[pve-devel] [PATCH qemu] avoid segfault when aborting snapshot

Mira Limbeck m.limbeck at proxmox.com
Tue Aug 2 11:52:28 CEST 2022

On 7/26/22 14:25, Fiona Ebner wrote:
> Reported in the community forum[0].
> For 6.1.0, there were a few changes to the coroutine-sleep API, but
> the adaptations in f376b2b ("update and rebase to QEMU v6.1.0") made
> a mistake.
> Currently, target_close_wait is NULL when passed to
> qemu_co_sleep_ns_wakeable(), which further passes it to
> qemu_co_sleep(), but there, it is dereferenced when trying to access
> the 'to_wake' member:
>> Thread 1 "kvm" received signal SIGSEGV, Segmentation fault.
>> qemu_co_sleep (w=0x0) at ../util/qemu-coroutine-sleep.c:57
> To fix it, create a proper struct and pass its address instead. Also
> call qemu_co_sleep_wake unconditionally, because the NULL check (for
> the 'to_wake' member) is done inside the function itself.
> This patch is based on what the QEMU commits introducing the changes
> to the coroutine-sleep API did to the callers in QEMU:
> eaee072085 ("coroutine-sleep: allow qemu_co_sleep_wake that wakes nothing")
> 29a6ea24eb ("coroutine-sleep: replace QemuCoSleepState pointer with struct in the API")
> [0]: https://forum.proxmox.com/threads/112130/
> Signed-off-by: Fiona Ebner <f.ebner at proxmox.com>
> ---

Tested-by: Mira Limbeck <m.limbeck at proxmox.com>

Found a strange behavior when aborting the snapshot. It no longer 
crashes, but trying to snapshot the VM again leads to instant failure.

After the failed snapshot, the next one works again. So some state 
doesn't seem to be cleaned up the first time.

More information about the pve-devel mailing list