At 2016-09-01 20:52:44, "Marc-André Lureau" <marcandre.lur...@gmail.com> wrote: >Hi > >On Thu, Sep 1, 2016 at 4:00 PM Chen Hanxiao <chen_han_x...@126.com> wrote: > >> >> Hi, here is the backtrace: >> >> #0 net_vhost_user_event (opaque=0x7fc2f6893be0, event=5) at >> net/vhost-user.c:196 >> #1 0x00007fc2f4ebfb2b in tcp_chr_disconnect (chr=0x7fc2f68cc400) at >> qemu-char.c:2837 >> #2 0x00007fc2f4ebfba9 in tcp_chr_sync_read (chr=0x7fc2f68cc400, >> buf=<optimized out>, len=<optimized out>) at qemu-char.c:2888 >> #3 0x00007fc2f4ec106d in qemu_chr_fe_read_all (s=0x7fc2f68cc400, >> buf=buf@entry=0x7fff5fda25b7 "", len=len@entry=1) at qemu-char.c:264 >> #4 0x00007fc2f4f9a43a in net_vhost_user_watch (chan=<optimized out>, >> cond=<optimized out>, opaque=<optimized out>) at net/vhost-user.c:190 >> #5 0x00007fc2f321999a in g_main_context_dispatch () from >> /lib64/libglib-2.0.so.0 >> #6 0x00007fc2f4fd8fe8 in glib_pollfds_poll () at main-loop.c:209 >> #7 os_host_main_loop_wait (timeout=<optimized out>) at main-loop.c:254 >> #8 main_loop_wait (nonblocking=<optimized out>) at main-loop.c:503 >> #9 0x00007fc2f4dd7b1e in main_loop () at vl.c:1818 >> #10 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized >> out>) at vl.c:4394 >> >> >> Program received signal SIGSEGV, Segmentation fault. >> net_vhost_user_event (opaque=0x7fc2f6893be0, event=5) at >> net/vhost-user.c:207 >> 207 trace_vhost_user_event(s->chr->label, event); >> >> >thanks for the backtrace, that helps > >However, I fail to understand how that can happen, as there has to be at >least one net_client to start qemu with vhost-user and that callback must >have at least the first netclient still around because the opaque pointer >is shared with the netclient struct. So it looks like something destroyed >the netclient before the callback, and in this case, the opaque pointer is >invalid, and things are going all wrong. But it can't be host-net-remove, >since the net-client is not on a registered hub.
The call back give qemu_find_net_clients_except id == 'filename'. But could not find a netclient match. Then ncs[i] did not get a valid net client, then we will get a seg fault. > >Could you try to find a simple reproducer using qemu only? I'll try. Regards, - Chen > >thanks > >-- >Marc-André Lureau
