From: Stefan Hajnoczi <stefanha@gmail.com>
To: Bug 1094950 <1094950@bugs.launchpad.net>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [Bug 1094950] Re: crash at qemu_iohandler_poll (iohandler.c:124) on macos 10.8.2
Date: Mon, 7 Jan 2013 14:18:27 +0100 [thread overview]
Message-ID: <20130107131827.GD17997@stefanha-thinkpad.redhat.com> (raw)
In-Reply-To: <20130104180930.8294.45252.malone@soybean.canonical.com>
On Fri, Jan 04, 2013 at 06:09:30PM -0000, Christopher Mason wrote:
> Using qemu master rev dbd99ae..25bbf61 configured with:
>
> ./configure --disable-sdl --disable-kvm --enable-cocoa --enable-debug
> --extra-cflags=-g --extra-ldflags=-g
>
> (I'm using clang 4.1 now. Should I be using clang or gcc 4.2? Are these
> the right config args?)
I have never used QEMU on Mac myself, sorry. Maybe someone else can
help.
> (gdb) b sigfd_handler
> Breakpoint 1 at 0x1001c098d: file main-loop.c, line 41.
>
> (gdb) r -nographic -M versatilepb -kernel vmlinuz-2.6.32-5-versatile -initrd initrd.img-2.6.32-5-versatile -hda debian_squeeze_armel_standard.qcow2 -append "root=/dev/sda1 console=ttyAMA0"
> ...
> Breakpoint 1, sigfd_handler (opaque=0x3) at main-loop.c:41
> 41 int fd = (intptr_t)opaque;
> (gdb) bt
> #0 sigfd_handler (opaque=0x3) at main-loop.c:41
> #1 0x00000001001baaee in qemu_iohandler_poll (readfds=0x100a0938c, writefds=0x100a0940c, xfds=0x100a0948c, ret=3) at iohandler.c:124
> #2 0x00000001001c00bb in main_loop_wait (nonblocking=0) at main-loop.c:418
> #3 0x000000010027bde4 in main_loop () at vl.c:1765
> #4 0x00000001002765c2 in qemu_main (argc=12, argv=0x7fff5fbff340, envp=0x7fff5fbff3a8) at vl.c:4014
> #5 0x0000000100239a13 in main (argc=12, argv=0x7fff5fbff340) at ui/cocoa.m:884
> Current language: auto; currently minimal
> (gdb) p io_handlers
> $1 = {
> lh_first = 0x102102ab0
> }
> (gdb) p * io_handlers.lh_first
> $2 = {
> fd_read_poll = 0x1001fad60 <stdio_read_poll>,
> fd_read = 0x1001fae20 <stdio_read>,
> fd_write = 0,
> opaque = 0x1021029c0,
> next = {
> le_next = 0x102100000,
> le_prev = 0x100a09368
> },
> fd = 0,
> deleted = false
> }
> (gdb) p * io_handlers.lh_first->next.le_prev
> $3 = (struct IOHandlerRecord *) 0x102102ab0
> (gdb) p * io_handlers.lh_first->next.le_next
> $4 = {
> fd_read_poll = 0,
> fd_read = 0x1001c0970 <sigfd_handler>,
> fd_write = 0,
> opaque = 0x3,
> next = {
> le_next = 0x0,
> le_prev = 0x102102ad0
> },
> fd = 3,
> deleted = false
> }
>
> (gdb) c
>
> Program received signal EXC_BAD_ACCESS, Could not access memory.
> Reason: KERN_PROTECTION_FAILURE at address: 0x0000000102100040
> 0x0000000102100040 in ?? ()
> (gdb) bt
> #0 0x0000000102100040 in ?? ()
> #1 0x00000001001baaee in qemu_iohandler_poll (readfds=0x100a0938c, writefds=0x100a0940c, xfds=0x100a0948c, ret=3) at iohandler.c:124
> #2 0x00000001001c00bb in main_loop_wait (nonblocking=0) at main-loop.c:418
> #3 0x000000010027bde4 in main_loop () at vl.c:1765
> #4 0x00000001002765c2 in qemu_main (argc=12, argv=0x7fff5fbff340, envp=0x7fff5fbff3a8) at vl.c:4014
> #5 0x0000000100239a13 in main (argc=12, argv=0x7fff5fbff340) at ui/cocoa.m:884
>
> (gdb) p io_handlers
> $5 = {
> lh_first = 0x102102ab0
> }
> (gdb) p * io_handlers.lh_first
> $6 = {
> fd_read_poll = 0x1001fad60 <stdio_read_poll>,
> fd_read = 0x1001fae20 <stdio_read>,
> fd_write = 0,
> opaque = 0x1021029c0,
> next = {
> le_next = 0x102100000,
> le_prev = 0x100a09368
> },
> fd = 0,
> deleted = false
> }
> (gdb) p * io_handlers.lh_first->next.le_next
> $8 = {
> fd_read_poll = 0,
> fd_read = 0x1001c0970 <sigfd_handler>,
> fd_write = 0,
> opaque = 0x3,
> next = {
> le_next = 0x0,
> le_prev = 0x102102ad0
> },
> fd = 3,
> deleted = false
> }
> (gdb) p * io_handlers.lh_first->next.le_prev
> $9 = (struct IOHandlerRecord *) 0x102102ab0
This is interesting. The iohandlers are intact - there was no
memory corruption there. The fact that it crashes after executing
sigfd_handler() once is suspicious.
My next suggestion is to break on iohandler.c:124 and find out why
0x0000000102100040 is getting called. Really it should be
sigfd_handler() that gets called again. This may require a few tries
and probably familiarity with assembly to debug.
I have pinged other QEMU contributors who have Macs. Perhaps they can
help better from here.
Stefan
next prev parent reply other threads:[~2013-01-07 13:18 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-31 20:46 [Qemu-devel] [Bug 1094950] [NEW] crash at qemu_iohandler_poll (iohandler.c:124) on macos 10.8.2 Christopher Mason
2013-01-04 16:52 ` Stefan Hajnoczi
2013-01-04 18:09 ` [Qemu-devel] [Bug 1094950] " Christopher Mason
2013-01-07 13:18 ` Stefan Hajnoczi [this message]
2017-07-11 19:58 ` Thomas Huth
2017-09-10 4:17 ` Launchpad Bug Tracker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130107131827.GD17997@stefanha-thinkpad.redhat.com \
--to=stefanha@gmail.com \
--cc=1094950@bugs.launchpad.net \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).