2010/2/3 Luiz Capitulino <lcapitul...@redhat.com>:
> On Wed, 3 Feb 2010 10:09:07 +0800
> Roy Tam <roy...@gmail.com> wrote:
>
>> 2010/2/2 Luiz Capitulino <lcapitul...@redhat.com>:
>> > On Tue, 2 Feb 2010 09:35:16 +0800
>> > Roy Tam <roy...@gmail.com> wrote:
>> >
>> >> 2010/2/2 Luiz Capitulino <lcapitul...@redhat.com>:
>> >> > On Tue, 2 Feb 2010 00:26:53 +0800
>> >> > Roy Tam <roy...@gmail.com> wrote:
>> >> >
>> >> >> 2010/2/2 Luiz Capitulino <lcapitul...@redhat.com>:
>> >> >>
>> >> >> > Hm, I'm puzzled. Is this failing on malloc()? At least qemu_malloc()
>> >> >> > is the last qemu's function I see in the logs.
>> >> >> >
>> >> >> > From now on I only see msvcrt functions...
>> >> >> >
>> >> >> > Maybe, you can type run on gdb, run system_reset on the
>> >> >> > Monitor and then switch back to gdb and type bt?
>> >> >> >
>> >> >> source-less debugging seems better...
>> >> >
>> >> > As far as I can understand something bad happens while the parser
>> >> > is processing the first "'" character of the qobject_from_jsonf()
>> >> > call in monitor.c:4524.
>> >> >
>> >> > Strange. Can you try 'info pci', 'info block' and 'info version'?
>> >> > Do they work?
>> >> >
>> >> > Maybe this is a refcount problem?
>> >> >
>> >> > Anthony, could you take a look too please?
>> >> >
>> >>
>> >> rebuild with -gstabs -O1, you can see double free here:
>> >
>> > Ok, so we have a double free and
>> >
>>
>> Clarify that after digging into sources further, it is not double
>> free, but parse_json not be executed by json_lexer_feed_char as I put
>> asm("int3") in parse_json but there's no SIGTRAP be raised. (for
>> system_reset and system_powerdown)
>
> Well, I think I'll only have time to setup this stuff on windows
> in two or three days :(
>
>> >> #0 qobject_to_qdict (obj=0x0) at qobject.h:108
>> >> #1 0x004127ae in pci_device_print (mon=0x494c460, device=0x49696c0)
>> >> at /home/roy/qemu/hw/pci.c:1165
>> >
>> > a segfault.
>>
>> for this, parse_json was executed by json_lexer_feed_char.
>> a workaround patch is here, but why null qobj has pushed into qlist?
>
> Yeah, that's the question and I'm afraid that this patch will
> actually hide the real bug.
>
> You can do two things:
>
> 1. Put an assert() at qlist.c:qlist_append_obj()
qobject_from_jsonf() fails? then it may be same of
system_reset/system_powerdown issue.
#0 qlist_append_obj (qlist=0x49614f0, value=0x0) at qlist.c:63
#1 0x004121f0 in pci_get_devices_list (bus=0x4979618, bus_num=0) at
/home/roy/qemu/hw/pci.c:1266
#2 0x0041246c in do_pci_info (mon=0x494c460, ret_data=0x22f048) at
/home/roy/qemu/hw/pci.c:1348
#3 0x0040ebaa in do_info (mon=0x494c460, qdict=0xd95d0d8,
ret_data=0x22f048) at /home/roy/qemu/monitor.c:566
#4 0x0040e3f9 in monitor_call_handler (mon=0x494c460, cmd=0x589b78,
params=0x77bfc2e3)
at /home/roy/qemu/monitor.c:3715
#5 0x00410423 in handle_user_command (mon=0x494c460,
cmdline=0x77c2f97c "\001") at /home/roy/qemu/monitor.c:3753
#6 0x004105ae in monitor_command_cb (mon=0x494c460, cmdline=0x494c8b8
"info pci", opaque=0x0)
at /home/roy/qemu/monitor.c:4267
#7 0x004503bc in readline_handle_byte (rs=0x494c8b8, ch=13) at readline.c:369
#8 0x00410627 in monitor_read (opaque=0x494c460, buf=0x22f708 "\r",
size=1) at /home/roy/qemu/monitor.c:4253
#9 0x004698ea in qemu_chr_read (s=0x13b4c68, buf=0x22f708 "\r",
len=1) at qemu-char.c:154
#10 0x00451f3e in kbd_send_chars (opaque=0x494c358) at console.c:1130
#11 0x00452154 in kbd_put_keysym (keysym=13) at console.c:1183
#12 0x0047d0b5 in sdl_refresh (ds=0x4978030) at sdl.c:634
#13 0x00405c83 in gui_update (opaque=0x4978030) at /home/roy/qemu/console.h:219
#14 0x0040168d in qemu_run_timers (ptimer_head=0x5db4e8,
current_time=10819500) at /home/roy/qemu/vl.c:913
#15 0x00405bca in main_loop_wait (timeout=0) at /home/roy/qemu/vl.c:3793
#16 0x00408e2a in main (argc=1, argv=0x13b3f38, envp=0x4012f0) at
/home/roy/qemu/vl.c:3981
> 2. Reset your tree to commit 0a7fc983ce and send me the output of
> 'info pci'
>
info pci works in this rev.
