[Qemu-devel] commit 79e2b9aeccedbfd exec: RCUify AddressSpaceDispatch causes crashes

[Qemu-devel] commit 79e2b9aeccedbfd exec: RCUify AddressSpaceDispatch causes crashes

[Christian Borntraeger]

Paolo,

guests with lots of threads crash after this patch

commit 79e2b9aeccedbfde762b05da662132c7fda292be
Author:     Paolo Bonzini <pbonzini@redhat.com>
AuthorDate: Wed Jan 21 12:09:14 2015 +0100
Commit:     Paolo Bonzini <pbonzini@redhat.com>
CommitDate: Mon Feb 16 17:30:19 2015 +0100

    exec: RCUify AddressSpaceDispatch

(gdb) bt
#0  kvm_flush_coalesced_mmio_buffer () at /home/cborntra/REPOS/qemu/kvm-all.c:1694
#1  0x000000008001835a in qemu_flush_coalesced_mmio_buffer () at /home/cborntra/REPOS/qemu/exec.c:1066
#2  0x00000000800572ee in memory_region_clear_coalescing (mr=0x80409c30 <io_mem_watch>) at /home/cborntra/REPOS/qemu/memory.c:1524
#3  0x00000000800573d0 in memory_region_finalize (obj=<optimized out>) at /home/cborntra/REPOS/qemu/memory.c:1253
#4  0x000000008016d2e8 in object_deinit (type=0x808a7d00, obj=<optimized out>) at /home/cborntra/REPOS/qemu/qom/object.c:399
#5  object_finalize (data=0x80409c30 <io_mem_watch>) at /home/cborntra/REPOS/qemu/qom/object.c:413
#6  object_unref (obj=0x80409c30 <io_mem_watch>) at /home/cborntra/REPOS/qemu/qom/object.c:720
#7  0x00000000800166ac in phys_section_destroy (mr=0x80409c30 <io_mem_watch>) at /home/cborntra/REPOS/qemu/exec.c:968
#8  phys_sections_free (map=0x808dc038) at /home/cborntra/REPOS/qemu/exec.c:981
#9  address_space_dispatch_free (d=0x808dc020) at /home/cborntra/REPOS/qemu/exec.c:2115
#10 0x00000000802243ea in call_rcu_thread (opaque=<optimized out>) at /home/cborntra/REPOS/qemu/util/rcu.c:256
#11 0x000003fffc4d34e6 in start_thread () from /lib64/libpthread.so.0
#12 0x000003fffc4260fa in thread_start () from /lib64/libc.so.6

Christian

Re: [Qemu-devel] commit 79e2b9aeccedbfd exec: RCUify AddressSpaceDispatch causes crashes

[Paolo Bonzini]

On 03/03/2015 10:28, Christian Borntraeger wrote:
> 
> Paolo,
> 
> guests with lots of threads crash after this patch
> 
> commit 79e2b9aeccedbfde762b05da662132c7fda292be
> Author:     Paolo Bonzini <pbonzini@redhat.com>
> AuthorDate: Wed Jan 21 12:09:14 2015 +0100
> Commit:     Paolo Bonzini <pbonzini@redhat.com>
> CommitDate: Mon Feb 16 17:30:19 2015 +0100
> 
>     exec: RCUify AddressSpaceDispatch
> 
> (gdb) bt
> #0  kvm_flush_coalesced_mmio_buffer () at /home/cborntra/REPOS/qemu/kvm-all.c:1694
> #1  0x000000008001835a in qemu_flush_coalesced_mmio_buffer () at /home/cborntra/REPOS/qemu/exec.c:1066
> #2  0x00000000800572ee in memory_region_clear_coalescing (mr=0x80409c30 <io_mem_watch>) at /home/cborntra/REPOS/qemu/memory.c:1524
> #3  0x00000000800573d0 in memory_region_finalize (obj=<optimized out>) at /home/cborntra/REPOS/qemu/memory.c:1253
> #4  0x000000008016d2e8 in object_deinit (type=0x808a7d00, obj=<optimized out>) at /home/cborntra/REPOS/qemu/qom/object.c:399
> #5  object_finalize (data=0x80409c30 <io_mem_watch>) at /home/cborntra/REPOS/qemu/qom/object.c:413
> #6  object_unref (obj=0x80409c30 <io_mem_watch>) at /home/cborntra/REPOS/qemu/qom/object.c:720
> #7  0x00000000800166ac in phys_section_destroy (mr=0x80409c30 <io_mem_watch>) at /home/cborntra/REPOS/qemu/exec.c:968
> #8  phys_sections_free (map=0x808dc038) at /home/cborntra/REPOS/qemu/exec.c:981
> #9  address_space_dispatch_free (d=0x808dc020) at /home/cborntra/REPOS/qemu/exec.c:2115
> #10 0x00000000802243ea in call_rcu_thread (opaque=<optimized out>) at /home/cborntra/REPOS/qemu/util/rcu.c:256
> #11 0x000003fffc4d34e6 in start_thread () from /lib64/libpthread.so.0
> #12 0x000003fffc4260fa in thread_start () from /lib64/libc.so.6
> 
> Christian
> 

This is the same that was reported by Gonglei...  Looking at it.


Paolo