[Qemu-devel] sigsegv in chardev on iotest 045 (raw)

[Qemu-devel] sigsegv in chardev on iotest 045 (raw)

[John Snow]

Running tests on a development branch (I haven't touched chardev stuff,
I swear!); I ran into the below crash where s->ioc was NULL. I don't
have the time to investigate at this exact moment, so please excuse the
hasty report so I don't forget to tell someone.

It does not reproduce consistently, and I can't get it to show up again.

(Is this maybe just a race on close where the device went away too fast
and it had nowhere to print the information? --js)

--- /home/bos/jhuston/src/qemu/tests/qemu-iotests/045.out	2019-04-05
17:50:47.309213199 -0400
+++ /home/bos/jhuston/src/qemu/bin/git/tests/qemu-iotests/045.out.bad
2019-06-04 20:55:34.410469853 -0400
@@ -1,3 +1,5 @@
+WARNING:qemu:qemu received signal 11:
/home/bos/jhuston/src/qemu/bin/git/tests/qemu-iotests/../../x86_64-softmmu/qemu-system-x86_64
-chardev
socket,id=mon,path=/home/bos/jhuston/src/qemu/bin/git/tests/qemu-iotests/scratch/tmp4pnjwtvk/qemu-21961-monitor.sock
-mon chardev=mon,mode=control -display none -vga none -qtest
unix:path=/home/bos/jhuston/src/qemu/bin/git/tests/qemu-iotests/scratch/qemu-21961-qtest.sock
-machine accel=qtest -nodefaults -machine accel=qtest -add-fd
fd=3,set=1,opaque=image0:r -add-fd fd=4,set=1,opaque=image1:w+ -add-fd
fd=5,set=0,opaque=image2:r -add-fd fd=6,set=2,opaque=image3:r -add-fd
fd=7,set=2,opaque=image4:r -drive
if=virtio,id=drive0,file=/dev/fdset/1,format=raw,cache=writeback
+WARNING:qemu:qemu received signal 11:
/home/bos/jhuston/src/qemu/bin/git/tests/qemu-iotests/../../x86_64-softmmu/qemu-system-x86_64
-chardev
socket,id=mon,path=/home/bos/jhuston/src/qemu/bin/git/tests/qemu-iotests/scratch/tmp4pnjwtvk/qemu-21961-monitor.sock
-mon chardev=mon,mode=control -display none -vga none -qtest
unix:path=/home/bos/jhuston/src/qemu/bin/git/tests/qemu-iotests/scratch/qemu-21961-qtest.sock
-machine accel=qtest -nodefaults -machine accel=qtest -add-fd
fd=3,set=1,opaque=image0:r -add-fd fd=4,set=1,opaque=image1:w+ -add-fd
fd=5,set=0,opaque=image2:r -add-fd fd=6,set=2,opaque=image3:r -add-fd
fd=7,set=2,opaque=image4:r -drive
if=virtio,id=drive0,file=/dev/fdset/1,format=raw,cache=writeback
 ...........
 ----------------------------------------------------------------------

#0  0x0000560165e2d431 in object_get_class (obj=0x0) at
/home/bos/jhuston/src/qemu/qom/object.c:905
#1  0x0000560165f1328c in qio_channel_writev_full (ioc=0x0,
iov=0x7ffe7d79e380, niov=1, fds=0x0, nfds=0, errp=0x0)
    at /home/bos/jhuston/src/qemu/io/channel.c:76
#2  0x0000560165efa7c0 in io_channel_send_full (ioc=0x0,
buf=0x7fd0dc004e20, len=138, fds=0x0, nfds=0)
    at /home/bos/jhuston/src/qemu/chardev/char-io.c:123
#3  0x0000560165efe262 in tcp_chr_write
    (chr=0x5601680fbeb0, buf=0x7fd0dc004e20 "{\"timestamp\":
{\"seconds\": 1559696132, \"microseconds\": 913471}, \"event\":
\"SHUTDOWN\", \"data\": {\"guest\": false, \"reason\":
\"host-qmp-quit\"}}\r\n", len=138) at
/home/bos/jhuston/src/qemu/chardev/char-socket.c:160
#4  0x0000560165ef62b4 in qemu_chr_write_buffer
    (s=0x5601680fbeb0, buf=0x7fd0dc004e20 "{\"timestamp\": {\"seconds\":
1559696132, \"microseconds\": 913471}, \"event\": \"SHUTDOWN\",
\"data\": {\"guest\": false, \"reason\": \"host-qmp-quit\"}}\r\n",
len=138, offset=0x7ffe7d79e460, write_all=false)
    at /home/bos/jhuston/src/qemu/chardev/char.c:113
#5  0x0000560165ef6421 in qemu_chr_write
    (s=0x5601680fbeb0, buf=0x7fd0dc004e20 "{\"timestamp\": {\"seconds\":
1559696132, \"microseconds\": 913471}, \"event\": \"SHUTDOWN\",
\"data\": {\"guest\": false, \"reason\": \"host-qmp-quit\"}}\r\n",
len=138, write_all=false) at /home/bos/jhuston/src/qemu/chardev/char.c:148
#6  0x0000560165ef9408 in qemu_chr_fe_write
    (be=0x5601680fb680, buf=0x7fd0dc004e20 "{\"timestamp\":
{\"seconds\": 1559696132, \"microseconds\": 913471}, \"event\":
\"SHUTDOWN\", \"data\": {\"guest\": false, \"reason\":
\"host-qmp-quit\"}}\r\n", len=138) at
/home/bos/jhuston/src/qemu/chardev/char-fe.c:42
#7  0x00005601659b8c4a in monitor_flush_locked (mon=0x5601680fb680) at
/home/bos/jhuston/src/qemu/monitor.c:404
#8  0x00005601659b8e54 in monitor_puts
    (mon=0x5601680fb680, str=0x560168a57110 "{\"timestamp\":
{\"seconds\": 1559696132, \"microseconds\": 913471}, \"event\":
\"SHUTDOWN\", \"data\": {\"guest\": false, \"reason\":
\"host-qmp-quit\"}}\n") at /home/bos/jhuston/src/qemu/monitor.c:446
#9  0x00005601659b909a in qmp_send_response (mon=0x5601680fb680,
rsp=0x560168f72310) at /home/bos/jhuston/src/qemu/monitor.c:493
#10 0x00005601659b912e in monitor_qapi_event_emit
(event=QAPI_EVENT_SHUTDOWN, qdict=0x560168f72310) at
/home/bos/jhuston/src/qemu/monitor.c:521
#11 0x00005601659b9229 in monitor_qapi_event_queue_no_reenter
(event=QAPI_EVENT_SHUTDOWN, qdict=0x560168f72310)
    at /home/bos/jhuston/src/qemu/monitor.c:546
#12 0x00005601659b95bc in qapi_event_emit (event=QAPI_EVENT_SHUTDOWN,
qdict=0x560168f72310) at /home/bos/jhuston/src/qemu/monitor.c:621
#13 0x0000560165f70707 in qapi_event_send_shutdown (guest=false,
reason=SHUTDOWN_CAUSE_HOST_QMP_QUIT) at qapi/qapi-events-run-state.c:44
#14 0x0000560165b60e88 in qemu_system_shutdown
(cause=SHUTDOWN_CAUSE_HOST_QMP_QUIT) at /home/bos/jhuston/src/qemu/vl.c:1777
#15 0x0000560165b60fa1 in main_loop_should_exit () at
/home/bos/jhuston/src/qemu/vl.c:1825
#16 0x0000560165b610a6 in main_loop () at
/home/bos/jhuston/src/qemu/vl.c:1864
#17 0x0000560165b68686 in main (argc=28, argv=0x7ffe7d79ea98,
envp=0x7ffe7d79eb80) at /home/bos/jhuston/src/qemu/vl.c:4526

Re: [Qemu-devel] sigsegv in chardev on iotest 045 (raw)

[Max Reitz]

[-- Attachment #1: Type: text/plain, Size: 1069 bytes --]

On 05.06.19 03:15, John Snow wrote:
> Running tests on a development branch (I haven't touched chardev stuff,
> I swear!); I ran into the below crash where s->ioc was NULL. I don't
> have the time to investigate at this exact moment, so please excuse the
> hasty report so I don't forget to tell someone.
> 
> It does not reproduce consistently, and I can't get it to show up again.
> 
> (Is this maybe just a race on close where the device went away too fast
> and it had nowhere to print the information? --js)

Your back trace looks exactly like what I posted in
http://lists.nongnu.org/archive/html/qemu-devel/2018-12/msg05579.html .

No, I don’t think anybody has posted a fix for this so far.  I know
other people saw similar issues.

I know what I have on my test branch (which contains various fixes to
make all iotests run or at least pass those which are terminally broken):

https://git.xanclic.moe/XanClic/qemu/commit/c52433f218c61ef608ab4d9abb56e1f705a3ae22

I have a lot of patches on my test branch.  (15, to be exact.)

Max


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: [Qemu-devel] sigsegv in chardev on iotest 045 (raw)

[John Snow]

On 6/5/19 12:22 PM, Max Reitz wrote:
> On 05.06.19 03:15, John Snow wrote:
>> Running tests on a development branch (I haven't touched chardev stuff,
>> I swear!); I ran into the below crash where s->ioc was NULL. I don't
>> have the time to investigate at this exact moment, so please excuse the
>> hasty report so I don't forget to tell someone.
>>
>> It does not reproduce consistently, and I can't get it to show up again.
>>
>> (Is this maybe just a race on close where the device went away too fast
>> and it had nowhere to print the information? --js)
> 
> Your back trace looks exactly like what I posted in
> http://lists.nongnu.org/archive/html/qemu-devel/2018-12/msg05579.html .
> 

I was going to say "Apologies for having missed this," but it's from
2018. I feel less guilty.

...Oh, it's been busted for a while...

> No, I don’t think anybody has posted a fix for this so far.  I know
> other people saw similar issues.
> 
> I know what I have on my test branch (which contains various fixes to
> make all iotests run or at least pass those which are terminally broken):
> 
> https://git.xanclic.moe/XanClic/qemu/commit/c52433f218c61ef608ab4d9abb56e1f705a3ae22
> 
> I have a lot of patches on my test branch.  (15, to be exact.)
> 
> Max
> 

Oh, okay, no fix; but you do have a hack workaround. OK, thanks!

--js

Re: [Qemu-devel] sigsegv in chardev on iotest 045 (raw)

[Max Reitz]

[-- Attachment #1: Type: text/plain, Size: 1331 bytes --]

On 05.06.19 18:22, Max Reitz wrote:
> On 05.06.19 03:15, John Snow wrote:
>> Running tests on a development branch (I haven't touched chardev stuff,
>> I swear!); I ran into the below crash where s->ioc was NULL. I don't
>> have the time to investigate at this exact moment, so please excuse the
>> hasty report so I don't forget to tell someone.
>>
>> It does not reproduce consistently, and I can't get it to show up again.
>>
>> (Is this maybe just a race on close where the device went away too fast
>> and it had nowhere to print the information? --js)
> 
> Your back trace looks exactly like what I posted in
> http://lists.nongnu.org/archive/html/qemu-devel/2018-12/msg05579.html .
> 
> No, I don’t think anybody has posted a fix for this so far.  I know
> other people saw similar issues.

I stand corrected.  I just cleaned up my inbox and found Dan pointing here:

https://lists.gnu.org/archive/html/qemu-devel/2019-02/msg06174.html

Well, er, well, yeah.

Max

> I know what I have on my test branch (which contains various fixes to
> make all iotests run or at least pass those which are terminally broken):
> 
> https://git.xanclic.moe/XanClic/qemu/commit/c52433f218c61ef608ab4d9abb56e1f705a3ae22
> 
> I have a lot of patches on my test branch.  (15, to be exact.)
> 
> Max
> 



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]