All of lore.kernel.org
 help / color / mirror / Atom feed
From: Stefano Stabellini <sstabellini@kernel.org>
To: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: Stefano Stabellini <stefano@aporeto.com>,
	anthony.perard@citrix.com, xen-devel <xen-devel@lists.xen.org>
Subject: Re: (resend) qemu crashes during VCPU hotplug
Date: Thu, 16 Feb 2017 13:19:02 -0800 (PST)	[thread overview]
Message-ID: <alpine.DEB.2.10.1702161316000.9566@sstabellini-ThinkPad-X260> (raw)
In-Reply-To: <9cb3ea68-84b9-0bc2-8d16-84c8a3b6bde9@oracle.com>

On Thu, 16 Feb 2017, Boris Ostrovsky wrote:
> On 02/15/2017 11:20 PM, Boris Ostrovsky wrote:
> > (Now with correct address for Stefano)
> > 
> > Upstream qemu appears to be crashing during VCPU hotplug. I think this
> > is something relatively new since I have been doing this a few week ago.
> > 
> > I reproduced this on two different setups. Haven't had a chance to look
> > any further but e3cadac073 looks suspicious.
> 
> Yes, this is the offending commit.
> 
> For Xen guests qemu never sets pcms->fw_cfg.

Thanks for narrowing it down. Are you using qemu-xen/staging? It looks
like it has been fixed in qemu.org by

commit 26ef65beab852caf2b1ef4976e3473f2d525164d
Author: Igor Mammedov <imammedo@redhat.com>
Date:   Fri Dec 30 15:33:11 2016 +0100

    pc: fix crash in rtc_set_memory() if initial cpu is marked as hotplugged
    
can you confirm?



> -boris
> 
> > 
> > The crash happens in fw_cfg_modify_bytes_read() when we pass in NULL
> > pointer as first argument. The stack is below:
> > 
> > 
> > (gdb) where
> > #0  0x0000561d762d64d4 in fw_cfg_modify_bytes_read (s=0x0, key=5,
> > data=0x561d787031d0, len=2) at hw/nvram/fw_cfg.c:614
> > #1  0x0000561d762d6730 in fw_cfg_modify_i16 (s=0x0, key=5, value=2) at
> > hw/nvram/fw_cfg.c:656
> > #2  0x0000561d761195b3 in pc_cpu_plug (hotplug_dev=0x561d770f9810,
> > dev=0x561d7712a7e0, errp=0x7ffe8f75f2b0) at
> > /root/xen/tools/qemu-xen-dir/hw/i386/pc.c:1823
> > #3  0x0000561d76119fc0 in pc_machine_device_plug_cb
> > (hotplug_dev=0x561d770f9810, dev=0x561d7712a7e0, errp=0x7ffe8f75f2b0) at
> > /root/xen/tools/qemu-xen-dir/hw/i386/pc.c:1993
> > #4  0x0000561d76239cba in hotplug_handler_plug
> > (plug_handler=0x561d770f9810, plugged_dev=0x561d7712a7e0,
> > errp=0x7ffe8f75f2b0) at hw/core/hotplug.c:34
> > #5  0x0000561d7623584d in device_set_realized (obj=0x561d7712a7e0,
> > value=true, errp=0x7ffe8f75f468) at hw/core/qdev.c:928
> > #6  0x0000561d763e22a3 in property_set_bool (obj=0x561d7712a7e0,
> > v=0x561d78702090, name=0x561d764fd9d0 "realized", opaque=0x561d785aea00,
> > errp=0x7ffe8f75f468) at qom/object.c:1854
> > #7  0x0000561d763e07aa in object_property_set (obj=0x561d7712a7e0,
> > v=0x561d78702090, name=0x561d764fd9d0 "realized", errp=0x7ffe8f75f468)
> > at qom/object.c:1088
> > #8  0x0000561d763e3609 in object_property_set_qobject
> > (obj=0x561d7712a7e0, value=0x561d773869c0, name=0x561d764fd9d0
> > "realized", errp=0x7ffe8f75f468) at qom/qom-qobject.c:27
> > #9  0x0000561d763e0a40 in object_property_set_bool (obj=0x561d7712a7e0,
> > value=true, name=0x561d764fd9d0 "realized", errp=0x7ffe8f75f468) at
> > qom/object.c:1157
> > #10 0x0000561d76117304 in pc_new_cpu (typename=0x561d7707c880
> > "qemu32-i386-cpu", apic_id=1, errp=0x7ffe8f75f4c0) at
> > /root/xen/tools/qemu-xen-dir/hw/i386/pc.c:1099
> > #11 0x0000561d761174cc in pc_hot_add_cpu (id=1, errp=0x7ffe8f75f558) at
> > /root/xen/tools/qemu-xen-dir/hw/i386/pc.c:1131
> > #12 0x0000561d761cb7b3 in qmp_cpu_add (id=1, errp=0x7ffe8f75f558) at
> > qmp.c:126
> > #13 0x0000561d761bdc60 in qmp_marshal_cpu_add (args=0x561d7711a1b0,
> > ret=0x7ffe8f75f5b0, errp=0x7ffe8f75f5a8) at qmp-marshal.c:1274
> > #14 0x0000561d764b2f13 in do_qmp_dispatch (request=0x561d77129360,
> > errp=0x7ffe8f75f610) at qapi/qmp-dispatch.c:98
> > #15 0x0000561d764b3042 in qmp_dispatch (request=0x561d77129360) at
> > qapi/qmp-dispatch.c:125
> > #16 0x0000561d76084d39 in handle_qmp_command (parser=0x561d771288b0,
> > tokens=0x561d770f8cc0) at /root/xen/tools/qemu-xen-dir/monitor.c:3758
> > #17 0x0000561d764ba402 in json_message_process_token
> > (lexer=0x561d771288b8, input=0x561d770f9040, type=JSON_RCURLY, x=1,
> > y=11) at qobject/json-streamer.c:105
> > #18 0x0000561d764dd5dc in json_lexer_feed_char (lexer=0x561d771288b8,
> > ch=125 '}', flush=false) at qobject/json-lexer.c:319
> > #19 0x0000561d764dd71c in json_lexer_feed (lexer=0x561d771288b8,
> > buffer=0x7ffe8f75f880 "}\224Dx\035V", size=1) at qobject/json-lexer.c:369
> > #20 0x0000561d764ba4a2 in json_message_parser_feed
> > (parser=0x561d771288b0, buffer=0x7ffe8f75f880 "}\224Dx\035V", size=1) at
> > qobject/json-streamer.c:124
> > #21 0x0000561d76084e53 in monitor_qmp_read (opaque=0x561d77128830,
> > buf=0x7ffe8f75f880 "}\224Dx\035V", size=1) at
> > /root/xen/tools/qemu-xen-dir/monitor.c:3788
> > #22 0x0000561d761a3b2d in qemu_chr_be_write_impl (s=0x561d77107020,
> > buf=0x7ffe8f75f880 "}\224Dx\035V", len=1) at qemu-char.c:419
> > #23 0x0000561d761a3b8f in qemu_chr_be_write (s=0x561d77107020,
> > buf=0x7ffe8f75f880 "}\224Dx\035V", len=1) at qemu-char.c:431
> > #24 0x0000561d761a83d0 in tcp_chr_read (chan=0x561d785ae8a0,
> > cond=G_IO_IN, opaque=0x561d77107020) at qemu-char.c:3145
> > #25 0x0000561d76475a36 in qio_channel_fd_source_dispatch
> > (source=0x561d77cbe7c0, callback=0x561d761a8279 <tcp_chr_read>,
> > user_data=0x561d77107020) at io/channel-watch.c:84
> > #26 0x00007f77f3e407aa in g_main_context_dispatch () from
> > /lib64/libglib-2.0.so.0
> > #27 0x0000561d763f03ee in glib_pollfds_poll () at main-loop.c:259
> > #28 0x0000561d763f04dc in os_host_main_loop_wait (timeout=15045517) at
> > main-loop.c:306
> > #29 0x0000561d763f058c in main_loop_wait (nonblocking=0) at main-loop.c:556
> > #30 0x0000561d761b1cb5 in main_loop () at vl.c:1966
> > #31 0x0000561d761b93fb in main (argc=38, argv=0x7ffe8f760df8,
> > envp=0x7ffe8f760f30) at vl.c:4684
> 

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel

  reply	other threads:[~2017-02-16 21:19 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-16  4:20 (resend) qemu crashes during VCPU hotplug Boris Ostrovsky
2017-02-16 17:32 ` Boris Ostrovsky
2017-02-16 21:19   ` Stefano Stabellini [this message]
2017-02-16 21:52     ` Boris Ostrovsky
2017-02-16 22:19       ` Stefano Stabellini

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=alpine.DEB.2.10.1702161316000.9566@sstabellini-ThinkPad-X260 \
    --to=sstabellini@kernel.org \
    --cc=anthony.perard@citrix.com \
    --cc=boris.ostrovsky@oracle.com \
    --cc=stefano@aporeto.com \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.