qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] qemu 2.0 segfaults in event notifier


From: Stefan Priebe
Subject: [Qemu-devel] qemu 2.0 segfaults in event notifier
Date: Fri, 30 May 2014 16:10:39 +0200
User-agent: Mozilla/5.0 (Windows NT 6.3; rv:24.0) Gecko/20100101 Thunderbird/24.5.0

Hi,

even with
+From 271c0f68b4eae72691721243a1c37f46a3232d61 Mon Sep 17 00:00:00 2001
+From: Fam Zheng <address@hidden>
+Date: Wed, 21 May 2014 10:42:13 +0800
+Subject: [PATCH] aio: Fix use-after-free in cancellation path

applied i saw today segfault with the following backtrace:

Program terminated with signal 11, Segmentation fault.
#0  0x00007f9dd633343f in event_notifier_set (e=0x124) at 
util/event_notifier-posix.c:97
97      util/event_notifier-posix.c: No such file or directory.
(gdb) bt
#0  0x00007f9dd633343f in event_notifier_set (e=0x124) at 
util/event_notifier-posix.c:97
#1  0x00007f9dd5f4eafc in aio_notify (ctx=0x0) at async.c:246
#2  0x00007f9dd5f4e697 in qemu_bh_schedule (bh=0x7f9b98eeeb30) at async.c:128
#3  0x00007f9dd5fa2c44 in rbd_finish_aiocb (c=0x7f9dd9069ad0, 
rcb=0x7f9dd85f1770) at block/rbd.c:585
#4  0x00007f9dd38d5e44 in librbd::AioCompletion::complete() () from 
/usr/lib/librbd.so.1
#5  0x00007f9dd38d5832 in librbd::AioCompletion::complete_request(CephContext*, 
long) () from /usr/lib/librbd.so.1
#6  0x00007f9dd3dab6ba in Context::complete(int) () from /usr/lib/librados.so.2
#7  0x00007f9dd3908e85 in ObjectCacher::C_WaitForWrite::finish(int) () from 
/usr/lib/librbd.so.1
#8  0x00007f9dd3dab6ba in Context::complete(int) () from /usr/lib/librados.so.2
#9  0x00007f9dd3e4e3c8 in Finisher::finisher_thread_entry() () from 
/usr/lib/librados.so.2
#10 0x00007f9dcde5ab50 in start_thread () from 
/lib/x86_64-linux-gnu/libpthread.so.0
#11 0x00007f9dcdba513d in clone () from /lib/x86_64-linux-gnu/libc.so.6
#12 0x0000000000000000 in ?? ()


Am 28.05.2014 21:44, schrieb Stefan Priebe:
> is this:
> commit 271c0f68b4eae72691721243a1c37f46a3232d61
> Author: Fam Zheng <address@hidden>
> Date:   Wed May 21 10:42:13 2014 +0800
> 
>     aio: Fix use-after-free in cancellation path
> 
> Stefan
> 
> Am 28.05.2014 21:40, schrieb Stefan Priebe:
>> Hello,
>> 
>> i mean since using qemu 2.0 i've now seen several times the following
>> segfault:
>> (gdb) bt
>> #0  0x00007f2af1196433 in event_notifier_set (e=0x124) at
>> util/event_notifier-posix.c:97
>> #1  0x00007f2af0db1afc in aio_notify (ctx=0x0) at async.c:246
>> #2  0x00007f2af0db1697 in qemu_bh_schedule (bh=0x7f2ad401bec0) at
>> async.c:128
>> #3  0x00007f2af0e05c44 in rbd_finish_aiocb (c=0x7f2ad5ec4590,
>> rcb=0x7f2ad63c5df0) at block/rbd.c:585
>> #4  0x00007f2aee738e44 in librbd::AioCompletion::complete() () from
>> /usr/lib/librbd.so.1
>> #5  0x00007f2aee738832 in
>> librbd::AioCompletion::complete_request(CephContext*, long) () from
>> /usr/lib/librbd.so.1
>> #6  0x00007f2aeec0e6ba in Context::complete(int) () from
>> /usr/lib/librados.so.2
>> #7  0x00007f2aee76be85 in ObjectCacher::C_WaitForWrite::finish(int) ()
>> from /usr/lib/librbd.so.1
>> #8  0x00007f2aeec0e6ba in Context::complete(int) () from
>> /usr/lib/librados.so.2
>> #9  0x00007f2aeecb13c8 in Finisher::finisher_thread_entry() () from
>> /usr/lib/librados.so.2
>> #10 0x00007f2ae8cbdb50 in start_thread () from
>> /lib/x86_64-linux-gnu/libpthread.so.0
>> #11 0x00007f2ae8a080ed in clone () from /lib/x86_64-linux-gnu/libc.so.6
>> #12 0x0000000000000000 in ?? ()
>> (gdb)
>> 
>> 
>> from another VM:
>> #0  0x00007f89565ec433 in event_notifier_set (e=0x124) at
>> util/event_notifier-posix.c:97
>> #1  0x00007f8956207afc in aio_notify (ctx=0x0) at async.c:246
>> #2  0x00007f8956207697 in qemu_bh_schedule (bh=0x7f882dd6d340) at
>> async.c:128
>> #3  0x00007f895625bc44 in rbd_finish_aiocb (c=0x7f882d4c34a0,
>> rcb=0x7f882c0ae350) at block/rbd.c:585
>> #4  0x00007f8953b8ee44 in librbd::AioCompletion::complete() () from
>> /usr/lib/librbd.so.1
>> #5  0x00007f8953b8e832 in
>> librbd::AioCompletion::complete_request(CephContext*, long) () from
>> /usr/lib/librbd.so.1
>> #6  0x00007f89540646ba in Context::complete(int) () from
>> /usr/lib/librados.so.2
>> #7  0x00007f8953bc1e85 in ObjectCacher::C_WaitForWrite::finish(int) ()
>> from /usr/lib/librbd.so.1
>> #8  0x00007f89540646ba in Context::complete(int) () from
>> /usr/lib/librados.so.2
>> #9  0x00007f89541073c8 in Finisher::finisher_thread_entry() () from
>> /usr/lib/librados.so.2
>> #10 0x00007f894e113b50 in start_thread () from
>> /lib/x86_64-linux-gnu/libpthread.so.0
>> #11 0x00007f894de5e0ed in clone () from /lib/x86_64-linux-gnu/libc.so.6
>> #12 0x0000000000000000 in ?? ()
>> 
>> Stefan
>> 



reply via email to

[Prev in Thread] Current Thread [Next in Thread]