[Qemu-devel] [Bug 1785203] [NEW] accel/tcg/translate-all.c:2511: page

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [Bug 1785203] [NEW] accel/tcg/translate-all.c:2511: page_ch

From:	Serge Belyshev
Subject:	[Qemu-devel] [Bug 1785203] [NEW] accel/tcg/translate-all.c:2511: page_check_range: Assertion `start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)' failed.
Date:	Fri, 03 Aug 2018 09:42:27 -0000

Public bug reported:

qemu-riscv64 version 2.12.93 crashes when mincore() is called with
invalid pointer with the following message:

qemu-riscv64: /opt/qemu/accel/tcg/translate-all.c:2511: page_check_range: 
Assertion `start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)' failed.
qemu:handle_cpu_signal received signal outside vCPU context @ pc=0x600014ef

Testcase:

#include <sys/mman.h>

int main (void)
{
  unsigned char v;
  return mincore ((void *) 0x00000010000000000, 1, &v);
}

Backtrace:

#0  raise (address@hidden) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x000000006000140a in abort () at abort.c:79
#2  0x00000000600012ec in __assert_fail_base (
    fmt=0x6024eae8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", 
    assertion=0x601b9758 "start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)", 
    file=0x601b9658 "/opt/qemu/accel/tcg/translate-all.c", line=2511, 
    function=0x601b9810 <__PRETTY_FUNCTION__.23867> "page_check_range") at 
assert.c:92
#3  0x000000006010e10e in __assert_fail (
    address@hidden "start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)", 
address@hidden "/opt/qemu/accel/tcg/translate-all.c", address@hidden, 
    address@hidden <__PRETTY_FUNCTION__.23867> "page_check_range")
    at assert.c:101
#4  0x000000006003e916 in page_check_range (address@hidden, address@hidden, 
    address@hidden) at /opt/qemu/accel/tcg/translate-all.c:2511
#5  0x0000000060057717 in access_ok (size=1, addr=1099511627776, type=0)
    at /opt/qemu/linux-user/qemu.h:567
#6  lock_user (copy=0, len=1, guest_addr=1099511627776, type=0)
    at /opt/qemu/linux-user/qemu.h:567
#7  do_syscall (address@hidden, num=232, arg1=1099511627776, arg2=1, 
    arg3=274886298751, arg4=0, arg5=274886298808, arg6=66518, arg7=0, arg8=0)
    at /opt/qemu/linux-user/syscall.c:11635
#8  0x0000000060066c5c in cpu_loop (address@hidden)
    at /opt/qemu/linux-user/riscv/cpu_loop.c:55
#9  0x0000000060002156 in main (argc=<optimized out>, argv=0x7fffffffed68, 
    envp=<optimized out>) at /opt/qemu/linux-user/main.c:819

** Affects: qemu
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1785203

Title:
  accel/tcg/translate-all.c:2511: page_check_range: Assertion `start <
  ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)' failed.

Status in QEMU:
  New

Bug description:
  qemu-riscv64 version 2.12.93 crashes when mincore() is called with
  invalid pointer with the following message:

  qemu-riscv64: /opt/qemu/accel/tcg/translate-all.c:2511: page_check_range: 
Assertion `start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)' failed.
  qemu:handle_cpu_signal received signal outside vCPU context @ pc=0x600014ef

  Testcase:

  #include <sys/mman.h>

  int main (void)
  {
    unsigned char v;
    return mincore ((void *) 0x00000010000000000, 1, &v);
  }

  Backtrace:

  #0  raise (address@hidden) at ../sysdeps/unix/sysv/linux/raise.c:50
  #1  0x000000006000140a in abort () at abort.c:79
  #2  0x00000000600012ec in __assert_fail_base (
      fmt=0x6024eae8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", 
      assertion=0x601b9758 "start < ((target_ulong)1 << 
L1_MAP_ADDR_SPACE_BITS)", 
      file=0x601b9658 "/opt/qemu/accel/tcg/translate-all.c", line=2511, 
      function=0x601b9810 <__PRETTY_FUNCTION__.23867> "page_check_range") at 
assert.c:92
  #3  0x000000006010e10e in __assert_fail (
      address@hidden "start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)", 
address@hidden "/opt/qemu/accel/tcg/translate-all.c", address@hidden, 
      address@hidden <__PRETTY_FUNCTION__.23867> "page_check_range")
      at assert.c:101
  #4  0x000000006003e916 in page_check_range (address@hidden, address@hidden, 
      address@hidden) at /opt/qemu/accel/tcg/translate-all.c:2511
  #5  0x0000000060057717 in access_ok (size=1, addr=1099511627776, type=0)
      at /opt/qemu/linux-user/qemu.h:567
  #6  lock_user (copy=0, len=1, guest_addr=1099511627776, type=0)
      at /opt/qemu/linux-user/qemu.h:567
  #7  do_syscall (address@hidden, num=232, arg1=1099511627776, arg2=1, 
      arg3=274886298751, arg4=0, arg5=274886298808, arg6=66518, arg7=0, arg8=0)
      at /opt/qemu/linux-user/syscall.c:11635
  #8  0x0000000060066c5c in cpu_loop (address@hidden)
      at /opt/qemu/linux-user/riscv/cpu_loop.c:55
  #9  0x0000000060002156 in main (argc=<optimized out>, argv=0x7fffffffed68, 
      envp=<optimized out>) at /opt/qemu/linux-user/main.c:819

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1785203/+subscriptions

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [Bug 1785203] [NEW] accel/tcg/translate-all.c:2511: page_check_range: Assertion `start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)' failed., Serge Belyshev <=

Prev by Date: Re: [Qemu-devel] [PATCH v2 2/2] hw/arm: Add Arm Enterprise machine type
Next by Date: Re: [Qemu-devel] [PATCH v2 2/2] hw/arm: Add Arm Enterprise machine type
Previous by thread: [Qemu-devel] [Bug 1785197] [NEW] qemu 2.12.0 crash during install windows 10 with vga
Next by thread: [Qemu-devel] [PATCH] hw/intc/apic: Switch away from old_mmio
Index(es):
- Date
- Thread