1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
|
qemu-system-aarch64 crash when issuing set_link net on in monitor
Description of problem:
Boot the guest. On the host, connect to the qemu monitor and issue the following commmands:
```
set_link net0 off
ethtool enp0s1 on the guest now shows the link going down
set_link net0 on
```
qemu crashes as follows (virtio net):
```
Thread 1 "qemu-system-aar" received signal SIGSEGV, Segmentation fault.
object_get_class (obj=obj@entry=0x0) at ../qemu/qom/object.c:1049
1049 return obj->class;
(gdb) bt
#0 object_get_class (obj=obj@entry=0x0) at ../qemu/qom/object.c:1049
#1 0x000055555602dd0f in QIO_CHANNEL_GET_CLASS (obj=0x0)
at /home/tsailer/src/daedalean/exp-bertcard-emu/qemu/include/io/channel.h:29
#2 qio_channel_writev_full
(errp=0x0, flags=0, nfds=0, fds=0x0, niov=2, iov=0x7fffffff5190, ioc=0x0)
at ../qemu/io/channel.c:87
#3 qio_channel_writev
(ioc=0x0, iov=iov@entry=0x7fffffff5190, niov=2, errp=errp@entry=0x0)
at ../qemu/io/channel.c:305
#4 0x0000555555c42a66 in net_stream_receive
(nc=0x5555578477d0, buf=<optimized out>, size=90)
at ../qemu/net/stream.c:98
#5 0x0000555555c3d327 in nc_sendv_compat
(flags=<optimized out>, iovcnt=1, iov=0x7fffffff52f0, nc=0x5555578477d0)
at ../qemu/net/net.c:784
#6 qemu_deliver_packet_iov
(sender=<optimized out>, flags=<optimized out>, iov=0x7fffffff52f0, iovcnt=1, opaque=0x5555578477d0) at ../qemu/net/net.c:830
#7 0x0000555555c4106c in qemu_net_queue_deliver_iov
(iovcnt=1, iov=0x7fffffff52f0, flags=0, sender=0x5555583049d8, queue=0x55555783c5e0) at ../qemu/net/queue.c:179
#8 qemu_net_queue_send_iov
(queue=0x55555783c5e0, sender=0x5555583049d8, flags=flags@entry=0, iov=iov@entry=0x7fffffff52f0, iovcnt=iovcnt@entry=1, sent_cb=sent_cb@entry=0x555555f28fa0 <virtio_net_tx_complete>) at ../qemu/net/queue.c:235
#9 0x0000555555c3ed63 in qemu_sendv_packet_async
(sent_cb=0x555555f28fa0 <virtio_net_tx_complete>, iovcnt=1, iov=0x7fffffff52f0, sender=<optimized out>) at ../qemu/net/net.c:875
#10 0x0000555555f28c1d in virtio_net_flush_tx (q=q@entry=0x5555582fcb00)
at ../qemu/hw/net/virtio-net.c:2795
#11 0x0000555555f28f18 in virtio_net_tx_bh (opaque=0x5555582fcb00)
at ../qemu/hw/net/virtio-net.c:2948
#12 0x00005555561c2f47 in aio_bh_call (bh=bh@entry=0x5555582d0b30)
at ../qemu/util/async.c:172
#13 0x00005555561c311e in aio_bh_poll (ctx=ctx@entry=0x5555574c3c10)
at ../qemu/util/async.c:219
#14 0x00005555561ab382 in aio_dispatch (ctx=0x5555574c3c10)
at ../qemu/util/aio-posix.c:424
#15 0x00005555561c2d82 in aio_ctx_dispatch
(source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at ../qemu/util/async.c:361
#16 0x00007ffff7ad5d3b in g_main_context_dispatch ()
at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#17 0x00005555561c45d8 in glib_pollfds_poll () at ../qemu/util/main-loop.c:287
#18 os_host_main_loop_wait (timeout=0) at ../qemu/util/main-loop.c:310
#19 main_loop_wait (nonblocking=nonblocking@entry=0)
at ../qemu/util/main-loop.c:589
#20 0x0000555555bf2569 in qemu_main_loop () at ../qemu/system/runstate.c:835
#21 0x00005555561047fa in qemu_default_main () at ../qemu/system/main.c:37
#22 0x00007ffff7229d90 in __libc_start_call_main
(main=main@entry=0x5555558e5080 <main>, argc=argc@entry=44, argv=argv@entry=0x7fffffffd6c8)
at ../sysdeps/nptl/libc_start_call_main.h:58
#23 0x00007ffff7229e40 in __libc_start_main_impl
(main=0x5555558e5080 <main>, argc=44, argv=0x7fffffffd6c8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffd6b8)
at ../csu/libc-start.c:392
#24 0x00005555558e6095 in _start ()
Crash with e1000e:
[ 16.846673] e1000e 0000:00:02.0 enp0s2: NIC Link is Down
[ 18.495388] e1000e 0000:00:02.0 enp0s2: NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
Thread 5 "qemu-system-aar" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffafe00640 (LWP 641377)]
object_get_class (obj=obj@entry=0x0) at ../qemu/qom/object.c:1049
1049 return obj->class;
(gdb) bt
#0 object_get_class (obj=obj@entry=0x0) at ../qemu/qom/object.c:1049
#1 0x000055555602dd0f in QIO_CHANNEL_GET_CLASS (obj=0x0)
at /home/tsailer/src/daedalean/exp-bertcard-emu/qemu/include/io/channel.h:29
#2 qio_channel_writev_full
(errp=0x0, flags=0, nfds=0, fds=0x0, niov=2, iov=0x7fffafdfe9b0, ioc=0x0)
at ../qemu/io/channel.c:87
#3 qio_channel_writev
(ioc=0x0, iov=iov@entry=0x7fffafdfe9b0, niov=2, errp=errp@entry=0x0)
at ../qemu/io/channel.c:305
#4 0x0000555555c42a66 in net_stream_receive
(nc=0x5555578589b0, buf=<optimized out>, size=90)
at ../qemu/net/stream.c:98
#5 0x0000555555c3d327 in nc_sendv_compat
(flags=<optimized out>, iovcnt=3, iov=0x55555850b280, nc=0x5555578589b0)
at ../qemu/net/net.c:784
#6 qemu_deliver_packet_iov
(sender=<optimized out>, flags=<optimized out>, iov=0x55555850b280, iovcnt=3, opaque=0x5555578589b0) at ../qemu/net/net.c:830
#7 0x0000555555c4106c in qemu_net_queue_deliver_iov
(iovcnt=3, iov=0x55555850b280, flags=0, sender=0x5555584facf8, queue=0x55555783c6d0) at ../qemu/net/queue.c:179
#8 qemu_net_queue_send_iov
(queue=0x55555783c6d0, sender=0x5555584facf8, flags=0, iov=0x55555850b280, iovcnt=3, sent_cb=0x0) at ../qemu/net/queue.c:235
#9 0x0000555555a62737 in net_tx_pkt_send_custom
(pkt=0x5555584fb200, offload=<optimized out>, callback=0x555555a61150 <net_tx_pkt_sendv>, context=0x5555584facf8) at ../qemu/hw/net/net_tx_pkt.c:847
#10 0x0000555555a62819 in net_tx_pkt_send
(pkt=<optimized out>, nc=<optimized out>)
at ../qemu/hw/net/net_tx_pkt.c:816
#11 0x0000555555a6dd2a in e1000e_tx_pkt_send
(queue_index=<optimized out>, tx=0x555558480cc8, core=0x555558460a60)
at ../qemu/hw/net/e1000e_core.c:654
#12 e1000e_process_tx_desc
(queue_index=<optimized out>, dp=0x7fffafdfeb20, tx=0x555558480cc8, core=0x555558460a60) at ../qemu/hw/net/e1000e_core.c:731
#13 e1000e_start_xmit (core=0x555558460a60, txr=txr@entry=0x7fffafdfeb90)
at ../qemu/hw/net/e1000e_core.c:921
#14 0x0000555555a6dfcc in e1000e_set_tdt
(core=<optimized out>, index=<optimized out>, val=<optimized out>)
at ../qemu/hw/net/e1000e_core.c:2432
#15 0x0000555555f72044 in memory_region_write_accessor
(mr=0x555558460610, addr=14360, value=<optimized out>, size=4, shift=<optimized out>, mask=<optimized out>, attrs=...) at ../qemu/system/memory.c:497
#16 0x0000555555f7320e in access_with_adjusted_size
(addr=addr@entry=14360, value=value@entry=0x7fffafdfece8, size=size@entry=4,
access_size_min=<optimized out>, access_size_max=<optimized out>, access_fn=0x555555f71fc0 <memory_region_write_accessor>, mr=<optimized out>, attrs=...) at ../qemu/system/memory.c:573
#17 0x0000555555f743ad in memory_region_dispatch_write
(mr=mr@entry=0x555558460610, addr=addr@entry=14360, data=<optimized out>,
data@entry=19, op=op@entry=MO_32, attrs=...)
at ../qemu/system/memory.c:1560
#18 0x0000555555fc6cc9 in int_st_mmio_leN
(cpu=cpu@entry=0x55555789a140, full=full@entry=0x7fffa47eab90, val_le=val_le@entry=19, addr=addr@entry=18446743801007585304, size=size@entry=4, mmu_idx=mmu_idx@entry=2, ra=140736286290890, mr=0x555558460610, mr_offset=14360)
at ../qemu/accel/tcg/cputlb.c:2489
#19 0x0000555555fc6ec8 in do_st_mmio_leN
(cpu=0x55555789a140, full=0x7fffa47eab90, val_le=19, addr=18446743801007585304, size=4, mmu_idx=2, ra=140736286290890) at ../qemu/accel/tcg/cputlb.c:2524
#20 0x0000555555fcb55a in do_st_4
(ra=<optimized out>, memop=<optimized out>, mmu_idx=<optimized out>, val=19, p=<optimized out>, cpu=<optimized out>) at ../qemu/accel/tcg/cputlb.c:2694
#21 do_st4_mmu
(cpu=0x55555789a140, addr=140736144075184, val=19, oi=2, ra=140736286290890) at ../qemu/accel/tcg/cputlb.c:2770
#22 0x00007fffb859f416 in code_gen_buffer ()
#23 0x0000555555fbb6a6 in cpu_tb_exec
(cpu=cpu@entry=0x55555789a140, itb=itb@entry=0x7fffb859f2c0 <code_gen_buffer+140112531>, tb_exit=tb_exit@entry=0x7fffafdff444)
at ../qemu/accel/tcg/cpu-exec.c:458
#24 0x0000555555fbbc2f in cpu_loop_exec_tb
(tb_exit=0x7fffafdff444, last_tb=<synthetic pointer>, pc=<optimized out>, tb=0x7fffb859f2c0 <code_gen_buffer+140112531>, cpu=0x55555789a140)
at ../qemu/accel/tcg/cpu-exec.c:908
#25 cpu_exec_loop (cpu=cpu@entry=0x55555789a140, sc=sc@entry=0x7fffafdff4f0)
at ../qemu/accel/tcg/cpu-exec.c:1022
#26 0x0000555555fbc3d1 in cpu_exec_setjmp
(cpu=cpu@entry=0x55555789a140, sc=sc@entry=0x7fffafdff4f0)
at ../qemu/accel/tcg/cpu-exec.c:1039
#27 0x0000555555fbcb9d in cpu_exec (cpu=cpu@entry=0x55555789a140)
at ../qemu/accel/tcg/cpu-exec.c:1065
#28 0x0000555555fd8123 in tcg_cpu_exec (cpu=cpu@entry=0x55555789a140)
at ../qemu/accel/tcg/tcg-accel-ops.c:78
#29 0x0000555555fd8280 in mttcg_cpu_thread_fn (arg=arg@entry=0x55555789a140)
at ../qemu/accel/tcg/tcg-accel-ops-mttcg.c:95
#30 0x00005555561ae740 in qemu_thread_start (args=0x555557883000)
at ../qemu/util/qemu-thread-posix.c:541
#31 0x00007ffff7294ac3 in start_thread (arg=<optimized out>)
at ./nptl/pthread_create.c:442
#32 0x00007ffff7326850 in clone3 ()
at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
```
Steps to reproduce:
1. Boot guest
2. monitor: set_link net0 off
3. monitor: set_link net0 on
Additional information:
Same behaviour with d6430c17d7113d3c38480dc34e59d00b0504e2f7 (master as of 2025-01-19).
|