[Qemu-devel] qemu-system-{x86,x86_64} crash in io

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] qemu-system-{x86,x86_64} crash in io_writex

From:	Guenter Roeck
Subject:	[Qemu-devel] qemu-system-{x86,x86_64} crash in io_writex
Date:	Thu, 27 Jun 2019 10:08:51 -0700
User-agent:	Mutt/1.5.24 (2015-08-30)

Hi,

I see random crashes when running qemu-system-{x86, x86_64}.
The problem started happening several releases ago, but I finally
have been able to capture some core dumps. This is with qemu v4.0.

The crash always happens in io_writex(), and the reason is that 'mr'
is NULL. I attached some gdb information below. The crash is seen
maybe once every ~100 boots, and it seems to happen during PCI
enumeration.

[    2.044504] PCI host bridge to bus 0000:00
[    2.044836] pci_bus 0000:00: root bus resource [bus 00-ff]
[    2.045142] pci_bus 0000:00: root bus resource [io  0x0000-0x0cf7]
[    2.045286] pci_bus 0000:00: root bus resource [io  0x0d00-0xffff]
[    2.045436] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff]
[    2.045583] pci_bus 0000:00: root bus resource [mem 0x90000000-0xfebfffff]
[    2.045747] pci_bus 0000:00: root bus resource [mem 0x100000000-0x8ffffffff]
^^^ crash here

[    2.732815] pci_bus 0000:00: root bus resource [io  0x0000-0x0cf7 window]
[    2.733081] pci_bus 0000:00: root bus resource [io  0x0d00-0xffff window]
[    2.733301] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff 
window]
[    2.733509] pci_bus 0000:00: root bus resource [mem 0x90000000-0xfebfffff 
window]
[    2.733716] pci_bus 0000:00: root bus resource [mem 0x800000000-0xfffffffff 
window]
[    2.734187] pci_bus 0000:00: root bus resource [bus 00-ff]
^^^ crash here

Has anyone else seen this problem ? Any idea what I can do to help
tracking it down ?

Thanks,
Guenter

---
(gdb) info stack
#0  io_writex (env=env@entry=0x5555567982c0, iotlbentry=0x7fffb006d5d0, 
mmu_idx=mmu_idx@entry=2, val=val@entry=2301, 
    addr=addr@entry=18446744073699050240, 
retaddr=retaddr@entry=140736404017834, recheck=false, size=4)
    at /opt/buildbot/qemu/qemu/accel/tcg/cputlb.c:971
#1  0x000055555588e75f in io_writel (recheck=<optimized out>, 
retaddr=140736404017834, addr=18446744073699050240, val=2301, 
    index=<optimized out>, mmu_idx=2, env=0x5555567982c0) at 
/opt/buildbot/qemu/qemu/accel/tcg/softmmu_template.h:277
#2  helper_le_stl_mmu (env=0x5555567982c0, addr=18446744073699050240, val=2301, 
oi=34, retaddr=140736404017834)
    at /opt/buildbot/qemu/qemu/accel/tcg/softmmu_template.h:316
#3  0x00007fffbf5e52aa in code_gen_buffer ()
#4  0x00005555558a3c70 in cpu_tb_exec (itb=<optimized out>, cpu=0x7fffbf186800 
<code_gen_buffer+51931091>)
    at /opt/buildbot/qemu/qemu/accel/tcg/cpu-exec.c:171
#5  cpu_loop_exec_tb (tb_exit=<synthetic pointer>, last_tb=<synthetic pointer>, 
tb=<optimized out>, 
    cpu=0x7fffbf186800 <code_gen_buffer+51931091>) at 
/opt/buildbot/qemu/qemu/accel/tcg/cpu-exec.c:618
#6  cpu_exec (cpu=cpu@entry=0x555556790010) at 
/opt/buildbot/qemu/qemu/accel/tcg/cpu-exec.c:729
#7  0x000055555585d4af in tcg_cpu_exec (cpu=0x555556790010) at 
/opt/buildbot/qemu/qemu/cpus.c:1430
#8  0x000055555585f818 in qemu_tcg_cpu_thread_fn (arg=arg@entry=0x555556790010) 
at /opt/buildbot/qemu/qemu/cpus.c:1734
#9  0x0000555555c5c676 in qemu_thread_start (args=<optimized out>) at 
util/qemu-thread-posix.c:502
#10 0x00007ffff270b6db in __gettimeofday@plt () from 
/lib/x86_64-linux-gnu/libpthread.so.0
#11 0x00007fffd37fe700 in ?? ()
#12 0x00007fffd37fe700 in ?? ()
#13 0x544ac8b6bb8ba609 in ?? ()
#14 0x00007fffd37fb300 in ?? ()
#15 0x0000000000000000 in ?? ()
(gdb) p *iotlbentry
$14 = {addr = 10502175, attrs = {unspecified = 0, secure = 0, user = 0, 
requester_id = 0, target_tlb_bit0 = 0, target_tlb_bit1 = 0, 
    target_tlb_bit2 = 0}}
(gdb) p mr
$15 = (MemoryRegion *) 0x0
(gdb) p *section
$16 = {mr = 0x0, fv = 0x0, offset_within_region = 0, size = 0, 
offset_within_address_space = 0, readonly = false, nonvolatile = false}
(gdb) l /opt/buildbot/qemu/qemu/accel/tcg/cputlb.c:971
966             cpu_io_recompile(cpu, retaddr);
967         }
968         cpu->mem_io_vaddr = addr;
969         cpu->mem_io_pc = retaddr;
970     
971         if (mr->global_locking && !qemu_mutex_iothread_locked()) {
972             qemu_mutex_lock_iothread();
973             locked = true;
974         }
975         r = memory_region_dispatch_write(mr, mr_offset,

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] qemu-system-{x86,x86_64} crash in io_writex, Guenter Roeck <=

Prev by Date: Re: [Qemu-devel] [RFC] Re-evaluating subcluster allocation for qcow2 images
Next by Date: Re: [Qemu-devel] RFC: Why does target/m68k RTE insn. use gen_exception
Previous by thread: Re: [Qemu-devel] [PATCH v0 1/3] qcow2: introduce compression type feature
Next by thread: [Qemu-devel] PATCH RISU
Index(es):
- Date
- Thread