* [Qemu-devel] [Bug ?]Qemu segfault because of non-initial kvm_state variable
@ 2015-03-03 8:01 Gonglei (Arei)
2015-03-03 10:11 ` Paolo Bonzini
0 siblings, 1 reply; 5+ messages in thread
From: Gonglei (Arei) @ 2015-03-03 8:01 UTC (permalink / raw)
To: qemu-devel@nongnu.org; +Cc: Paolo Bonzini
Hi,
I encountered a Qemu segfault problem in my environment.
# ./qemu-system-x86_64 -enable-kvm -m 4096 -smp 4 -name redhat6.2 -drive file=/home/win2008_ent_r2_64_01,\
if=none,id=drive-ide0-0-0 -device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -vnc :10
Segmentation fault
Some information by gdb:
Breakpoint 1, kvm_init (ms=0x5555563336c0) at /mnt/sdb/gonglei/qemu/kvm-all.c:1415
1415 {
(gdb) until 1515
kvm_init (ms=0x5555563336c0) at /mnt/sdb/gonglei/qemu/kvm-all.c:1518
1518 ret = kvm_ioctl(s, KVM_CREATE_VM, type);
(gdb) n
1519 } while (ret == -EINTR);
(gdb)
1521 if (ret < 0) {
(gdb)
1532 s->vmfd = ret;
(gdb)
1533 missing_cap = kvm_check_extension_list(s, kvm_required_capabilites);
(gdb)
1534 if (!missing_cap) {
(gdb)
1535 missing_cap =
(gdb)
1538 if (missing_cap) {
(gdb)
1545 s->coalesced_mmio = kvm_check_extension(s, KVM_CAP_COALESCED_MMIO);
(gdb)
1547 s->broken_set_mem_region = 1;
(gdb)
1548 ret = kvm_check_extension(s, KVM_CAP_JOIN_MEMORY_REGIONS_WORKS);
(gdb)
1549 if (ret > 0) {
(gdb)
1550 s->broken_set_mem_region = 0;
(gdb)
1554 s->vcpu_events = kvm_check_extension(s, KVM_CAP_VCPU_EVENTS);
(gdb)
1557 s->robust_singlestep =
(gdb)
1561 s->debugregs = kvm_check_extension(s, KVM_CAP_DEBUGREGS);
(gdb)
1565 s->xsave = kvm_check_extension(s, KVM_CAP_XSAVE);
(gdb)
1569 s->xcrs = kvm_check_extension(s, KVM_CAP_XCRS);
(gdb)
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff2f5a700 (LWP 32476)]
0x00005555556502c3 in kvm_flush_coalesced_mmio_buffer () at /mnt/sdb/gonglei/qemu/kvm-all.c:1682
1682 if (s->coalesced_flush_in_progress) {
(gdb) bt
#0 0x00005555556502c3 in kvm_flush_coalesced_mmio_buffer () at /mnt/sdb/gonglei/qemu/kvm-all.c:1682
#1 0x00005555555fc192 in qemu_flush_coalesced_mmio_buffer () at /mnt/sdb/gonglei/qemu/exec.c:1066
#2 0x0000555555658dc0 in memory_region_clear_coalescing (mr=0x555555e4ed00 <io_mem_watch>) at /mnt/sdb/gonglei/qemu/memory.c:1524
#3 0x00005555556578a0 in memory_region_finalize (obj=0x555555e4ed00 <io_mem_watch>) at /mnt/sdb/gonglei/qemu/memory.c:1253
#4 0x00005555558e5294 in object_deinit (obj=0x555555e4ed00 <io_mem_watch>, type=0x55555630c350) at qom/object.c:399
#5 0x00005555558e5313 in object_finalize (data=0x555555e4ed00 <io_mem_watch>) at qom/object.c:413
#6 0x00005555558e5edc in object_unref (obj=0x555555e4ed00 <io_mem_watch>) at qom/object.c:720
#7 0x00005555556579d3 in memory_region_unref (mr=0x555555e4ed00 <io_mem_watch>) at /mnt/sdb/gonglei/qemu/memory.c:1290
#8 0x00005555555fb6dc in phys_section_destroy (mr=0x555555e4ed00 <io_mem_watch>) at /mnt/sdb/gonglei/qemu/exec.c:968
#9 0x00005555555fb78a in phys_sections_free (map=0x555556334548) at /mnt/sdb/gonglei/qemu/exec.c:981
#10 0x00005555555ff418 in address_space_dispatch_free (d=0x555556334530) at /mnt/sdb/gonglei/qemu/exec.c:2115
#11 0x00005555559e3d91 in call_rcu_thread (opaque=0x0) at util/rcu.c:256
#12 0x00007ffff57297b6 in start_thread () from /lib64/libpthread.so.0
#13 0x00007ffff5484d6d in clone () from /lib64/libc.so.6
#14 0x0000000000000000 in ?? ()
(gdb)
It's abviousely the global variable kvm_state hasn't be valued, but accessed by vcpu thread.
And dmesg show:
[16356.371372] qemu-system-x86[32410]: segfault at 50 ip 00007fa1214092c3 sp 00007fa11c267940 error 4 in qemu-system-x86_64[7fa12130d000+5bd000]
If you need some other infomation, please let me know.
Regards,
-Gonglei
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] [Bug ?]Qemu segfault because of non-initial kvm_state variable
2015-03-03 8:01 [Qemu-devel] [Bug ?]Qemu segfault because of non-initial kvm_state variable Gonglei (Arei)
@ 2015-03-03 10:11 ` Paolo Bonzini
2015-03-03 10:21 ` Peter Maydell
2015-03-03 10:27 ` Paolo Bonzini
0 siblings, 2 replies; 5+ messages in thread
From: Paolo Bonzini @ 2015-03-03 10:11 UTC (permalink / raw)
To: Gonglei (Arei), qemu-devel@nongnu.org
On 03/03/2015 09:01, Gonglei (Arei) wrote:
> Hi,
>
> I encountered a Qemu segfault problem in my environment.
>
> # ./qemu-system-x86_64 -enable-kvm -m 4096 -smp 4 -name redhat6.2 -drive file=/home/win2008_ent_r2_64_01,\
> if=none,id=drive-ide0-0-0 -device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -vnc :10
> Segmentation fault
Should be fixed by:
diff --git a/kvm-all.c b/kvm-all.c
index 05a79c2..e04a0ca 100644
--- a/kvm-all.c
+++ b/kvm-all.c
@@ -1679,7 +1679,7 @@ void kvm_flush_coalesced_mmio_buffer(void)
{
KVMState *s = kvm_state;
- if (s->coalesced_flush_in_progress) {
+ if (!s || s->coalesced_flush_in_progress) {
return;
}
Paolo
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] [Bug ?]Qemu segfault because of non-initial kvm_state variable
2015-03-03 10:11 ` Paolo Bonzini
@ 2015-03-03 10:21 ` Peter Maydell
2015-03-03 10:37 ` Paolo Bonzini
2015-03-03 10:27 ` Paolo Bonzini
1 sibling, 1 reply; 5+ messages in thread
From: Peter Maydell @ 2015-03-03 10:21 UTC (permalink / raw)
To: Paolo Bonzini; +Cc: Gonglei (Arei), qemu-devel@nongnu.org
On 3 March 2015 at 19:11, Paolo Bonzini <pbonzini@redhat.com> wrote:
>
>
> On 03/03/2015 09:01, Gonglei (Arei) wrote:
>> Hi,
>>
>> I encountered a Qemu segfault problem in my environment.
>>
>> # ./qemu-system-x86_64 -enable-kvm -m 4096 -smp 4 -name redhat6.2 -drive file=/home/win2008_ent_r2_64_01,\
>> if=none,id=drive-ide0-0-0 -device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -vnc :10
>> Segmentation fault
>
> Should be fixed by:
>
> diff --git a/kvm-all.c b/kvm-all.c
> index 05a79c2..e04a0ca 100644
> --- a/kvm-all.c
> +++ b/kvm-all.c
> @@ -1679,7 +1679,7 @@ void kvm_flush_coalesced_mmio_buffer(void)
> {
> KVMState *s = kvm_state;
>
> - if (s->coalesced_flush_in_progress) {
> + if (!s || s->coalesced_flush_in_progress) {
> return;
> }
Is it worth my holding off on applying further pullreqs til
we apply this fix to master (in the interests of future
bisectability), or does it not affect many people/configs?
-- PMM
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] [Bug ?]Qemu segfault because of non-initial kvm_state variable
2015-03-03 10:11 ` Paolo Bonzini
2015-03-03 10:21 ` Peter Maydell
@ 2015-03-03 10:27 ` Paolo Bonzini
1 sibling, 0 replies; 5+ messages in thread
From: Paolo Bonzini @ 2015-03-03 10:27 UTC (permalink / raw)
To: Gonglei (Arei), qemu-devel@nongnu.org
On 03/03/2015 11:11, Paolo Bonzini wrote:
>
>
> On 03/03/2015 09:01, Gonglei (Arei) wrote:
>> Hi,
>>
>> I encountered a Qemu segfault problem in my environment.
>>
>> # ./qemu-system-x86_64 -enable-kvm -m 4096 -smp 4 -name redhat6.2 -drive file=/home/win2008_ent_r2_64_01,\
>> if=none,id=drive-ide0-0-0 -device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -vnc :10
>> Segmentation fault
... and here's the right fix:
------------------- 8< ---------------------------
From: Paolo Bonzini <pbonzini@redhat.com>
Subject: [PATCH] vl: take iothread lock very early
If the iothread lock isn't taken by the main thread, the RCU callbacks
might run concurrently with the main thread. QEMU's not ready for that.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
diff --git a/vl.c b/vl.c
index 09693f5..d743727 100644
--- a/vl.c
+++ b/vl.c
@@ -2763,6 +2763,9 @@ int main(int argc, char **argv, char **envp)
FILE *vmstate_dump_file = NULL;
Error *main_loop_err = NULL;
+ qemu_init_cpu_loop();
+ qemu_mutex_lock_iothread();
+
atexit(qemu_run_exit_notifiers);
error_set_progname(argv[0]);
qemu_init_exec_dir(argv[0]);
@@ -4098,9 +4101,6 @@ int main(int argc, char **argv, char **envp)
os_set_line_buffering();
- qemu_init_cpu_loop();
- qemu_mutex_lock_iothread();
-
#ifdef CONFIG_SPICE
/* spice needs the timers to be initialized by this point */
qemu_spice_init();
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] [Bug ?]Qemu segfault because of non-initial kvm_state variable
2015-03-03 10:21 ` Peter Maydell
@ 2015-03-03 10:37 ` Paolo Bonzini
0 siblings, 0 replies; 5+ messages in thread
From: Paolo Bonzini @ 2015-03-03 10:37 UTC (permalink / raw)
To: Peter Maydell; +Cc: Gonglei (Arei), qemu-devel@nongnu.org
On 03/03/2015 11:21, Peter Maydell wrote:
> On 3 March 2015 at 19:11, Paolo Bonzini <pbonzini@redhat.com> wrote:
>>
>>
>> On 03/03/2015 09:01, Gonglei (Arei) wrote:
>>> Hi,
>>>
>>> I encountered a Qemu segfault problem in my environment.
>>>
>>> # ./qemu-system-x86_64 -enable-kvm -m 4096 -smp 4 -name redhat6.2 -drive file=/home/win2008_ent_r2_64_01,\
>>> if=none,id=drive-ide0-0-0 -device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0 -vnc :10
>>> Segmentation fault
>>
>> Should be fixed by:
>>
>> diff --git a/kvm-all.c b/kvm-all.c
>> index 05a79c2..e04a0ca 100644
>> --- a/kvm-all.c
>> +++ b/kvm-all.c
>> @@ -1679,7 +1679,7 @@ void kvm_flush_coalesced_mmio_buffer(void)
>> {
>> KVMState *s = kvm_state;
>>
>> - if (s->coalesced_flush_in_progress) {
>> + if (!s || s->coalesced_flush_in_progress) {
>> return;
>> }
>
> Is it worth my holding off on applying further pullreqs til
> we apply this fix to master (in the interests of future
> bisectability), or does it not affect many people/configs?
I've sent the patch as message-id
1425378961-9600-1-git-send-email-pbonzini@redhat.com now. You can apply
it directly or I can send a pull request.
However, the patch depends on my other pending pull request ("[PULL
00/15] Misc changes for 2015-03-02").
Paolo
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2015-03-03 10:37 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-03-03 8:01 [Qemu-devel] [Bug ?]Qemu segfault because of non-initial kvm_state variable Gonglei (Arei)
2015-03-03 10:11 ` Paolo Bonzini
2015-03-03 10:21 ` Peter Maydell
2015-03-03 10:37 ` Paolo Bonzini
2015-03-03 10:27 ` Paolo Bonzini
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).