From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:45163)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1UlxaP-0006MH-UC
	for qemu-devel@nongnu.org; Mon, 10 Jun 2013 04:36:26 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1UlxaO-0002Os-OZ
	for qemu-devel@nongnu.org; Mon, 10 Jun 2013 04:36:21 -0400
Received: from mail-ea0-x230.google.com ([2a00:1450:4013:c01::230]:63990)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1UlxaO-0002Oc-IR
	for qemu-devel@nongnu.org; Mon, 10 Jun 2013 04:36:20 -0400
Received: by mail-ea0-f176.google.com with SMTP id z15so2202035ead.21
	for <qemu-devel@nongnu.org>; Mon, 10 Jun 2013 01:36:19 -0700 (PDT)
Date: Mon, 10 Jun 2013 10:36:16 +0200
From: Stefan Hajnoczi <stefanha@gmail.com>
Message-ID: <20130610083616.GA5308@stefanha-thinkpad.redhat.com>
References: <33183CC9F5247A488A2544077AF190206C901DDC@szxeml538-mbx.china.huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <33183CC9F5247A488A2544077AF190206C901DDC@szxeml538-mbx.china.huawei.com>
Subject: Re: [Qemu-devel] Qemu crashed while unpluging IDE disk
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Gonglei (Arei)" <arei.gonglei@huawei.com>
Cc: "Zhangbo (Oscar)" <oscar.zhangbo@huawei.com>, Yanqiangjun <yanqiangjun@huawei.com>, Luonengjun <luonengjun@huawei.com>, "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>, "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>, "Huangweidong (Hardware)" <huangweidong@huawei.com>

On Fri, Jun 07, 2013 at 02:31:00PM +0000, Gonglei (Arei) wrote:
> While starting a Fedora_14 guest, we came across a segfault of qemu:
> 
> the logs in /var/log/messages are: 
> Jun  1 02:38:56 NC587 kernel: [403549.565754] show_signal_msg: 136 callbacks suppressed
> Jun  1 02:38:56 NC587 kernel: [403549.565758] qemu-system-i38[25840]: segfault at 28 ip 0000000000418d91 sp 00007fe02aef4f00 error 4 in qemu-system-i386[400000+350000]
> 
> the very segfault refers to the code:
> /*
>  * Handle a read request in coroutine context
>  */
> static int coroutine_fn bdrv_co_do_readv(BlockDriverState *bs,
>     int64_t sector_num, int nb_sectors, QEMUIOVector *qiov,
>     BdrvRequestFlags flags)
> {
>     BlockDriver *drv = bs->drv;    //The segfault occurs when bs equals to NULL.
>     BdrvTrackedRequest req;
>     int ret;
> 
> 
> NOTE: we are running on a XEN hypervisor with qemu 1.2.0	

Can you try qemu.git/master?

Stefan