[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] int128_get64: Assertion `!a.hi' failed
|
From: |
Paolo Bonzini |
|
Subject: |
Re: [Qemu-devel] int128_get64: Assertion `!a.hi' failed |
|
Date: |
Fri, 27 Sep 2013 21:36:10 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130805 Thunderbird/17.0.8 |
Il 27/09/2013 20:29, Max Filippov ha scritto:
> Hi,
>
> I'm getting said assertion failure debugging linux userspace
> application through the qemu gdbstub. The backtrace looks like this:
>
> qemu-system-xtensa: include/qemu/int128.h:22: int128_get64: Assertion `!a.hi'
> failed.
>
> Program received signal SIGABRT, Aborted.
> [Switching to Thread 0x7ffff7fe8880 (LWP 15378)]
> 0x00007ffff639e285 in raise () from /lib64/libc.so.6
> (gdb) bt
> #0 0x00007ffff639e285 in raise () from /lib64/libc.so.6
> #1 0x00007ffff639fb9b in abort () from /lib64/libc.so.6
> #2 0x00007ffff6396e9e in __assert_fail_base () from /lib64/libc.so.6
> #3 0x00007ffff6396f42 in __assert_fail () from /lib64/libc.so.6
> #4 0x00005555556eea6a in int128_get64 (a=...) at include/qemu/int128.h:22
> #5 0x00005555556efb81 in address_space_translate_internal (d=0x7fffdc01c920,
> addr=18446744069448138751, xlat=0x7fffffffa4b0, plen=0x7fffffffa540,
> resolve_subpage=true) at exec.c:264
> #6 0x00005555556efc03 in address_space_translate (as=0x555555e8d100,
> addr=18446744069448138751, xlat=0x7fffffffa538, plen=0x7fffffffa540,
> is_write=false) at exec.c:278
> #7 0x0000555555757dd3 in tb_invalidate_phys_addr (addr=18446744073709551615)
> at translate-all.c:1373
> #8 0x00005555556f00f2 in breakpoint_invalidate (cpu=0x555555f1df80,
> pc=537189728) at exec.c:413
> #9 0x00005555556f0725 in cpu_breakpoint_remove_by_ref (env=0x555555f1e0b8,
> breakpoint=0x555555f4bc20) at exec.c:557
> #10 0x00005555556f0649 in cpu_breakpoint_remove (env=0x555555f1e0b8,
> pc=537189728, flags=16) at exec.c:541
> #11 0x000055555570c13b in gdb_breakpoint_remove (addr=537189728, len=2,
> type=0) at gdbstub.c:691
> #12 0x000055555570d031 in gdb_handle_packet (s=0x555555f38100,
> line_buf=0x555555f3811c "z0,2004dd60,2") at gdbstub.c:991
> #13 0x000055555570e45c in gdb_read_byte (s=0x555555f38100, ch=56) at
> gdbstub.c:1405
> #14 0x000055555570e5b0 in gdb_chr_receive (opaque=0x0, buf=0x7fffffffc810
> "$z0,2004dd60,2#289process+;qRelocInsn+#2a+=\366\377\177", size=17) at
> gdbstub.c:1623
> #15 0x000055555567d463 in qemu_chr_be_write (s=0x555555f0c640,
> buf=0x7fffffffc810 "$z0,2004dd60,2#289process+;qRelocInsn+#2a+=\366\377\177",
> len=17)
> at qemu-char.c:165
> #16 0x000055555568185b in tcp_chr_read (chan=0x555555f0c050, cond=G_IO_IN,
> opaque=0x555555f0c640) at qemu-char.c:2505
> #17 0x00007ffff76f1f3d in g_main_context_dispatch () from
> /lib64/libglib-2.0.so.0
> #18 0x000055555564a301 in glib_pollfds_poll () at main-loop.c:189
> #19 0x000055555564a3f5 in os_host_main_loop_wait (timeout=-1) at
> main-loop.c:234
> #20 0x000055555564a4c8 in main_loop_wait (nonblocking=0) at main-loop.c:483
> #21 0x00005555556d9c04 in main_loop () at vl.c:2016
> #22 0x00005555556e0e6b in main (argc=20, argv=0x7fffffffdd88,
> envp=0x7fffffffde30) at vl.c:4361
>
>
> breakpoint_invalidate couldn't map breakpoint's virtual address,
> and get_phys_page_debug returned -1:
>
> (gdb) f 7
> #7 0x0000555555757dd3 in tb_invalidate_phys_addr (addr=18446744073709551615)
> at translate-all.c:1373
> 1373 mr = address_space_translate(&address_space_memory, addr, &addr,
> &l, false);
> (gdb) p/x addr
> $2 = 0xffffffffffffffff
>
>
> Later address_space_translate_internal found a section that didn't actually
> contain the addr and made a diff with non-zero .hi:
>
> (gdb) f 5
> #5 0x00005555556efb81 in address_space_translate_internal (d=0x7fffdc01c920,
> addr=18446744069448138751, xlat=0x7fffffffa4b0, plen=0x7fffffffa540,
> resolve_subpage=true) at exec.c:264
> 264 *plen = int128_get64(int128_min(diff, int128_make64(*plen)));
> (gdb) p/x diff
> $4 = {
> lo = 0x100000001,
> hi = 0xffffffffffffffff
> }
> (gdb) p/x *section
> $6 = {
> mr = 0x555555f04b00,
> address_space = 0x555555e8d100,
> offset_within_region = 0x0,
> size = {
> lo = 0x2000000,
> hi = 0x0
> },
> offset_within_address_space = 0xfe000000,
> readonly = 0x0
> }
>
>
> I'm not sure what's the proper fix, returning -1 for the failed
> get_phys_page_debug
> is common for 32-bit targets. The easiest seems to be checking the result of
> cpu_get_phys_page debug in the breakpoint_invalidate:
>
> --- >8 ---
> commit cb3f9f90688be062b8a1f12b116f3d48c7ded232
> Author: Max Filippov <address@hidden>
> Date: Fri Sep 27 22:19:16 2013 +0400
>
> exec: fix breakpoint_invalidate when pc may not be translated
>
> This fixes qemu abort with the following message:
>
> include/qemu/int128.h:22: int128_get64: Assertion `!a.hi' failed.
>
> which happens due to attempt to invalidate breakpoint by virtual address
> for which get_phys_page_debug couldn't find mapping.
>
> Signed-off-by: Max Filippov <address@hidden>
>
> diff --git a/exec.c b/exec.c
> index 26681ce..a7e284a 100644
> --- a/exec.c
> +++ b/exec.c
> @@ -410,8 +410,10 @@ static void breakpoint_invalidate(CPUState *cpu,
> target_ulong pc)
> #else
> static void breakpoint_invalidate(CPUState *cpu, target_ulong pc)
> {
> - tb_invalidate_phys_addr(cpu_get_phys_page_debug(cpu, pc) |
> - (pc & ~TARGET_PAGE_MASK));
> + hwaddr phys = cpu_get_phys_page_debug(cpu, pc);
> + if (phys != -1) {
> + tb_invalidate_phys_addr(phys | (pc & ~TARGET_PAGE_MASK));
> + }
> }
> #endif
> #endif /* TARGET_HAS_ICE */
>
>
Yes, this makes sense. I'll queue it for 1.6.2 and 1.7.
Paolo