Fixed
Created: Mar 10, 2019
Updated: Dec 23, 2019
Resolved Date: Apr 1, 2019
Found In Version: 8.0.0.25
Fix Version: 8.0.0.30
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace
Observed qemu 2.7 crash with the following backtrace:
------------------------
(gdb) bt
#0 qemu_chr_disconnect (chr=0x0)
at /usr/src/debug/qemu/2.7.0-r1/qemu-2.7.0/qemu-char.c:4074
#1 0x0000000000647830 in net_vhost_user_watch (chan=<optimized out>,
cond=<optimized out>, opaque=<optimized out>)
at /usr/src/debug/qemu/2.7.0-r1/qemu-2.7.0/net/vhost-user.c:195
#2 0x0000000000000002 in ?? ()
#3 0x00007f92b4aa652a in g_main_context_dispatch ()
from /usr/lib64/libglib-2.0.so.0
#4 0x00000000006891f5 in glib_pollfds_poll ()
at /usr/src/debug/qemu/2.7.0-r1/qemu-2.7.0/main-loop.c:213
#5 os_host_main_loop_wait (timeout=<optimized out>)
at /usr/src/debug/qemu/2.7.0-r1/qemu-2.7.0/main-loop.c:258
#6 main_loop_wait (nonblocking=<optimized out>)
at /usr/src/debug/qemu/2.7.0-r1/qemu-2.7.0/main-loop.c:506
#7 0x000003cb000003e8 in ?? ()
#8 0x584f60da43c11a00 in ?? ()
#9 0x0000000000000000 in ?? ()
(gdb) q
------------------------
I see an upstream commit which seems similar to the above, see below link:
https://github.com/qemu/qemu/commit/41d4e5ec9f77acaca706d00ee4baaf5324274da5#diff-5576beb404f6783d4d4bb405c3d7f702
----------------
vhost-user: fix watcher need be removed when vhost-user hotplug
"nc" is freed after hotplug vhost-user, but the watcher is not removed.
The QEMU crash when the watcher access the "nc" when socket disconnects.
Program received signal SIGSEGV, Segmentation fault.
#0 object_get_class (obj=obj@entry=0x2) at qom/object.c:750
#1 0x00007f9bb4180da1 in qemu_chr_fe_disconnect (be=<optimized out>) at chardev/char-fe.c:372
#2 0x00007f9bb40d1100 in net_vhost_user_watch (chan=<optimized out>, cond=<optimized out>, opaque=<optimized out>) at net/vhost-user.c:188
#3 0x00007f9baf97f99a in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0
#4 0x00007f9bb41d7ebc in glib_pollfds_poll () at util/main-loop.c:213
#5 os_host_main_loop_wait (timeout=<optimized out>) at util/main-loop.c:261
#6 main_loop_wait (nonblocking=nonblocking@entry=0) at util/main-loop.c:515
#7 0x00007f9bb3e266a7 in main_loop () at vl.c:1917
#8 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4786
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----------------
Please help look into this issue and let me know if it's known bug in qemu 2.7 and if we will fix it.