summary refs log tree commit diff stats
path: root/results/classifier/105/other/2489
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/105/other/2489')
-rw-r--r--results/classifier/105/other/2489105
1 files changed, 105 insertions, 0 deletions
diff --git a/results/classifier/105/other/2489 b/results/classifier/105/other/2489
new file mode 100644
index 00000000..217bd97e
--- /dev/null
+++ b/results/classifier/105/other/2489
@@ -0,0 +1,105 @@
+other: 0.881
+graphic: 0.782
+device: 0.757
+socket: 0.736
+semantic: 0.727
+KVM: 0.725
+instruction: 0.724
+vnc: 0.686
+assembly: 0.676
+boot: 0.622
+mistranslation: 0.621
+network: 0.571
+
+qemu-system-x86_64 TCG coredumps when using qemu_plugin_register_vcpu_mem_cb
+Description of problem:
+QEMU freezes, then exits with `Segmentation fault (core dumped)`.
+Steps to reproduce:
+1. Install Windows 7 SP1 into `disk.qcow2`.
+2. Start the machine, and use `savevm snapshot` at the login screen, then exit.
+3. `./qemu-system-x86_64 -m 1G -M q35 -drive file=disk.qcow2 -nic none -loadvm snapshot -plugin contrib/plugins/libexeclog.so`
+Additional information:
+QEMU runs normally without the plugin.
+
+This bug can also be reproduced with a simpler plugin just calling `qemu_plugin_register_vcpu_mem_cb` once per instruction:
+[minimal_plugin.diff](/uploads/6e6c1af21df90379e726e693a53f7b8f/minimal_plugin.diff).
+
+Log using `-d op,in_asm,out_asm,plugin -D log`: [log.gz](/uploads/ccfd26c4845422d63f72a357f8fc1137/log.gz)
+
+GDB full backtrace:
+```
+(gdb) bt f
+#0  stw_he_p (v=0, ptr=0x2) at /REDACTED/qemu/include/qemu/bswap.h:265
+No locals.
+#1  stw_le_p (v=0, ptr=0x2) at /REDACTED/qemu/include/qemu/bswap.h:319
+No locals.
+#2  access_stw (ac=ac@entry=0x7f1652dfec70, addr=addr@entry=18446735827410705922, val=val@entry=0) at ../target/i386/tcg/access.c:143
+        p = 0x2
+#3  0x000055dfca88534e in do_xsave_fpu (ac=ac@entry=0x7f1652dfec70, ptr=ptr@entry=18446735827410705920) at ../target/i386/tcg/fpu_helper.c:2537
+        env = 0x55dff34fe630
+        fpus = 0
+        fptag = <optimized out>
+        i = <optimized out>
+        addr = <optimized out>
+#4  0x000055dfca88caf8 in do_fxsave (ptr=18446735827410705920, ac=0x7f1652dfec70) at ../target/i386/tcg/fpu_helper.c:2632
+        env = 0x55dff34fe630
+        env = <optimized out>
+#5  helper_fxsave (env=<optimized out>, ptr=18446735827410705920) at ../target/i386/tcg/fpu_helper.c:2656
+        ra = <optimized out>
+        ac = {vaddr = 18446735827410705920, haddr1 = 0x0, haddr2 = 0x0, size = 512, size1 = 512, mmu_idx = 4, env = 0x55dff34fe630, 
+          ra = 139732667533971}
+#6  0x00007f160c030a93 in code_gen_buffer ()
+No locals.
+#7  0x000055dfca979986 in cpu_tb_exec (cpu=cpu@entry=0x55dff34fbe70, itb=itb@entry=0x7f160c030940 <code_gen_buffer+198931>, 
+    tb_exit=tb_exit@entry=0x7f1652dff228) at ../accel/tcg/cpu-exec.c:458
+        ret = <optimized out>
+        last_tb = <optimized out>
+        tb_ptr = 0x7f160c030a00 <code_gen_buffer+199123>
+        __PRETTY_FUNCTION__ = "cpu_tb_exec"
+#8  0x000055dfca979edd in cpu_loop_exec_tb (tb_exit=0x7f1652dff228, last_tb=<synthetic pointer>, pc=<optimized out>, 
+    tb=0x7f160c030940 <code_gen_buffer+198931>, cpu=0x55dff34fbe70) at ../accel/tcg/cpu-exec.c:908
+        insns_left = <optimized out>
+        __PRETTY_FUNCTION__ = "cpu_loop_exec_tb"
+        insns_left = <optimized out>
+        _a15 = <optimized out>
+        _b16 = <optimized out>
+#9  cpu_exec_loop (cpu=cpu@entry=0x55dff34fbe70, sc=sc@entry=0x7f1652dff2c0) at ../accel/tcg/cpu-exec.c:1022
+        tb = 0x7f160c030940 <code_gen_buffer+198931>
+        flags = <optimized out>
+        cflags = 4278321152
+        pc = <optimized out>
+        cs_base = <optimized out>
+        last_tb = <optimized out>
+        tb_exit = 1
+        ret = <optimized out>
+#10 0x000055dfca97a6fd in cpu_exec_setjmp (cpu=cpu@entry=0x55dff34fbe70, sc=sc@entry=0x7f1652dff2c0) at ../accel/tcg/cpu-exec.c:1039
+No locals.
+#11 0x000055dfca97ae79 in cpu_exec (cpu=cpu@entry=0x55dff34fbe70) at ../accel/tcg/cpu-exec.c:1065
+        ret = <optimized out>
+        sc = {diff_clk = 0, last_cpu_icount = 0, realtime_clock = 0}
+        _rcu_read_auto = 0x1
+#12 0x000055dfca9a35af in tcg_cpu_exec (cpu=cpu@entry=0x55dff34fbe70) at ../accel/tcg/tcg-accel-ops.c:78
+--Type <RET> for more, q to quit, c to continue without paging--c
+        ret = <optimized out>
+        __PRETTY_FUNCTION__ = "tcg_cpu_exec"
+#13 0x000055dfca9a3703 in mttcg_cpu_thread_fn (arg=arg@entry=0x55dff34fbe70) at ../accel/tcg/tcg-accel-ops-mttcg.c:95
+        r = <optimized out>
+        force_rcu = {notifier = {notify = 0x55dfca9a37f0 <mttcg_force_rcu>, node = {le_next = 0x0, le_prev = 0x7f1652e00528}}, cpu = 0x55dff34fbe70}
+        cpu = 0x55dff34fbe70
+        __PRETTY_FUNCTION__ = "mttcg_cpu_thread_fn"
+        __func__ = "mttcg_cpu_thread_fn"
+#14 0x000055dfcab7e898 in qemu_thread_start (args=0x55dff355dd80) at ../util/qemu-thread-posix.c:541
+        __cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {94420348558720, 3438567870158976394, -1656, 0, 140727865026624, 139734089805824, 
+                8803266606146106762, 3438582454403577226}, __mask_was_saved = 0}}, __pad = {0x7f1652dff430, 0x0, 0x0, 0x0}}
+        __cancel_routine = 0x55dfcab7e8f0 <qemu_thread_atexit_notify>
+        __cancel_arg = <optimized out>
+        __not_first_call = <optimized out>
+        qemu_thread_args = <optimized out>
+        start_routine = 0x55dfca9a3600 <mttcg_cpu_thread_fn>
+        arg = 0x55dff34fbe70
+        r = <optimized out>
+#15 0x00007f165e090272 in start_thread () from /nix/store/dbcw19dshdwnxdv5q2g6wldj6syyvq7l-glibc-2.39-52/lib/libc.so.6
+No symbol table info available.
+#16 0x00007f165e10bdec in clone3 () from /nix/store/dbcw19dshdwnxdv5q2g6wldj6syyvq7l-glibc-2.39-52/lib/libc.so.6
+No symbol table info available.
+```