From: Hailiang Zhang <zhang.zhanghailiang@huawei.com>
To: otubo@redhat.com, qemu-devel@nongnu.org
Cc: wency@cn.fujitsu.com, zhangchen.fnst@cn.fujitsu.com,
wang.guang55@zte.com.cn, wang.yong155@zte.com.cn
Subject: Re: [Qemu-devel] colo-compare: segfault and assert on colo_compare_finalize
Date: Tue, 8 Aug 2017 19:30:24 +0800 [thread overview]
Message-ID: <5989A0D0.6010304@huawei.com> (raw)
In-Reply-To: <6b32aeb2-d488-eb3c-4147-a99fe4681a6f@redhat.com>
Hi,
Did you test this branch https://github.com/coloft/qemu/tree/colo-for-qemu-2.10-2017-4-22 ?
This seems to be an already known problem, I'm not quite sure, it may be fixed by this patch
b19456dd0ea4eb418ad093f092adbb882be13054
char: Fix removing wrong GSource that be found by fd_in_tag
We use fd_in_tag to find a GSource, fd_in_tag is return value of g_source_attach(GSource *source, GMainContext *context), the return value is unique only in the same context, so we may get the same values with different 'context' parameters. It is no problem to find the right fd_in_tag by using g_main_context_find_source_by_id(GMainContext *context, guint source_id) while there is only one default main context. But colo-compare tries to create/use its own context, and if we pass wrong 'context' parameter with right fd_in_tag, we will find a wrong GSource to handle. We tried to fix the related codes in commit b43decb015a6efeb9e3cdbdb80f6547ad7248a4c, but it didn't fix the bug completely, because we still have some codes didn't pass *right* context parameter for remove_fd_in_watch(). Let's fix it by record the GSource directly instead of fd_in_tag. Signed-off-by: zhanghailiang <zhang.zhanghailiang@huawei.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <1492564532-91680-1-git-send-email-zhang.zhanghailiang@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Actually, we have already re-writed this part, and please follow the later series. Thanks, Hailiang
On 2017/8/8 0:39, Eduardo Otubo wrote:
> (please ignore my last email, looks like mutt wants play games lately)
>
> Hi all,
>
> I have found a problem on colo-compare that leads to segmentation fault
> when calling qemu like this:
>
> $ qemu-system-x86_64 -S -machine pc -object colo-compare,id=test-object
>
> First I got an assert failed:
>
> (qemu-system-x86_64:7887): GLib-CRITICAL **: g_main_loop_quit:
> assertion 'loop != NULL' failed
>
> From this looks like s->compare_loop is NULL on the function
> colo_compare_finalize(), then I just added a check there and the assert
> went away. But then there's the segfault:
>
> Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
> 0x00007ffff333f79e in pthread_join () from /lib64/libpthread.so.0
> (gdb) bt
> #0 0x00007ffff333f79e in pthread_join () at /lib64/libpthread.so.0
> #1 0x0000555555c379d2 in qemu_thread_join (thread=0x7ffff7ff5160) at
> util/qemu-thread-posix.c:547
> #2 0x0000555555adfc1a in colo_compare_finalize (obj=0x7ffff7fd3010)
> at net/colo-compare.c:867
> #3 0x0000555555b2cd87 in object_deinit (obj=0x7ffff7fd3010,
> type=0x5555567432e0) at qom/object.c:453
> #4 0x0000555555b2cdf9 in object_finalize (data=0x7ffff7fd3010) at
> qom/object.c:467
> #5 0x0000555555b2dd80 in object_unref (obj=0x7ffff7fd3010) at
> qom/object.c:902
> #6 0x0000555555b319a5 in user_creatable_add_type (type=0x5555567499a0
> "colo-compare", id=0x555556749960 "test-object", qdict=0x555556835750,
> v=0x55555681a3f0, errp=0x7fffffffde58) at qom/object_interfaces.c:105
> #7 0x0000555555b31b02 in user_creatable_add_opts
> (opts=0x555556749910, errp=0x7fffffffde58) at qom/object_interfaces.c:135
> #8 0x0000555555b31bfd in user_creatable_add_opts_foreach
> (opaque=0x5555558e9c39 <object_create_delayed>, opts=0x555556749910,
> errp=0x0) at qom/object_interfaces.c:159
> #9 0x0000555555c4aecf in qemu_opts_foreach (list=0x555556157ac0
> <qemu_object_opts>, func=0x555555b31b6f
> <user_creatable_add_opts_foreach>, opaque=0x5555558e9c39
> <object_create_delayed>, errp=0x0) at util/qemu-option.c:1104
> #10 0x00005555558edb75 in main (argc=6, argv=0x7fffffffe2d8,
> envp=0x7fffffffe310) at vl.c:4520
>
> At this point '&s->thread' is '0'. Is this segfault and the above
> mentioned assert trigged because I'm creating a colo-compare object
> without any other parameter? In a positive case, a simple workaround and
> error check should do it. Otherwise I'll debug a little more.
>
> Best regards,
next prev parent reply other threads:[~2017-08-08 11:31 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-07 16:39 [Qemu-devel] colo-compare: segfault and assert on colo_compare_finalize Eduardo Otubo
2017-08-08 11:30 ` Hailiang Zhang [this message]
2017-08-08 14:29 ` Eduardo Otubo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5989A0D0.6010304@huawei.com \
--to=zhang.zhanghailiang@huawei.com \
--cc=otubo@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=wang.guang55@zte.com.cn \
--cc=wang.yong155@zte.com.cn \
--cc=wency@cn.fujitsu.com \
--cc=zhangchen.fnst@cn.fujitsu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).