[Qemu-devel] sigsegv in chardev on iotest 045 (raw)

Tue, 04 Jun 2019 18:16:23 -0700 

Running tests on a development branch (I haven't touched chardev stuff,
I swear!); I ran into the below crash where s->ioc was NULL. I don't
have the time to investigate at this exact moment, so please excuse the
hasty report so I don't forget to tell someone.

It does not reproduce consistently, and I can't get it to show up again.

(Is this maybe just a race on close where the device went away too fast
and it had nowhere to print the information? --js)

--- /home/bos/jhuston/src/qemu/tests/qemu-iotests/045.out       2019-04-05
17:50:47.309213199 -0400
+++ /home/bos/jhuston/src/qemu/bin/git/tests/qemu-iotests/045.out.bad
2019-06-04 20:55:34.410469853 -0400
@@ -1,3 +1,5 @@
+WARNING:qemu:qemu received signal 11:
/home/bos/jhuston/src/qemu/bin/git/tests/qemu-iotests/../../x86_64-softmmu/qemu-system-x86_64
-chardev
socket,id=mon,path=/home/bos/jhuston/src/qemu/bin/git/tests/qemu-iotests/scratch/tmp4pnjwtvk/qemu-21961-monitor.sock
-mon chardev=mon,mode=control -display none -vga none -qtest
unix:path=/home/bos/jhuston/src/qemu/bin/git/tests/qemu-iotests/scratch/qemu-21961-qtest.sock
-machine accel=qtest -nodefaults -machine accel=qtest -add-fd
fd=3,set=1,opaque=image0:r -add-fd fd=4,set=1,opaque=image1:w+ -add-fd
fd=5,set=0,opaque=image2:r -add-fd fd=6,set=2,opaque=image3:r -add-fd
fd=7,set=2,opaque=image4:r -drive
if=virtio,id=drive0,file=/dev/fdset/1,format=raw,cache=writeback
+WARNING:qemu:qemu received signal 11:
/home/bos/jhuston/src/qemu/bin/git/tests/qemu-iotests/../../x86_64-softmmu/qemu-system-x86_64
-chardev
socket,id=mon,path=/home/bos/jhuston/src/qemu/bin/git/tests/qemu-iotests/scratch/tmp4pnjwtvk/qemu-21961-monitor.sock
-mon chardev=mon,mode=control -display none -vga none -qtest
unix:path=/home/bos/jhuston/src/qemu/bin/git/tests/qemu-iotests/scratch/qemu-21961-qtest.sock
-machine accel=qtest -nodefaults -machine accel=qtest -add-fd
fd=3,set=1,opaque=image0:r -add-fd fd=4,set=1,opaque=image1:w+ -add-fd
fd=5,set=0,opaque=image2:r -add-fd fd=6,set=2,opaque=image3:r -add-fd
fd=7,set=2,opaque=image4:r -drive
if=virtio,id=drive0,file=/dev/fdset/1,format=raw,cache=writeback
 ...........
 ----------------------------------------------------------------------

#0  0x0000560165e2d431 in object_get_class (obj=0x0) at
/home/bos/jhuston/src/qemu/qom/object.c:905
#1  0x0000560165f1328c in qio_channel_writev_full (ioc=0x0,
iov=0x7ffe7d79e380, niov=1, fds=0x0, nfds=0, errp=0x0)
    at /home/bos/jhuston/src/qemu/io/channel.c:76
#2  0x0000560165efa7c0 in io_channel_send_full (ioc=0x0,
buf=0x7fd0dc004e20, len=138, fds=0x0, nfds=0)
    at /home/bos/jhuston/src/qemu/chardev/char-io.c:123
#3  0x0000560165efe262 in tcp_chr_write
    (chr=0x5601680fbeb0, buf=0x7fd0dc004e20 "{\"timestamp\":
{\"seconds\": 1559696132, \"microseconds\": 913471}, \"event\":
\"SHUTDOWN\", \"data\": {\"guest\": false, \"reason\":
\"host-qmp-quit\"}}\r\n", len=138) at
/home/bos/jhuston/src/qemu/chardev/char-socket.c:160
#4  0x0000560165ef62b4 in qemu_chr_write_buffer
    (s=0x5601680fbeb0, buf=0x7fd0dc004e20 "{\"timestamp\": {\"seconds\":
1559696132, \"microseconds\": 913471}, \"event\": \"SHUTDOWN\",
\"data\": {\"guest\": false, \"reason\": \"host-qmp-quit\"}}\r\n",
len=138, offset=0x7ffe7d79e460, write_all=false)
    at /home/bos/jhuston/src/qemu/chardev/char.c:113
#5  0x0000560165ef6421 in qemu_chr_write
    (s=0x5601680fbeb0, buf=0x7fd0dc004e20 "{\"timestamp\": {\"seconds\":
1559696132, \"microseconds\": 913471}, \"event\": \"SHUTDOWN\",
\"data\": {\"guest\": false, \"reason\": \"host-qmp-quit\"}}\r\n",
len=138, write_all=false) at /home/bos/jhuston/src/qemu/chardev/char.c:148
#6  0x0000560165ef9408 in qemu_chr_fe_write
    (be=0x5601680fb680, buf=0x7fd0dc004e20 "{\"timestamp\":
{\"seconds\": 1559696132, \"microseconds\": 913471}, \"event\":
\"SHUTDOWN\", \"data\": {\"guest\": false, \"reason\":
\"host-qmp-quit\"}}\r\n", len=138) at
/home/bos/jhuston/src/qemu/chardev/char-fe.c:42
#7  0x00005601659b8c4a in monitor_flush_locked (mon=0x5601680fb680) at
/home/bos/jhuston/src/qemu/monitor.c:404
#8  0x00005601659b8e54 in monitor_puts
    (mon=0x5601680fb680, str=0x560168a57110 "{\"timestamp\":
{\"seconds\": 1559696132, \"microseconds\": 913471}, \"event\":
\"SHUTDOWN\", \"data\": {\"guest\": false, \"reason\":
\"host-qmp-quit\"}}\n") at /home/bos/jhuston/src/qemu/monitor.c:446
#9  0x00005601659b909a in qmp_send_response (mon=0x5601680fb680,
rsp=0x560168f72310) at /home/bos/jhuston/src/qemu/monitor.c:493
#10 0x00005601659b912e in monitor_qapi_event_emit
(event=QAPI_EVENT_SHUTDOWN, qdict=0x560168f72310) at
/home/bos/jhuston/src/qemu/monitor.c:521
#11 0x00005601659b9229 in monitor_qapi_event_queue_no_reenter
(event=QAPI_EVENT_SHUTDOWN, qdict=0x560168f72310)
    at /home/bos/jhuston/src/qemu/monitor.c:546
#12 0x00005601659b95bc in qapi_event_emit (event=QAPI_EVENT_SHUTDOWN,
qdict=0x560168f72310) at /home/bos/jhuston/src/qemu/monitor.c:621
#13 0x0000560165f70707 in qapi_event_send_shutdown (guest=false,
reason=SHUTDOWN_CAUSE_HOST_QMP_QUIT) at qapi/qapi-events-run-state.c:44
#14 0x0000560165b60e88 in qemu_system_shutdown
(cause=SHUTDOWN_CAUSE_HOST_QMP_QUIT) at /home/bos/jhuston/src/qemu/vl.c:1777
#15 0x0000560165b60fa1 in main_loop_should_exit () at
/home/bos/jhuston/src/qemu/vl.c:1825
#16 0x0000560165b610a6 in main_loop () at
/home/bos/jhuston/src/qemu/vl.c:1864
#17 0x0000560165b68686 in main (argc=28, argv=0x7ffe7d79ea98,
envp=0x7ffe7d79eb80) at /home/bos/jhuston/src/qemu/vl.c:4526

Reply via email to