segfault in ide_read_dma_cb when resetting guest

segfault in ide_read_dma_cb when resetting guest

[Jan Kiszka]

[-- Attachment #1: Type: text/plain, Size: 1608 bytes --]

Hi,

maybe someone has an immediate idea or can reproduce, I'm currently
lacking time to debug this: With latest kvm-userspace I'm seeing
sporadic qemu crashes when hard-resetting a guest that currently does
some I/O (qcow2 disk in snapshot mode). Below is the backtrace, s is
null.

So far the issue does not show up with -no-kvm or with upstream qemu
(also without kvm as upstream's reset in kvm mode is not working yet).

Jan

---

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fd5e75406f0 (LWP 13554)]
ide_read_dma_cb (opaque=0xef2e60, ret=0) at /data/kvm-userspace/qemu/hw/ide.c:1010
1010        n = s->io_buffer_size >> 9;
(gdb) bt
#0  ide_read_dma_cb (opaque=0xef2e60, ret=0) at /data/kvm-userspace/qemu/hw/ide.c:1010
#1  0x000000000041668e in dma_bdrv_cb (opaque=0xdd0250, ret=0) at /data/kvm-userspace/qemu/dma-helpers.c:86
#2  0x000000000046e4a8 in bdrv_aio_rw_vector_cb (opaque=0xdd00b0, ret=0) at block.c:1280
#3  0x00000000004b49fb in qcow_aio_read_cb (opaque=0xc81150, ret=0) at block-qcow2.c:1239
#4  0x00000000004b49fb in qcow_aio_read_cb (opaque=0x10f6010, ret=0) at block-qcow2.c:1239
#5  0x000000000041b4df in posix_aio_read (opaque=<value optimized out>) at block-raw-posix.c:533
#6  0x000000000040969a in main_loop_wait (timeout=<value optimized out>) at /data/kvm-userspace/qemu/vl.c:3814
#7  0x000000000052029a in kvm_main_loop () at /data/kvm-userspace/qemu/qemu-kvm.c:597
#8  0x000000000040e038 in main (argc=<value optimized out>, argv=0x7fffef57b448, envp=<value optimized out>) at /data/kvm-userspace/qemu/vl.c:3871



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 257 bytes --]

Re: segfault in ide_read_dma_cb when resetting guest

[Avi Kivity]

Jan Kiszka wrote:
> Hi,
>
> maybe someone has an immediate idea or can reproduce, I'm currently
> lacking time to debug this: With latest kvm-userspace I'm seeing
> sporadic qemu crashes when hard-resetting a guest that currently does
> some I/O (qcow2 disk in snapshot mode). Below is the backtrace, s is
> null.
>
> So far the issue does not show up with -no-kvm or with upstream qemu
> (also without kvm as upstream's reset in kvm mode is not working yet).
>
>   

I think I broke it -- cancellation assumes aiocbs were generated by the 
block format driver, but there are now aiocbs that are generated by the  
generic code.

The problem is in upstream as well, don't know why you don't see it 
there (maybe you're seeing a different problem).

I'll come up with a patch.

-- 
error compiling committee.c: too many arguments to function

Re: segfault in ide_read_dma_cb when resetting guest

[Avi Kivity]

Avi Kivity wrote:
> Jan Kiszka wrote:
>> Hi,
>>
>> maybe someone has an immediate idea or can reproduce, I'm currently
>> lacking time to debug this: With latest kvm-userspace I'm seeing
>> sporadic qemu crashes when hard-resetting a guest that currently does
>> some I/O (qcow2 disk in snapshot mode). Below is the backtrace, s is
>> null.
>>
>> So far the issue does not show up with -no-kvm or with upstream qemu
>> (also without kvm as upstream's reset in kvm mode is not working yet).
>>
>>   
>
> I think I broke it -- cancellation assumes aiocbs were generated by 
> the block format driver, but there are now aiocbs that are generated 
> by the  generic code.
>
> The problem is in upstream as well, don't know why you don't see it 
> there (maybe you're seeing a different problem).
>
> I'll come up with a patch.
>

Patchset just posted to qemu-devel.


-- 
error compiling committee.c: too many arguments to function