Re: [Qemu-devel] [Bug 1647683] [NEW] Bad interaction between tb flushing & gdb stub

[Peter Maydell <peter.maydell@linaro.org>]

On 6 December 2016 at 11:39, Julian Brown <1647683@bugs.launchpad.net> wrote:
> Running QEMU under GDB in the test harness via Valgrind, using something
> akin to:
>
> (gdb) target remote | valgrind --tool=memcheck qemu-arm-system [...]
>
> leads to intermittent (and quite hard-to-reproduce) segfaults in QEMU of
> the form:
>
> ==52333== Process terminating with default action of signal 11 (SIGSEGV)
> ==52333==  Access not within mapped region at address 0x24
> ==52333==    at 0x1D55F2: tb_page_remove (translate-all.c:1026)
> ==52333==    by 0x1D58B4: tb_phys_invalidate (translate-all.c:1119)
> ==52333==    by 0x1D63AA: tb_invalidate_phys_page_range (translate-all.c:1519)
> ==52333==    by 0x1D66D7: tb_invalidate_phys_addr (translate-all.c:1714)
> ==52333==    by 0x1CBA7F: breakpoint_invalidate (exec.c:704)
> ==52333==    by 0x1CC01F: cpu_breakpoint_remove_by_ref (exec.c:869)
> ==52333==    by 0x1CBF97: cpu_breakpoint_remove (exec.c:857)
> ==52333==    by 0x218FAA: gdb_breakpoint_remove (gdbstub.c:717)
> ==52333==    by 0x219E35: gdb_handle_packet (gdbstub.c:1035)
> ==52333==    by 0x21AF62: gdb_read_byte (gdbstub.c:1459)
> ==52333==    by 0x21B096: gdb_chr_receive (gdbstub.c:1672)
> ==52333==    by 0x3AF2BC: qemu_chr_be_write_impl (qemu-char.c:419)
>
> These crashes didn't happen on a 2.6-era QEMU, so I bisected and
> discovered the commit 3359baad36889b83df40b637ed993a4b816c4906 ("tcg:
> Make tb_flush() thread safe") appears to be the thing that triggers this
> intermittent failure. Reverting the patch on the branch tip makes the
> crashes go away.

I saw something similar the other day as well, not involving valgrind,
just a simple gdb connected to the gdbstub.

thanks
-- PMM