[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] Bug report
|
From: |
J. Mayer |
|
Subject: |
[Qemu-devel] Bug report |
|
Date: |
Sun, 11 Apr 2004 17:04:42 +0200 |
I just had a SIGSEGV, running qemu under gdb on my PC. Here's the case:
we enter tb_link_phys with phys_pc == 0
Then, we crash in tb_alloc_page because the PageDesc returned by
page_find is NULL.
So, dereferencing this pointer, we get a segfault:
p = page_find(page_addr >> TARGET_PAGE_BITS);
tb->page_next[n] = p->first_tb;
^^^^^^
You'll find useful informations in gdb output, attached.
--
J. Mayer <address@hidden>
Never organized
(qemu)
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 27064)]
tb_link_phys (tb=0x83ff094, phys_pc=0, phys_page2=4294967295)
at /home/jocelyn/devel/ppc_emul/qemu-newCVS/qemu/exec.c:694
694 tb->page_next[n] = p->first_tb;
(gdb) bt
#0 tb_link_phys (tb=0x83ff094, phys_pc=0, phys_page2=4294967295)
at /home/jocelyn/devel/ppc_emul/qemu-newCVS/qemu/exec.c:694
#1 0x0806a38c in cpu_ppc_exec (env1=0x8f007c0)
at /home/jocelyn/devel/ppc_emul/qemu-newCVS/qemu/cpu-exec.c:346
#2 0x0804b839 in main_loop ()
at /home/jocelyn/devel/ppc_emul/qemu-newCVS/qemu/vl.c:1528
#3 0x0804c453 in main (argc=134526736, argv=0xbffff124)
at /home/jocelyn/devel/ppc_emul/qemu-newCVS/qemu/vl.c:2170
(gdb) p tb
= (TranslationBlock *) 0x83ff094
(gdb) p/x *tb
= {pc = 0x7ffff660, cs_base = 0x0, flags = 0x0, size = 0x4, cflags = 0x0,
tc_ptr = 0x8de24c0, hash_next = 0x0, phys_hash_next = 0x83919d8,
page_next = {0x0, 0x0}, page_addr = {0x37962000, 0x0}, tb_next_offset = {
0xffff, 0xffff}, tb_jmp_offset = {0x0, 0x0, 0xffff, 0xffff}, jmp_next = {
0x0, 0x0}, jmp_first = 0x0}
(gdb) p/x l1_map[0]
= 0x8f18b10
(gdb) p/x *l1_map[0]
= {phys_offset = 0x0, first_tb = 0x83ff050, code_write_count = 0x0,
code_bitmap = 0x0}
(gdb) info registers
eax 0x0 0
ecx 0x83919d8 137959896
edx 0x37962 227682
ebx 0x0 0
esp 0xbfffdc50 0xbfffdc50
ebp 0x8f007c0 0x8f007c0
esi 0x83ff094 138408084
edi 0xffffffff -1
eip 0x8060886 0x8060886
eflags 0x10246 66118
cs 0x73 115
ss 0x7b 123
ds 0x7b 123
es 0x7b 123
fs 0x0 0
gs 0x7 7
(gdb) disas
Dump of assembler code for function tb_link_phys:
0x08060830 <tb_link_phys+0>: push %ebp
0x08060831 <tb_link_phys+1>: push %edi
0x08060832 <tb_link_phys+2>: push %esi
0x08060833 <tb_link_phys+3>: push %ebx
0x08060834 <tb_link_phys+4>: sub bashxc,%esp
0x08060837 <tb_link_phys+7>: xor %ebx,%ebx
0x08060839 <tb_link_phys+9>: mov 0x24(%esp,1),%eax
0x0806083d <tb_link_phys+13>: mov 0x20(%esp,1),%esi
0x08060841 <tb_link_phys+17>: mov 0x28(%esp,1),%edi
0x08060845 <tb_link_phys+21>: mov %eax,%edx
0x08060847 <tb_link_phys+23>: and bashx7fff,%edx
0x0806084d <tb_link_phys+29>: and bashxfffff000,%eax
0x08060852 <tb_link_phys+34>: mov %eax,0x24(%esi)
0x08060855 <tb_link_phys+37>: shl bashx2,%edx
0x08060858 <tb_link_phys+40>: mov 0x8278780(%edx),%ecx
0x0806085e <tb_link_phys+46>: mov %ecx,0x18(%esi)
0x08060861 <tb_link_phys+49>: mov %esi,0x8278780(%edx)
0x08060867 <tb_link_phys+55>: mov %eax,%edx
0x08060869 <tb_link_phys+57>: shr bashx16,%eax
0x0806086c <tb_link_phys+60>: mov 0x80a55a0(,%eax,4),%eax
0x08060873 <tb_link_phys+67>: shr bashxc,%edx
0x08060876 <tb_link_phys+70>: test %eax,%eax
0x08060878 <tb_link_phys+72>: je 0x8060886 <tb_link_phys+86>
0x0806087a <tb_link_phys+74>: and bashx3ff,%edx
0x08060880 <tb_link_phys+80>: shl bashx4,%edx
0x08060883 <tb_link_phys+83>: lea (%edx,%eax,1),%ebx
0x08060886 <tb_link_phys+86>: mov 0x4(%ebx),%edx
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-devel] Bug report,
J. Mayer <=