| Message ID | 23505bd1.b7da.156e59eee00.Coremail.chen_han_xiao@126.com |
|---|---|
| State | New |
| Headers | show |
Hi On Thu, Sep 1, 2016 at 4:00 PM Chen Hanxiao <chen_han_xiao@126.com> wrote: > > Hi, here is the backtrace: > > #0 net_vhost_user_event (opaque=0x7fc2f6893be0, event=5) at > net/vhost-user.c:196 > #1 0x00007fc2f4ebfb2b in tcp_chr_disconnect (chr=0x7fc2f68cc400) at > qemu-char.c:2837 > #2 0x00007fc2f4ebfba9 in tcp_chr_sync_read (chr=0x7fc2f68cc400, > buf=<optimized out>, len=<optimized out>) at qemu-char.c:2888 > #3 0x00007fc2f4ec106d in qemu_chr_fe_read_all (s=0x7fc2f68cc400, > buf=buf@entry=0x7fff5fda25b7 "", len=len@entry=1) at qemu-char.c:264 > #4 0x00007fc2f4f9a43a in net_vhost_user_watch (chan=<optimized out>, > cond=<optimized out>, opaque=<optimized out>) at net/vhost-user.c:190 > #5 0x00007fc2f321999a in g_main_context_dispatch () from > /lib64/libglib-2.0.so.0 > #6 0x00007fc2f4fd8fe8 in glib_pollfds_poll () at main-loop.c:209 > #7 os_host_main_loop_wait (timeout=<optimized out>) at main-loop.c:254 > #8 main_loop_wait (nonblocking=<optimized out>) at main-loop.c:503 > #9 0x00007fc2f4dd7b1e in main_loop () at vl.c:1818 > #10 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized > out>) at vl.c:4394 > > > Program received signal SIGSEGV, Segmentation fault. > net_vhost_user_event (opaque=0x7fc2f6893be0, event=5) at > net/vhost-user.c:207 > 207 trace_vhost_user_event(s->chr->label, event); > > thanks for the backtrace, that helps However, I fail to understand how that can happen, as there has to be at least one net_client to start qemu with vhost-user and that callback must have at least the first netclient still around because the opaque pointer is shared with the netclient struct. So it looks like something destroyed the netclient before the callback, and in this case, the opaque pointer is invalid, and things are going all wrong. But it can't be host-net-remove, since the net-client is not on a registered hub. Could you try to find a simple reproducer using qemu only? thanks
At 2016-09-01 20:52:44, "Marc-André Lureau" <marcandre.lureau@gmail.com> wrote: >Hi > >On Thu, Sep 1, 2016 at 4:00 PM Chen Hanxiao <chen_han_xiao@126.com> wrote: > >> >> Hi, here is the backtrace: >> >> #0 net_vhost_user_event (opaque=0x7fc2f6893be0, event=5) at >> net/vhost-user.c:196 >> #1 0x00007fc2f4ebfb2b in tcp_chr_disconnect (chr=0x7fc2f68cc400) at >> qemu-char.c:2837 >> #2 0x00007fc2f4ebfba9 in tcp_chr_sync_read (chr=0x7fc2f68cc400, >> buf=<optimized out>, len=<optimized out>) at qemu-char.c:2888 >> #3 0x00007fc2f4ec106d in qemu_chr_fe_read_all (s=0x7fc2f68cc400, >> buf=buf@entry=0x7fff5fda25b7 "", len=len@entry=1) at qemu-char.c:264 >> #4 0x00007fc2f4f9a43a in net_vhost_user_watch (chan=<optimized out>, >> cond=<optimized out>, opaque=<optimized out>) at net/vhost-user.c:190 >> #5 0x00007fc2f321999a in g_main_context_dispatch () from >> /lib64/libglib-2.0.so.0 >> #6 0x00007fc2f4fd8fe8 in glib_pollfds_poll () at main-loop.c:209 >> #7 os_host_main_loop_wait (timeout=<optimized out>) at main-loop.c:254 >> #8 main_loop_wait (nonblocking=<optimized out>) at main-loop.c:503 >> #9 0x00007fc2f4dd7b1e in main_loop () at vl.c:1818 >> #10 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized >> out>) at vl.c:4394 >> >> >> Program received signal SIGSEGV, Segmentation fault. >> net_vhost_user_event (opaque=0x7fc2f6893be0, event=5) at >> net/vhost-user.c:207 >> 207 trace_vhost_user_event(s->chr->label, event); >> >> >thanks for the backtrace, that helps > >However, I fail to understand how that can happen, as there has to be at >least one net_client to start qemu with vhost-user and that callback must >have at least the first netclient still around because the opaque pointer >is shared with the netclient struct. So it looks like something destroyed >the netclient before the callback, and in this case, the opaque pointer is >invalid, and things are going all wrong. But it can't be host-net-remove, >since the net-client is not on a registered hub. The call back give qemu_find_net_clients_except id == 'filename'. But could not find a netclient match. Then ncs[i] did not get a valid net client, then we will get a seg fault. > >Could you try to find a simple reproducer using qemu only? I'll try. Regards, - Chen > >thanks > >-- >Marc-André Lureau
diff --git a/net/vhost-user.c b/net/vhost-user.c index b0595f8..fb96db7 100644 --- a/net/vhost-user.c +++ b/net/vhost-user.c @@ -210,6 +210,9 @@ static void net_vhost_user_event(void *opaque, int event) MAX_QUEUE_NUM); assert(queues < MAX_QUEUE_NUM); + if (queues < 1) + return; +