread_cond_wait.S:185
> No locals.
> #1  0x00007fb29e3b9f79 in qemu_cond_wait (cond=3D<optimized out>, mutex=
=3Dmutex@entry=3D0x7fb29e866d40 <qemu_global_mutex>) at util/qemu-thread-=
posix.c:132
>         err =3D <optimized out>
>         __func__ =3D "qemu_cond_wait"
> #2  0x00007fb29e172d3b in qemu_kvm_wait_io_event (cpu=3D<optimized out>=
) at /usr/src/debug/qemu-2.3.0/cpus.c:912
> No locals.
> #3  qemu_kvm_cpu_thread_fn (arg=3D0x7fb2a3d7e000) at /usr/src/debug/qem=
u-2.3.0/cpus.c:949
>         cpu =3D 0x7fb2a3d7e000
>         r =3D <optimized out>
> #4  0x00007fb29cc7edf5 in start_thread (arg=3D0x7fb28c0c3700) at pthrea=
d_create.c:308
>         __res =3D <optimized out>
>         pd =3D 0x7fb28c0c3700
>         now =3D <optimized out>
>         unwind_buf =3D {cancel_jmp_buf =3D {{jmp_buf =3D {1404048305169=
92, -4522449750849005939, 0, 140404830517696, 140404830516992, 1407352723=
59936, 4492375751652759181, 4492409237274449549}, mask_was_saved =3D 0}},=
 priv =3D {pad =3D {0x0, 0x0, 0x0, 0x0}, data =3D {prev =3D 0x0, cleanup =
=3D 0x0, canceltype =3D 0}}}
>         not_first_call =3D <optimized out>
>         pagesize_m1 =3D <optimized out>
>         sp =3D <optimized out>
>         freesize =3D <optimized out>
> #5  0x00007fb29688c1ad in clone () at ../sysdeps/unix/sysv/linux/x86_64=
/clone.S:113
> No locals.
>=20
> Thread 2 (Thread 0x7fb28e6ad700 (LWP 29077)):
> #0  syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
> No locals.
> #1  0x00007fb29e3ba272 in futex_wait (val=3D4294967295, ev=3D0x7fb29ec8=
4f44 <rcu_call_ready_event>) at util/qemu-thread-posix.c:301
> No locals.
> #2  qemu_event_wait (ev=3Dev@entry=3D0x7fb29ec84f44 <rcu_call_ready_eve=
nt>) at util/qemu-thread-posix.c:399
>         value =3D <optimized out>
> #3  0x00007fb29e3c8526 in call_rcu_thread (opaque=3D<optimized out>) at=
 util/rcu.c:233
>         tries =3D 0
>         n =3D <optimized out>
>         node =3D <optimized out>
> #4  0x00007fb29cc7edf5 in start_thread (arg=3D0x7fb28e6ad700) at pthrea=
d_create.c:308
>         __res =3D <optimized out>
>         pd =3D 0x7fb28e6ad700
>         now =3D <optimized out>
>         unwind_buf =3D {cancel_jmp_buf =3D {{jmp_buf =3D {1404048702727=
68, -4522449750849005939, 0, 140404870273472, 140404870272768, 1404051361=
50080, 4492370572995942029, 4492409237274449549}, mask_was_saved =3D 0}},=
 priv =3D {pad =3D {0x0, 0x0, 0x0, 0x0}, data =3D {prev =3D 0x0, cleanup =
=3D 0x0, canceltype =3D 0}}}
>         not_first_call =3D <optimized out>
>         pagesize_m1 =3D <optimized out>
>         sp =3D <optimized out>
>         freesize =3D <optimized out>
> #5  0x00007fb29688c1ad in clone () at ../sysdeps/unix/sysv/linux/x86_64=
/clone.S:113
> No locals.
>=20
> Thread 1 (Thread 0x7fb29e07cc00 (LWP 29076)):
> #0  0x00007fb299cbd3ab in tcmalloc::ThreadCache::ReleaseToCentralCache(=
tcmalloc::ThreadCache::FreeList*, unsigned long, int) () from /lib64/libt=
cmalloc.so.4
> No symbol table info available.
> #1  0x00007fb299cbd47b in tcmalloc::ThreadCache::ListTooLong(tcmalloc::=
ThreadCache::FreeList*, unsigned long) () from /lib64/libtcmalloc.so.4
> No symbol table info available.
> #2  0x00007fb299ccc070 in tc_free () from /lib64/libtcmalloc.so.4
> No symbol table info available.
> #3  0x00007fb29c58d58f in g_free () from /lib64/libglib-2.0.so.0
> No symbol table info available.
> #4  0x00007fb29e3b7721 in parser_context_free (ctxt=3D0x7fb2a531e0c0) a=
t qobject/json-parser.c:358
>         i =3D <optimized out>
> #5  json_parser_parse_err (tokens=3D<optimized out>, ap=3Dap@entry=3D0x=
0, errp=3Derrp@entry=3D0x0) at qobject/json-parser.c:710
>         result =3D 0x7fb2a4bdf600
> #6  0x00007fb29e3b7767 in json_parser_parse (tokens=3D<optimized out>, =
ap=3Dap@entry=3D0x0) at qobject/json-parser.c:694
> No locals.
> #7  0x00007fb29e176e04 in handle_qmp_command (parser=3D<optimized out>,=
 tokens=3D<optimized out>) at /usr/src/debug/qemu-2.3.0/monitor.c:5068
>         err =3D <optimized out>
>         obj =3D <optimized out>
>         input =3D 0x0
>         args =3D 0x0
>         cmd_name =3D <optimized out>
>         mon =3D 0x7fb2a153e140
> #8  0x00007fb29e3b64f2 in json_message_process_token (lexer=3D0x7fb2a14=
60040, token=3D0x7fb2a1424880, type=3DJSON_OPERATOR, x=3D49, y=3D104) at =
qobject/json-streamer.c:87
>         parser =3D 0x7fb2a1460038
>         dict =3D 0x7fb2a3e27200
> #9  0x00007fb29e3c891f in json_lexer_feed_char (lexer=3Dlexer@entry=3D0=
x7fb2a1460040, ch=3D<optimized out>, flush=3Dflush@entry=3Dfalse) at qobj=
ect/json-lexer.c:303
>         new_state =3D 100
> #10 0x00007fb29e3c89ee in json_lexer_feed (lexer=3D0x7fb2a1460040, buff=
er=3D<optimized out>, size=3D<optimized out>) at qobject/json-lexer.c:356
>         err =3D <optimized out>
>         i =3D <optimized out>
> #11 0x00007fb29e3b6689 in json_message_parser_feed (parser=3D<optimized=
 out>, buffer=3D<optimized out>, size=3D<optimized out>) at qobject/json-=
streamer.c:110
> No locals.
> #12 0x00007fb29e1758cf in monitor_control_read (opaque=3D<optimized out=
>, buf=3D<optimized out>, size=3D<optimized out>) at /usr/src/debug/qemu-=
2.3.0/monitor.c:5134
>         old_mon =3D 0x0
> #13 0x00007fb29e2321b0 in qemu_chr_be_write (len=3D<optimized out>, buf=
=3D0x7fff7bea8a30 "}\212\352{\377\177", s=3D0x7fb2a14442e0) at qemu-char.=
c:305
> No locals.
> #14 tcp_chr_read (chan=3D<optimized out>, cond=3D<optimized out>, opaqu=
e=3D0x7fb2a14442e0) at qemu-char.c:2870
>         chr =3D 0x7fb2a14442e0
>         s =3D 0x7fb2a14363f0
>         buf =3D "}\212\352{\377\177\000\000\360`;\236\262\177\000\000\0=
30\003\000\000\000\000\000\000\205N;\236\262\177\000\000\240LB\241\262\17=
7\000\000\263E;\236\262\177\000\000\240LB\241\262\177", '\000' <repeats 1=
8 times>, "\360\017c\244\262\177\000\000\300\213\352{\377\177\000\000\000=
\000\000\000\000\000\000\000\060\356t\245\262\177\000\000\000$=E1=A4=B2\1=
77\000\000@\232\352{\377\177\000\000H\022\212\226\262\177\000\000]\000\00=
0\000\000\000\000\000\060\000\000\000\060\000\000\000\220\213\352{\377\17=
7\000\000=D0=8A\352{\377\177\000\000\r\000\000\000\000\000\000\000\340\23=
4=EE=A4=B2\177\000\000\000d\023\245\262\177\000\000`\376\061\245\262\177\=
000\000Q\000\000\000\000\000\000\000\325b\004\000\000\000\000\000"...
>         len =3D <optimized out>
>         size =3D <optimized out>
> #15 0x00007fb29c58799a in g_main_context_dispatch () from /lib64/libgli=
b-2.0.so.0
> No symbol table info available.
> #16 0x00007fb29e34b288 in glib_pollfds_poll () at main-loop.c:209
>         context =3D 0x7fb2a1491140
>         pfds =3D <optimized out>
> #17 os_host_main_loop_wait (timeout=3D<optimized out>) at main-loop.c:2=
54
>         ret =3D 2
>         spin_counter =3D 0
> #18 main_loop_wait (nonblocking=3D<optimized out>) at main-loop.c:503
>         ret =3D 2
>         timeout =3D 4294967295
>         timeout_ns =3D <optimized out>
> #19 0x00007fb29e14aa4e in main_loop () at vl.c:1818
>         nonblocking =3D <optimized out>
>         last_io =3D 2
> #20 main (argc=3D<optimized out>, argv=3D<optimized out>, envp=3D<optim=
ized out>) at vl.c:4394
>         i =3D <optimized out>
>         snapshot =3D <optimized out>
>         linux_boot =3D <optimized out>
>         initrd_filename =3D <optimized out>
>         kernel_filename =3D <optimized out>
>         kernel_cmdline =3D <optimized out>
>         boot_order =3D 0x7fb29e3dda67 "cad"
>         boot_once =3D 0x0
>         cyls =3D <optimized out>
>         heads =3D <optimized out>
>         secs =3D <optimized out>
>         translation =3D <optimized out>
>         hda_opts =3D <optimized out>
>         opts =3D <optimized out>
>         machine_opts =3D <optimized out>
>         icount_opts =3D <optimized out>
>         olist =3D <optimized out>
>         optind =3D 78
>         optarg =3D 0x7fb2a14ef8c0 "pc-i440fx-rhel7.2.0"
>         loadvm =3D <optimized out>
>         machine_class =3D <optimized out>
>         cpu_model =3D <optimized out>
>         vga_model =3D 0x0
>         qtest_chrdev =3D <optimized out>
>         qtest_log =3D <optimized out>
>         pid_file =3D <optimized out>
>         incoming =3D <optimized out>
>         show_vnc_port =3D <optimized out>
>         defconfig =3D <optimized out>
>         userconfig =3D 111
>         log_mask =3D <optimized out>
>         log_file =3D <optimized out>
>         mem_trace =3D {malloc =3D 0x7fb29e238480 <malloc_and_trace>, re=
alloc =3D 0x7fb29e238460 <realloc_and_trace>, free =3D 0x7fb29e238450 <fr=
ee_and_trace>, calloc =3D 0x0, try_malloc =3D 0x0, try_realloc =3D 0x0}
>         trace_events =3D <optimized out>
>         trace_file =3D <optimized out>
>         maxram_size =3D <optimized out>
>         ram_slots =3D <optimized out>
>         vmstate_dump_file =3D <optimized out>
>         main_loop_err =3D 0x0
>         __func__ =3D "main"
>=20
>=20
>=20
>=20
> -----Urspr=C3=BCngliche Nachricht-----
> Von: Paolo Bonzini [mailto:paolo.bonzini@gmail.com] Im Auftrag von Paol=
o Bonzini
> Gesendet: Donnerstag, 19. November 2015 18:02
> An: Grundmann, Christian <Christian.Grundmann@fabasoft.com>; 'Dr. David=
 Alan Gilbert' <dgilbert@redhat.com>
> Cc: 'qemu-devel@nongnu.org' <qemu-devel@nongnu.org>; stefanha@redhat.co=
m
> Betreff: Re: WG: [ovirt-users] Segmentation fault in libtcmalloc
>=20
>=20
>=20
> On 19/11/2015 17:00, Grundmann, Christian wrote:
> > Hi, it seems that using virtio-scsi did the trick, But now the VMs ar=
e=20
> > pausing without an coredump, so the underlying Problem (no storage=20
> > Error) is not fixed, As I am using Snapshots (and so the disks have t=
o=20
> > grow very fast) I try if tuning "volume_utilization_percent" and=20
> > "volume_utilization_chunk_mb" will help=20
> > (https://access.redhat.com/solutions/130843)
>=20
> The fix for virtio-blk is probably this patch:
> http://article.gmane.org/gmane.comp.emulators.qemu.block/6380/raw
>=20
> Paolo
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK