From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:45646) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TrAVR-00043c-0G for qemu-devel@nongnu.org; Fri, 04 Jan 2013 11:52:29 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TrAVP-0002fA-SY for qemu-devel@nongnu.org; Fri, 04 Jan 2013 11:52:28 -0500 Received: from mail-bk0-f53.google.com ([209.85.214.53]:40211) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TrAVP-0002ek-L9 for qemu-devel@nongnu.org; Fri, 04 Jan 2013 11:52:27 -0500 Received: by mail-bk0-f53.google.com with SMTP id j5so7379809bkw.12 for ; Fri, 04 Jan 2013 08:52:26 -0800 (PST) Date: Fri, 4 Jan 2013 17:52:24 +0100 From: Stefan Hajnoczi Message-ID: <20130104165224.GG6310@stefanha-thinkpad.hitronhub.home> References: <20121231204645.26308.5533.malonedeb@soybean.canonical.com> <20121231204645.26308.5533.malonedeb@soybean.canonical.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20121231204645.26308.5533.malonedeb@soybean.canonical.com> Subject: Re: [Qemu-devel] [Bug 1094950] [NEW] crash at qemu_iohandler_poll (iohandler.c:124) on macos 10.8.2 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Bug 1094950 <1094950@bugs.launchpad.net> Cc: qemu-devel@nongnu.org On Mon, Dec 31, 2012 at 08:46:45PM -0000, Christopher Mason wrote: > Public bug reported: > > I'm seeing consistent hangs / crashes on MacOS 10.8.2 with 1.3.0. I've > tried both gcc-4.2 and clang. I've tried a half a dozen different > images/kernels. Which QEMU version are you building? Have you tried qemu.git/master? > Program received signal EXC_BAD_ACCESS, Could not access memory. > Reason: KERN_PROTECTION_FAILURE at address: 0x000000010142f2d0 > 0x000000010142f2d0 in ?? () > > (gdb) bt > #0 0x000000010142f2d0 in ?? () > #1 0x000000010016e209 in qemu_iohandler_poll (readfds=0x10097ca00, writefds=0x10097ca80, xfds=0x10097cb00, ret=4) at iohandler.c:124 > #2 0x0000000100172acf in main_loop_wait (nonblocking=0) at main-loop.c:418 > #3 0x0000000100207bbf in main_loop () at vl.c:1765 > #4 0x000000010020e7b0 in qemu_main (argc=12, argv=0x7fff5fbff360, envp=0x7fff5fbff3c8) at vl.c:3992 > #5 0x00000001001d6013 in main (argc=12, argv=0x7fff5fbff360) at ui/cocoa.m:884 > (gdb) frame 1 > #1 0x000000010016e209 in qemu_iohandler_poll (readfds=0x10097ca00, writefds=0x10097ca80, xfds=0x10097cb00, ret=4) at iohandler.c:124 > 124 ioh->fd_read(ioh->opaque); > Current language: auto; currently c > (gdb) p ioh > $1 = (IOHandlerRecord *) 0x10142f110 > (gdb) p *ioh > $2 = { > fd_read_poll = 0, > fd_read = 0x10017212b , The fd_read() function pointer should be called here. But somehow we end up with 0x000000010142f2d0, which is awefully close to the IOHandlerRecord (0x10142f110). Perhaps printing out the entire io_handlers list would be interesting too. Does this happen at an unspecified point or is it always when the fd_read sigfd_handler() callback is invoked? (You could put a breakpoint on sigfd_handler() and continue the first time it is hit to check this.) Stefan