Re: [Qemu-devel] [Question] QEMU 2.3 Assertion with `existing->mr->subpage || existing->mr == &io_mem_unassigned' failed

[Gonglei]

On 2015/9/16 0:49, Paolo Bonzini wrote:
> 
> 
> Sorry, I haven't looked at it yet.  I'll have to study the code.  In the
> meanwhile, perhaps you can print "section" and "existing" please from gdb?
> 
> Paolo
> 

Hi, Paolo

 We reproduced the issue today, and get below information by gdb (we hardcode a 
dead loop):

[Switching to thread 7 (Thread 0x7f085a260700 (LWP 13677))]
#0 register_subpage (d=0x7f085432af50, section=0x7f085a25f220) at 
/home/uvp_v2r2_opensrc_qemu/exec.c:1191
1191 while(1);
(gdb) bt
#0 register_subpage (d=0x7f085432af50, section=0x7f085a25f220) at 
/home/uvp_v2r2_opensrc_qemu/exec.c:1191
#1 0x00007f08647cb133 in mem_add (listener=0x7f0865066968 
<address_space_io+72>, section=0x7f085a25f3e0) at 
/home/uvp_v2r2_opensrc_qemu/exec.c:1234
#2 0x00007f086481af8b in address_space_update_topology_pass (as=0x7f0865066920 
<address_space_io>, old_view=0x7f0854122430, new_view=0x7f085432cff0, 
adding=true)
at /home/uvp_v2r2_opensrc_qemu/memory.c:725
#3 0x00007f086481b570 in address_space_update_topology (as=0x7f0865066920 
<address_space_io>) at /home/uvp_v2r2_opensrc_qemu/memory.c:754
#4 0x00007f086481b6b0 in memory_region_transaction_commit () at 
/home/uvp_v2r2_opensrc_qemu/memory.c:794
#5 0x00007f086481dff3 in memory_region_update_container_subregions 
(subregion=0x7f08676171b0) at /home/uvp_v2r2_opensrc_qemu/memory.c:1657
#6 0x00007f086481e062 in memory_region_add_subregion_common (mr=0x7f0866485720, 
offset=49216, subregion=0x7f08676171b0) at 
/home/uvp_v2r2_opensrc_qemu/memory.c:1667
#7 0x00007f086481e0f0 in memory_region_add_subregion_overlap 
(mr=0x7f0866485720, offset=49216, subregion=0x7f08676171b0, priority=1) at 
/home/uvp_v2r2_opensrc_qemu/memory.c:1686
#8 0x00007f0864a206c3 in pci_update_mappings (d=0x7f0867616930) at 
hw/pci/pci.c:1128
#9 0x00007f0864a209b0 in pci_default_write_config (d=0x7f0867616930, addr=4, 
val_in=259, l=2) at hw/pci/pci.c:1180
#10 0x00007f0864a962d6 in virtio_write_config (pci_dev=0x7f0867616930, 
address=4, val=259, len=2) at hw/virtio/virtio-pci.c:430
#11 0x00007f0864a29746 in pci_host_config_write_common (pci_dev=0x7f0867616930, 
addr=4, limit=256, val=259, len=2) at hw/pci/pci_host.c:57
#12 0x00007f0864a2984a in pci_data_write (s=0x7f08664a6ff0, addr=2147491844, 
val=259, len=2) at hw/pci/pci_host.c:84
#13 0x00007f0864a2996c in pci_host_data_write (opaque=0x7f08664a56e0, addr=0, 
val=259, len=2) at hw/pci/pci_host.c:137
#14 0x00007f08648198d2 in memory_region_write_accessor (mr=0x7f08664a5ae0, 
addr=0, value=0x7f085a25f968, size=2, shift=0, mask=65535) at 
/home/uvp_v2r2_opensrc_qemu/memory.c:430
#15 0x00007f08648199db in access_with_adjusted_size (addr=0, 
value=0x7f085a25f968, size=2, access_size_min=1, access_size_max=4, 
access=0x7f086481984d <memory_region_write_accessor>,
mr=0x7f08664a5ae0) at /home/uvp_v2r2_opensrc_qemu/memory.c:467
#16 0x00007f086481c361 in memory_region_dispatch_write (mr=0x7f08664a5ae0, 
addr=0, data=259, size=2) at /home/uvp_v2r2_opensrc_qemu/memory.c:1103
#17 0x00007f086481f27e in io_mem_write (mr=0x7f08664a5ae0, addr=0, val=259, 
size=2) at /home/uvp_v2r2_opensrc_qemu/memory.c:2003
#18 0x00007f08647ce034 in address_space_rw (as=0x7f0865066920 
<address_space_io>, addr=3324, buf=0x7f0864719000 "\003\001", len=2, 
is_write=true) at /home/uvp_v2r2_opensrc_qemu/exec.c:2533
#19 0x00007f0864816b1f in kvm_handle_io (port=3324, data=0x7f0864719000, 
direction=1, size=2, count=1) at /home/uvp_v2r2_opensrc_qemu/kvm-all.c:1707
#20 0x00007f0864817005 in kvm_cpu_exec (cpu=0x7f0866508a50) at 
/home/uvp_v2r2_opensrc_qemu/kvm-all.c:1864
#21 0x00007f08647fe466 in qemu_kvm_cpu_thread_fn (arg=0x7f0866508a50) at 
/home/uvp_v2r2_opensrc_qemu/cpus.c:972
#22 0x00007f08632eedf5 in start_thread () from /lib64/libpthread.so.0
#23 0x00007f085e4061ad in clone () from /lib64/libc.so.6
(gdb) p/x *d
$1 = {rcu = {next = 0x0, func = 0x0}, phys_map = {skip = 0x1, ptr = 0x0}, map = 
{rcu = {next = 0x0, func = 0x0}, sections_nb = 0x48, sections_nb_alloc = 0x80, 
nodes_nb = 0x6,
nodes_nb_alloc = 0x24, nodes = 0x7f0854480550, sections = 0x7f08542e6a50}, as = 
0x7f0865066920}
(gdb) p/x *section
$2 = {mr = 0x7f08676562c8, address_space = 0x7f0865066920, offset_within_region 
= 0x0, size = {lo = 0x14, hi = 0x0}, offset_within_address_space = 0xae00, 
readonly = 0x0}
(gdb) p/x *existing
$3 = {mr = 0x7f086740b4b8, address_space = 0x7f0865066920, offset_within_region 
= 0xf00, size = {lo = 0xb000, hi = 0x0}, offset_within_address_space = 0x1000, 
readonly = 0x0}
(gdb) p/x *existing->mr
$4 = {parent_obj = {class = 0x7f086646fbb0, free = 0x0, properties = {tqh_first 
= 0x7f086740be80, tqh_last = 0x7f086740c1f0}, ref = 0x1, parent = 
0x7f086740b430}, ops = 0x7f0864f1bca0,
iommu_ops = 0x0, opaque = 0x7f086740b430, container = 0x7f0866485720, size = 
{lo = 0x1, hi = 0x0}, addr = 0x5658, destructor = 0x7f086481b74b, ram_addr = 
0xffffffffffffffff, align = 0x0,
subpage = 0x0, terminates = 0x1, romd_mode = 0x1, ram = 0x0, skip_dump = 0x0, 
readonly = 0x0, enabled = 0x1, rom_device = 0x0, warning_printed = 0x0, 
flush_coalesced_mmio = 0x0, alias = 0x0,
alias_offset = 0x0, priority = 0x0, may_overlap = 0x0, subregions = {tqh_first 
= 0x0, tqh_last = 0x7f086740b560}, subregions_link = {tqe_next = 
0x7f08673bb708, tqe_prev = 0x7f08673b4490},
coalesced = {tqh_first = 0x0, tqh_last = 0x7f086740b580}, name = 
0x7f086740c250, dirty_log_mask = 0x0, ioeventfd_nb = 0x0, ioeventfds = 0x0, 
iommu_notify = {notifiers = {lh_first = 0x0}}}
(gdb) p *existing->mr
$5 = {parent_obj = {class = 0x7f086646fbb0, free = 0x0, properties = {tqh_first 
= 0x7f086740be80, tqh_last = 0x7f086740c1f0}, ref = 1, parent = 
0x7f086740b430}, ops = 0x7f0864f1bca0 <vmport_ops>,
iommu_ops = 0x0, opaque = 0x7f086740b430, container = 0x7f0866485720, size = 
{lo = 1, hi = 0}, addr = 22104, destructor = 0x7f086481b74b 
<memory_region_destructor_none>,
ram_addr = 18446744073709551615, align = 0, subpage = false, terminates = true, 
romd_mode = true, ram = false, skip_dump = false, readonly = false, enabled = 
true, rom_device = false,
warning_printed = false, flush_coalesced_mmio = false, alias = 0x0, 
alias_offset = 0, priority = 0, may_overlap = false, subregions = {tqh_first = 
0x0, tqh_last = 0x7f086740b560},
subregions_link = {tqe_next = 0x7f08673bb708, tqe_prev = 0x7f08673b4490}, 
coalesced = {tqh_first = 0x0, tqh_last = 0x7f086740b580}, name = 0x7f086740c250 
"vmport", dirty_log_mask = 0 '\000',
ioeventfd_nb = 0, ioeventfds = 0x0, iommu_notify = {notifiers = {lh_first = 
0x0}}}

If you need any other information, pls let me know, I'm reserving the issued 
VM. Thanks.

Regards,
-Gonglei