[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [BUG] Segmentation fault when use vhost-scsi
|
From: |
wei zhang |
|
Subject: |
[Qemu-devel] [BUG] Segmentation fault when use vhost-scsi |
|
Date: |
Fri, 6 Jun 2014 15:53:57 +0800 (CST) |
When I try to use vhost-scsi, qemu 1.6.1 segmentation fault. The following is
the cmdline option.
qemu-system-x86_64 -m 1024 -device vhost-scsi-pci,id=vhost-scsi0,wwpn=iqn.zw
-monitor stdio
I analyzed the core file, the detail attached at the last!
I found that vhost_scsi_realize() called virtio_scsi_common_realize(), set the
virtio queue handler as virtio_scsi_handle_cmd().
But virtio_scsi_handle_cmd() cast the input parameter to VirtIOSCSI, call the
virtio_scsi_device_find(); and VHostSCSI only inherit from VirtIOSCSICommon,
does not have a base class VirtIOSCSI!
Maybe there's something wrong?
-------------------------------------------------------------------------------------------------------------------------
#0 0x00007fead86c4484 in scsi_device_find (bus=0x7feada338dd0, channel=0,
id=0, lun=0) at hw/scsi/scsi-bus.c:1782
1782 QTAILQ_FOREACH_REVERSE(kid, &bus->qbus.children, ChildrenHead,
sibling) {
(gdb) bt
#0 0x00007fead86c4484 in scsi_device_find (bus=0x7feada338dd0, channel=0,
id=0, lun=0) at hw/scsi/scsi-bus.c:1782
#1 0x00007fead8824a69 in virtio_scsi_device_find (s=0x7feada338cb8,
lun=0x7fea6f606be5 "\001") at /home/chz/qemu/hw/scsi/virtio-scsi.c:56
#2 0x00007fead88258d6 in virtio_scsi_handle_cmd (vdev=0x7feada338cb8,
vq=0x7feada2e1520) at /home/chz/qemu/hw/scsi/virtio-scsi.c:378
#3 0x00007fead8830852 in virtio_queue_notify_vq (vq=0x7feada2e1520) at
/home/chz/qemu/hw/virtio/virtio.c:720
#4 0x00007fead88308b7 in virtio_queue_notify (vdev=0x7feada338cb8, n=2) at
/home/chz/qemu/hw/virtio/virtio.c:726
#5 0x00007fead870dc98 in virtio_ioport_write (opaque=0x7feada3383b0, addr=16,
val=2) at hw/virtio/virtio-pci.c:299
#6 0x00007fead870e1ad in virtio_pci_config_write (opaque=0x7feada3383b0,
addr=16, val=2, size=2) at hw/virtio/virtio-pci.c:431
#7 0x00007fead883a8aa in memory_region_write_accessor (mr=0x7feada338b60,
addr=16, value=0x7feaaff3b408, size=2, shift=0, mask=65535) at
/home/chz/qemu/memory.c:440
#8 0x00007fead883a9f7 in access_with_adjusted_size (addr=16,
value=0x7feaaff3b408, size=2, access_size_min=1, access_size_max=4,
access=0x7fead883a80c <memory_region_write_accessor>, mr=0x7feada338b60) at
/home/chz/qemu/memory.c:477
#9 0x00007fead883d464 in memory_region_dispatch_write (mr=0x7feada338b60,
addr=16, data=2, size=2) at /home/chz/qemu/memory.c:984
#10 0x00007fead8840c89 in io_mem_write (mr=0x7feada338b60, addr=16, val=2,
size=2) at /home/chz/qemu/memory.c:1748
#11 0x00007fead87cd3b2 in address_space_rw (as=0x7fead9179820, addr=49168,
buf=0x7feaaff3b580 "\002", len=2, is_write=true) at /home/chz/qemu/exec.c:1973
#12 0x00007fead87cd6b9 in address_space_write (as=0x7fead9179820, addr=49168,
buf=0x7feaaff3b580 "\002", len=2) at /home/chz/qemu/exec.c:2035
#13 0x00007fead8832b70 in cpu_outw (addr=49168, val=2) at
/home/chz/qemu/ioport.c:77
#14 0x00007fead888cbf3 in helper_outw (port=49168, data=2) at
/home/chz/qemu/target-i386/misc_helper.c:82
#15 0x00007feabf0e9055 in code_gen_buffer ()
#16 0x00007fead87bc1fd in cpu_tb_exec (cpu=0x7feada2a9750,
tb_ptr=0x7feabf0e8cf0 "A\213n\250\205\355\017\205\204\003") at
/home/chz/qemu/cpu-exec.c:56
#17 0x00007fead87bcfc2 in cpu_x86_exec (env=0x7feada2a9880) at
/home/chz/qemu/cpu-exec.c:631
#18 0x00007fead87bff28 in tcg_cpu_exec (env=0x7feada2a9880) at
/home/chz/qemu/cpus.c:1159
#19 0x00007fead87c0050 in tcg_exec_all () at /home/chz/qemu/cpus.c:1192
#20 0x00007fead87bf41a in qemu_tcg_cpu_thread_fn (arg=0x7feada2a9750) at
/home/chz/qemu/cpus.c:868
#21 0x00007fead43689d1 in start_thread () from /lib64/libpthread.so.0
#22 0x00007fead40b5b6d in clone () from /lib64/libc.so.6
(gdb) p *bus
$4 = {
qbus = {
obj = {
class = 0x7feada2e2b90,
free = 0x7fead882a7c7 <vhost_begin>,
properties = {
tqh_first = 0x7fead882a826,
tqh_last = 0x7fead882aa81
},
ref = 3632442311,
parent = 0x7fead882ad4b
},
parent = 0x7fead882b255,
name = 0x7fead882b28a "UH\211\345H\203\354
H\211}\350H\211u\340dH\213\004%(",
allow_hotplug = -662530387,
max_index = 32746,
children = {
tqh_first = 0x7fead882b1b5,
tqh_last = 0x7fead882b205 /* segmentation fault occured when
derefernecing this pointer */
},
sibling = {
le_next = 0x7fead882ba0a,
le_prev = 0x7fead882ba4c
}
},
busnr = 0,
unit_attention = {
key = 0 '\000',
asc = 0 '\000',
ascq = 0 '\000'
},
info = 0x0
}
(gdb) disassemble 0x7fead882b205 /* Acutally it's a function pointer */
Dump of assembler code for function vhost_log_global_stop:
0x00007fead882b205 <+0>: push %rbp
0x00007fead882b206 <+1>: mov %rsp,%rbp
0x00007fead882b209 <+4>: sub $0x20,%rsp
0x00007fead882b20d <+8>: mov %rdi,-0x18(%rbp)
0x00007fead882b211 <+12>: mov %fs:0x28,%rax
0x00007fead882b21a <+21>: mov %rax,-0x8(%rbp)
0x00007fead882b21e <+25>: xor %eax,%eax
0x00007fead882b220 <+27>: mov -0x18(%rbp),%rax
0x00007fead882b224 <+31>: mov $0x0,%esi
0x00007fead882b229 <+36>: mov %rax,%rdi
0x00007fead882b22c <+39>: callq 0x7fead882b060 <vhost_migration_log>
0x00007fead882b231 <+44>: mov %eax,-0xc(%rbp)
0x00007fead882b234 <+47>: cmpl $0x0,-0xc(%rbp)
0x00007fead882b238 <+51>: jns 0x7fead882b23f <vhost_log_global_stop+58>
0x00007fead882b23a <+53>: callq 0x7fead856e508 <address@hidden>
0x00007fead882b23f <+58>: mov -0x8(%rbp),%rax
0x00007fead882b243 <+62>: xor %fs:0x28,%rax
0x00007fead882b24c <+71>: je 0x7fead882b253 <vhost_log_global_stop+78>
0x00007fead882b24e <+73>: callq 0x7fead856d948 <address@hidden>
0x00007fead882b253 <+78>: leaveq
0x00007fead882b254 <+79>: retq
End of assembler dump.
(gdb)
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-devel] [BUG] Segmentation fault when use vhost-scsi,
wei zhang <=