[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Crashing in tcp_close
|
From: |
Stefan Hajnoczi |
|
Subject: |
Re: [Qemu-devel] Crashing in tcp_close |
|
Date: |
Fri, 4 Nov 2016 11:14:19 +0000 |
|
User-agent: |
Mutt/1.7.1 (2016-10-04) |
On Thu, Oct 20, 2016 at 10:53:50PM +0100, Brian Candler wrote:
CCing slirp maintainers to get attention on this bug
> I have some reproducible-ish segfaults in qemu 2.7.0 (built from source)
> running under ubuntu 16.04, on a quad-core i7 Mac Mini Server.
>
> I can reproduce these problems on a different Mac Mini, and I also replaced
> the RAM on mine, so I'm sure it's not hardware related.
>
> It's somewhat painful to reproduce (taking about 30 minutes each attempt,
> and using a lot of network bandwidth).
>
> This is using packer (packer.io) to create a VM and then using ansible to do
> a whole load of package installation and provisioning inside that VM.
> packer starts qemu with a user-mode network interface.
>
> If I part-build the VM, I can continue the build by restarting it under gdb
> and qemu directly at the command line, and get a backtrace. Here's the first
> one:
>
> Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
> 0x00007ffff6a1bb5b in _int_free (av=0x7ffff6d5fb20 <main_arena>,
> p=<optimised out>, have_lock=0) at malloc.c:4006
> 4006 malloc.c: No such file or directory.
> (gdb) bt
> #0 0x00007ffff6a1bb5b in _int_free (av=0x7ffff6d5fb20 <main_arena>,
> p=<optimised out>, have_lock=0)
> at malloc.c:4006
> #1 0x00007ffff6a1fabc in __GI___libc_free (mem=<optimised out>) at
> malloc.c:2969
> #2 0x00005555559a6c0f in tcp_close (address@hidden) at
> slirp/tcp_subr.c:334
> #3 0x00005555559a6c8f in tcp_drop (address@hidden,
> err=<optimised out>) at slirp/tcp_subr.c:298
> #4 0x00005555559a816b in tcp_timers (timer=<optimised out>,
> tp=0x555556621ed0) at slirp/tcp_timer.c:179
> #5 tcp_slowtimo (address@hidden) at slirp/tcp_timer.c:89
> #6 0x00005555559a0be8 in slirp_pollfds_poll (pollfds=0x555556531f20,
> address@hidden)
> at slirp/slirp.c:576
> #7 0x00005555559d4b0c in main_loop_wait (nonblocking=<optimised out>) at
> main-loop.c:508
> #8 0x000055555573fea1 in main_loop () at vl.c:1908
> #9 main (argc=<optimised out>, argv=<optimised out>, envp=<optimised out>)
> at vl.c:4604
> (gdb)
>
> So:
>
> * Is this of interest?
Yes. Thank you for reporting it.
> * If so, what additional gdb output would you like me to provide?
I wonder if this connection has already been closed/freed before and the
timer fires shortly afterward. That's just a guess based on the
backtrace.
> * If developers want to reproduce this, let me know and I can probably send
> the VM qcow2 file and/or packer source privately off-list [I need to check
> permission for that]
>
> Thanks,
>
> Brian Candler.
>
>
signature.asc
Description: PGP signature
- Re: [Qemu-devel] Crashing in tcp_close,
Stefan Hajnoczi <=
- Re: [Qemu-devel] Crashing in tcp_close, Samuel Thibault, 2016/11/06
- Re: [Qemu-devel] Crashing in tcp_close, Brian Candler, 2016/11/07
- Re: [Qemu-devel] Crashing in tcp_close, Brian Candler, 2016/11/07
- Re: [Qemu-devel] Crashing in tcp_close, Stefan Hajnoczi, 2016/11/07
- Re: [Qemu-devel] Crashing in tcp_close, Brian Candler, 2016/11/07
- Re: [Qemu-devel] Crashing in tcp_close, Stefan Hajnoczi, 2016/11/07
- Re: [Qemu-devel] Crashing in tcp_close, Brian Candler, 2016/11/07
- Re: [Qemu-devel] Crashing in tcp_close, Stefan Hajnoczi, 2016/11/08
- Re: [Qemu-devel] Crashing in tcp_close, Brian Candler, 2016/11/08
- Re: [Qemu-devel] Crashing in tcp_close, Brian Candler, 2016/11/08