[qemu-1.5] coroutine-win32.c broken on NULL pointer

Bug #1182490 reported by Cauchy Song
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
QEMU
Expired
Undecided
Unassigned

Bug Description

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 4340.0x163c]
qemu_coroutine_switch (action=COROUTINE_TERMINATE, to_=0x0, from_=0x3ba1c80)
    at /home/cauchy/vcs/git/qemu/coroutine-win32.c:47
(gdb) bt
#0 qemu_coroutine_switch (action=COROUTINE_TERMINATE, to_=0x0,
    from_=0x3ba1c80) at /home/cauchy/vcs/git/qemu/coroutine-win32.c:47
#1 coroutine_trampoline (co_=0x3ba1c80)
    at /home/cauchy/vcs/git/qemu/coroutine-win32.c:58
#2 0x0000000077098fed in ?? ()
#3 0x0000000000000000 in ?? ()
(gdb)
(gdb) info registers
rax 0x0 0
rbx 0x3ba1c80 62528640
rcx 0x0 0
rdx 0x0 0
rsi 0x770b28d0 1997220048
rdi 0x3ba1b38 62528312
rbp 0x0 0x0
rsp 0xc0bff60 0xc0bff60
r8 0x3184c0 3245248
r9 0x43e31a 4449050
r10 0x0 0
r11 0x206 518
r12 0x0 0
r13 0x0 0
r14 0x0 0
r15 0x0 0
rip 0x43e2cd 0x43e2cd <coroutine_trampoline+61>
eflags 0x10206 [ PF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
(gdb) disassemble
Dump of assembler code for function coroutine_trampoline:
   0x000000000043e290 <+0>: push %rdi
   0x000000000043e291 <+1>: push %rsi
   0x000000000043e292 <+2>: push %rbx
   0x000000000043e293 <+3>: sub $0x30,%rsp
   0x000000000043e297 <+7>: mov %rcx,%rbx
   0x000000000043e29a <+10>: lea 0x26dc1f(%rip),%rcx #
0x6abec0 <__emutls_v.current>
   0x000000000043e2a1 <+17>: mov 0x6868dd68(%rip),%rax # 0x68acc010
   0x000000000043e2a8 <+24>: mov %rax,0x28(%rsp)
   0x000000000043e2ad <+29>: xor %eax,%eax
   0x000000000043e2af <+31>: callq 0x695808 <__emutls_get_address>
   0x000000000043e2b4 <+36>: mov 0x9090d9(%rip),%rsi #
0xd47394 <__imp_SwitchToFiber>
   0x000000000043e2bb <+43>: mov %rax,%rdi
   0x000000000043e2be <+46>: xchg %ax,%ax
   0x000000000043e2c0 <+48>: mov 0x8(%rbx),%rcx
   0x000000000043e2c4 <+52>: callq *(%rbx)
   0x000000000043e2c6 <+54>: mov 0x10(%rbx),%rdx
   0x000000000043e2ca <+58>: mov %rdx,(%rdi)
=> 0x000000000043e2cd <+61>: movl $0x2,0x38(%rdx)
   0x000000000043e2d4 <+68>: mov 0x30(%rdx),%rcx
   0x000000000043e2d8 <+72>: callq *%rsi
   0x000000000043e2da <+74>: jmp 0x43e2c0 <coroutine_trampoline+48>
End of assembler dump.
(gdb)

From:

qemu_coroutine_switch (action=COROUTINE_TERMINATE, to_=0x0, from_=0x3ba1c80)
    at /home/cauchy/vcs/git/qemu/coroutine-win32.c:47

We can see qemu_coroutine_switch was call with to_=NULL, then crashed at line 47:

to->action = action;

Revision history for this message
Cauchy Song (cauchy-song) wrote :

git bisect start

git bisect bad HEAD
git bisect good v1.4.0

fde245ca7ea790495db370cd260259595dbdf874 bad NULL pointer
a4960ef34829c355fdf25b8ee6b869c92393e366 bad ld: undefined reference
b5a73f8d8a57e940f9bbeb399a9e47897522ee9a bad Kernel panic - not syncing: No init found
57eb0cc85469a8948d1036ab830951e63aa32f66 good
99e448006d9267d71c2e3a629b6e5d29ed67bb30 good
f708e736d0dafc05f8b7e9e73d6440c930b94686 good
962415fcd5f8223a6fbc6f7bb8c5fdf2500f2f84 good
ce1dd5d1bbb0a3769566cb6967714c8c8c97a815 bad Kernel panic - not syncing: No init found
c9f10124a2704b6bab21b31e79735b18d414a654 good Feb 19 23:52:08 2013
49b4c31efcce45ab714f286f14fa5d5173f9069d bad
e3482cb8063575f9fe0f39b701a4b6dc5a55c9cd good Feb 19 23:52:07 2013
49b4c31efcce45ab714f286f14fa5d5173f9069d is the first bad commit

Revision history for this message
Stefan Hajnoczi (stefanha) wrote : Re: [Qemu-devel] [Bug 1182490] [NEW] [qemu-1.5] coroutine-win32.c broken on NULL pointer

On Tue, May 21, 2013 at 02:11:05PM -0000, Cauchy Song wrote:
> Public bug reported:
>
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 4340.0x163c]
> qemu_coroutine_switch (action=COROUTINE_TERMINATE, to_=0x0, from_=0x3ba1c80)
> at /home/cauchy/vcs/git/qemu/coroutine-win32.c:47
> (gdb) bt
> #0 qemu_coroutine_switch (action=COROUTINE_TERMINATE, to_=0x0,
> from_=0x3ba1c80) at /home/cauchy/vcs/git/qemu/coroutine-win32.c:47
> #1 coroutine_trampoline (co_=0x3ba1c80)
> at /home/cauchy/vcs/git/qemu/coroutine-win32.c:58
> #2 0x0000000077098fed in ?? ()
> #3 0x0000000000000000 in ?? ()

What is the command-line?

How do you reproduce the crash?

Stefan

Thomas Huth (th-huth)
Changed in qemu:
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for QEMU because there has been no activity for 60 days.]

Changed in qemu:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers