From patchwork Wed Feb 3 02:09:07 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Roy Tam X-Patchwork-Id: 44333 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [199.232.76.165]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 04618B7D55 for ; Wed, 3 Feb 2010 13:17:29 +1100 (EST) Received: from localhost ([127.0.0.1]:49749 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1NcUj0-0000fh-Pj for incoming@patchwork.ozlabs.org; Tue, 02 Feb 2010 21:12:14 -0500 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1NcUhW-0000Ho-Gz for qemu-devel@nongnu.org; Tue, 02 Feb 2010 21:10:42 -0500 Received: from [199.232.76.173] (port=36211 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1NcUhW-0000HL-0i for qemu-devel@nongnu.org; Tue, 02 Feb 2010 21:10:42 -0500 Received: from Debian-exim by monty-python.gnu.org with spam-scanned (Exim 4.60) (envelope-from ) id 1NcUhU-0000Uq-BV for qemu-devel@nongnu.org; Tue, 02 Feb 2010 21:10:41 -0500 Received: from mx20.gnu.org ([199.232.41.8]:41085) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1NcUhT-0000RO-2V for qemu-devel@nongnu.org; Tue, 02 Feb 2010 21:10:39 -0500 Received: from mail-px0-f189.google.com ([209.85.216.189]) by mx20.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1NcUgZ-0000iv-97 for qemu-devel@nongnu.org; Tue, 02 Feb 2010 21:09:43 -0500 Received: by pxi27 with SMTP id 27so759356pxi.4 for ; Tue, 02 Feb 2010 18:09:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :from:date:message-id:subject:to:cc:content-type; bh=KWUsnJ1cfkId0weTvwFqSHW6ZbpHdwmfa/sjp78fAas=; b=IHvIaqCAfvAgCZPd33dIdo/abvbQ55d6xtEn1f/a+f4bzx6aJhjufGFDp0Gf+AwzUJ vr1ngd0iD5Yu8ySg9pEufM0zjHiwUjBpLXDgdBNb06KNrMn9XdvQnCgYgkIN4XIol3DO hHRN/Hwu9KhEi/ArAWaiVBdTiCwm6tpAoAjt8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=KaeVBP/vHP7ukJR8Czx7bsgYRsxP4RDPNJgJXh5leAzSYJG2Q4ZVOz+Bmj0+xmCz3G v4a5Ef8JLhARJvfLzoJ9KHdM1LqPStsM78foLuHG2VH9Ol/LD6Nw0NI6wqAg9lBNbO6J QdygnK/89Pf5tdeV0CZkau85JTfNXfs1SUOV0= MIME-Version: 1.0 Received: by 10.114.119.3 with SMTP id r3mr4611494wac.16.1265162967102; Tue, 02 Feb 2010 18:09:27 -0800 (PST) In-Reply-To: <20100202105846.11524da1@doriath> References: <473191351001310028q75bff0fah52f7a1f3ce5fdbee@mail.gmail.com> <20100201101733.46459bde@doriath> <473191351002010436w65fe6357h8fbf1f2ef787df4d@mail.gmail.com> <20100201112208.04e70689@doriath> <473191351002010542h5b0c268ehbbc411be59150260@mail.gmail.com> <20100201140206.1f414f3f@doriath> <473191351002010826v7575cf55pa5146f6c7d8d6782@mail.gmail.com> <20100201165822.78a7c5bb@doriath> <473191351002011735j29950b07hfa4fd06821849a8b@mail.gmail.com> <20100202105846.11524da1@doriath> From: Roy Tam Date: Wed, 3 Feb 2010 10:09:07 +0800 Message-ID: <473191351002021809j187ef16bo172d1c925135d191@mail.gmail.com> Subject: Re: [Qemu-devel] system_reset command cause assert failed To: Luiz Capitulino X-detected-operating-system: by mx20.gnu.org: GNU/Linux 2.6 (newer, 2) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) Cc: qemu-devel X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org 2010/2/2 Luiz Capitulino : > On Tue, 2 Feb 2010 09:35:16 +0800 > Roy Tam wrote: > >> 2010/2/2 Luiz Capitulino : >> > On Tue, 2 Feb 2010 00:26:53 +0800 >> > Roy Tam wrote: >> > >> >> 2010/2/2 Luiz Capitulino : >> >> >> >> > Hm, I'm puzzled. Is this failing on malloc()? At least qemu_malloc() >> >> > is the last qemu's function I see in the logs. >> >> > >> >> > From now on I only see msvcrt functions... >> >> > >> >> > Maybe, you can type run on gdb, run system_reset on the >> >> > Monitor and then switch back to gdb and type bt? >> >> > >> >> source-less debugging seems better... >> > >> > As far as I can understand something bad happens while the parser >> > is processing the first "'" character of the qobject_from_jsonf() >> > call in monitor.c:4524. >> > >> > Strange. Can you try 'info pci', 'info block' and 'info version'? >> > Do they work? >> > >> > Maybe this is a refcount problem? >> > >> > Anthony, could you take a look too please? >> > >> >> rebuild with -gstabs -O1, you can see double free here: > > Ok, so we have a double free and > Clarify that after digging into sources further, it is not double free, but parse_json not be executed by json_lexer_feed_char as I put asm("int3") in parse_json but there's no SIGTRAP be raised. (for system_reset and system_powerdown) >> #0 qobject_to_qdict (obj=0x0) at qobject.h:108 >> #1 0x004127ae in pci_device_print (mon=0x494c460, device=0x49696c0) >> at /home/roy/qemu/hw/pci.c:1165 > > a segfault. for this, parse_json was executed by json_lexer_feed_char. a workaround patch is here, but why null qobj has pushed into qlist? addr = qdict_get_int(qdict, "address"); diff --git a/hw/pci.c b/hw/pci.c index 023f7b6..84e7b35 100644 --- a/hw/pci.c +++ b/hw/pci.c @@ -1161,8 +1161,11 @@ static void pci_device_print(Monitor *mon, QDict *device) qdict_get_int(info, "limit")); } + QObject* qobj; QLIST_FOREACH_ENTRY(qdict_get_qlist(device, "regions"), entry) { - qdict = qobject_to_qdict(qlist_entry_obj(entry)); + qobj = qlist_entry_obj(entry); + if(!qobj) continue; + qdict = qobject_to_qdict(qobj); monitor_printf(mon, " BAR%d: ", (int) qdict_get_int(qdict, "bar"));