The bug is pretty straightforward to reproduce. It looks like an integer overflow which will be triggered by files longer than 2GB:
Reading symbols from /sbin/sreadahead...Reading symbols from /usr/lib/debug/sbin/sreadahead...done. (no debugging symbols found)...done. (gdb) r -t1 -d --no-fork Starting program: /sbin/sreadahead -t1 -d --no-fork [Thread debugging using libthread_db enabled] Trace contained 33438 records /etc/ld.so.cache: 1 fragment(s), 120kb, 100.0% [...] /etc/libvirt/storage/default.xml: 1 fragment(s), 1kb, 100.0%
Program received signal SIGSEGV, Segmentation fault. 0x0000000000401f3b in get_blocks (signal=<value optimized out>) at sreadahead.c:315 warning: Source file is more recent than executable. 315 if (mincorebuf[i / 4096]) (gdb) print mincorebuf $1 = <value optimized out> (gdb) print i $2 = -2147483648 [...] (gdb) print statbuf.st_size $6 = 4294967296 (gdb) print r->filename $7 = "/var/lib/libvirt/images/uec-cc.img", '\000' <repeats 93 times>
The bug is pretty straightforward to reproduce. It looks like an integer overflow which will be triggered by files longer than 2GB:
Reading symbols from /sbin/sreadahea d...Reading symbols from /usr/lib/ debug/sbin/ sreadahead. ..done. storage/ default. xml: 1 fragment(s), 1kb, 100.0%
(no debugging symbols found)...done.
(gdb) r -t1 -d --no-fork
Starting program: /sbin/sreadahead -t1 -d --no-fork
[Thread debugging using libthread_db enabled]
Trace contained 33438 records
/etc/ld.so.cache: 1 fragment(s), 120kb, 100.0%
[...]
/etc/libvirt/
Program received signal SIGSEGV, Segmentation fault. libvirt/ images/ uec-cc. img", '\000' <repeats 93 times>
0x0000000000401f3b in get_blocks (signal=<value optimized out>)
at sreadahead.c:315
warning: Source file is more recent than executable.
315 if (mincorebuf[i / 4096])
(gdb) print mincorebuf
$1 = <value optimized out>
(gdb) print i
$2 = -2147483648
[...]
(gdb) print statbuf.st_size
$6 = 4294967296
(gdb) print r->filename
$7 = "/var/lib/