QEMU

Bug #1785197
Comment #2

Comment 2 for bug 1785197

Revision history for this message

changlimin (changlimin) wrote on 2018-08-04:

1. Add breakpoint at vga.c:790 s->vbe_regs[VBE_DISPI_INDEX_ENABLE] = val;

(gdb) b vga.c:790
Breakpoint 2 at 0x56100ad10521: file /qemu-2.12/hw/display/vga.c, line 790.

(gdb) c
Continuing.

2. When breakpoint is hited , val is 0

Thread 5 "CPU 1/KVM" hit Breakpoint 2, vbe_ioport_write_data (opaque=0x56100e6e7b30, addr=<optimized out>, val=0) at /qemu-2.12/hw/display/vga.c:790

(gdb) bt
#0 vbe_ioport_write_data (opaque=0x56100e6e7b30, addr=<optimized out>, val=0) at /qemu-2.12/hw/display/vga.c:790
#1 0x000056100ace521b in memory_region_write_accessor (mr=0x56100e74e590, addr=1, value=<optimized out>, size=2, shift=<optimized out>, mask=<optimized out>, attrs=...)
    at /qemu-2.12/memory.c:530
#2 0x000056100ace266e in access_with_adjusted_size (addr=addr@entry=1, value=value@entry=0x7fb2aeffc9a8, size=size@entry=2, access_size_min=<optimized out>, access_size_max=<optimized out>,
    access_fn=0x56100ace51a0 <memory_region_write_accessor>, mr=0x56100e74e590, attrs=...) at /qemu-2.12/memory.c:597
#3 0x000056100ace72ca in memory_region_dispatch_write (mr=mr@entry=0x56100e74e590, addr=1, data=<optimized out>, size=size@entry=2, attrs=attrs@entry=...)
    at /qemu-2.12/memory.c:1487
#4 0x000056100ac85807 in flatview_write_continue (mr=0x56100e74e590, l=<optimized out>, addr1=<optimized out>, len=2, buf=0x7fb2bf3e2000 "", attrs=..., addr=463, fv=0x7fb2a458fea0)
    at /qemu-2.12/exec.c:3166
#5 flatview_write (fv=0x7fb2a458fea0, addr=<optimized out>, attrs=..., buf=<optimized out>, len=<optimized out>) at /qemu-2.12/exec.c:3216
#6 0x000056100ac8a2af in address_space_write (as=<optimized out>, addr=<optimized out>, attrs=..., buf=<optimized out>, len=<optimized out>)
    at /qemu-2.12/exec.c:3332
#7 0x000056100ac8a345 in address_space_rw (as=<optimized out>, addr=addr@entry=463, attrs=..., attrs@entry=..., buf=buf@entry=0x7fb2bf3e2000 "", len=len@entry=2, is_write=is_write@entry=true)
    at /qemu-2.12/exec.c:3343
#8 0x000056100acf66f2 in kvm_handle_io (count=1, size=2, direction=<optimized out>, data=<optimized out>, attrs=..., port=463)
    at /qemu-2.12/accel/kvm/kvm-all.c:1730
#9 kvm_cpu_exec (cpu=cpu@entry=0x56100cecc810) at /qemu-2.12/accel/kvm/kvm-all.c:1970
#10 0x000056100acd0ab6 in qemu_kvm_cpu_thread_fn (arg=0x56100cecc810) at /qemu-2.12/cpus.c:1229
#11 0x00007fb2bc1dc184 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#12 0x00007fb2bbf09bed in clone () from /lib/x86_64-linux-gnu/libc.so.6

(gdb) c
Continuing.

3. size is 0, region_start is identical to region_end

Thread 1 "kvm" hit Breakpoint 1, memory_region_snapshot_and_clear_dirty (mr=mr@entry=0x56100e6e7b40, addr=addr@entry=0, size=size@entry=0, client=client@entry=0)
at /qemu-2.12/memory.c:1986

(gdb) c
Continuing.

4. Abort

Thread 1 "kvm" received signal SIGABRT, Aborted.
0x00007fb2bbe42c37 in raise () from /lib/x86_64-linux-gnu/libc.so.6

(gdb) bt
#0 0x00007fb2bbe42c37 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007fb2bbe46028 in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007fb2bbe3bbf6 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#3 0x00007fb2bbe3bca2 in __assert_fail () from /lib/x86_64-linux-gnu/libc.so.6
#4 0x000056100ac86641 in cpu_physical_memory_snapshot_get_dirty (snap=snap@entry=0x56100d6b0de0, start=<optimized out>, length=<optimized out>)
at /qemu-2.12/exec.c:1264
#5 0x000056100ace84de in memory_region_snapshot_get_dirty (mr=mr@entry=0x56100e6e7b40, snap=snap@entry=0x56100d6b0de0, addr=<optimized out>, size=<optimized out>)
at /qemu-2.12/memory.c:1997
#6 0x000056100ad122a4 in vga_draw_graphic (full_update=0, s=0x56100e6e7b30) at /qemu-2.12/hw/display/vga.c:1671
#7 vga_update_display (opaque=0x56100e6e7b30) at /qemu-2.12/hw/display/vga.c:1767
#8 0x000056100af96a8f in qemu_spice_display_refresh (ssd=0x56100e6e7760) at /qemu-2.12/ui/spice-display.c:478
#9 0x000056100af8bd72 in dpy_refresh (s=0x56100e81f0b0) at /qemu-2.12/ui/console.c:1629
#10 gui_update (opaque=0x56100e81f0b0) at /qemu-2.12/ui/console.c:203
#11 0x000056100b09033c in timerlist_run_timers (timer_list=0x56100cdf1c60) at /qemu-2.12/util/qemu-timer.c:536
#12 0x000056100b0905a3 in qemu_clock_run_timers (type=QEMU_CLOCK_REALTIME) at /qemu-2.12/util/qemu-timer.c:547
#13 qemu_clock_run_all_timers () at /qemu-2.12/util/qemu-timer.c:674
#14 0x000056100b090aa4 in main_loop_wait (nonblocking=<optimized out>) at /qemu-2.12/util/main-loop.c:528
#15 0x000056100ac7ff8a in main_loop () at /qemu-2.12/vl.c:1973
#16 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /qemu-2.12/vl.c:4804

5. When guest vga driver set the s->vbe_regs[VBE_DISPI_INDEX_ENABLE] to 0, then if the vga_draw_graphic be called , the qemu crash.

1. Add breakpoint at vga.c:790 s->vbe_regs[VBE_DISPI_INDEX_ENABLE] = val;

(gdb) b vga.c:790
Breakpoint 2 at 0x56100ad10521: file /qemu-2.12/hw/display/vga.c, line 790.

(gdb) c
Continuing.

2. When breakpoint is hited , val is 0

Thread 5 "CPU 1/KVM" hit Breakpoint 2, vbe_ioport_write_data (opaque=0x56100e6e7b30, addr=<optimized out>, val=0) at /qemu-2.12/hw/display/vga.c:790

(gdb) bt
#0  vbe_ioport_write_data (opaque=0x56100e6e7b30, addr=<optimized out>, val=0) at /qemu-2.12/hw/display/vga.c:790
#1  0x000056100ace521b in memory_region_write_accessor (mr=0x56100e74e590, addr=1, value=<optimized out>, size=2, shift=<optimized out>, mask=<optimized out>, attrs=...)
    at /qemu-2.12/memory.c:530
#2  0x000056100ace266e in access_with_adjusted_size (addr=addr@entry=1, value=value@entry=0x7fb2aeffc9a8, size=size@entry=2, access_size_min=<optimized out>, access_size_max=<optimized out>,
    access_fn=0x56100ace51a0 <memory_region_write_accessor>, mr=0x56100e74e590, attrs=...) at /qemu-2.12/memory.c:597
#3  0x000056100ace72ca in memory_region_dispatch_write (mr=mr@entry=0x56100e74e590, addr=1, data=<optimized out>, size=size@entry=2, attrs=attrs@entry=...)
    at /qemu-2.12/memory.c:1487
#4  0x000056100ac85807 in flatview_write_continue (mr=0x56100e74e590, l=<optimized out>, addr1=<optimized out>, len=2, buf=0x7fb2bf3e2000 "", attrs=..., addr=463, fv=0x7fb2a458fea0)
    at /qemu-2.12/exec.c:3166
#5  flatview_write (fv=0x7fb2a458fea0, addr=<optimized out>, attrs=..., buf=<optimized out>, len=<optimized out>) at /qemu-2.12/exec.c:3216
#6  0x000056100ac8a2af in address_space_write (as=<optimized out>, addr=<optimized out>, attrs=..., buf=<optimized out>, len=<optimized out>)
    at /qemu-2.12/exec.c:3332
#7  0x000056100ac8a345 in address_space_rw (as=<optimized out>, addr=addr@entry=463, attrs=..., attrs@entry=..., buf=buf@entry=0x7fb2bf3e2000 "", len=len@entry=2, is_write=is_write@entry=true)
    at /qemu-2.12/exec.c:3343
#8  0x000056100acf66f2 in kvm_handle_io (count=1, size=2, direction=<optimized out>, data=<optimized out>, attrs=..., port=463)
    at /qemu-2.12/accel/kvm/kvm-all.c:1730
#9  kvm_cpu_exec (cpu=cpu@entry=0x56100cecc810) at /qemu-2.12/accel/kvm/kvm-all.c:1970
#10 0x000056100acd0ab6 in qemu_kvm_cpu_thread_fn (arg=0x56100cecc810) at /qemu-2.12/cpus.c:1229
#11 0x00007fb2bc1dc184 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#12 0x00007fb2bbf09bed in clone () from /lib/x86_64-linux-gnu/libc.so.6

(gdb) c
Continuing.

3. size is 0, region_start is identical to region_end

Thread 1 "kvm" hit Breakpoint 1, memory_region_snapshot_and_clear_dirty (mr=mr@entry=0x56100e6e7b40, addr=addr@entry=0, size=size@entry=0, client=client@entry=0)
    at /qemu-2.12/memory.c:1986

(gdb) c
Continuing.

4. Abort

Thread 1 "kvm" received signal SIGABRT, Aborted.
0x00007fb2bbe42c37 in raise () from /lib/x86_64-linux-gnu/libc.so.6

(gdb) bt
#0  0x00007fb2bbe42c37 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007fb2bbe46028 in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x00007fb2bbe3bbf6 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#3  0x00007fb2bbe3bca2 in __assert_fail () from /lib/x86_64-linux-gnu/libc.so.6
#4  0x000056100ac86641 in cpu_physical_memory_snapshot_get_dirty (snap=snap@entry=0x56100d6b0de0, start=<optimized out>, length=<optimized out>)
    at /qemu-2.12/exec.c:1264
#5  0x000056100ace84de in memory_region_snapshot_get_dirty (mr=mr@entry=0x56100e6e7b40, snap=snap@entry=0x56100d6b0de0, addr=<optimized out>, size=<optimized out>)
    at /qemu-2.12/memory.c:1997
#6  0x000056100ad122a4 in vga_draw_graphic (full_update=0, s=0x56100e6e7b30) at /qemu-2.12/hw/display/vga.c:1671
#7  vga_update_display (opaque=0x56100e6e7b30) at /qemu-2.12/hw/display/vga.c:1767
#8  0x000056100af96a8f in qemu_spice_display_refresh (ssd=0x56100e6e7760) at /qemu-2.12/ui/spice-display.c:478
#9  0x000056100af8bd72 in dpy_refresh (s=0x56100e81f0b0) at /qemu-2.12/ui/console.c:1629
#10 gui_update (opaque=0x56100e81f0b0) at /qemu-2.12/ui/console.c:203
#11 0x000056100b09033c in timerlist_run_timers (timer_list=0x56100cdf1c60) at /qemu-2.12/util/qemu-timer.c:536
#12 0x000056100b0905a3 in qemu_clock_run_timers (type=QEMU_CLOCK_REALTIME) at /qemu-2.12/util/qemu-timer.c:547
#13 qemu_clock_run_all_timers () at /qemu-2.12/util/qemu-timer.c:674
#14 0x000056100b090aa4 in main_loop_wait (nonblocking=<optimized out>) at /qemu-2.12/util/main-loop.c:528
#15 0x000056100ac7ff8a in main_loop () at /qemu-2.12/vl.c:1973
#16 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /qemu-2.12/vl.c:4804

5. When guest vga driver set the s->vbe_regs[VBE_DISPI_INDEX_ENABLE] to 0, then if the vga_draw_graphic be called , the qemu crash.