I think I’ve come to kind of understood what might be wrong: qemu frees CURLSocket objects when “their” transfer is done, but libcurl’s documentation actually doesn’t note any long-lasting relationship between a socket and some transfer (i.e., a CURL object), so we probably shouldn’t free CURLSocket objects just because some transfer is done. Instead, we should only do so once libcurl explicitly tells us to remove the socket.
I’ve sent a two-patch series to that effect: https://lists.nongnu.org/archive/html/qemu-block/2021-03/msg00515.html – it seems to help. -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1916501 Title: qemu-img convert segfaults with specific URL Status in QEMU: New Bug description: Using what is currently the latest git: (commit 00d8ba9e0d62ea1c7459c25aeabf9c8bb7659462, Date: Sun Feb 21 19:52:58 2021 +0000) $ ./build/qemu-img convert -f qcow2 -O raw https://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img out.img Segmentation fault (core dumped) Backtrace for convenience: qemu: qemu_mutex_lock_impl: Invalid argument Thread 1 "qemu-img" received signal SIGABRT, Aborted. 0x00007ffff77c59d5 in raise () from /lib64/libc.so.6 (gdb) bt #0 0x00007ffff77c59d5 in raise () from /lib64/libc.so.6 #1 0x00007ffff77ae8a4 in abort () from /lib64/libc.so.6 #2 0x00005555556705b2 in error_exit (err=<optimized out>, msg=msg@entry=0x5555556b69a0 <__func__.31> "qemu_mutex_lock_impl") at ../util/qemu-thread-posix.c:37 #3 0x0000555555670945 in qemu_mutex_lock_impl (mutex=0x555555ae3758, file=0x5555556827a2 "../block/curl.c", line=406) at ../util/qemu-thread-posix.c:81 #4 0x000055555559a05b in curl_multi_do (arg=0x555555aad2a0) at ../block/curl.c:406 #5 0x000055555566193a in aio_dispatch_handler (ctx=ctx@entry=0x555555737790, node=0x555555b14150) at ../util/aio-posix.c:329 #6 0x0000555555662072 in aio_dispatch_handlers (ctx=0x555555737790) at ../util/aio-posix.c:372 #7 aio_dispatch (ctx=0x555555737790) at ../util/aio-posix.c:382 #8 0x000055555564442e in aio_ctx_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at ../util/async.c:306 #9 0x00007ffff7cfda9f in g_main_context_dispatch () from /lib64/libglib-2.0.so.0 #10 0x000055555566f2c8 in glib_pollfds_poll () at ../util/main-loop.c:232 #11 os_host_main_loop_wait (timeout=4397000000) at ../util/main-loop.c:255 #12 main_loop_wait (nonblocking=nonblocking@entry=0) at ../util/main-loop.c:531 #13 0x0000555555581edd in convert_do_copy (s=0x7fffffffd3a0) at ../qemu-img.c:2139 #14 img_convert (argc=<optimized out>, argv=<optimized out>) at ../qemu-img.c:2738 #15 0x00005555555783b1 in main (argc=7, argv=<optimized out>) at ../qemu-img.c:5536 To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1916501/+subscriptions
