Re: [Qemu-devel] Crashing in tcp

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] Crashing in tcp_close

From:	Brian Candler
Subject:	Re: [Qemu-devel] Crashing in tcp_close
Date:	Fri, 11 Nov 2016 15:02:43 +0000
User-agent:	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.4.0

On 09/11/2016 11:27, Stefan Hajnoczi wrote:

Heap corruption.  Valgrind's memcheck tool could be fruitful here:

http://valgrind.org/docs/manual/quick-start.html#quick-start.mcrun

This is really frustrating. I have been running with the followingscript instead of invoking qemu directly:


$ cat /usr/local/bin/valgrind-qemu-system-x86_64

#!/bin/sh -e
valgrind --leak-check=yes /usr/local/bin/qemu-system-x86_64 "$@"

But over more than 10 runs (some with MALLOC_xxx_ and some without) itdid not crash once :-(

Switching back to running /usr/local/bin/qemu-system-x86_64 directly,and it crashed the first time:


[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Core was generated by `/usr/local/bin/qemu-system-x86_64 -netdevuser,id=user.0,hostfwd=tcp::2373-:22'.

Program terminated with signal SIGSEGV, Segmentation fault.

#0 scsi_req_dequeue (req=0x55b22b57f930) at/home/nsrc/qemu-2.7.0/hw/scsi/scsi-bus.c:790

790            QTAILQ_REMOVE(&req->dev->requests, req, next);
[Current thread is 1 (Thread 0x7faece41fa80 (LWP 13702))]
(gdb) bt

#0 scsi_req_dequeue (req=0x55b22b57f930) at/home/nsrc/qemu-2.7.0/hw/scsi/scsi-bus.c:790#1 0x000055b2291b5c84 in scsi_req_complete (req=0x55b22b57f930,status=<optimised out>)

    at /home/nsrc/qemu-2.7.0/hw/scsi/scsi-bus.c:1774

#2 0x000055b2291af2d0 in scsi_write_do_fua (r=0x55b22b57f930) at/home/nsrc/qemu-2.7.0/hw/scsi/scsi-disk.c:261#3 0x000055b2290e1779 in dma_complete (ret=0, dbs=0x55b22d121770) at/home/nsrc/qemu-2.7.0/dma-helpers.c:115#4 dma_blk_cb (opaque=0x55b22d121770, ret=0) at/home/nsrc/qemu-2.7.0/dma-helpers.c:137#5 0x000055b22928f25a in blk_aio_complete (acb=0x55b22b0dda00) at/home/nsrc/qemu-2.7.0/block/block-backend.c:923#6 0x000055b2292feaea in coroutine_trampoline (i0=<optimised out>,i1=<optimised out>)

    at /home/nsrc/qemu-2.7.0/util/coroutine-ucontext.c:78
#7  0x00007faecca145d0 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#8  0x00007ffde52394b0 in ?? ()
#9  0x0000000000000000 in ?? ()
(gdb)

I'm now trying valgrind again with some more options:

#!/bin/sh -e

valgrind --leak-check=yes --track-origins=yes--show-mismatched-frees=yes --malloc-fill=aa --free-fill=55/usr/local/bin/qemu-system-x86_64 "$@"

and maybe I'll give helgrind a go, but if you have any other suggestionsplease let me know.


Thanks,

Brian.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] Crashing in tcp_close, (continued)

Prev by Date: Re: [Qemu-devel] [PATCH v3 2/5] target-tricore: Added MADD.F and MSUB.F instructions
Next by Date: Re: [Qemu-devel] [kvm-unit-tests PATCH v5 08/11] libcflat: add IS_ALIGNED() macro, and page sizes
Previous by thread: Re: [Qemu-devel] Crashing in tcp_close
Next by thread: Re: [Qemu-devel] Crashing in tcp_close
Index(es):
- Date
- Thread