[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug 1896317] Re: ioapic: UndefinedBehaviorSanitizer starting qemu-syste
|
From: |
Peter Xu |
|
Subject: |
[Bug 1896317] Re: ioapic: UndefinedBehaviorSanitizer starting qemu-system-i386 |
|
Date: |
Thu, 24 Sep 2020 02:06:18 -0000 |
I cannot reproduce locally with 053a4177817... What could I have
missed?
It's kind of odd - For i386, ioapic_as should be set in
../softmmu/vl.c:4355 in pc_memory_init().
The failure triggered at qemu_init softmmu/vl.c:4458:5, which is later.
However I don't see any place that ioapic_as can be cleared, yet.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1896317
Title:
ioapic: UndefinedBehaviorSanitizer starting qemu-system-i386
Status in QEMU:
New
Bug description:
As of commit 053a4177817:
$ ./configure --enable-sanitizers --disable-kvm
$ make qemu-system-i386
$ ./build/i386-softmmu/qemu-system-i386
include/exec/memory.h:688:12: runtime error: member access within null
pointer of type 'AddressSpace' (aka 'struct AddressSpace')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior
include/exec/memory.h:688:12 in
AddressSanitizer:DEADLYSIGNAL
=================================================================
==249513==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000020 (pc
0x55955d7f8c4f bp 0x7fff10f3cff0 sp 0x7fff10f3cf20 T0)
==249513==The signal is caused by a READ memory access.
==249513==Hint: address points to the zero page.
#0 0x55955d7f8c4f in address_space_to_flatview
include/exec/memory.h:688:12
#1 0x55955d8003d2 in address_space_translate include/exec/memory.h:2286:31
#2 0x55955d8315f3 in address_space_stl_internal memory_ldst.c.inc:312:10
#3 0x55955d831cd1 in address_space_stl_le memory_ldst.c.inc:353:5
#4 0x55955d7ef2e1 in stl_le_phys include/exec/memory_ldst_phys.h.inc:103:5
#5 0x55955d7ed299 in ioapic_service hw/intc/ioapic.c:138:17
#6 0x55955d7f0e30 in ioapic_set_irq hw/intc/ioapic.c:186:17
#7 0x55955e34b825 in qemu_set_irq hw/core/irq.c:45:5
#8 0x55955d0409e6 in gsi_handler hw/i386/x86.c:583:5
#9 0x55955e34b825 in qemu_set_irq hw/core/irq.c:45:5
#10 0x55955ca539c9 in hpet_handle_legacy_irq hw/timer/hpet.c:724:13
#11 0x55955e34b825 in qemu_set_irq hw/core/irq.c:45:5
#12 0x55955ce7a695 in pit_irq_timer_update hw/timer/i8254.c:264:5
#13 0x55955ce7a1d8 in pit_irq_control hw/timer/i8254.c:306:9
#14 0x55955e34b825 in qemu_set_irq hw/core/irq.c:45:5
#15 0x55955ca52276 in hpet_reset hw/timer/hpet.c:707:5
#16 0x55955e342e91 in device_transitional_reset hw/core/qdev.c:1114:9
#17 0x55955e345cfc in resettable_phase_hold hw/core/resettable.c:182:13
#18 0x55955e31c1e5 in bus_reset_child_foreach hw/core/bus.c:94:9
#19 0x55955e348a58 in resettable_child_foreach hw/core/resettable.c:96:9
#20 0x55955e34596f in resettable_phase_hold hw/core/resettable.c:173:5
#21 0x55955e344a72 in resettable_assert_reset hw/core/resettable.c:60:5
#22 0x55955e344919 in resettable_reset hw/core/resettable.c:45:5
#23 0x55955e3473e9 in resettable_cold_reset_fn hw/core/resettable.c:269:5
#24 0x55955e344898 in qemu_devices_reset hw/core/reset.c:69:9
#25 0x55955d05c5b0 in pc_machine_reset hw/i386/pc.c:1632:5
#26 0x55955d55ab84 in qemu_system_reset softmmu/vl.c:1403:9
#27 0x55955d56816d in qemu_init softmmu/vl.c:4458:5
#28 0x55955bc13609 in main softmmu/main.c:49:5
#29 0x7f3baad20041 in __libc_start_main (/lib64/libc.so.6+0x27041)
#30 0x55955bb398ed in _start (build-sanitizer/qemu-system-i386+0x1b3d8ed)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV include/exec/memory.h:688:12 in
address_space_to_flatview
Comment and stl_le_phys() added in commit cb135f59b80:
/* No matter whether IR is enabled, we translate
* the IOAPIC message into a MSI one, and its
* address space will decide whether we need a
* translation. */
stl_le_phys(ioapic_as, info.addr, info.data);
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1896317/+subscriptions