Segfault in memory_region_dispatch_write()
Firstly apologies that this isn't a great bug report, I'm off on vacation shortly but thought better to get something in first. Error messages etc copy typed so may be typos.
Does not show up with smp=1
Host environment
- Operating system: WSL2 Ubuntu
- OS/kernel version: 5.10.102.1-micrsoft-standard-WSL2
- Architecture: x86_64
- QEMU flavor: qemu/master TCG
- QEMU version: v8.1.0-rc3 (plus a bit though this persists from yesterday at least)
- QEMU command line:
qemu-system-x86_64 -M q35,cxl=off,sata=off,smbus=off -m 4g,maxmem=8G,slots=8, -cpu max -smp 4
-kernel bzImage -drive if=none,file=full.qcow2,format=qcow2,id=hd
-device ioh3420,id=root_port1 -devie virtio-blk-pci,drive=hd,bus=root_port1
-netdev user,id=myent,hostfwd=tcp:4443-:22 - device virtio-next-pci,netdev=mynet,id=bob
-nographic -no-reboot -apend 'earlycon console=ttyS0 root=/dev/vda1 fsck.mode=skip tp_printk'
-monitor telnet:127.0.0.1:1235,server,nowait
-object memory-backend-ram,size=4G,id=mem0
-serial mon:stdio
Emulated/Virtualized environment
- Operating system: ubuntu
- OS/kernel version: mainline kernel as of yesterday (6.5-rc5 + a bit, 374a7f47bf401)
- Architecture: x86_64 (arm64 is fine)
Description of problem
Several possible outcomes
- Kernel freeze and rcu lockup messages.
- segfault
For segfault, using gdb.
in memory_region_dispatch_write (mr=mr@entry=0x130013001300013, addr=addr@entry=176, data=dat@entry=0, op=op@entry=M0_42, attrs=...) at ../../softwmmu/memory.c:1515
1515 if (mr->alias) {
in memory_region_dispatch_write( .. as above...)
in io_writex(env=env@entry=0x555556a84320, full=full@entry=0x7ffda010f630, mmu_idx=mmu_idx@entry=0, val=0, addr=addr@entry=18446744073699049648, retaddr=retaddr@entry=140736023420498, op=MO_32) at ../../accel/tcg/cputlb.c:1448
in do_st_mmio_leN (env=env@entry=0x555556a84320, full=full@entry=0x7ffda010f630, val_le=<optmized out>, val_le@entry=0, addr=addr@entry=18446744073699049648, size=size@entry=4, mmu_idx=mmu_idx@entry=0, ra=140736023420498) at ../../accel/tcg/cputlb.c:2755
in do_st_4 (ra=<optmized_out>, memop=<optimized out> mmu_idx=0, val=0, p=0x7ffff529c140, env=0x555556a84320) at ../../accel/tcg/cputbl.c:2921
do_st4_mmu (env=0x555556a84320, addr=<optimized out> val=<optmized out>, oi=<otpmized out> ra=140736023420498) at ../../accel/tcg/cputlb.c:3006
in code_gen_buffer()
in cpu_tb_exec(..) //getting lazy on typing as seems unlikely anything useful beyond here.
in cpu_loop_exec_tb()
cpu_exec_loop
in cpu_exec_setjmp()
in cpu_exec()
in tcg_cpus_exec()
Steps to reproduce
- Boot.
- Use gdb to grab back trace after segfault.
Additional information
Seems to segfault mid way through PCI enumeration in the kernel. Which device seems to vary between runs.
Edited by Peter Maydell