[Qemu-devel] [Bug 932487] Re: win32: git rev 59f971d crashes when accessing disk (coroutine issue)

[Eric Lassauge]

More or less same crash for me:
Using built-in specs.
COLLECT_GCC=d:\MinGW\bin\gcc.exe
COLLECT_LTO_WRAPPER=d:/mingw/bin/../libexec/gcc/mingw32/4.6.2/lto-wrapper.exe
Target: mingw32
Configured with: ../gcc-4.6.2/configure 
--enable-languages=c,c++,ada,fortran,objc,obj-c++ --disable-sjlj-exceptions 
--with-dwarf2 --enable-shared --enable-libgomp --disable-win32-registry 
--enable-libstdcxx-debug --enable-version-specific-runtime-libs --build=mingw32 
--prefix=/mingw
Thread model: win32
gcc version 4.6.2 (GCC) 

Host WinXP SP3 - Qemu-1.0.1

Maybe it can help:

Some stack frame (breakpoint set with command "where; continue" on
function qemu_coroutine_switch():

Breakpoint 1, qemu_coroutine_switch (from_=0x1989f34, to_=0x209df00, 
action=COROUTINE_YIELD) at coroutine-win32.c:41
41      {
#0  qemu_coroutine_switch (from_=0x1989f34, to_=0x209df00, 
action=COROUTINE_YIELD) at coroutine-win32.c:41
#1  0x004c3fe6 in _fu6882____stack_chk_guard () at qemu-coroutine.c:31
#2  0x00410e1e in _fu528____stack_chk_guard () at block.c:2518
#3  0x00403152 in _fu35____stack_chk_guard () at async.c:71
#4  0x004a7a8e in _fu5545____stack_chk_guard () at main-loop.c:472
#5  0x004a27db in main_loop () at 
d:\Documents\lassauge\Software\dev\Qemu\qemu-1.0.1\vl.c:1481
#6  _fu5383____stack_chk_guard () at 
d:\Documents\lassauge\Software\dev\Qemu\qemu-1.0.1\vl.c:3485
#7  0x004a3b2a in _fu5385____stack_chk_guard () at 
d:\Documents\lassauge\Software\dev\Qemu\qemu-1.0.1\vl.c:102
#8  0x005ddcf9 in console_main (argc=20, argv=0x1985d00) at 
./src/main/win32/SDL_win32_main.c:315
#9  0x005dddbb in address@hidden (hInst=0x400000, hPrev=0x0, szCmdLine=0x241f18 
"-L Bios -k fr -vga std -soundhw es1370 -boot 
menu=on,splash=bootsplash.bmp,splash-time=5000 -rtc base=localtime,clock=host 
-name linux-0.2 -drive file=linux-0.2.img,media=disk,cache=writeback 
-no-acpi"..., sw=10) at ./src/main/win32/SDL_win32_main.c:398
#10 0x005dd45a in main (argc=) at ../mingw/main.c:73
[Switching to Thread 5316.0xda0]

Breakpoint 1, qemu_coroutine_switch (from_=0x1989f34, to_=0x1bcf900, 
action=COROUTINE_YIELD) at coroutine-win32.c:41
41      {
#0  qemu_coroutine_switch (from_=0x1989f34, to_=0x1bcf900, 
action=COROUTINE_YIELD) at coroutine-win32.c:41
#1  0x004c3fe6 in _fu6882____stack_chk_guard () at qemu-coroutine.c:31
#2  0x0041543d in _fu757____stack_chk_guard () at block.c:2657
#3  0x00472b95 in _fu3751____stack_chk_guard ()
#4  0x00554e1b in _fu11201____stack_chk_guard () at 
d:\Documents\lassauge\Software\dev\Qemu\qemu-1.0.1\memory.c:446
#5  0x0054e5a8 in _fu10980____stack_chk_guard () at 
d:\Documents\lassauge\Software\dev\Qemu\qemu-1.0.1\ioport.c:211
#6  0x0054eb9d in ioport_write (data=<optimized out>, address=503, index=0) at 
d:\Documents\lassauge\Software\dev\Qemu\qemu-1.0.1\ioport.c:82
#7  _fu10998____stack_chk_guard () at 
d:\Documents\lassauge\Software\dev\Qemu\qemu-1.0.1\ioport.c:274
#8  0x026680cf in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Program received signal SIGILL, Illegal instruction.
0x68ac12ca in ?? () from d:\documents\lassauge\qemu-windows\libssp-0.dll
(gdb) at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0xbaadf011
Cannot access memory at address 0x0

Continuing.

Program received signal SIGILL, Illegal instruction.
0x68ac12ca in ?? () from d:\documents\lassauge\qemu-windows\libssp-0.dll
(gdb) where
#0  0x68ac12ca in ?? () from d:\documents\lassauge\qemu-windows\libssp-0.dll
#1  0x68ac1322 in libssp-0!__stack_chk_fail () from 
d:\documents\lassauge\qemu-windows\libssp-0.dll
#2  0x0044a399 in _fu2073____stack_chk_guard () at coroutine-win32.c:50
#3  0x0049dc77 in _fu5254____stack_chk_guard () at 
d:\Documents\lassauge\Software\dev\Qemu\qemu-1.0.1\vl.c:1218
#4  0x7ffdd000 in ?? ()
#5  0xffffffff in ?? ()
#6  0x00400000 in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb) up
#1  0x68ac1322 in libssp-0!__stack_chk_fail () from 
d:\documents\lassauge\qemu-windows\libssp-0.dll
(gdb) up
#2  0x0044a399 in _fu2073____stack_chk_guard () at coroutine-win32.c:50
50      }
(gdb) l
45          current = to_;
46      
47          to->action = action;
48          SwitchToFiber(to->fiber);
49          return from->action;
50      }
51      
52      static void CALLBACK coroutine_trampoline(void *co_)
53      {
54          Coroutine *co = co_;
(gdb) p action
$2 = 0

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/932487

Title:
  win32: git rev 59f971d crashes when accessing disk (coroutine issue)

Status in QEMU:
  Confirmed

Bug description:
  Host: XP SP3 / Vista SP2

  configure commandline: ./configure --target-list="i386-softmmu"
  --audio-drv-list=sdl --audio-card-list=ac97,sb16,adlib --disable-
  linux-aio --disable-vnc-thread --disable-vnc-jpeg --extra-cflags="-O0
  -pipe"

  gcc -v:
  Using built-in specs.
  Target: mingw32
  Configured with: ../gcc-4.3.3/configure --prefix=/mingw --build=mingw32 
--enable-languages=c,ada,c++,fortran,objc,obj-c++ 
--with-bugurl=http://www.tdragon.net/recentgcc/bugs.php --disable-nls 
--disable-win32-registry --enable-libgomp --disable-werror --enable-threads 
--disable-symvers --enable-cxx-flags='-fno-function-sections 
-fno-data-sections' --enable-fully-dynamic-string 
--enable-version-specific-runtime-libs --enable-sjlj-exceptions 
--with-pkgversion='4.3.3-tdm-1 mingw32'
  Thread model: win32
  gcc version 4.3.3 (4.3.3-tdm-1 mingw32)

  gdb output:
  C:\msys\home\User\qemu\i386-softmmu>gdb --args qemu-system-i386.exe -L 
..\pc-bios -hda xp.vmdk
  GNU gdb (GDB) 7.3
  Copyright (C) 2011 Free Software Foundation, Inc.
  License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
  This is free software: you are free to change and redistribute it.
  There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
  and "show warranty" for details.
  This GDB was configured as "mingw32".
  For bug reporting instructions, please see:
  <http://www.gnu.org/software/gdb/bugs/>...
  Reading symbols from 
C:\msys\home\User\qemu\i386-softmmu/qemu-system-i386.exe...
  done.
  (gdb) r
  Starting program: C:\msys\home\User\qemu\i386-softmmu/qemu-system-i386.exe -L 
..\\pc-bios -hda xp.vmdk
  [New Thread 2472.0x8e0]
  [New Thread 2472.0xdc4]
  [New Thread 2472.0x8f0]

  Program received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 2472.0x8f0]
  0x7c81071e in SwitchToFiber () from C:\WINDOWS\system32\kernel32.dll
  (gdb) bt
  #0  0x7c81071e in SwitchToFiber () from C:\WINDOWS\system32\kernel32.dll
  #1  0x0044774c in qemu_coroutine_switch (from_=0x19593fc, to_=0xdcee9a8,
      action=COROUTINE_YIELD) at coroutine-win32.c:48
  #2  0x004db18d in coroutine_swap (from=0x1e00, to=0xdcee9a8)
      at qemu-coroutine.c:31
  #3  0x00411618 in bdrv_rw_co (bs=<optimized out>, sector_num=<optimized out>,
      buf=0x2140000 "@", nb_sectors=1, is_write=false) at block.c:1335
  #4  0x00486e39 in ide_sector_read (s=0x1bbdaa0)
      at C:/msys/home/User/qemu/hw/ide/core.c:480
  #5  0x0054e71f in memory_region_iorange_write (iorange=0x1bbcf60, offset=7,
      width=1, data=32) at C:/msys/home/User/qemu/memory.c:431
  #6  0x005494e0 in ioport_writeb_thunk (opaque=0x1bbcf60, addr=7680, data=32)
      at C:/msys/home/User/qemu/ioport.c:211
  #7  0x005496cf in ioport_write (data=<optimized out>,
      address=<optimized out>, index=<optimized out>)
      at C:/msys/home/User/qemu/ioport.c:82
  #8  cpu_outb (addr=2147340288, val=0 '\000')
      at C:/msys/home/User/qemu/ioport.c:274
  #9  0x022c0397 in ?? ()
  Backtrace stopped: previous frame inner to this frame (corrupt stack?)

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/932487/+subscriptions