Xen project Mailing List

Re: [Xen-devel] (resend) qemu crashes during VCPU hotplug

To: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>

From: Stefano Stabellini <sstabellini@xxxxxxxxxx>

Date: Thu, 16 Feb 2017 13:19:02 -0800 (PST)

Cc: Stefano Stabellini <stefano@xxxxxxxxxxx>, anthony.perard@xxxxxxxxxx, xen-devel <xen-devel@xxxxxxxxxxxxx>

Delivery-date: Thu, 16 Feb 2017 21:19:19 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Thu, 16 Feb 2017, Boris Ostrovsky wrote: > On 02/15/2017 11:20 PM, Boris Ostrovsky wrote: > > (Now with correct address for Stefano) > > > > Upstream qemu appears to be crashing during VCPU hotplug. I think this > > is something relatively new since I have been doing this a few week ago. > > > > I reproduced this on two different setups. Haven't had a chance to look > > any further but e3cadac073 looks suspicious. > > Yes, this is the offending commit. > > For Xen guests qemu never sets pcms->fw_cfg. Thanks for narrowing it down. Are you using qemu-xen/staging? It looks like it has been fixed in qemu.org by commit 26ef65beab852caf2b1ef4976e3473f2d525164d Author: Igor Mammedov <imammedo@xxxxxxxxxx> Date: Fri Dec 30 15:33:11 2016 +0100 pc: fix crash in rtc_set_memory() if initial cpu is marked as hotplugged can you confirm? > -boris > > > > > The crash happens in fw_cfg_modify_bytes_read() when we pass in NULL > > pointer as first argument. The stack is below: > > > > > > (gdb) where > > #0 0x0000561d762d64d4 in fw_cfg_modify_bytes_read (s=0x0, key=5, > > data=0x561d787031d0, len=2) at hw/nvram/fw_cfg.c:614 > > #1 0x0000561d762d6730 in fw_cfg_modify_i16 (s=0x0, key=5, value=2) at > > hw/nvram/fw_cfg.c:656 > > #2 0x0000561d761195b3 in pc_cpu_plug (hotplug_dev=0x561d770f9810, > > dev=0x561d7712a7e0, errp=0x7ffe8f75f2b0) at > > /root/xen/tools/qemu-xen-dir/hw/i386/pc.c:1823 > > #3 0x0000561d76119fc0 in pc_machine_device_plug_cb > > (hotplug_dev=0x561d770f9810, dev=0x561d7712a7e0, errp=0x7ffe8f75f2b0) at > > /root/xen/tools/qemu-xen-dir/hw/i386/pc.c:1993 > > #4 0x0000561d76239cba in hotplug_handler_plug > > (plug_handler=0x561d770f9810, plugged_dev=0x561d7712a7e0, > > errp=0x7ffe8f75f2b0) at hw/core/hotplug.c:34 > > #5 0x0000561d7623584d in device_set_realized (obj=0x561d7712a7e0, > > value=true, errp=0x7ffe8f75f468) at hw/core/qdev.c:928 > > #6 0x0000561d763e22a3 in property_set_bool (obj=0x561d7712a7e0, > > v=0x561d78702090, name=0x561d764fd9d0 "realized", opaque=0x561d785aea00, > > errp=0x7ffe8f75f468) at qom/object.c:1854 > > #7 0x0000561d763e07aa in object_property_set (obj=0x561d7712a7e0, > > v=0x561d78702090, name=0x561d764fd9d0 "realized", errp=0x7ffe8f75f468) > > at qom/object.c:1088 > > #8 0x0000561d763e3609 in object_property_set_qobject > > (obj=0x561d7712a7e0, value=0x561d773869c0, name=0x561d764fd9d0 > > "realized", errp=0x7ffe8f75f468) at qom/qom-qobject.c:27 > > #9 0x0000561d763e0a40 in object_property_set_bool (obj=0x561d7712a7e0, > > value=true, name=0x561d764fd9d0 "realized", errp=0x7ffe8f75f468) at > > qom/object.c:1157 > > #10 0x0000561d76117304 in pc_new_cpu (typename=0x561d7707c880 > > "qemu32-i386-cpu", apic_id=1, errp=0x7ffe8f75f4c0) at > > /root/xen/tools/qemu-xen-dir/hw/i386/pc.c:1099 > > #11 0x0000561d761174cc in pc_hot_add_cpu (id=1, errp=0x7ffe8f75f558) at > > /root/xen/tools/qemu-xen-dir/hw/i386/pc.c:1131 > > #12 0x0000561d761cb7b3 in qmp_cpu_add (id=1, errp=0x7ffe8f75f558) at > > qmp.c:126 > > #13 0x0000561d761bdc60 in qmp_marshal_cpu_add (args=0x561d7711a1b0, > > ret=0x7ffe8f75f5b0, errp=0x7ffe8f75f5a8) at qmp-marshal.c:1274 > > #14 0x0000561d764b2f13 in do_qmp_dispatch (request=0x561d77129360, > > errp=0x7ffe8f75f610) at qapi/qmp-dispatch.c:98 > > #15 0x0000561d764b3042 in qmp_dispatch (request=0x561d77129360) at > > qapi/qmp-dispatch.c:125 > > #16 0x0000561d76084d39 in handle_qmp_command (parser=0x561d771288b0, > > tokens=0x561d770f8cc0) at /root/xen/tools/qemu-xen-dir/monitor.c:3758 > > #17 0x0000561d764ba402 in json_message_process_token > > (lexer=0x561d771288b8, input=0x561d770f9040, type=JSON_RCURLY, x=1, > > y=11) at qobject/json-streamer.c:105 > > #18 0x0000561d764dd5dc in json_lexer_feed_char (lexer=0x561d771288b8, > > ch=125 '}', flush=false) at qobject/json-lexer.c:319 > > #19 0x0000561d764dd71c in json_lexer_feed (lexer=0x561d771288b8, > > buffer=0x7ffe8f75f880 "}\224Dx\035V", size=1) at qobject/json-lexer.c:369 > > #20 0x0000561d764ba4a2 in json_message_parser_feed > > (parser=0x561d771288b0, buffer=0x7ffe8f75f880 "}\224Dx\035V", size=1) at > > qobject/json-streamer.c:124 > > #21 0x0000561d76084e53 in monitor_qmp_read (opaque=0x561d77128830, > > buf=0x7ffe8f75f880 "}\224Dx\035V", size=1) at > > /root/xen/tools/qemu-xen-dir/monitor.c:3788 > > #22 0x0000561d761a3b2d in qemu_chr_be_write_impl (s=0x561d77107020, > > buf=0x7ffe8f75f880 "}\224Dx\035V", len=1) at qemu-char.c:419 > > #23 0x0000561d761a3b8f in qemu_chr_be_write (s=0x561d77107020, > > buf=0x7ffe8f75f880 "}\224Dx\035V", len=1) at qemu-char.c:431 > > #24 0x0000561d761a83d0 in tcp_chr_read (chan=0x561d785ae8a0, > > cond=G_IO_IN, opaque=0x561d77107020) at qemu-char.c:3145 > > #25 0x0000561d76475a36 in qio_channel_fd_source_dispatch > > (source=0x561d77cbe7c0, callback=0x561d761a8279 <tcp_chr_read>, > > user_data=0x561d77107020) at io/channel-watch.c:84 > > #26 0x00007f77f3e407aa in g_main_context_dispatch () from > > /lib64/libglib-2.0.so.0 > > #27 0x0000561d763f03ee in glib_pollfds_poll () at main-loop.c:259 > > #28 0x0000561d763f04dc in os_host_main_loop_wait (timeout=15045517) at > > main-loop.c:306 > > #29 0x0000561d763f058c in main_loop_wait (nonblocking=0) at main-loop.c:556 > > #30 0x0000561d761b1cb5 in main_loop () at vl.c:1966 > > #31 0x0000561d761b93fb in main (argc=38, argv=0x7ffe8f760df8, > > envp=0x7ffe8f760f30) at vl.c:4684 > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.