[Qemu-devel] BUG: memory API related abort (bisected)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Luiz Capitulino <lcapitulino@redhat.com>
To: qemu-devel <qemu-devel@nongnu.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
	qemu-stable@nongnu.org, rth@twiddle.net
Subject: [Qemu-devel] BUG: memory API related abort (bisected)
Date: Wed, 4 Sep 2013 21:08:44 -0400	[thread overview]
Message-ID: <20130904210844.4cd6164e@redhat.com> (raw)

Reproducer:

 1. Start QEMU with gdb support:

    $ qemu [...] -kernel [...] -s

 2. Start gdb and install a breakpoint

    gdb /path/to/vmlinux
    (gdb) target remote localhost:1234
    (gdb) b init_hw_perf_events
    Remote communication error.  Target disconnected.: Connection reset by peer.

 3. Kaboom on QEMU terminal

According to bisect the culprit is:

commit 23326164ae6fe8d94b7eff123e03f97ca6978d33
Author: Richard Henderson <rth@twiddle.net>
Date:   Mon Jul 8 14:55:59 2013 -0700

    exec: Support 64-bit operations in address_space_rw
    
    Honor the implementation maximum access size, and at least check
    the minimum access size.

Backtrace (a bit long):

(gdb) bt
#0  0x00007f7b66838c55 in __GI_raise (sig=sig@entry=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:63
#1  0x00007f7b6683a408 in __GI_abort () at abort.c:90
#2  0x00007f7b6e3f2cf4 in address_space_rw (as=0x7f7b6eda8500 <address_space_memory>, 
    addr=18446744071588060672, buf=0x7fffb86a757f "", len=3, is_write=false)
    at /home/lcapitulino/work/src/upstream/qmp-unstable/exec.c:1996
#3  0x00007f7b6e3f2e70 in cpu_physical_memory_rw (addr=18446744071588060657, buf=
    0x7fffb86a7570 "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", len=
    18, is_write=0) at /home/lcapitulino/work/src/upstream/qmp-unstable/exec.c:2027
#4  0x00007f7b6e3f43f1 in cpu_memory_rw_debug (cpu=0x7f7b7074c1f0, addr=
    18446744071588060657, buf=
    0x7fffb86a7570 "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", len=
    18, is_write=0) at /home/lcapitulino/work/src/upstream/qmp-unstable/exec.c:2620
#5  0x00007f7b6e40a184 in target_memory_rw_debug (cpu=0x7f7b7074c1f0, addr=
    18446744071588060657, buf=
    0x7fffb86a7570 "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", len=
    18, is_write=false) at /home/lcapitulino/work/src/upstream/qmp-unstable/gdbstub.c:52
#6  0x00007f7b6e40ba02 in gdb_handle_packet (s=0x7f7b70b674d0, line_buf=
    0x7f7b70b674ec "mffffffff818c9df1,12")
    at /home/lcapitulino/work/src/upstream/qmp-unstable/gdbstub.c:931
#7  0x00007f7b6e40d1f6 in gdb_read_byte (s=0x7f7b70b674d0, ch=52)
    at /home/lcapitulino/work/src/upstream/qmp-unstable/gdbstub.c:1405
#8  0x00007f7b6e40d348 in gdb_chr_receive (opaque=0x0, buf=
    0x7fffb86a86a0 "$mffffffff818c9df1,12#64s+;xmlRegisters=i386;qRelocInsn+#b5i{\177", 
    size=24) at /home/lcapitulino/work/src/upstream/qmp-unstable/gdbstub.c:1623
#9  0x00007f7b6e36a377 in qemu_chr_be_write (s=0x7f7b70b67170, buf=
    0x7fffb86a86a0 "$mffffffff818c9df1,12#64s+;xmlRegisters=i386;qRelocInsn+#b5i{\177", 
    len=24) at /home/lcapitulino/work/src/upstream/qmp-unstable/qemu-char.c:165
#10 0x00007f7b6e36e71a in tcp_chr_read (chan=0x7f7b7076df00, cond=G_IO_IN, opaque=
    0x7f7b70b67170) at /home/lcapitulino/work/src/upstream/qmp-unstable/qemu-char.c:2509
---Type <return> to continue, or q <return> to quit---
#11 0x00007f7b6d7f4a55 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#12 0x00007f7b6e338217 in glib_pollfds_poll ()
    at /home/lcapitulino/work/src/upstream/qmp-unstable/main-loop.c:189
#13 0x00007f7b6e33830b in os_host_main_loop_wait (timeout=29750708)
    at /home/lcapitulino/work/src/upstream/qmp-unstable/main-loop.c:234
#14 0x00007f7b6e3383e3 in main_loop_wait (nonblocking=0)
    at /home/lcapitulino/work/src/upstream/qmp-unstable/main-loop.c:484
#15 0x00007f7b6e3d7404 in main_loop ()
    at /home/lcapitulino/work/src/upstream/qmp-unstable/vl.c:2090
#16 0x00007f7b6e3de831 in main (argc=19, argv=0x7fffb86a9c18, envp=0x7fffb86a9cb8)
    at /home/lcapitulino/work/src/upstream/qmp-unstable/vl.c:4435
(gdb)

next             reply	other threads:[~2013-09-05  1:08 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-09-05  1:08 Luiz Capitulino [this message]
2013-09-05  6:05 ` [Qemu-devel] BUG: memory API related abort (bisected) Paolo Bonzini

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130904210844.4cd6164e@redhat.com \
    --to=lcapitulino@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=qemu-stable@nongnu.org \
    --cc=rth@twiddle.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.