[Qemu-devel] glibc abort if -snapshot is used

[Qemu-devel] glibc abort if -snapshot is used

[Andrew Barr]

Hi,

I am installing some software (iTunes) in my Windows 2000 SP4 virtual
machine. I don't know what it is going to /do/, specifically, to my VM
so I would like to run QEMU in snapshot mode so that I can commit system
changes only if desired. However, when I run qemu like this, I get into
trouble:

andrew@r51:~$ qemu -hda .disk/win2k.dsk -m 256 -snapshot -kernel-kqemu
-usb -usbdevice tablet -localtime -smb /home/andrew
*** glibc detected *** double free or corruption (fasttop): 0xAborted

Sometimes it finishes printing the address: 0x09b2c738

The SDL window never comes up, the abort is instanenous. I did a
backtrace but because I built Debian packages debhelper strips the debug
information out, so it doesn't say much. I can rebuild QEMU with debug
information and obtain a proper backtrace if it would be useful to
someone.

This is a QEMU 0.8.2 CVS snapshot of 2006/08/19. I did a 'cvs up' on my
source tree, only the documentation has been updated since then.
Normally I run this VM exactly the same except without the '-snapshot'
parameter. If I remove that, it starts up as expected.

The disk image is QCOW2 and kqemu is 1.3.0pre9 (BTW, '-no-kqemu' without
'-kernel-kqemu' makes no difference)

glibc is 2.3.6-ds1-2 from Debian sid. QEMU was compiled with GCC 3.4.6
also from Debian.

-- 
Andrew Barr | http://www.oakcourt.dyndns.org/~andrew/

All parts should go together without forcing. You must remember that
the parts you are reassembling were disassembled by you. Therefore, if
you can't get them together again, there must be a reason. By all
means, do not use a hammer.
  -- IBM maintenance manual (1925)

Re: [Qemu-devel] glibc abort if -snapshot is used

[Rene Horn]

[-- Attachment #1: Type: text/plain, Size: 2389 bytes --]

Why not just build it right from the source instead of using debhelper?
With that, just have install into /usr/local.

Rene

On 8/22/06, Andrew Barr <andrew.james.barr@gmail.com> wrote:
>
> Hi,
>
> I am installing some software (iTunes) in my Windows 2000 SP4 virtual
> machine. I don't know what it is going to /do/, specifically, to my VM
> so I would like to run QEMU in snapshot mode so that I can commit system
> changes only if desired. However, when I run qemu like this, I get into
> trouble:
>
> andrew@r51:~$ qemu -hda .disk/win2k.dsk -m 256 -snapshot -kernel-kqemu
> -usb -usbdevice tablet -localtime -smb /home/andrew
> *** glibc detected *** double free or corruption (fasttop): 0xAborted
>
> Sometimes it finishes printing the address: 0x09b2c738
>
> The SDL window never comes up, the abort is instanenous. I did a
> backtrace but because I built Debian packages debhelper strips the debug
> information out, so it doesn't say much. I can rebuild QEMU with debug
> information and obtain a proper backtrace if it would be useful to
> someone.
>
> This is a QEMU 0.8.2 CVS snapshot of 2006/08/19. I did a 'cvs up' on my
> source tree, only the documentation has been updated since then.
> Normally I run this VM exactly the same except without the '-snapshot'
> parameter. If I remove that, it starts up as expected.
>
> The disk image is QCOW2 and kqemu is 1.3.0pre9 (BTW, '-no-kqemu' without
> '-kernel-kqemu' makes no difference)
>
> glibc is 2.3.6-ds1-2 from Debian sid. QEMU was compiled with GCC 3.4.6
> also from Debian.
>
> --
> Andrew Barr | http://www.oakcourt.dyndns.org/~andrew/
>
> All parts should go together without forcing. You must remember that
> the parts you are reassembling were disassembled by you. Therefore, if
> you can't get them together again, there must be a reason. By all
> means, do not use a hammer.
>   -- IBM maintenance manual (1925)
>
>
> _______________________________________________
> Qemu-devel mailing list
> Qemu-devel@nongnu.org
> http://lists.nongnu.org/mailman/listinfo/qemu-devel
>



-- 
the.rhorn@gmail.com, rhorn@sdf.lonestar.org,
hornr18@uwosh.edu (UW-Oshkosh email address),
http://rhorn.unixcab.org - a bunch of experimental stuff
SDF Public Access UNIX System - http://sdf.lonestar.org

Jay Leno in response to Colin Powell's deadline for an Iraqi
constitution:
"They can take ours.  After all, we aren't using it..."

[-- Attachment #2: Type: text/html, Size: 3183 bytes --]

Re: [Qemu-devel] glibc abort if -snapshot is used

[Andrew Barr]

On Tue, 2006-08-22 at 22:40 -0500, Rene Horn wrote:
> Why not just build it right from the source instead of using
> debhelper?  With that, just have install into /usr/local.

Well, apparently QEMU's build system strips the binaries on it's own so
debhelper is irrelevant to this particular problem. Anyway, after
moving /usr/bin/strip out of the way and symlinking that to /bin/true, I
have a backtrace I hope will be of use to Fabrice or someone else:

(gdb) run
Starting program: /usr/local/bin/qemu -hda .disk/win2k.dsk -m 256
-kernel-kqemu -usb -usbdevice tablet -localtime -smb /home/andrew
-snapshot
[Thread debugging using libthread_db enabled]
[New Thread -1480591680 (LWP 28161)]
*** glibc detected *** double free or corruption (fasttop): 0x09b53760
***

Program received signal SIGABRT, Aborted.
[Switching to Thread -1480591680 (LWP 28161)]
0xa7fe5792 in ?? () from /lib/ld-linux.so.2
(gdb) where
#0  0xa7fe5792 in ?? () from /lib/ld-linux.so.2
#1  0xa7dcd821 in raise () from /lib/tls/i686/cmov/libc.so.6
#2  0xa7dcefb9 in abort () from /lib/tls/i686/cmov/libc.so.6
#3  0xa7e02c4a in __fsetlocking () from /lib/tls/i686/cmov/libc.so.6
#4  0xa7e0a4df in mallopt () from /lib/tls/i686/cmov/libc.so.6
#5  0xa7e0a582 in free () from /lib/tls/i686/cmov/libc.so.6
#6  0x0805b37c in bdrv_close (bs=0xa7ed1ff4)
at /home/andrew/packages/src/qemu-0.8.2.20060819/block.c:406
#7  0x0805b3d2 in bdrv_delete (bs=0x9b52ce8)
at /home/andrew/packages/src/qemu-0.8.2.20060819/block.c:425
#8  0x0805be8a in bdrv_file_open (pbs=0x0, filename=0x0, flags=-2)
    at /home/andrew/packages/src/qemu-0.8.2.20060819/block.c:288
#9  0x0805bd4a in bdrv_open2 (bs=0x9b52270, filename=0xafb4cee0
"/tmp/.disk/win2k.dsk", flags=0, drv=0x0)
    at /home/andrew/packages/src/qemu-0.8.2.20060819/block.c:256
#10 0x0805be25 in bdrv_open (bs=0x0, filename=0x0, flags=0)
at /home/andrew/packages/src/qemu-0.8.2.20060819/block.c:297
#11 0x0805bc55 in bdrv_open2 (bs=0x9b287d0, filename=0xafb4d2e0
"/tmp/vl.xxJfqK", flags=8, drv=0x81327c0)
    at /home/andrew/packages/src/qemu-0.8.2.20060819/block.c:388
#12 0x0805be25 in bdrv_open (bs=0x0, filename=0x0, flags=0)
at /home/andrew/packages/src/qemu-0.8.2.20060819/block.c:297
#13 0x08052e6e in main (argc=13, argv=0xafb50294)
at /home/andrew/packages/src/qemu-0.8.2.20060819/vl.c:6784

-- 
Andrew Barr | http://www.oakcourt.dyndns.org/~andrew/

All parts should go together without forcing. You must remember that
the parts you are reassembling were disassembled by you. Therefore, if
you can't get them together again, there must be a reason. By all
means, do not use a hammer.
  -- IBM maintenance manual (1925)

Re: [Qemu-devel] glibc abort if -snapshot is used

[Leonardo E. Reiter]

FYI... you can actually run the unstripped binaries from the build tree
instead of the target installation directory.  For example, if you have
qemu installed in /opt/qemu, but you built in
/home/andrew/packages/src/qemu, instead of:

/opt/qemu/bin/qemu

run:

/home/andrew/packages/src/qemu/i386-softmmu/qemu

replace i386-softmmu with whatever target you are trying to run if
that's not it.  The binary is not stripped until after it's installed in
the target directory, so you can use the one in the build directory for
debugging if needed.

- Leo Reiter

Andrew Barr wrote:
> On Tue, 2006-08-22 at 22:40 -0500, Rene Horn wrote:
>> Why not just build it right from the source instead of using
>> debhelper?  With that, just have install into /usr/local.
> 
> Well, apparently QEMU's build system strips the binaries on it's own so
> debhelper is irrelevant to this particular problem. Anyway, after
> moving /usr/bin/strip out of the way and symlinking that to /bin/true, I
> have a backtrace I hope will be of use to Fabrice or someone else:
<snip>

-- 
Leonardo E. Reiter
Vice President of Product Development, CTO

Win4Lin, Inc.
Virtual Computing that means Business
Main: +1 512 339 7979
Fax: +1 512 532 6501
http://www.win4lin.com

Re: [Qemu-devel] glibc abort if -snapshot is used

[Stefan Weil]

Andrew Barr schrieb:
> glibc is 2.3.6-ds1-2 from Debian sid. QEMU was compiled with GCC 3.4.6
> also from Debian.

Hi Andrew,

I get the same error message when a raw disk image cannot be accessed:

$ ./i386-softmmu/qemu -snapshot -m 256 /dev/hda
Could not configure '/dev/rtc' to have a 1024 Hz timer. This is not a fatal
error, but for better emulation accuracy either use a 2.6 host Linux
kernel or
type 'echo 1024 > /proc/sys/dev/rtc/max-user-freq' as root.
*** glibc detected *** double free or corruption (fasttop): 0x09b29120 ***
Abgebrochen

With read access to /dev/hda, everything works fine.

My libc is Debian libc6-2.3.6-15, and the abort message is correct:
QEMU CVS head frees the same memory (bs->opaque in bdrv_close) 2 times.
Older versions of QEMU did not have this bug:

$ qemu -snapshot -m 256 /dev/hda
qemu: could not open hard disk image '/dev/hda'

Regards
Stefan

Re: [Qemu-devel] glibc abort if -snapshot is used

[Stefan Weil]

Stefan Weil schrieb:
> My libc is Debian libc6-2.3.6-15, and the abort message is correct:
> QEMU CVS head frees the same memory (bs->opaque in bdrv_close) 2 times.
> Older versions of QEMU did not have this bug:
>
> $ qemu -snapshot -m 256 /dev/hda
> qemu: could not open hard disk image '/dev/hda
Fabrice latest update (block.c, block-raw.c) fixes this.

Merci, Fabrice.
Stefan