QEMU

[qemu-1.5] coroutine-win32.c broken on NULL pointer

Bug #1182490 reported by Cauchy Song
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
QEMU
Expired
Undecided
Unassigned

Bug Description

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 4340.0x163c]
qemu_coroutine_switch (action=COROUTINE_TERMINATE, to_=0x0, from_=0x3ba1c80)
    at /home/cauchy/vcs/git/qemu/coroutine-win32.c:47
(gdb) bt
#0 qemu_coroutine_switch (action=COROUTINE_TERMINATE, to_=0x0,
    from_=0x3ba1c80) at /home/cauchy/vcs/git/qemu/coroutine-win32.c:47
#1 coroutine_trampoline (co_=0x3ba1c80)
    at /home/cauchy/vcs/git/qemu/coroutine-win32.c:58
#2 0x0000000077098fed in ?? ()
#3 0x0000000000000000 in ?? ()
(gdb)
(gdb) info registers
rax 0x0 0
rbx 0x3ba1c80 62528640
rcx 0x0 0
rdx 0x0 0
rsi 0x770b28d0 1997220048
rdi 0x3ba1b38 62528312
rbp 0x0 0x0
rsp 0xc0bff60 0xc0bff60
r8 0x3184c0 3245248
r9 0x43e31a 4449050
r10 0x0 0
r11 0x206 518
r12 0x0 0
r13 0x0 0
r14 0x0 0
r15 0x0 0
rip 0x43e2cd 0x43e2cd <coroutine_trampoline+61>
eflags 0x10206 [ PF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
(gdb) disassemble
Dump of assembler code for function coroutine_trampoline:
   0x000000000043e290 <+0>: push %rdi
   0x000000000043e291 <+1>: push %rsi
   0x000000000043e292 <+2>: push %rbx
   0x000000000043e293 <+3>: sub $0x30,%rsp
   0x000000000043e297 <+7>: mov %rcx,%rbx
   0x000000000043e29a <+10>: lea 0x26dc1f(%rip),%rcx #
0x6abec0 <__emutls_v.current>
   0x000000000043e2a1 <+17>: mov 0x6868dd68(%rip),%rax # 0x68acc010
   0x000000000043e2a8 <+24>: mov %rax,0x28(%rsp)
   0x000000000043e2ad <+29>: xor %eax,%eax
   0x000000000043e2af <+31>: callq 0x695808 <__emutls_get_address>
   0x000000000043e2b4 <+36>: mov 0x9090d9(%rip),%rsi #
0xd47394 <__imp_SwitchToFiber>
   0x000000000043e2bb <+43>: mov %rax,%rdi
   0x000000000043e2be <+46>: xchg %ax,%ax
   0x000000000043e2c0 <+48>: mov 0x8(%rbx),%rcx
   0x000000000043e2c4 <+52>: callq *(%rbx)
   0x000000000043e2c6 <+54>: mov 0x10(%rbx),%rdx
   0x000000000043e2ca <+58>: mov %rdx,(%rdi)
=> 0x000000000043e2cd <+61>: movl $0x2,0x38(%rdx)
   0x000000000043e2d4 <+68>: mov 0x30(%rdx),%rcx
   0x000000000043e2d8 <+72>: callq *%rsi
   0x000000000043e2da <+74>: jmp 0x43e2c0 <coroutine_trampoline+48>
End of assembler dump.
(gdb)

From:

qemu_coroutine_switch (action=COROUTINE_TERMINATE, to_=0x0, from_=0x3ba1c80)
    at /home/cauchy/vcs/git/qemu/coroutine-win32.c:47

We can see qemu_coroutine_switch was call with to_=NULL, then crashed at line 47:

to->action = action;

Revision history for this message
Cauchy Song (cauchy-song) wrote :

git bisect start

git bisect bad HEAD
git bisect good v1.4.0

fde245ca7ea790495db370cd260259595dbdf874 bad NULL pointer
a4960ef34829c355fdf25b8ee6b869c92393e366 bad ld: undefined reference
b5a73f8d8a57e940f9bbeb399a9e47897522ee9a bad Kernel panic - not syncing: No init found
57eb0cc85469a8948d1036ab830951e63aa32f66 good
99e448006d9267d71c2e3a629b6e5d29ed67bb30 good
f708e736d0dafc05f8b7e9e73d6440c930b94686 good
962415fcd5f8223a6fbc6f7bb8c5fdf2500f2f84 good
ce1dd5d1bbb0a3769566cb6967714c8c8c97a815 bad Kernel panic - not syncing: No init found
c9f10124a2704b6bab21b31e79735b18d414a654 good Feb 19 23:52:08 2013
49b4c31efcce45ab714f286f14fa5d5173f9069d bad
e3482cb8063575f9fe0f39b701a4b6dc5a55c9cd good Feb 19 23:52:07 2013
49b4c31efcce45ab714f286f14fa5d5173f9069d is the first bad commit

Revision history for this message
Stefan Hajnoczi (stefanha) wrote : Re: [Qemu-devel] [Bug 1182490] [NEW] [qemu-1.5] coroutine-win32.c broken on NULL pointer

On Tue, May 21, 2013 at 02:11:05PM -0000, Cauchy Song wrote:
> Public bug reported:
>
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 4340.0x163c]
> qemu_coroutine_switch (action=COROUTINE_TERMINATE, to_=0x0, from_=0x3ba1c80)
> at /home/cauchy/vcs/git/qemu/coroutine-win32.c:47
> (gdb) bt
> #0 qemu_coroutine_switch (action=COROUTINE_TERMINATE, to_=0x0,
> from_=0x3ba1c80) at /home/cauchy/vcs/git/qemu/coroutine-win32.c:47
> #1 coroutine_trampoline (co_=0x3ba1c80)
> at /home/cauchy/vcs/git/qemu/coroutine-win32.c:58
> #2 0x0000000077098fed in ?? ()
> #3 0x0000000000000000 in ?? ()

What is the command-line?

How do you reproduce the crash?

Stefan

Thomas Huth (th-huth)
Changed in qemu:
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for QEMU because there has been no activity for 60 days.]

Changed in qemu:
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.