From: Roy Tam <roytam@gmail.com>
To: Luiz Capitulino <lcapitulino@redhat.com>
Cc: qemu-devel <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] system_reset command cause assert failed
Date: Thu, 4 Feb 2010 09:39:08 +0800 [thread overview]
Message-ID: <473191351002031739u67dc50a3n25472243005d84e7@mail.gmail.com> (raw)
In-Reply-To: <20100203102642.638119bc@doriath>
2010/2/3 Luiz Capitulino <lcapitulino@redhat.com>:
> On Wed, 3 Feb 2010 10:09:07 +0800
> Roy Tam <roytam@gmail.com> wrote:
>
>> 2010/2/2 Luiz Capitulino <lcapitulino@redhat.com>:
>> > On Tue, 2 Feb 2010 09:35:16 +0800
>> > Roy Tam <roytam@gmail.com> wrote:
>> >
>> >> 2010/2/2 Luiz Capitulino <lcapitulino@redhat.com>:
>> >> > On Tue, 2 Feb 2010 00:26:53 +0800
>> >> > Roy Tam <roytam@gmail.com> wrote:
>> >> >
>> >> >> 2010/2/2 Luiz Capitulino <lcapitulino@redhat.com>:
>> >> >>
>> >> >> > Hm, I'm puzzled. Is this failing on malloc()? At least qemu_malloc()
>> >> >> > is the last qemu's function I see in the logs.
>> >> >> >
>> >> >> > From now on I only see msvcrt functions...
>> >> >> >
>> >> >> > Maybe, you can type run on gdb, run system_reset on the
>> >> >> > Monitor and then switch back to gdb and type bt?
>> >> >> >
>> >> >> source-less debugging seems better...
>> >> >
>> >> > As far as I can understand something bad happens while the parser
>> >> > is processing the first "'" character of the qobject_from_jsonf()
>> >> > call in monitor.c:4524.
>> >> >
>> >> > Strange. Can you try 'info pci', 'info block' and 'info version'?
>> >> > Do they work?
>> >> >
>> >> > Maybe this is a refcount problem?
>> >> >
>> >> > Anthony, could you take a look too please?
>> >> >
>> >>
>> >> rebuild with -gstabs -O1, you can see double free here:
>> >
>> > Ok, so we have a double free and
>> >
>>
>> Clarify that after digging into sources further, it is not double
>> free, but parse_json not be executed by json_lexer_feed_char as I put
>> asm("int3") in parse_json but there's no SIGTRAP be raised. (for
>> system_reset and system_powerdown)
>
> Well, I think I'll only have time to setup this stuff on windows
> in two or three days :(
>
>> >> #0 qobject_to_qdict (obj=0x0) at qobject.h:108
>> >> #1 0x004127ae in pci_device_print (mon=0x494c460, device=0x49696c0)
>> >> at /home/roy/qemu/hw/pci.c:1165
>> >
>> > a segfault.
>>
>> for this, parse_json was executed by json_lexer_feed_char.
>> a workaround patch is here, but why null qobj has pushed into qlist?
>
> Yeah, that's the question and I'm afraid that this patch will
> actually hide the real bug.
>
> You can do two things:
>
> 1. Put an assert() at qlist.c:qlist_append_obj()
qobject_from_jsonf() fails? then it may be same of
system_reset/system_powerdown issue.
#0 qlist_append_obj (qlist=0x49614f0, value=0x0) at qlist.c:63
#1 0x004121f0 in pci_get_devices_list (bus=0x4979618, bus_num=0) at
/home/roy/qemu/hw/pci.c:1266
#2 0x0041246c in do_pci_info (mon=0x494c460, ret_data=0x22f048) at
/home/roy/qemu/hw/pci.c:1348
#3 0x0040ebaa in do_info (mon=0x494c460, qdict=0xd95d0d8,
ret_data=0x22f048) at /home/roy/qemu/monitor.c:566
#4 0x0040e3f9 in monitor_call_handler (mon=0x494c460, cmd=0x589b78,
params=0x77bfc2e3)
at /home/roy/qemu/monitor.c:3715
#5 0x00410423 in handle_user_command (mon=0x494c460,
cmdline=0x77c2f97c "\001") at /home/roy/qemu/monitor.c:3753
#6 0x004105ae in monitor_command_cb (mon=0x494c460, cmdline=0x494c8b8
"info pci", opaque=0x0)
at /home/roy/qemu/monitor.c:4267
#7 0x004503bc in readline_handle_byte (rs=0x494c8b8, ch=13) at readline.c:369
#8 0x00410627 in monitor_read (opaque=0x494c460, buf=0x22f708 "\r",
size=1) at /home/roy/qemu/monitor.c:4253
#9 0x004698ea in qemu_chr_read (s=0x13b4c68, buf=0x22f708 "\r",
len=1) at qemu-char.c:154
#10 0x00451f3e in kbd_send_chars (opaque=0x494c358) at console.c:1130
#11 0x00452154 in kbd_put_keysym (keysym=13) at console.c:1183
#12 0x0047d0b5 in sdl_refresh (ds=0x4978030) at sdl.c:634
#13 0x00405c83 in gui_update (opaque=0x4978030) at /home/roy/qemu/console.h:219
#14 0x0040168d in qemu_run_timers (ptimer_head=0x5db4e8,
current_time=10819500) at /home/roy/qemu/vl.c:913
#15 0x00405bca in main_loop_wait (timeout=0) at /home/roy/qemu/vl.c:3793
#16 0x00408e2a in main (argc=1, argv=0x13b3f38, envp=0x4012f0) at
/home/roy/qemu/vl.c:3981
> 2. Reset your tree to commit 0a7fc983ce and send me the output of
> 'info pci'
>
info pci works in this rev.
next prev parent reply other threads:[~2010-02-04 1:39 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-31 8:28 [Qemu-devel] system_reset command cause assert failed Roy Tam
2010-02-01 12:17 ` Luiz Capitulino
2010-02-01 12:36 ` Roy Tam
2010-02-01 13:22 ` Luiz Capitulino
2010-02-01 13:42 ` Roy Tam
2010-02-01 16:02 ` Luiz Capitulino
2010-02-01 16:26 ` Roy Tam
2010-02-01 18:58 ` Luiz Capitulino
2010-02-02 1:35 ` Roy Tam
2010-02-02 12:58 ` Luiz Capitulino
2010-02-03 2:09 ` Roy Tam
2010-02-03 12:26 ` Luiz Capitulino
2010-02-04 1:39 ` Roy Tam [this message]
2010-02-01 16:33 ` Roy Tam
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=473191351002031739u67dc50a3n25472243005d84e7@mail.gmail.com \
--to=roytam@gmail.com \
--cc=lcapitulino@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).