qemu-img hangs on s390x

qemu-img hangs on s390x

[Michael Tokarev]

There's a bug filed against qemu on debian, about qemu-img hanging on s390x.
While digging in, I discovered that the thing is broken there indeed, and it
is broken for a very long time, and it is interesting.

The reproducer is rather simple:

  qemu-img create -f qcow2 -o preallocation=metadata blank-disk-1s.qcow2 512

this hangs until interrupted, after writing 327680 bytes of output.
I haven't tried old versions, - 5.2 hangs for sure, as is 7.2 and apparently
all in-between. In particular, current debian sid (whole thing) and 2-years
old debian bullseye hangs equally.

But the thing is that it does not hang when creating file on a tmpfs, -
when the filesystem is tmpfs, it always works.

Also, a few times I were able to run the above qemu-img create successfully, -
maybe 2 out of 100 runs or so.

It looks like the problem has been there for a very long time, and it is
timing-dependent.

Comparing strace of the two runs, I see differences in most futex operations.
Here's the parent process:

...
  read(7, "\0\0\0\0\0\0\0\1", 512)        = 8
  ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = 1 ([{fd=7, revents=POLLIN}])
-futex(0x2aa29af8bb4, FUTEX_WAKE_PRIVATE, 1) = 1
+futex(0x2aa03600bb4, FUTEX_WAKE_PRIVATE, 1) = 0
  read(7, "\0\0\0\0\0\0\0\1", 512)        = 8
+futex(0x2aa03600bb0, FUTEX_WAKE_PRIVATE, 1) = 1
  ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = 1 ([{fd=7, revents=POLLIN}])
-futex(0x2aa29af8bb0, FUTEX_WAKE_PRIVATE, 1) = 1
+futex(0x2aa03600bb4, FUTEX_WAKE_PRIVATE, 1) = 0
  read(7, "\0\0\0\0\0\0\0\1", 512)        = 8
  ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = 1 ([{fd=7, revents=POLLIN}])
-futex(0x2aa29af8bb4, FUTEX_WAKE_PRIVATE, 1) = 1
+futex(0x2aa03600bb0, FUTEX_WAKE_PRIVATE, 1) = 0
  read(7, "\0\0\0\0\0\0\0\1", 512)        = 8
  ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = 1 ([{fd=7, revents=POLLIN}])
-futex(0x2aa29af8bb0, FUTEX_WAKE_PRIVATE, 1) = 1
+futex(0x2aa03600bb4, FUTEX_WAKE_PRIVATE, 1) = 0
  read(7, "\0\0\0\0\0\0\0\1", 512)        = 8
  ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = 1 ([{fd=7, revents=POLLIN}])
-futex(0x2aa29af8bb4, FUTEX_WAKE_PRIVATE, 1) = 0
+futex(0x2aa03600bb0, FUTEX_WAKE_PRIVATE, 1) = 1
  read(7, "\0\0\0\0\0\0\0\1", 512)        = 8
-ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? ERESTARTNOHAND (To be restarted if no handler)
-ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? ERESTARTNOHAND (To be restarted if no handler)
-ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? ERESTARTNOHAND (To be restarted if no handler)
-ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? ERESTARTNOHAND (To be restarted if no handler)
-ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? ERESTARTNOHAND (To be restarted if no handler)
-ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? ERESTARTNOHAND (To be restarted if no handler)
-ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? ERESTARTNOHAND (To be restarted if no handler)
-ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? ERESTARTNOHAND (To be restarted if no handler)
-ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? ERESTARTNOHAND (To be restarted if no handler)
-ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? ERESTARTNOHAND (To be restarted if no handler)
-ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? ERESTARTNOHAND (To be restarted if no handler)
-ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? ERESTARTNOHAND (To be restarted if no handler)
-ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? ERESTARTNOHAND (To be restarted if no handler)
-ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? ERESTARTNOHAND (To be restarted if no handler)
  ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = 1 ([{fd=7, revents=POLLIN}])
---- SIGINT {si_signo=SIGINT, si_code=SI_KERNEL} ---
-+++ killed by SIGINT +++
+futex(0x2aa03600bb4, FUTEX_WAKE_PRIVATE, 1) = 0
+read(7, "\0\0\0\0\0\0\0\1", 512)        = 8
+ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = 1 ([{fd=7, revents=POLLIN}])
+futex(0x2aa03600bb0, FUTEX_WAKE_PRIVATE, 1) = 0
+read(7, "\0\0\0\0\0\0\0\1", 512)        = 8
...

(I've hit Ctrl+C after quite some time).

I'll take another look at this tomorrow. But if someone knows
what's going on there, please tell me :)  The situation is quite
interesting, - is it possible we missed such a serious issue somehow?

Thanks,

/mjt

Re: qemu-img hangs on s390x

[Philippe Mathieu-Daudé]

+s390x/block lists

On 5/2/23 20:10, Michael Tokarev wrote:
> There's a bug filed against qemu on debian, about qemu-img hanging on 
> s390x.
> While digging in, I discovered that the thing is broken there indeed, 
> and it
> is broken for a very long time, and it is interesting.
> 
> The reproducer is rather simple:
> 
>   qemu-img create -f qcow2 -o preallocation=metadata blank-disk-1s.qcow2 
> 512
> 
> this hangs until interrupted, after writing 327680 bytes of output.
> I haven't tried old versions, - 5.2 hangs for sure, as is 7.2 and 
> apparently
> all in-between. In particular, current debian sid (whole thing) and 2-years
> old debian bullseye hangs equally.
> 
> But the thing is that it does not hang when creating file on a tmpfs, -
> when the filesystem is tmpfs, it always works.
> 
> Also, a few times I were able to run the above qemu-img create 
> successfully, -
> maybe 2 out of 100 runs or so.
> 
> It looks like the problem has been there for a very long time, and it is
> timing-dependent.
> 
> Comparing strace of the two runs, I see differences in most futex 
> operations.
> Here's the parent process:
> 
> ...
>   read(7, "\0\0\0\0\0\0\0\1", 512)        = 8
>   ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = 1 
> ([{fd=7, revents=POLLIN}])
> -futex(0x2aa29af8bb4, FUTEX_WAKE_PRIVATE, 1) = 1
> +futex(0x2aa03600bb4, FUTEX_WAKE_PRIVATE, 1) = 0
>   read(7, "\0\0\0\0\0\0\0\1", 512)        = 8
> +futex(0x2aa03600bb0, FUTEX_WAKE_PRIVATE, 1) = 1
>   ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = 1 
> ([{fd=7, revents=POLLIN}])
> -futex(0x2aa29af8bb0, FUTEX_WAKE_PRIVATE, 1) = 1
> +futex(0x2aa03600bb4, FUTEX_WAKE_PRIVATE, 1) = 0
>   read(7, "\0\0\0\0\0\0\0\1", 512)        = 8
>   ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = 1 
> ([{fd=7, revents=POLLIN}])
> -futex(0x2aa29af8bb4, FUTEX_WAKE_PRIVATE, 1) = 1
> +futex(0x2aa03600bb0, FUTEX_WAKE_PRIVATE, 1) = 0
>   read(7, "\0\0\0\0\0\0\0\1", 512)        = 8
>   ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = 1 
> ([{fd=7, revents=POLLIN}])
> -futex(0x2aa29af8bb0, FUTEX_WAKE_PRIVATE, 1) = 1
> +futex(0x2aa03600bb4, FUTEX_WAKE_PRIVATE, 1) = 0
>   read(7, "\0\0\0\0\0\0\0\1", 512)        = 8
>   ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = 1 
> ([{fd=7, revents=POLLIN}])
> -futex(0x2aa29af8bb4, FUTEX_WAKE_PRIVATE, 1) = 0
> +futex(0x2aa03600bb0, FUTEX_WAKE_PRIVATE, 1) = 1
>   read(7, "\0\0\0\0\0\0\0\1", 512)        = 8
> -ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? 
> ERESTARTNOHAND (To be restarted if no handler)
> -ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? 
> ERESTARTNOHAND (To be restarted if no handler)
> -ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? 
> ERESTARTNOHAND (To be restarted if no handler)
> -ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? 
> ERESTARTNOHAND (To be restarted if no handler)
> -ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? 
> ERESTARTNOHAND (To be restarted if no handler)
> -ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? 
> ERESTARTNOHAND (To be restarted if no handler)
> -ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? 
> ERESTARTNOHAND (To be restarted if no handler)
> -ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? 
> ERESTARTNOHAND (To be restarted if no handler)
> -ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? 
> ERESTARTNOHAND (To be restarted if no handler)
> -ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? 
> ERESTARTNOHAND (To be restarted if no handler)
> -ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? 
> ERESTARTNOHAND (To be restarted if no handler)
> -ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? 
> ERESTARTNOHAND (To be restarted if no handler)
> -ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? 
> ERESTARTNOHAND (To be restarted if no handler)
> -ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = ? 
> ERESTARTNOHAND (To be restarted if no handler)
>   ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = 1 
> ([{fd=7, revents=POLLIN}])
> ---- SIGINT {si_signo=SIGINT, si_code=SI_KERNEL} ---
> -+++ killed by SIGINT +++
> +futex(0x2aa03600bb4, FUTEX_WAKE_PRIVATE, 1) = 0
> +read(7, "\0\0\0\0\0\0\0\1", 512)        = 8
> +ppoll([{fd=7, events=POLLIN|POLLERR|POLLHUP}], 1, NULL, NULL, 8) = 1 
> ([{fd=7, revents=POLLIN}])
> +futex(0x2aa03600bb0, FUTEX_WAKE_PRIVATE, 1) = 0
> +read(7, "\0\0\0\0\0\0\0\1", 512)        = 8
> ...
> 
> (I've hit Ctrl+C after quite some time).
> 
> I'll take another look at this tomorrow. But if someone knows
> what's going on there, please tell me :)  The situation is quite
> interesting, - is it possible we missed such a serious issue somehow?
> 
> Thanks,
> 
> /mjt
>