On Wed, Oct 25, 2017 at 07:00:14PM +0100, Dr. David Alan Gilbert wrote:
> Hi Dan,
> I've got a crash in head (and 2.10) which is a bit of a heisenbug;
> I can trigger it with:
>
> ./qemu-system-x86_64 -netdev tap,id=hostnet0,vhost=on,fd=10 -chardev
> socket,id=charchannel0,path=/tmp/org.qemu.guest_agent.0,server,nowait
> -monitor stdio -vnc :0
>
> and then 'q' to quit.
Hmm, that doesn't trigger for me on git master at least.
> Note I'm not doing a redirect in of fd 10.
So it's trying & failing to setup the tap dev, right ?
eg you see this:
# ./x86_64-softmmu/qemu-system-x86_64 -netdev tap,id=hostnet0,vhost=on,fd=10
-chardev socket,id=charchannel0,path=/tmp/org.qemu.guest_agent.0,server,nowait
-monitor stdio -vnc :0
qemu-system-x86_64: -netdev tap,id=hostnet0,vhost=on,fd=10: TUNGETIFF ioctl()
failed: Invalid argument
QEMU 2.10.50 monitor - type 'help' for more information
(qemu) qemu-system-x86_64: warning: netdev hostnet0 has no peer
(qemu) q
Except it crashes at the end ?
> It goes away if I remove either the -netdev or the -chardev option.
>
> It doesn't trigger under gdb, but fortunately we get a core:
>
> #0 0x000055a226d94a2e in socket_listen_cleanup (fd=<optimized out>,
> errp=errp@entry=0x7fff3585e8c0)
> at /root/qemu/util/qemu-sockets.c:1077
> 1077 if (addr->type == SOCKET_ADDRESS_TYPE_UNIX
> 1078 && addr->u.q_unix.path) {
> 1079 if (unlink(addr->u.q_unix.path) < 0 && errno != ENOENT)
> {
Can you see from the core whether one of those pointers is NULL, or is there
a complete garbage pointer ?
I wonder if it triggers if you run QEMU under valgrind ?
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
