From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:39381)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1TsCb3-0000oa-RQ
	for qemu-devel@nongnu.org; Mon, 07 Jan 2013 08:18:35 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1TsCb2-0002BC-2W
	for qemu-devel@nongnu.org; Mon, 07 Jan 2013 08:18:33 -0500
Received: from mail-bk0-f50.google.com ([209.85.214.50]:40640)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@gmail.com>) id 1TsCb1-0002B0-NV
	for qemu-devel@nongnu.org; Mon, 07 Jan 2013 08:18:31 -0500
Received: by mail-bk0-f50.google.com with SMTP id jf3so8356331bkc.9
	for <qemu-devel@nongnu.org>; Mon, 07 Jan 2013 05:18:30 -0800 (PST)
Date: Mon, 7 Jan 2013 14:18:27 +0100
From: Stefan Hajnoczi <stefanha@gmail.com>
Message-ID: <20130107131827.GD17997@stefanha-thinkpad.redhat.com>
References: <20121231204645.26308.5533.malonedeb@soybean.canonical.com>
	<20130104180930.8294.45252.malone@soybean.canonical.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20130104180930.8294.45252.malone@soybean.canonical.com>
Subject: Re: [Qemu-devel] [Bug 1094950] Re: crash at qemu_iohandler_poll
 (iohandler.c:124) on	macos 10.8.2
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Bug 1094950 <1094950@bugs.launchpad.net>
Cc: qemu-devel@nongnu.org

On Fri, Jan 04, 2013 at 06:09:30PM -0000, Christopher Mason wrote:
> Using qemu master rev dbd99ae..25bbf61 configured with:
> 
> ./configure --disable-sdl --disable-kvm --enable-cocoa  --enable-debug
> --extra-cflags=-g --extra-ldflags=-g
> 
> (I'm using clang 4.1 now.  Should I be using clang or gcc 4.2? Are these
> the right config args?)

I have never used QEMU on Mac myself, sorry.  Maybe someone else can
help.

> (gdb) b sigfd_handler
> Breakpoint 1 at 0x1001c098d: file main-loop.c, line 41.
> 
> (gdb) r -nographic -M versatilepb -kernel vmlinuz-2.6.32-5-versatile -initrd initrd.img-2.6.32-5-versatile -hda debian_squeeze_armel_standard.qcow2 -append "root=/dev/sda1 console=ttyAMA0"
> ...
> Breakpoint 1, sigfd_handler (opaque=0x3) at main-loop.c:41
> 41	    int fd = (intptr_t)opaque;
> (gdb) bt
> #0  sigfd_handler (opaque=0x3) at main-loop.c:41
> #1  0x00000001001baaee in qemu_iohandler_poll (readfds=0x100a0938c, writefds=0x100a0940c, xfds=0x100a0948c, ret=3) at iohandler.c:124
> #2  0x00000001001c00bb in main_loop_wait (nonblocking=0) at main-loop.c:418
> #3  0x000000010027bde4 in main_loop () at vl.c:1765
> #4  0x00000001002765c2 in qemu_main (argc=12, argv=0x7fff5fbff340, envp=0x7fff5fbff3a8) at vl.c:4014
> #5  0x0000000100239a13 in main (argc=12, argv=0x7fff5fbff340) at ui/cocoa.m:884
> Current language:  auto; currently minimal
> (gdb) p io_handlers
> $1 = {
>   lh_first = 0x102102ab0
> }
> (gdb) p * io_handlers.lh_first
> $2 = {
>   fd_read_poll = 0x1001fad60 <stdio_read_poll>, 
>   fd_read = 0x1001fae20 <stdio_read>, 
>   fd_write = 0, 
>   opaque = 0x1021029c0, 
>   next = {
>     le_next = 0x102100000, 
>     le_prev = 0x100a09368
>   }, 
>   fd = 0, 
>   deleted = false
> }
> (gdb) p * io_handlers.lh_first->next.le_prev
> $3 = (struct IOHandlerRecord *) 0x102102ab0
> (gdb) p * io_handlers.lh_first->next.le_next
> $4 = {
>   fd_read_poll = 0, 
>   fd_read = 0x1001c0970 <sigfd_handler>, 
>   fd_write = 0, 
>   opaque = 0x3, 
>   next = {
>     le_next = 0x0, 
>     le_prev = 0x102102ad0
>   }, 
>   fd = 3, 
>   deleted = false
> }
> 
> (gdb) c
> 
> Program received signal EXC_BAD_ACCESS, Could not access memory.
> Reason: KERN_PROTECTION_FAILURE at address: 0x0000000102100040
> 0x0000000102100040 in ?? ()
> (gdb) bt
> #0  0x0000000102100040 in ?? ()
> #1  0x00000001001baaee in qemu_iohandler_poll (readfds=0x100a0938c, writefds=0x100a0940c, xfds=0x100a0948c, ret=3) at iohandler.c:124
> #2  0x00000001001c00bb in main_loop_wait (nonblocking=0) at main-loop.c:418
> #3  0x000000010027bde4 in main_loop () at vl.c:1765
> #4  0x00000001002765c2 in qemu_main (argc=12, argv=0x7fff5fbff340, envp=0x7fff5fbff3a8) at vl.c:4014
> #5  0x0000000100239a13 in main (argc=12, argv=0x7fff5fbff340) at ui/cocoa.m:884
> 
> (gdb) p io_handlers
> $5 = {
>   lh_first = 0x102102ab0
> }
> (gdb) p * io_handlers.lh_first
> $6 = {
>   fd_read_poll = 0x1001fad60 <stdio_read_poll>, 
>   fd_read = 0x1001fae20 <stdio_read>, 
>   fd_write = 0, 
>   opaque = 0x1021029c0, 
>   next = {
>     le_next = 0x102100000, 
>     le_prev = 0x100a09368
>   }, 
>   fd = 0, 
>   deleted = false
> }
> (gdb) p * io_handlers.lh_first->next.le_next
> $8 = {
>   fd_read_poll = 0, 
>   fd_read = 0x1001c0970 <sigfd_handler>, 
>   fd_write = 0, 
>   opaque = 0x3, 
>   next = {
>     le_next = 0x0, 
>     le_prev = 0x102102ad0
>   }, 
>   fd = 3, 
>   deleted = false
> }
> (gdb) p * io_handlers.lh_first->next.le_prev
> $9 = (struct IOHandlerRecord *) 0x102102ab0

This is interesting.  The iohandlers are intact - there was no
memory corruption there.  The fact that it crashes after executing
sigfd_handler() once is suspicious.

My next suggestion is to break on iohandler.c:124 and find out why
0x0000000102100040 is getting called.  Really it should be
sigfd_handler() that gets called again.  This may require a few tries
and probably familiarity with assembly to debug.

I have pinged other QEMU contributors who have Macs.  Perhaps they can
help better from here.

Stefan