[Qemu-devel] qemu 2.0.0-rc2 crash

[Qemu-devel] qemu 2.0.0-rc2 crash

[Marcin Gibuła]

Hi,

I've been playing with QEMU 2.0-rc2 and found a crash that isn't there 
in 1.7.1.

Virtual machine is created via libvirt and when I query it with 
'dommemstat' it crashes with following backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x00007f5883655c0a in object_class_dynamic_cast (class=0x7f588618fbb0, 
typename=typename@entry=0x7f58837ebe54 "object") at 
/var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/qom/object.c:525
525 
/var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/qom/object.c: 
No such file or directory.
(gdb) bt
#0  0x00007f5883655c0a in object_class_dynamic_cast 
(class=0x7f588618fbb0, typename=typename@entry=0x7f58837ebe54 "object") 
at 
/var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/qom/object.c:525
#1  0x00007f5883655da5 in object_dynamic_cast (obj=0x7f58861604c0, 
typename=typename@entry=0x7f58837ebe54 "object") at 
/var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/qom/object.c:456
#2  0x00007f5883657d6e in object_resolve_abs_path (parent=<optimized 
out>, parts=parts@entry=0x7f5886352ad0, 
typename=typename@entry=0x7f58837ebe54 "object", index=index@entry=1)
     at 
/var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/qom/object.c:1244
#3  0x00007f5883657f20 in object_resolve_path_type (path=<optimized 
out>, typename=0x7f58837ebe54 "object", ambiguous=0x7fff1ccab257) at 
/var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/qom/object.c:1312
#4  0x00007f5883652d7f in qmp_qom_list (path=0x7f588615c9a0 
"//machine/i440fx/pci.0/child[9]", errp=errp@entry=0x7fff1ccab290) at 
/var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/qmp.c:201
#5  0x00007f588364dd55 in qmp_marshal_input_qom_list (mon=<optimized 
out>, qdict=<optimized out>, ret=0x7fff1ccab310) at qmp-marshal.c:2490
#6  0x00007f58836ef4e8 in qmp_call_cmd (params=0x7f58893626b0, 
mon=0x7f5885c9ec90, cmd=<optimized out>) at 
/var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/monitor.c:4760
#7  handle_qmp_command (parser=<optimized out>, tokens=<optimized out>) 
at 
/var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/monitor.c:4826
#8  0x00007f588378289a in json_message_process_token 
(lexer=0x7f5885ca00a0, token=0x7f58861a0500, type=JSON_OPERATOR, x=95, 
y=20) at 
/var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/qobject/json-streamer.c:87
#9  0x00007f5883797c4f in json_lexer_feed_char 
(lexer=lexer@entry=0x7f5885ca00a0, ch=125 '}', flush=flush@entry=false) 
at 
/var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/qobject/json-lexer.c:303
#10 0x00007f5883797d96 in json_lexer_feed (lexer=0x7f5885ca00a0, 
buffer=<optimized out>, size=<optimized out>) at 
/var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/qobject/json-lexer.c:356
#11 0x00007f5883782ab1 in json_message_parser_feed (parser=<optimized 
out>, buffer=<optimized out>, size=<optimized out>) at 
/var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/qobject/json-streamer.c:110
#12 0x00007f58836ed593 in monitor_control_read (opaque=<optimized out>, 
buf=<optimized out>, size=<optimized out>) at 
/var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/monitor.c:4847
#13 0x00007f588363d4e1 in qemu_chr_be_write (len=<optimized out>, 
buf=0x7fff1ccab4f0 "}", s=0x7f5885caf0b0) at 
/var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/qemu-char.c:165
#14 tcp_chr_read (chan=<optimized out>, cond=<optimized out>, 
opaque=0x7f5885caf0b0) at 
/var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/qemu-char.c:2487
#15 0x00007f58814d0b75 in g_main_context_dispatch () from 
/usr/lib64/libglib-2.0.so.0
#16 0x00007f588360b0e8 in glib_pollfds_poll () at 
/var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/main-loop.c:190
#17 os_host_main_loop_wait (timeout=<optimized out>) at 
/var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/main-loop.c:235
#18 main_loop_wait (nonblocking=<optimized out>) at 
/var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/main-loop.c:484
#19 0x00007f58834dbb6e in main_loop () at 
/var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/vl.c:2051
#20 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized 
out>) at 
/var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/vl.c:4507

Virtual machine options command line:

LC_ALL=C 
PATH=/bin:/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin 
HOME=/ USER=root QEMU_AUDIO_DRV=none /usr/bin/qemu-kvm -name 
f1b3b8b7-7b0e-4eab-afef-06d577d6544d -S -machine 
pc-i440fx-2.0,accel=kvm,usb=off -cpu SandyBridge,-kvmclock -m 4096 
-realtime mlock=on -smp 4,sockets=2,cores=10,threads=1 -uuid 
f1b3b8b7-7b0e-4eab-afef-06d577d6544d -smbios type=0,vendor=HAL 9000 
-smbios type=1,manufacturer=cloud -no-user-config -nodefaults -chardev 
socket,id=charmonitor,path=/var/lib/libvirt/qemu/f1b3b8b7-7b0e-4eab-afef-06d577d6544d.monitor,server,nowait 
-mon chardev=charmonitor,id=monitor,mode=control -rtc 
base=utc,clock=vm,driftfix=slew -global kvm-pit.lost_tick_policy=discard 
-no-shutdown -boot menu=off,strict=on -device 
piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device 
virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x4 -drive 
file=/mnt/nfs/volumes/16162d6c-88c9-4052-9ae0-dccdd914a891/active.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,aio=threads,bps_rd=68157440,bps_wr=68157440,iops_rd=325,iops_wr=325 
-device 
virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=2 
-drive if=none,id=drive-ide0-0-0,readonly=on,format=raw -device 
ide-cd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 
-netdev tap,fd=26,id=hostnet0,vhost=on,vhostfd=27 -device 
virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:46:0d:c9,bus=pci.0,addr=0x3 
-chardev pty,id=charserial0 -device 
isa-serial,chardev=charserial0,id=serial0 -chardev 
socket,id=charchannel0,path=/var/lib/libvirt/qemu/f1b3b8b7-7b0e-4eab-afef-06d577d6544d.agent,server,nowait 
-device 
virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0 
-chardev 
socket,id=charchannel1,path=/var/lib/libvirt/qemu/f1b3b8b7-7b0e-4eab-afef-06d577d6544d.cloud.agent,server,nowait 
-device 
virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,id=channel1,name=com.cloud.guest_agent.1 
-device usb-tablet,id=input0 -vnc 0.0.0.0:3,password -device 
cirrus-vga,id=video0,bus=pci.0,addr=0x2 -device 
virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6 -sandbox on -device 
pvpanic

-- 
mg

Re: [Qemu-devel] qemu 2.0.0-rc2 crash

[Marcel Apfelbaum]

On Thu, 2014-04-10 at 14:55 +0200, Marcin Gibuła wrote:
> Hi,
> 
> I've been playing with QEMU 2.0-rc2 and found a crash that isn't there 
> in 1.7.1.
Hi Marcin,
Thanks for reporting the bug!

Do you have a development environment?
If you do, and the reproduction is fast (and you already have a setup),
a git bisect to find the problematic commit would be appreciated,

Thanks,
Marcel

> 
> Virtual machine is created via libvirt and when I query it with 
> 'dommemstat' it crashes with following backtrace:
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007f5883655c0a in object_class_dynamic_cast (class=0x7f588618fbb0, 
> typename=typename@entry=0x7f58837ebe54 "object") at 
> /var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/qom/object.c:525
> 525 
> /var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/qom/object.c: 
> No such file or directory.
> (gdb) bt
> #0  0x00007f5883655c0a in object_class_dynamic_cast 
> (class=0x7f588618fbb0, typename=typename@entry=0x7f58837ebe54 "object") 
> at 
> /var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/qom/object.c:525
> #1  0x00007f5883655da5 in object_dynamic_cast (obj=0x7f58861604c0, 
> typename=typename@entry=0x7f58837ebe54 "object") at 
> /var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/qom/object.c:456
> #2  0x00007f5883657d6e in object_resolve_abs_path (parent=<optimized 
> out>, parts=parts@entry=0x7f5886352ad0, 
> typename=typename@entry=0x7f58837ebe54 "object", index=index@entry=1)
>      at 
> /var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/qom/object.c:1244
> #3  0x00007f5883657f20 in object_resolve_path_type (path=<optimized 
> out>, typename=0x7f58837ebe54 "object", ambiguous=0x7fff1ccab257) at 
> /var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/qom/object.c:1312
> #4  0x00007f5883652d7f in qmp_qom_list (path=0x7f588615c9a0 
> "//machine/i440fx/pci.0/child[9]", errp=errp@entry=0x7fff1ccab290) at 
> /var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/qmp.c:201
> #5  0x00007f588364dd55 in qmp_marshal_input_qom_list (mon=<optimized 
> out>, qdict=<optimized out>, ret=0x7fff1ccab310) at qmp-marshal.c:2490
> #6  0x00007f58836ef4e8 in qmp_call_cmd (params=0x7f58893626b0, 
> mon=0x7f5885c9ec90, cmd=<optimized out>) at 
> /var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/monitor.c:4760
> #7  handle_qmp_command (parser=<optimized out>, tokens=<optimized out>) 
> at 
> /var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/monitor.c:4826
> #8  0x00007f588378289a in json_message_process_token 
> (lexer=0x7f5885ca00a0, token=0x7f58861a0500, type=JSON_OPERATOR, x=95, 
> y=20) at 
> /var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/qobject/json-streamer.c:87
> #9  0x00007f5883797c4f in json_lexer_feed_char 
> (lexer=lexer@entry=0x7f5885ca00a0, ch=125 '}', flush=flush@entry=false) 
> at 
> /var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/qobject/json-lexer.c:303
> #10 0x00007f5883797d96 in json_lexer_feed (lexer=0x7f5885ca00a0, 
> buffer=<optimized out>, size=<optimized out>) at 
> /var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/qobject/json-lexer.c:356
> #11 0x00007f5883782ab1 in json_message_parser_feed (parser=<optimized 
> out>, buffer=<optimized out>, size=<optimized out>) at 
> /var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/qobject/json-streamer.c:110
> #12 0x00007f58836ed593 in monitor_control_read (opaque=<optimized out>, 
> buf=<optimized out>, size=<optimized out>) at 
> /var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/monitor.c:4847
> #13 0x00007f588363d4e1 in qemu_chr_be_write (len=<optimized out>, 
> buf=0x7fff1ccab4f0 "}", s=0x7f5885caf0b0) at 
> /var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/qemu-char.c:165
> #14 tcp_chr_read (chan=<optimized out>, cond=<optimized out>, 
> opaque=0x7f5885caf0b0) at 
> /var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/qemu-char.c:2487
> #15 0x00007f58814d0b75 in g_main_context_dispatch () from 
> /usr/lib64/libglib-2.0.so.0
> #16 0x00007f588360b0e8 in glib_pollfds_poll () at 
> /var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/main-loop.c:190
> #17 os_host_main_loop_wait (timeout=<optimized out>) at 
> /var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/main-loop.c:235
> #18 main_loop_wait (nonblocking=<optimized out>) at 
> /var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/main-loop.c:484
> #19 0x00007f58834dbb6e in main_loop () at 
> /var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/vl.c:2051
> #20 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized 
> out>) at 
> /var/tmp/portage/app-emulation/qemu-2.0.0_rc2/work/qemu-2.0.0-rc2/vl.c:4507
> 
> Virtual machine options command line:
> 
> LC_ALL=C 
> PATH=/bin:/sbin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin 
> HOME=/ USER=root QEMU_AUDIO_DRV=none /usr/bin/qemu-kvm -name 
> f1b3b8b7-7b0e-4eab-afef-06d577d6544d -S -machine 
> pc-i440fx-2.0,accel=kvm,usb=off -cpu SandyBridge,-kvmclock -m 4096 
> -realtime mlock=on -smp 4,sockets=2,cores=10,threads=1 -uuid 
> f1b3b8b7-7b0e-4eab-afef-06d577d6544d -smbios type=0,vendor=HAL 9000 
> -smbios type=1,manufacturer=cloud -no-user-config -nodefaults -chardev 
> socket,id=charmonitor,path=/var/lib/libvirt/qemu/f1b3b8b7-7b0e-4eab-afef-06d577d6544d.monitor,server,nowait 
> -mon chardev=charmonitor,id=monitor,mode=control -rtc 
> base=utc,clock=vm,driftfix=slew -global kvm-pit.lost_tick_policy=discard 
> -no-shutdown -boot menu=off,strict=on -device 
> piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device 
> virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x4 -drive 
> file=/mnt/nfs/volumes/16162d6c-88c9-4052-9ae0-dccdd914a891/active.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,aio=threads,bps_rd=68157440,bps_wr=68157440,iops_rd=325,iops_wr=325 
> -device 
> virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=2 
> -drive if=none,id=drive-ide0-0-0,readonly=on,format=raw -device 
> ide-cd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 
> -netdev tap,fd=26,id=hostnet0,vhost=on,vhostfd=27 -device 
> virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:46:0d:c9,bus=pci.0,addr=0x3 
> -chardev pty,id=charserial0 -device 
> isa-serial,chardev=charserial0,id=serial0 -chardev 
> socket,id=charchannel0,path=/var/lib/libvirt/qemu/f1b3b8b7-7b0e-4eab-afef-06d577d6544d.agent,server,nowait 
> -device 
> virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=org.qemu.guest_agent.0 
> -chardev 
> socket,id=charchannel1,path=/var/lib/libvirt/qemu/f1b3b8b7-7b0e-4eab-afef-06d577d6544d.cloud.agent,server,nowait 
> -device 
> virtserialport,bus=virtio-serial0.0,nr=2,chardev=charchannel1,id=channel1,name=com.cloud.guest_agent.1 
> -device usb-tablet,id=input0 -vnc 0.0.0.0:3,password -device 
> cirrus-vga,id=video0,bus=pci.0,addr=0x2 -device 
> virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6 -sandbox on -device 
> pvpanic
> 

Re: [Qemu-devel] qemu 2.0.0-rc2 crash

[Marcin Gibuła]

W dniu 2014-04-10 15:43, Marcel Apfelbaum pisze:
> On Thu, 2014-04-10 at 14:55 +0200, Marcin Gibuła wrote:
>> Hi,
>>
>> I've been playing with QEMU 2.0-rc2 and found a crash that isn't there
>> in 1.7.1.
> Hi Marcin,
> Thanks for reporting the bug!
>
> Do you have a development environment?
> If you do, and the reproduction is fast (and you already have a setup),
> a git bisect to find the problematic commit would be appreciated,

Hi,

yes, it's on development environment. If you could point me to some 
quick guide to bisecting qemu, I'll be happy to do it.

-- 
mg

Re: [Qemu-devel] qemu 2.0.0-rc2 crash

[Marcel Apfelbaum]

On Thu, 2014-04-10 at 18:24 +0200, Marcin Gibuła wrote:
> W dniu 2014-04-10 15:43, Marcel Apfelbaum pisze:
> > On Thu, 2014-04-10 at 14:55 +0200, Marcin Gibuła wrote:
> >> Hi,
> >>
> >> I've been playing with QEMU 2.0-rc2 and found a crash that isn't there
> >> in 1.7.1.
> > Hi Marcin,
> > Thanks for reporting the bug!
> >
> > Do you have a development environment?
> > If you do, and the reproduction is fast (and you already have a setup),
> > a git bisect to find the problematic commit would be appreciated,
> 
> Hi,
> 
> yes, it's on development environment. If you could point me to some 
> quick guide to bisecting qemu, I'll be happy to do it.

Sure! Thanks for helping.

1. Start:
     git bisect start
     git bisect good <commit hash or tag name of the version that works> (Ex: v1.7.1)
     git bisect bad <commit hash or tag name of the non working version> (Ex: HEAD)
2. Git will checkout commits for you and you have to check and answer:
     git bisect good or git bisect bad 
3. Git will show you the first bad commit.

A more detailed version here:
http://git-scm.com/book/en/Git-Tools-Debugging-with-Git
Look for git-bisect.

Thanks,
Marcel

> 

Re: [Qemu-devel] qemu 2.0.0-rc2 crash

[Cole Robinson]

On 04/10/2014 12:39 PM, Marcel Apfelbaum wrote:
> On Thu, 2014-04-10 at 18:24 +0200, Marcin Gibuła wrote:
>> W dniu 2014-04-10 15:43, Marcel Apfelbaum pisze:
>>> On Thu, 2014-04-10 at 14:55 +0200, Marcin Gibuła wrote:
>>>> Hi,
>>>>
>>>> I've been playing with QEMU 2.0-rc2 and found a crash that isn't there
>>>> in 1.7.1.
>>> Hi Marcin,
>>> Thanks for reporting the bug!
>>>
>>> Do you have a development environment?
>>> If you do, and the reproduction is fast (and you already have a setup),
>>> a git bisect to find the problematic commit would be appreciated,
>>
>> Hi,
>>
>> yes, it's on development environment. If you could point me to some 
>> quick guide to bisecting qemu, I'll be happy to do it.
> 
> Sure! Thanks for helping.
> 
> 1. Start:
>      git bisect start
>      git bisect good <commit hash or tag name of the version that works> (Ex: v1.7.1)
>      git bisect bad <commit hash or tag name of the non working version> (Ex: HEAD)
> 2. Git will checkout commits for you and you have to check and answer:
>      git bisect good or git bisect bad 
> 3. Git will show you the first bad commit.
> 
> A more detailed version here:
> http://git-scm.com/book/en/Git-Tools-Debugging-with-Git
> Look for git-bisect.

Actually I was just independently bisecting this :) Culprit is:

commit 9561fda8d90e176bef598ba87c42a1bd6ad03ef7
Author: Stefan Hajnoczi <stefanha@redhat.com>
Date:   Wed Mar 19 08:58:55 2014 +0100

    qom: Make QOM link property unref optional

Simple reproducer:

./x86_64-softmmu/qemu-system-x86_64 -qmp unix:./qmp.sock,server

./scripts/qmp/qmp-shell ./qmp.sock
(QEMU) qom-list path=//machine/i440fx/pci.0/child[2]

Seems like trying to qom-list any link property will crash

- Cole

Re: [Qemu-devel] qemu 2.0.0-rc2 crash

[Cole Robinson]

On 04/10/2014 02:15 PM, Cole Robinson wrote:
> On 04/10/2014 12:39 PM, Marcel Apfelbaum wrote:
>> On Thu, 2014-04-10 at 18:24 +0200, Marcin Gibuła wrote:
>>> W dniu 2014-04-10 15:43, Marcel Apfelbaum pisze:
>>>> On Thu, 2014-04-10 at 14:55 +0200, Marcin Gibuła wrote:
>>>>> Hi,
>>>>>
>>>>> I've been playing with QEMU 2.0-rc2 and found a crash that isn't there
>>>>> in 1.7.1.
>>>> Hi Marcin,
>>>> Thanks for reporting the bug!
>>>>
>>>> Do you have a development environment?
>>>> If you do, and the reproduction is fast (and you already have a setup),
>>>> a git bisect to find the problematic commit would be appreciated,
>>>
>>> Hi,
>>>
>>> yes, it's on development environment. If you could point me to some 
>>> quick guide to bisecting qemu, I'll be happy to do it.
>>
>> Sure! Thanks for helping.
>>
>> 1. Start:
>>      git bisect start
>>      git bisect good <commit hash or tag name of the version that works> (Ex: v1.7.1)
>>      git bisect bad <commit hash or tag name of the non working version> (Ex: HEAD)
>> 2. Git will checkout commits for you and you have to check and answer:
>>      git bisect good or git bisect bad 
>> 3. Git will show you the first bad commit.
>>
>> A more detailed version here:
>> http://git-scm.com/book/en/Git-Tools-Debugging-with-Git
>> Look for git-bisect.
> 
> Actually I was just independently bisecting this :) Culprit is:
> 
> commit 9561fda8d90e176bef598ba87c42a1bd6ad03ef7
> Author: Stefan Hajnoczi <stefanha@redhat.com>
> Date:   Wed Mar 19 08:58:55 2014 +0100
> 
>     qom: Make QOM link property unref optional
> 
> Simple reproducer:
> 
> ./x86_64-softmmu/qemu-system-x86_64 -qmp unix:./qmp.sock,server
> 
> ./scripts/qmp/qmp-shell ./qmp.sock
> (QEMU) qom-list path=//machine/i440fx/pci.0/child[2]
> 
> Seems like trying to qom-list any link property will crash
> 

I think this is the fix;

Re: [Qemu-devel] qemu 2.0.0-rc2 crash

[Cole Robinson]

On 04/10/2014 02:15 PM, Cole Robinson wrote:
> On 04/10/2014 12:39 PM, Marcel Apfelbaum wrote:
>> On Thu, 2014-04-10 at 18:24 +0200, Marcin Gibuła wrote:
>>> W dniu 2014-04-10 15:43, Marcel Apfelbaum pisze:
>>>> On Thu, 2014-04-10 at 14:55 +0200, Marcin Gibuła wrote:
>>>>> Hi,
>>>>>
>>>>> I've been playing with QEMU 2.0-rc2 and found a crash that isn't there
>>>>> in 1.7.1.
>>>> Hi Marcin,
>>>> Thanks for reporting the bug!
>>>>
>>>> Do you have a development environment?
>>>> If you do, and the reproduction is fast (and you already have a setup),
>>>> a git bisect to find the problematic commit would be appreciated,
>>>
>>> Hi,
>>>
>>> yes, it's on development environment. If you could point me to some 
>>> quick guide to bisecting qemu, I'll be happy to do it.
>>
>> Sure! Thanks for helping.
>>
>> 1. Start:
>>      git bisect start
>>      git bisect good <commit hash or tag name of the version that works> (Ex: v1.7.1)
>>      git bisect bad <commit hash or tag name of the non working version> (Ex: HEAD)
>> 2. Git will checkout commits for you and you have to check and answer:
>>      git bisect good or git bisect bad 
>> 3. Git will show you the first bad commit.
>>
>> A more detailed version here:
>> http://git-scm.com/book/en/Git-Tools-Debugging-with-Git
>> Look for git-bisect.
> 
> Actually I was just independently bisecting this :) Culprit is:
> 
> commit 9561fda8d90e176bef598ba87c42a1bd6ad03ef7
> Author: Stefan Hajnoczi <stefanha@redhat.com>
> Date:   Wed Mar 19 08:58:55 2014 +0100
> 
>     qom: Make QOM link property unref optional
> 
> Simple reproducer:
> 
> ./x86_64-softmmu/qemu-system-x86_64 -qmp unix:./qmp.sock,server
> 
> ./scripts/qmp/qmp-shell ./qmp.sock
> (QEMU) qom-list path=//machine/i440fx/pci.0/child[2]
> 
> Seems like trying to qom-list any link property will crash
> 

I think this is the fix:

diff --git a/qom/object.c b/qom/object.c
index f4de619..9a730e7 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -1225,7 +1225,8 @@ Object *object_resolve_path_component(Object *parent, cons
     }

     if (object_property_is_link(prop)) {
-        return *(Object **)prop->opaque;
+        LinkProperty *lprop = prop->opaque;
+        return *lprop->child;
     } else if (object_property_is_child(prop)) {
         return prop->opaque;
     } else {

The commit mentioned above changed the type of opaque for link properties, but
forgot to update this site. I'll send a top level patch.

- Cole

Re: [Qemu-devel] qemu 2.0.0-rc2 crash

[Marcel Apfelbaum]

On Thu, 2014-04-10 at 14:38 -0400, Cole Robinson wrote:
> On 04/10/2014 02:15 PM, Cole Robinson wrote:
> > On 04/10/2014 12:39 PM, Marcel Apfelbaum wrote:
> >> On Thu, 2014-04-10 at 18:24 +0200, Marcin Gibuła wrote:
> >>> W dniu 2014-04-10 15:43, Marcel Apfelbaum pisze:
> >>>> On Thu, 2014-04-10 at 14:55 +0200, Marcin Gibuła wrote:
> >>>>> Hi,
> >>>>>
> >>>>> I've been playing with QEMU 2.0-rc2 and found a crash that isn't there
> >>>>> in 1.7.1.
> >>>> Hi Marcin,
> >>>> Thanks for reporting the bug!
> >>>>
> >>>> Do you have a development environment?
> >>>> If you do, and the reproduction is fast (and you already have a setup),
> >>>> a git bisect to find the problematic commit would be appreciated,
> >>>
> >>> Hi,
> >>>
> >>> yes, it's on development environment. If you could point me to some 
> >>> quick guide to bisecting qemu, I'll be happy to do it.
> >>
> >> Sure! Thanks for helping.
> >>
> >> 1. Start:
> >>      git bisect start
> >>      git bisect good <commit hash or tag name of the version that works> (Ex: v1.7.1)
> >>      git bisect bad <commit hash or tag name of the non working version> (Ex: HEAD)
> >> 2. Git will checkout commits for you and you have to check and answer:
> >>      git bisect good or git bisect bad 
> >> 3. Git will show you the first bad commit.
> >>
> >> A more detailed version here:
> >> http://git-scm.com/book/en/Git-Tools-Debugging-with-Git
> >> Look for git-bisect.
> > 
> > Actually I was just independently bisecting this :) Culprit is:
> > 
> > commit 9561fda8d90e176bef598ba87c42a1bd6ad03ef7
> > Author: Stefan Hajnoczi <stefanha@redhat.com>
> > Date:   Wed Mar 19 08:58:55 2014 +0100
> > 
> >     qom: Make QOM link property unref optional
> > 
> > Simple reproducer:
> > 
> > ./x86_64-softmmu/qemu-system-x86_64 -qmp unix:./qmp.sock,server
> > 
> > ./scripts/qmp/qmp-shell ./qmp.sock
> > (QEMU) qom-list path=//machine/i440fx/pci.0/child[2]
> > 
> > Seems like trying to qom-list any link property will crash
> > 
> 
> I think this is the fix:
> 
> diff --git a/qom/object.c b/qom/object.c
> index f4de619..9a730e7 100644
> --- a/qom/object.c
> +++ b/qom/object.c
> @@ -1225,7 +1225,8 @@ Object *object_resolve_path_component(Object *parent, cons
>      }
> 
>      if (object_property_is_link(prop)) {
> -        return *(Object **)prop->opaque;
> +        LinkProperty *lprop = prop->opaque;
> +        return *lprop->child;
Seems OK to me, but I am not so familiar with this part...
maybe we'll get a feedback from the maintainers.

Thanks,
Marcel

>      } else if (object_property_is_child(prop)) {
>          return prop->opaque;
>      } else {
> 
> The commit mentioned above changed the type of opaque for link properties, but
> forgot to update this site. I'll send a top level patch.
> 
> - Cole
>