Re: [Qemu-devel] system_reset command cause assert failed

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Roy Tam <roytam@gmail.com>
To: Luiz Capitulino <lcapitulino@redhat.com>
Cc: qemu-devel <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] system_reset command cause assert failed
Date: Tue, 2 Feb 2010 09:35:16 +0800	[thread overview]
Message-ID: <473191351002011735j29950b07hfa4fd06821849a8b@mail.gmail.com> (raw)
In-Reply-To: <20100201165822.78a7c5bb@doriath>

2010/2/2 Luiz Capitulino <lcapitulino@redhat.com>:
> On Tue, 2 Feb 2010 00:26:53 +0800
> Roy Tam <roytam@gmail.com> wrote:
>
>> 2010/2/2 Luiz Capitulino <lcapitulino@redhat.com>:
>>
>> >  Hm, I'm puzzled. Is this failing on malloc()? At least qemu_malloc()
>> > is the last qemu's function I see in the logs.
>> >
>> >  From now on I only see msvcrt functions...
>> >
>> >  Maybe, you can type run on gdb, run system_reset on the
>> > Monitor and then switch back to gdb and type bt?
>> >
>> source-less debugging seems better...
>
>  As far as I can understand something bad happens while the parser
> is processing the first "'" character of the qobject_from_jsonf()
> call in monitor.c:4524.
>
>  Strange. Can you try 'info pci', 'info block' and 'info version'?
> Do they work?
>
>  Maybe this is a refcount problem?
>
>  Anthony, could you take a look too please?
>

rebuild with -gstabs -O1, you can see double free here:

......
(gdb)
qobject_to_qstring (obj=0xd95db10) at qstring.c:110
110     in qstring.c
(gdb)
108     qobject.h: No such file or directory.
        in qobject.h
(gdb)
111     qstring.c: No such file or directory.
        in qstring.c
(gdb)
114     in qstring.c
(gdb)
115     in qstring.c
(gdb)
qstring_destroy_obj (obj=0xd95db10) at qstring.c:138
138     in qstring.c
(gdb)
qemu_free (ptr=0xd95db40) at qemu-malloc.c:41
41      qemu-malloc.c: No such file or directory.
        in qemu-malloc.c
(gdb)
42      in qemu-malloc.c
(gdb)
43      in qemu-malloc.c
(gdb)
qstring_destroy_obj (obj=0xd95db10) at qstring.c:139
139     qstring.c: No such file or directory.
        in qstring.c
(gdb)
qemu_free (ptr=0xd95db10) at qemu-malloc.c:41
41      qemu-malloc.c: No such file or directory.
        in qemu-malloc.c
(gdb) bt
#0  qemu_free (ptr=0xd95db10) at qemu-malloc.c:41
#1  0x0044c49d in qstring_destroy_obj (obj=0xd95db10) at qstring.c:139
#2  0x0044daae in json_lexer_feed_char (lexer=0x22fae0, ch=37 '%') at
qobject.h:99
#3  0x0044db51 in json_lexer_feed (lexer=0x22fae0, buffer=0x5881d0 "{
'seconds': %I64d, 'microseconds': %I64d }",
    size=43) at json-lexer.c:310
#4  0x0044dbc8 in json_message_parser_feed (parser=0x22fadc,
    buffer=0x5881d0 "{ 'seconds': %I64d, 'microseconds': %I64d }",
size=43) at json-streamer.c:76
#5  0x0044d85b in qobject_from_jsonv (string=0x5881d0 "{ 'seconds':
%I64d, 'microseconds': %I64d }", ap=0x22fb40)
    at qjson.c:44
#6  0x0044d8a8 in qobject_from_jsonf (string=0x5881d0 "{ 'seconds':
%I64d, 'microseconds': %I64d }") at qjson.c:62
#7  0x0040ee50 in monitor_protocol_event (event=QEVENT_RESET,
data=0x0) at /home/roy/qemu/monitor.c:335
#8  0x00408ed9 in main (argc=1, argv=0x13b3f38, envp=0x4012f0) at
/home/roy/qemu/vl.c:4000
(gdb)

for info, info version and info block works, info pci segfaults:

Program received signal SIGSEGV, Segmentation fault.
qobject_to_qdict (obj=0x0) at qobject.h:108
108     qobject.h: No such file or directory.
        in qobject.h
(gdb) bt
#0  qobject_to_qdict (obj=0x0) at qobject.h:108
#1  0x004127ae in pci_device_print (mon=0x494c460, device=0x49696c0)
at /home/roy/qemu/hw/pci.c:1165
#2  0x00412f8e in do_pci_info_print (mon=0x494c460, data=0x4970078) at
/home/roy/qemu/hw/pci.c:1204
#3  0x0040ebc4 in do_info (mon=0x494c460, qdict=0xd95d0d8,
ret_data=0x22f048) at /home/roy/qemu/monitor.c:574
#4  0x0040e3f9 in monitor_call_handler (mon=0x494c460, cmd=0x589b78,
params=0x0) at /home/roy/qemu/monitor.c:3715
#5  0x00410423 in handle_user_command (mon=0x494c460,
cmdline=0x77c2f97c "\001") at /home/roy/qemu/monitor.c:3753
#6  0x004105ae in monitor_command_cb (mon=0x494c460, cmdline=0x494c8b8
"info pci", opaque=0x0)
    at /home/roy/qemu/monitor.c:4267
#7  0x004503a0 in readline_handle_byte (rs=0x494c8b8, ch=13) at readline.c:369
#8  0x00410627 in monitor_read (opaque=0x494c460, buf=0x22f708 "\r",
size=1) at /home/roy/qemu/monitor.c:4253
#9  0x004698ce in qemu_chr_read (s=0x13b4c68, buf=0x22f708 "\r",
len=1) at qemu-char.c:154
#10 0x00451f22 in kbd_send_chars (opaque=0x494c358) at console.c:1130
#11 0x00452138 in kbd_put_keysym (keysym=13) at console.c:1183
#12 0x0047d099 in sdl_refresh (ds=0x4978030) at sdl.c:634
#13 0x00405c83 in gui_update (opaque=0x4978030) at /home/roy/qemu/console.h:219
#14 0x0040168d in qemu_run_timers (ptimer_head=0x5db4e8,
current_time=7200606) at /home/roy/qemu/vl.c:913
#15 0x00405bca in main_loop_wait (timeout=0) at /home/roy/qemu/vl.c:3793
#16 0x00408e2a in main (argc=1, argv=0x13b3f38, envp=0x4012f0) at
/home/roy/qemu/vl.c:3981
(gdb)

next prev parent reply	other threads:[~2010-02-02  1:35 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-01-31  8:28 [Qemu-devel] system_reset command cause assert failed Roy Tam
2010-02-01 12:17 ` Luiz Capitulino
2010-02-01 12:36   ` Roy Tam
2010-02-01 13:22     ` Luiz Capitulino
2010-02-01 13:42       ` Roy Tam
2010-02-01 16:02         ` Luiz Capitulino
2010-02-01 16:26           ` Roy Tam
2010-02-01 18:58             ` Luiz Capitulino
2010-02-02  1:35               ` Roy Tam [this message]
2010-02-02 12:58                 ` Luiz Capitulino
2010-02-03  2:09                   ` Roy Tam
2010-02-03 12:26                     ` Luiz Capitulino
2010-02-04  1:39                       ` Roy Tam
2010-02-01 16:33           ` Roy Tam

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=473191351002011735j29950b07hfa4fd06821849a8b@mail.gmail.com \
    --to=roytam@gmail.com \
    --cc=lcapitulino@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).