Re: [Qemu-devel] Crash with odd chardev setup

[Daniel P. Berrange]

On Wed, Oct 25, 2017 at 07:00:14PM +0100, Dr. David Alan Gilbert wrote:
> Hi Dan,
>   I've got a crash in head (and 2.10) which is a bit of a heisenbug;
> I can trigger it with:
> 
> ./qemu-system-x86_64 -netdev tap,id=hostnet0,vhost=on,fd=10   -chardev 
> socket,id=charchannel0,path=/tmp/org.qemu.guest_agent.0,server,nowait  
> -monitor stdio -vnc :0
> 
> and then 'q' to quit.

Hmm, that doesn't trigger for me on git master at least.

> Note I'm not doing a redirect in of fd 10.

So it's trying & failing to setup the tap dev, right ?

eg you see this:

#  ./x86_64-softmmu/qemu-system-x86_64 -netdev tap,id=hostnet0,vhost=on,fd=10   
-chardev socket,id=charchannel0,path=/tmp/org.qemu.guest_agent.0,server,nowait  
-monitor stdio -vnc :0
qemu-system-x86_64: -netdev tap,id=hostnet0,vhost=on,fd=10: TUNGETIFF ioctl() 
failed: Invalid argument
QEMU 2.10.50 monitor - type 'help' for more information
(qemu) qemu-system-x86_64: warning: netdev hostnet0 has no peer

(qemu) q


Except it crashes at the end ?


> It goes away if I remove either the -netdev or the -chardev option.
> 
> It doesn't trigger under gdb, but fortunately we get a core:
> 
> #0  0x000055a226d94a2e in socket_listen_cleanup (fd=<optimized out>, 
> address@hidden)
>     at /root/qemu/util/qemu-sockets.c:1077
>     1077          if (addr->type == SOCKET_ADDRESS_TYPE_UNIX
>     1078              && addr->u.q_unix.path) {
>     1079              if (unlink(addr->u.q_unix.path) < 0 && errno != ENOENT) 
> {

Can you see from the core whether one of those pointers is NULL, or is there
a complete garbage pointer ?

I wonder if it triggers if you run QEMU under valgrind ? 


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|