| Message ID | 473191351002021809j187ef16bo172d1c925135d191@mail.gmail.com |
|---|---|
| State | New |
| Headers | show |
On Wed, 3 Feb 2010 10:09:07 +0800 Roy Tam <roytam@gmail.com> wrote: > 2010/2/2 Luiz Capitulino <lcapitulino@redhat.com>: > > On Tue, 2 Feb 2010 09:35:16 +0800 > > Roy Tam <roytam@gmail.com> wrote: > > > >> 2010/2/2 Luiz Capitulino <lcapitulino@redhat.com>: > >> > On Tue, 2 Feb 2010 00:26:53 +0800 > >> > Roy Tam <roytam@gmail.com> wrote: > >> > > >> >> 2010/2/2 Luiz Capitulino <lcapitulino@redhat.com>: > >> >> > >> >> > Hm, I'm puzzled. Is this failing on malloc()? At least qemu_malloc() > >> >> > is the last qemu's function I see in the logs. > >> >> > > >> >> > From now on I only see msvcrt functions... > >> >> > > >> >> > Maybe, you can type run on gdb, run system_reset on the > >> >> > Monitor and then switch back to gdb and type bt? > >> >> > > >> >> source-less debugging seems better... > >> > > >> > As far as I can understand something bad happens while the parser > >> > is processing the first "'" character of the qobject_from_jsonf() > >> > call in monitor.c:4524. > >> > > >> > Strange. Can you try 'info pci', 'info block' and 'info version'? > >> > Do they work? > >> > > >> > Maybe this is a refcount problem? > >> > > >> > Anthony, could you take a look too please? > >> > > >> > >> rebuild with -gstabs -O1, you can see double free here: > > > > Ok, so we have a double free and > > > > Clarify that after digging into sources further, it is not double > free, but parse_json not be executed by json_lexer_feed_char as I put > asm("int3") in parse_json but there's no SIGTRAP be raised. (for > system_reset and system_powerdown) Well, I think I'll only have time to setup this stuff on windows in two or three days :( > >> #0 qobject_to_qdict (obj=0x0) at qobject.h:108 > >> #1 0x004127ae in pci_device_print (mon=0x494c460, device=0x49696c0) > >> at /home/roy/qemu/hw/pci.c:1165 > > > > a segfault. > > for this, parse_json was executed by json_lexer_feed_char. > a workaround patch is here, but why null qobj has pushed into qlist? Yeah, that's the question and I'm afraid that this patch will actually hide the real bug. You can do two things: 1. Put an assert() at qlist.c:qlist_append_obj() 2. Reset your tree to commit 0a7fc983ce and send me the output of 'info pci'
2010/2/3 Luiz Capitulino <lcapitulino@redhat.com>: > On Wed, 3 Feb 2010 10:09:07 +0800 > Roy Tam <roytam@gmail.com> wrote: > >> 2010/2/2 Luiz Capitulino <lcapitulino@redhat.com>: >> > On Tue, 2 Feb 2010 09:35:16 +0800 >> > Roy Tam <roytam@gmail.com> wrote: >> > >> >> 2010/2/2 Luiz Capitulino <lcapitulino@redhat.com>: >> >> > On Tue, 2 Feb 2010 00:26:53 +0800 >> >> > Roy Tam <roytam@gmail.com> wrote: >> >> > >> >> >> 2010/2/2 Luiz Capitulino <lcapitulino@redhat.com>: >> >> >> >> >> >> > Hm, I'm puzzled. Is this failing on malloc()? At least qemu_malloc() >> >> >> > is the last qemu's function I see in the logs. >> >> >> > >> >> >> > From now on I only see msvcrt functions... >> >> >> > >> >> >> > Maybe, you can type run on gdb, run system_reset on the >> >> >> > Monitor and then switch back to gdb and type bt? >> >> >> > >> >> >> source-less debugging seems better... >> >> > >> >> > As far as I can understand something bad happens while the parser >> >> > is processing the first "'" character of the qobject_from_jsonf() >> >> > call in monitor.c:4524. >> >> > >> >> > Strange. Can you try 'info pci', 'info block' and 'info version'? >> >> > Do they work? >> >> > >> >> > Maybe this is a refcount problem? >> >> > >> >> > Anthony, could you take a look too please? >> >> > >> >> >> >> rebuild with -gstabs -O1, you can see double free here: >> > >> > Ok, so we have a double free and >> > >> >> Clarify that after digging into sources further, it is not double >> free, but parse_json not be executed by json_lexer_feed_char as I put >> asm("int3") in parse_json but there's no SIGTRAP be raised. (for >> system_reset and system_powerdown) > > Well, I think I'll only have time to setup this stuff on windows > in two or three days :( > >> >> #0 qobject_to_qdict (obj=0x0) at qobject.h:108 >> >> #1 0x004127ae in pci_device_print (mon=0x494c460, device=0x49696c0) >> >> at /home/roy/qemu/hw/pci.c:1165 >> > >> > a segfault. >> >> for this, parse_json was executed by json_lexer_feed_char. >> a workaround patch is here, but why null qobj has pushed into qlist? > > Yeah, that's the question and I'm afraid that this patch will > actually hide the real bug. > > You can do two things: > > 1. Put an assert() at qlist.c:qlist_append_obj() qobject_from_jsonf() fails? then it may be same of system_reset/system_powerdown issue. #0 qlist_append_obj (qlist=0x49614f0, value=0x0) at qlist.c:63 #1 0x004121f0 in pci_get_devices_list (bus=0x4979618, bus_num=0) at /home/roy/qemu/hw/pci.c:1266 #2 0x0041246c in do_pci_info (mon=0x494c460, ret_data=0x22f048) at /home/roy/qemu/hw/pci.c:1348 #3 0x0040ebaa in do_info (mon=0x494c460, qdict=0xd95d0d8, ret_data=0x22f048) at /home/roy/qemu/monitor.c:566 #4 0x0040e3f9 in monitor_call_handler (mon=0x494c460, cmd=0x589b78, params=0x77bfc2e3) at /home/roy/qemu/monitor.c:3715 #5 0x00410423 in handle_user_command (mon=0x494c460, cmdline=0x77c2f97c "\001") at /home/roy/qemu/monitor.c:3753 #6 0x004105ae in monitor_command_cb (mon=0x494c460, cmdline=0x494c8b8 "info pci", opaque=0x0) at /home/roy/qemu/monitor.c:4267 #7 0x004503bc in readline_handle_byte (rs=0x494c8b8, ch=13) at readline.c:369 #8 0x00410627 in monitor_read (opaque=0x494c460, buf=0x22f708 "\r", size=1) at /home/roy/qemu/monitor.c:4253 #9 0x004698ea in qemu_chr_read (s=0x13b4c68, buf=0x22f708 "\r", len=1) at qemu-char.c:154 #10 0x00451f3e in kbd_send_chars (opaque=0x494c358) at console.c:1130 #11 0x00452154 in kbd_put_keysym (keysym=13) at console.c:1183 #12 0x0047d0b5 in sdl_refresh (ds=0x4978030) at sdl.c:634 #13 0x00405c83 in gui_update (opaque=0x4978030) at /home/roy/qemu/console.h:219 #14 0x0040168d in qemu_run_timers (ptimer_head=0x5db4e8, current_time=10819500) at /home/roy/qemu/vl.c:913 #15 0x00405bca in main_loop_wait (timeout=0) at /home/roy/qemu/vl.c:3793 #16 0x00408e2a in main (argc=1, argv=0x13b3f38, envp=0x4012f0) at /home/roy/qemu/vl.c:3981 > 2. Reset your tree to commit 0a7fc983ce and send me the output of > 'info pci' > info pci works in this rev.
diff --git a/hw/pci.c b/hw/pci.c index 023f7b6..84e7b35 100644 --- a/hw/pci.c +++ b/hw/pci.c @@ -1161,8 +1161,11 @@ static void pci_device_print(Monitor *mon, QDict *device) qdict_get_int(info, "limit")); } + QObject* qobj; QLIST_FOREACH_ENTRY(qdict_get_qlist(device, "regions"), entry) { - qdict = qobject_to_qdict(qlist_entry_obj(entry)); + qobj = qlist_entry_obj(entry); + if(!qobj) continue; + qdict = qobject_to_qdict(qobj); monitor_printf(mon, " BAR%d: ", (int) qdict_get_int(qdict, "bar"));