Re: [Qemu-devel] [Bug 1094950] Re: crash at qemu_iohandler

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [Bug 1094950] Re: crash at qemu_iohandler_poll (iohandl

From:	Stefan Hajnoczi
Subject:	Re: [Qemu-devel] [Bug 1094950] Re: crash at qemu_iohandler_poll (iohandler.c:124) on macos 10.8.2
Date:	Mon, 7 Jan 2013 14:18:27 +0100
User-agent:	Mutt/1.5.21 (2010-09-15)

On Fri, Jan 04, 2013 at 06:09:30PM -0000, Christopher Mason wrote:
> Using qemu master rev dbd99ae..25bbf61 configured with:
> 
> ./configure --disable-sdl --disable-kvm --enable-cocoa  --enable-debug
> --extra-cflags=-g --extra-ldflags=-g
> 
> (I'm using clang 4.1 now.  Should I be using clang or gcc 4.2? Are these
> the right config args?)

I have never used QEMU on Mac myself, sorry.  Maybe someone else can
help.

> (gdb) b sigfd_handler
> Breakpoint 1 at 0x1001c098d: file main-loop.c, line 41.
> 
> (gdb) r -nographic -M versatilepb -kernel vmlinuz-2.6.32-5-versatile -initrd 
> initrd.img-2.6.32-5-versatile -hda debian_squeeze_armel_standard.qcow2 
> -append "root=/dev/sda1 console=ttyAMA0"
> ...
> Breakpoint 1, sigfd_handler (opaque=0x3) at main-loop.c:41
> 41        int fd = (intptr_t)opaque;
> (gdb) bt
> #0  sigfd_handler (opaque=0x3) at main-loop.c:41
> #1  0x00000001001baaee in qemu_iohandler_poll (readfds=0x100a0938c, 
> writefds=0x100a0940c, xfds=0x100a0948c, ret=3) at iohandler.c:124
> #2  0x00000001001c00bb in main_loop_wait (nonblocking=0) at main-loop.c:418
> #3  0x000000010027bde4 in main_loop () at vl.c:1765
> #4  0x00000001002765c2 in qemu_main (argc=12, argv=0x7fff5fbff340, 
> envp=0x7fff5fbff3a8) at vl.c:4014
> #5  0x0000000100239a13 in main (argc=12, argv=0x7fff5fbff340) at 
> ui/cocoa.m:884
> Current language:  auto; currently minimal
> (gdb) p io_handlers
> $1 = {
>   lh_first = 0x102102ab0
> }
> (gdb) p * io_handlers.lh_first
> $2 = {
>   fd_read_poll = 0x1001fad60 <stdio_read_poll>, 
>   fd_read = 0x1001fae20 <stdio_read>, 
>   fd_write = 0, 
>   opaque = 0x1021029c0, 
>   next = {
>     le_next = 0x102100000, 
>     le_prev = 0x100a09368
>   }, 
>   fd = 0, 
>   deleted = false
> }
> (gdb) p * io_handlers.lh_first->next.le_prev
> $3 = (struct IOHandlerRecord *) 0x102102ab0
> (gdb) p * io_handlers.lh_first->next.le_next
> $4 = {
>   fd_read_poll = 0, 
>   fd_read = 0x1001c0970 <sigfd_handler>, 
>   fd_write = 0, 
>   opaque = 0x3, 
>   next = {
>     le_next = 0x0, 
>     le_prev = 0x102102ad0
>   }, 
>   fd = 3, 
>   deleted = false
> }
> 
> (gdb) c
> 
> Program received signal EXC_BAD_ACCESS, Could not access memory.
> Reason: KERN_PROTECTION_FAILURE at address: 0x0000000102100040
> 0x0000000102100040 in ?? ()
> (gdb) bt
> #0  0x0000000102100040 in ?? ()
> #1  0x00000001001baaee in qemu_iohandler_poll (readfds=0x100a0938c, 
> writefds=0x100a0940c, xfds=0x100a0948c, ret=3) at iohandler.c:124
> #2  0x00000001001c00bb in main_loop_wait (nonblocking=0) at main-loop.c:418
> #3  0x000000010027bde4 in main_loop () at vl.c:1765
> #4  0x00000001002765c2 in qemu_main (argc=12, argv=0x7fff5fbff340, 
> envp=0x7fff5fbff3a8) at vl.c:4014
> #5  0x0000000100239a13 in main (argc=12, argv=0x7fff5fbff340) at 
> ui/cocoa.m:884
> 
> (gdb) p io_handlers
> $5 = {
>   lh_first = 0x102102ab0
> }
> (gdb) p * io_handlers.lh_first
> $6 = {
>   fd_read_poll = 0x1001fad60 <stdio_read_poll>, 
>   fd_read = 0x1001fae20 <stdio_read>, 
>   fd_write = 0, 
>   opaque = 0x1021029c0, 
>   next = {
>     le_next = 0x102100000, 
>     le_prev = 0x100a09368
>   }, 
>   fd = 0, 
>   deleted = false
> }
> (gdb) p * io_handlers.lh_first->next.le_next
> $8 = {
>   fd_read_poll = 0, 
>   fd_read = 0x1001c0970 <sigfd_handler>, 
>   fd_write = 0, 
>   opaque = 0x3, 
>   next = {
>     le_next = 0x0, 
>     le_prev = 0x102102ad0
>   }, 
>   fd = 3, 
>   deleted = false
> }
> (gdb) p * io_handlers.lh_first->next.le_prev
> $9 = (struct IOHandlerRecord *) 0x102102ab0

This is interesting.  The iohandlers are intact - there was no
memory corruption there.  The fact that it crashes after executing
sigfd_handler() once is suspicious.

My next suggestion is to break on iohandler.c:124 and find out why
0x0000000102100040 is getting called.  Really it should be
sigfd_handler() that gets called again.  This may require a few tries
and probably familiarity with assembly to debug.

I have pinged other QEMU contributors who have Macs.  Perhaps they can
help better from here.

Stefan

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [Bug 1094950] Re: crash at qemu_iohandler_poll (iohandler.c:124) on macos 10.8.2, Christopher Mason, 2013/01/04
- Re: [Qemu-devel] [Bug 1094950] Re: crash at qemu_iohandler_poll (iohandler.c:124) on macos 10.8.2, Stefan Hajnoczi <=

Prev by Date: [Qemu-devel] [PATCH 1/1] Support abstract socket namespace in AF_UNIX socket family.
Next by Date: Re: [Qemu-devel] [PATCH] sheepdog: implement direct write semantics
Previous by thread: [Qemu-devel] [Bug 1094950] Re: crash at qemu_iohandler_poll (iohandler.c:124) on macos 10.8.2
Next by thread: Re: [Qemu-devel] [PATCH v4 0/2] soft-float-fixes for target-s390x
Index(es):
- Date
- Thread