Re: segv in osevent_release_nexus with libxl backend to libvirt

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ian Campbell <Ian.Campbell@citrix.com>
To: Ian Jackson <Ian.Jackson@eu.citrix.com>
Cc: Jim Fehlig <jfehlig@suse.com>, xen-devel <xen-devel@lists.xen.org>
Subject: Re: segv in osevent_release_nexus with libxl backend to libvirt
Date: Wed, 26 Nov 2014 15:52:34 +0000	[thread overview]
Message-ID: <1417017154.11944.63.camel@citrix.com> (raw)
In-Reply-To: <1417016402.11944.60.camel@citrix.com>

On Wed, 2014-11-26 at 15:40 +0000, Ian Campbell wrote:
> (adding xen-devel which I forgot first time around)
> 
> On Wed, 2014-11-26 at 15:21 +0000, Ian Jackson wrote:
> > Ian Campbell writes ("segv in osevent_release_nexus with libxl backend to libvirt"):
> > > I'm seeing quite a few of these when shutting down domains:
> > ...
> > > This is on ARM but I don't think this appears to be arch specific at
> > > first glance. The bit from virObjectUnref->SEGV appears to be the same
> > > each time, but the leadin can be different:
> > ...       
> > > Perhaps that's just an artefact of the reference counting dropping to to
> > > zero in a different order not really relevant.
> > 
> > Having looked at this, I think that this is because libxl_ctx_free is
> > being reentered on the same ctx.
> > 
> > Below is a tiny patch to libxl which ought to crash on this earlier.
> > Ian C, can you try it ?  If this catches anything it will probably
> > show a path in libvirt where a libxl call is made without taking a ref
> > on the vm object.
> 
> With this I am seeing:
>         Program received signal SIGSEGV, Segmentation fault.
>         0xb16d2fd8 in osevent_release_nexus (gc=0xbefff51c, nexi_idle=0x2a09701c, nexus=0x0) at libxl_event.c:119
>         119	libxl_event.c: No such file or directory.
>         (gdb) bt
>         #0  0xb16d2fd8 in osevent_release_nexus (gc=0xbefff51c, nexi_idle=0x2a09701c, nexus=0x0) at libxl_event.c:119
>         #1  0xb16d3b14 in osevent_hook_pre_release (nexus=0x2a097074, nexi_idle=<optimized out>, ev=0x2a097060, gc=0xbefff51c) at libxl_event.c:149
>         #2  libxl__ev_fd_deregister (gc=0xbefff51c, ev=0x2a097060) at libxl_event.c:231
>         #3  0xb16a4858 in libxl_ctx_free (ctx=0x2a096fa8) at libxl.c:168
>         #4  0xb171814e in libxlDomainObjPrivateDispose () from /opt/libvirt/lib/libvirt/connection-driver/libvirt_driver_libxl.so
>         #5  0xb6c69176 in virObjectUnref () from /opt/libvirt/lib/libvirt.so.0
>         #6  0xb1717696 in libxlDomainObjTimerEventHookInfoFree () from /opt/libvirt/lib/libvirt/connection-driver/libvirt_driver_libxl.so
>         #7  0xb6c3eae4 in virEventPollCleanupTimeouts () from /opt/libvirt/lib/libvirt.so.0
>         #8  0xb6c3f0f2 in virEventPollRunOnce () from /opt/libvirt/lib/libvirt.so.0
>         #9  0xb6c3d2fc in virEventRunDefaultImpl () from /opt/libvirt/lib/libvirt.so.0
>         #10 0x2a05495a in virNetServerRun ()
>         #11 0x2a01297c in main ()
>         
> 
> I don't think this is what you were hoping for :-/

I don't know if this helps but on the 3 occasions I've just looked at
the ev passed to libxl__ev_fd_deregister contains an fd which
corresponds to a still open handle on /dev/xen/evtchn.

Ian.

next prev parent reply	other threads:[~2014-11-26 15:52 UTC|newest]

Thread overview: 43+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-11-26 15:37 segv in osevent_release_nexus with libxl backend to libvirt Ian Campbell
     [not found] ` <21621.61406.151530.376288@mariner.uk.xensource.com>
2014-11-26 15:40   ` Ian Campbell
2014-11-26 15:52     ` Ian Campbell [this message]
2014-11-26 17:38       ` Ian Jackson
2014-11-27 10:22         ` Ian Campbell
2014-11-27 18:27           ` [PATCH for-4.5 0/6] libxl: events: Tear down fd interests when idle Ian Jackson
2014-11-27 18:27             ` [PATCH 1/6] libxl: events: Assert that libxl_ctx_free is not called from a hook Ian Jackson
2014-11-28 12:42               ` Ian Campbell
2014-11-27 18:27             ` [PATCH 2/6] libxl: events: Deregister xenstore watch fd when not needed Ian Jackson
2014-11-28 13:06               ` Ian Campbell
2014-11-28 14:56                 ` Ian Jackson
2014-11-28 15:00                   ` Ian Campbell
2014-11-28 13:19               ` Ian Campbell
2014-11-27 18:27             ` [PATCH 3/6] libxl: events: Deregister, don't just modify, sigchld pipe fd Ian Jackson
2014-11-28 12:48               ` Ian Campbell
2014-11-28 14:42                 ` Ian Jackson
2014-11-28 14:44                   ` Ian Campbell
2014-11-27 18:27             ` [PATCH 4/6] libxl: events: Tear down SIGCHLD machinery on ctx destruction Ian Jackson
2014-11-28 12:51               ` Ian Campbell
2014-11-27 18:27             ` [PATCH 5/6] libxl: events: Deregister evtchn fd when not needed Ian Jackson
2014-11-28 13:04               ` Ian Campbell
2014-11-28 14:47                 ` Ian Jackson
2014-11-28 14:52                   ` Ian Campbell
2014-12-09 11:22                     ` Ian Jackson
2014-12-09 11:31                       ` Ian Campbell
2014-12-09 15:48                         ` [PATCH 5/6] libxl: events: Deregister evtchn fd when not needed [and 1 more messages] Ian Jackson
2014-11-27 18:27             ` [PATCH 6/6] libxl: events: Document and enforce actual callbacks restriction Ian Jackson
2014-11-28 13:04               ` Ian Campbell
2014-11-27 18:30             ` [PATCH for-4.5 0/6] libxl: events: Tear down fd interests when idle Ian Jackson
2014-11-28 13:05               ` Ian Campbell
2014-12-08 16:18                 ` Konrad Rzeszutek Wilk
2014-12-08 10:33               ` Ian Campbell
2014-12-09 15:54             ` [PATCH for-4.5 v2 " Ian Jackson
2014-12-09 15:54               ` [PATCH 1/6] libxl: events: Assert that libxl_ctx_free is not called from a hook Ian Jackson
2014-12-09 15:54               ` [PATCH 2/6] libxl: events: Deregister xenstore watch fd when not needed Ian Jackson
2014-12-09 15:59                 ` Ian Campbell
2014-12-09 16:13                   ` Ian Jackson
2014-12-09 15:54               ` [PATCH 3/6] libxl: events: Deregister, don't just modify, sigchld pipe fd Ian Jackson
2014-12-09 15:54               ` [PATCH 4/6] libxl: events: Tear down SIGCHLD machinery on ctx destruction Ian Jackson
2014-12-09 15:54               ` [PATCH 5/6] libxl: events: Deregister evtchn fd when not needed Ian Jackson
2014-12-09 15:56                 ` Ian Campbell
2014-12-09 15:54               ` [PATCH 6/6] libxl: events: Document and enforce actual callbacks restriction Ian Jackson
2014-12-10 10:45               ` [PATCH for-4.5 v2 0/6] libxl: events: Tear down fd interests when idle Ian Campbell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1417017154.11944.63.camel@citrix.com \
    --to=ian.campbell@citrix.com \
    --cc=Ian.Jackson@eu.citrix.com \
    --cc=jfehlig@suse.com \
    --cc=xen-devel@lists.xen.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.