[Qemu-devel] BUG: memory API related abort (bisected)

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Luiz Capitulino <lcapitulino@redhat.com>
To: qemu-devel <qemu-devel@nongnu.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
	qemu-stable@nongnu.org, rth@twiddle.net
Subject: [Qemu-devel] BUG: memory API related abort (bisected)
Date: Wed, 4 Sep 2013 21:08:44 -0400	[thread overview]
Message-ID: <20130904210844.4cd6164e@redhat.com> (raw)

Reproducer:

 1. Start QEMU with gdb support:

    $ qemu [...] -kernel [...] -s

 2. Start gdb and install a breakpoint

    gdb /path/to/vmlinux
    (gdb) target remote localhost:1234
    (gdb) b init_hw_perf_events
    Remote communication error.  Target disconnected.: Connection reset by peer.

 3. Kaboom on QEMU terminal

According to bisect the culprit is:

commit 23326164ae6fe8d94b7eff123e03f97ca6978d33
Author: Richard Henderson <rth@twiddle.net>
Date:   Mon Jul 8 14:55:59 2013 -0700

    exec: Support 64-bit operations in address_space_rw
    
    Honor the implementation maximum access size, and at least check
    the minimum access size.

Backtrace (a bit long):

(gdb) bt
#0  0x00007f7b66838c55 in __GI_raise (sig=sig@entry=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:63
#1  0x00007f7b6683a408 in __GI_abort () at abort.c:90
#2  0x00007f7b6e3f2cf4 in address_space_rw (as=0x7f7b6eda8500 <address_space_memory>, 
    addr=18446744071588060672, buf=0x7fffb86a757f "", len=3, is_write=false)
    at /home/lcapitulino/work/src/upstream/qmp-unstable/exec.c:1996
#3  0x00007f7b6e3f2e70 in cpu_physical_memory_rw (addr=18446744071588060657, buf=
    0x7fffb86a7570 "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", len=
    18, is_write=0) at /home/lcapitulino/work/src/upstream/qmp-unstable/exec.c:2027
#4  0x00007f7b6e3f43f1 in cpu_memory_rw_debug (cpu=0x7f7b7074c1f0, addr=
    18446744071588060657, buf=
    0x7fffb86a7570 "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", len=
    18, is_write=0) at /home/lcapitulino/work/src/upstream/qmp-unstable/exec.c:2620
#5  0x00007f7b6e40a184 in target_memory_rw_debug (cpu=0x7f7b7074c1f0, addr=
    18446744071588060657, buf=
    0x7fffb86a7570 "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", len=
    18, is_write=false) at /home/lcapitulino/work/src/upstream/qmp-unstable/gdbstub.c:52
#6  0x00007f7b6e40ba02 in gdb_handle_packet (s=0x7f7b70b674d0, line_buf=
    0x7f7b70b674ec "mffffffff818c9df1,12")
    at /home/lcapitulino/work/src/upstream/qmp-unstable/gdbstub.c:931
#7  0x00007f7b6e40d1f6 in gdb_read_byte (s=0x7f7b70b674d0, ch=52)
    at /home/lcapitulino/work/src/upstream/qmp-unstable/gdbstub.c:1405
#8  0x00007f7b6e40d348 in gdb_chr_receive (opaque=0x0, buf=
    0x7fffb86a86a0 "$mffffffff818c9df1,12#64s+;xmlRegisters=i386;qRelocInsn+#b5i{\177", 
    size=24) at /home/lcapitulino/work/src/upstream/qmp-unstable/gdbstub.c:1623
#9  0x00007f7b6e36a377 in qemu_chr_be_write (s=0x7f7b70b67170, buf=
    0x7fffb86a86a0 "$mffffffff818c9df1,12#64s+;xmlRegisters=i386;qRelocInsn+#b5i{\177", 
    len=24) at /home/lcapitulino/work/src/upstream/qmp-unstable/qemu-char.c:165
#10 0x00007f7b6e36e71a in tcp_chr_read (chan=0x7f7b7076df00, cond=G_IO_IN, opaque=
    0x7f7b70b67170) at /home/lcapitulino/work/src/upstream/qmp-unstable/qemu-char.c:2509
---Type <return> to continue, or q <return> to quit---
#11 0x00007f7b6d7f4a55 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#12 0x00007f7b6e338217 in glib_pollfds_poll ()
    at /home/lcapitulino/work/src/upstream/qmp-unstable/main-loop.c:189
#13 0x00007f7b6e33830b in os_host_main_loop_wait (timeout=29750708)
    at /home/lcapitulino/work/src/upstream/qmp-unstable/main-loop.c:234
#14 0x00007f7b6e3383e3 in main_loop_wait (nonblocking=0)
    at /home/lcapitulino/work/src/upstream/qmp-unstable/main-loop.c:484
#15 0x00007f7b6e3d7404 in main_loop ()
    at /home/lcapitulino/work/src/upstream/qmp-unstable/vl.c:2090
#16 0x00007f7b6e3de831 in main (argc=19, argv=0x7fffb86a9c18, envp=0x7fffb86a9cb8)
    at /home/lcapitulino/work/src/upstream/qmp-unstable/vl.c:4435
(gdb)

next             reply	other threads:[~2013-09-05  1:08 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-09-05  1:08 Luiz Capitulino [this message]
2013-09-05  6:05 ` [Qemu-devel] BUG: memory API related abort (bisected) Paolo Bonzini

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130904210844.4cd6164e@redhat.com \
    --to=lcapitulino@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=qemu-stable@nongnu.org \
    --cc=rth@twiddle.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).