On Fri, 2015-02-06 at 22:15 +0100, Paolo Bonzini wrote: > Mostly the same as v2;
We've got something screwy going on with MemoryListeners, I did some hotplug testing with this and I hit the following segfault: Program received signal SIGSEGV, Segmentation fault. 0x00007ff7bd8f7416 in memory_listener_register (listener=0x7ff7bf935e50, filter=0x7ff7bf935e08) at /net/gimli/home/alwillia/Work/qemu.git/memory.c:1931 1931 QTAILQ_INSERT_BEFORE(other, listener, link); Call path is: #0 0x00007ff7bd8f7416 in memory_listener_register (listener=0x7ff7bf935e50, filter=0x7ff7bf935e08) at memory.c:1931 #1 0x00007ff7bd8aa400 in address_space_init_dispatch (as=0x7ff7bf935e08) at exec.c:2059 #2 0x00007ff7bd8f75d4 in address_space_init (as=0x7ff7bf935e08, root=0x7ff7bf935ef0, name=0x7ff7bf71aee0 "vfio-pci") at memory.c:1954 #3 0x00007ff7bdae5d85 in do_pci_register_device (pci_dev=0x7ff7bf935c00, bus=0x7ff7bf77ce40, name=0x7ff7bf71aee0 "vfio-pci", devfn=64) at hw/pci/pci.c:837 #4 0x00007ff7bdae7eba in pci_qdev_init (qdev=0x7ff7bf935c00) at hw/pci/pci.c:1768 #5 0x00007ff7bda67fc6 in device_realize (dev=0x7ff7bf935c00, errp=0x7fffcee75550) at hw/core/qdev.c:247 #6 0x00007ff7bda6a00a in device_set_realized (obj=0x7ff7bf935c00, value=true, errp=0x7fffcee75700) at hw/core/qdev.c:1040 #7 0x00007ff7bdb823b7 in property_set_bool (obj=0x7ff7bf935c00, v=0x7ff7bf9375b0, opaque=0x7ff7bf98aee0, name=0x7ff7bdca0869 "realized", errp=0x7fffcee75700) at qom/object.c:1514 #8 0x00007ff7bdb80cb1 in object_property_set (obj=0x7ff7bf935c00, v=0x7ff7bf9375b0, name=0x7ff7bdca0869 "realized", errp=0x7fffcee75700) at qom/object.c:837 #9 0x00007ff7bdb82ccf in object_property_set_qobject (obj=0x7ff7bf935c00, value=0x7ff7bfa01680, name=0x7ff7bdca0869 "realized", errp=0x7fffcee75700) at qom/qom-qobject.c:24 #10 0x00007ff7bdb80f20 in object_property_set_bool (obj=0x7ff7bf935c00, value=true, name=0x7ff7bdca0869 "realized", errp=0x7fffcee75700) at qom/object.c:905 #11 0x00007ff7bd9d0914 in qdev_device_add (opts=0x7ff7bfa07910) at qdev-monitor.c:574 #12 0x00007ff7bd9d0f2e in do_device_add (mon=0x7ff7bf7b8130, Walking through the QTAIL list, we get to these last two entries: (gdb) p *(MemoryListener *)0x7ff7bfa6a860 $18 = {begin = 0x7ff7bd8aa0ee <mem_begin>, commit = 0x7ff7bd8aa275 <mem_commit>, region_add = 0x7ff7bd8a7bf6 <mem_add>, region_del = 0x0, region_nop = 0x7ff7bd8a7bf6 <mem_add>, log_start = 0x0, log_stop = 0x0, log_sync = 0x0, log_global_start = 0x0, log_global_stop = 0x0, eventfd_add = 0x0, eventfd_del = 0x0, coalesced_mmio_add = 0x0, coalesced_mmio_del = 0x0, priority = 0, address_space_filter = 0x7ff7bfa6a818, link = {tqe_next = 0x7ff7bf937e90, tqe_prev = 0x7ff7bfa4e380}} (gdb) p *(MemoryListener *)0x7ff7bf937e90 $19 = {begin = 0x0, commit = 0x0, region_add = 0x0, region_del = 0x0, region_nop = 0x0, log_start = 0x0, log_stop = 0x0, log_sync = 0x0, log_global_start = 0x0, log_global_stop = 0x0, eventfd_add = 0x0, eventfd_del = 0x0, coalesced_mmio_add = 0x0, coalesced_mmio_del = 0x0, priority = 0, address_space_filter = 0x0, link = {tqe_next = 0x0, tqe_prev = 0x0}} So we've got a zero'd MemoryListener that's still on the memory_listeners list and QTAILQ_INSERT_BEFORE isn't happy touching *(0x0). I'm not sure where it's coming from yet, but I did extensive testing for my last pull request based on ec6f25e because if I updated to d5fbb4c vfio hotplug broke immediately. I'll keep looking, but I thought I'd share in case you have some ideas. Thanks, Alex