[Qemu-devel] qemu-system-arm segfault

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] qemu-system-arm segfault

From:	Adam Lackorzynski
Subject:	[Qemu-devel] qemu-system-arm segfault
Date:	Tue, 28 Aug 2012 22:26:08 +0200
User-agent:	Mutt/1.5.21 (2010-09-15)

Hi,

I'm getting a segfault for qemu-system-arm (git).
Git bisect points to 33e95c6328a3149a52615176617997c4f8f7088b.
Host is x86-32, I'm not getting it in a 64bit environment.
However, valgrind is showing a similar output for arm_gic_class_init and
arm_gic_init.

$ arm-softmmu/qemu-system-arm -M realview-eb
*** glibc detected *** arm-softmmu/qemu-system-arm: malloc(): memory 
corruption: 0xf7f15b38 ***
======= Backtrace: =========
/lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x6e3b1)[0xf6da43b1]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x71194)[0xf6da7194]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(__libc_malloc+0x5c)[0xf6da8d9c]
arm-softmmu/qemu-system-arm(+0x15aae7)[0xf758dae7]
...

$ gdb --args arm-softmmu/qemu-system-arm -M realview-eb
(gdb) r
Starting program: /tmp/qemu/qemu/arm-softmmu/qemu-system-arm -M realview-eb
[Thread debugging using libthread_db enabled]
Using host libthread_db library 
"/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1".
[New Thread 0xf3ccab70 (LWP 11267)]

Program received signal SIGSEGV, Segmentation fault.
_int_malloc (av=<optimized out>, bytes=<optimized out>) at malloc.c:4674
4674    malloc.c: No such file or directory.
(gdb) bt
#0  _int_malloc (av=<optimized out>, bytes=<optimized out>) at malloc.c:4674
#1  0xf7973d9c in *__GI___libc_malloc (bytes=32) at malloc.c:3660
#2  0x566afae7 in malloc_and_trace (n_bytes=32) at /tmp/qemu/qemu/vl.c:2322
#3  0xf7edd45c in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#4  0xf7edd78b in g_malloc0 () from /lib/i386-linux-gnu/libglib-2.0.so.0
#5  0x566f29c6 in object_property_add (address@hidden, address@hidden "type", 
    address@hidden "string", address@hidden <property_get_str>, address@hidden, 
    address@hidden <property_release_str>, opaque=0x570413a0, errp=0x0) at 
qom/object.c:623
#6  0x566f438d in object_property_add_str (address@hidden, address@hidden 
"type", 
    address@hidden <qdev_get_type>, address@hidden, address@hidden) at 
qom/object.c:1179
#7  0x566f440b in object_instance_init (obj=0x57042a18) at qom/object.c:1193
#8  0x566f18af in object_init_with_type (address@hidden, ti=0x56fd0e10) at 
qom/object.c:294
#9  0x566f18a3 in object_init_with_type (address@hidden, ti=0x56fc8b88) at 
qom/object.c:290
#10 0x566f18a3 in object_init_with_type (address@hidden, ti=0x56fcea50) at 
qom/object.c:290
#11 0x566f18a3 in object_init_with_type (address@hidden, ti=0x56fd1470) at 
qom/object.c:290
#12 0x566f18a3 in object_init_with_type (address@hidden, address@hidden) at 
qom/object.c:290
#13 0x566f1fae in object_initialize_with_type (address@hidden, address@hidden) 
at qom/object.c:311
#14 0x566f21fe in object_new_with_type (type=0x56fd1388) at qom/object.c:397
#15 0x566f2291 in object_new (typename=0x56fd1388 "H\024\375V4", address@hidden 
"arm_gic") at qom/object.c:407
#16 0x565f93a2 in qdev_try_create (address@hidden, address@hidden "arm_gic") at 
hw/qdev.c:134
#17 0x565f944a in qdev_create (address@hidden, address@hidden "arm_gic") at 
hw/qdev.c:114
#18 0x567adf7e in realview_gic_init (dev=0x57041748) at 
/tmp/qemu/qemu/hw/arm/../realview_gic.c:34
#19 0x56697148 in sysbus_device_init (dev=0x57041748) at 
/tmp/qemu/qemu/hw/sysbus.c:121
#20 0x565fa6c8 in qdev_init (address@hidden) at hw/qdev.c:160
#21 0x565fa84c in qdev_init_nofail (address@hidden) at hw/qdev.c:261
#22 0x56697884 in sysbus_create_varargs (address@hidden "realview_gic", 
addr=268697600)
    at /tmp/qemu/qemu/hw/sysbus.c:135
#23 0x567ada5c in sysbus_create_simple (irq=<optimized out>, addr=<optimized 
out>, name=0x5688b742 "realview_gic")
    at /tmp/qemu/qemu/hw/arm/../sysbus.h:79
#24 realview_init (ram_size=<optimized out>, kernel_filename=0x0, 
kernel_cmdline=0x5685a80d "", initrd_filename=0x0, 
    cpu_model=0x5689010b "arm926", board_type=BOARD_EB, 
    boot_device=<error reading variable: Unhandled dwarf expression opcode 
0xfa>) at /tmp/qemu/qemu/hw/arm/../realview.c:168
#25 0x5658e7c8 in main (argc=3, argv=0xffffd6a4, envp=0xffffd6b4) at 
/tmp/qemu/qemu/vl.c:3616
(gdb) 

$ valgrind arm-softmmu/qemu-system-arm -M realview-eb                           
         [master]
==11274== Memcheck, a memory error detector
==11274== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==11274== Using Valgrind-3.8.0 and LibVEX; rerun with -h for copyright info
==11274== Command: arm-softmmu/qemu-system-arm -M realview-eb
==11274== 
==11274== Invalid write of size 4
==11274==    at 0x3035AB: arm_gic_class_init (arm_gic.c:696)
==11274==    by 0x2A4E48: type_initialize (object.c:281)
==11274==    by 0x2A5633: object_class_by_name (object.c:510)
==11274==    by 0x1AC395: qdev_try_create (qdev.c:131)
==11274==    by 0x1AC449: qdev_create (qdev.c:114)
==11274==    by 0x360F7D: realview_gic_init (realview_gic.c:34)
==11274==    by 0x24A147: sysbus_device_init (sysbus.c:121)
==11274==    by 0x1AD6C7: qdev_init (qdev.c:160)
==11274==    by 0x1AD84B: qdev_init_nofail (qdev.c:261)
==11274==    by 0x24A883: sysbus_create_varargs (sysbus.c:135)
==11274==    by 0x360A5B: realview_init.isra.0 (sysbus.h:79)
==11274==    by 0x1417C7: main (vl.c:3616)
==11274==  Address 0x5b54374 is 0 bytes after a block of size 52 alloc'd
==11274==    at 0x4828868: malloc (vg_replace_malloc.c:270)
==11274==    by 0x262AE6: malloc_and_trace (vl.c:2322)
==11274==    by 0x48D345B: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.3)
==11274==    by 0x48D378A: g_malloc0 (in 
/lib/i386-linux-gnu/libglib-2.0.so.0.3200.3)
==11274==    by 0x2A4D29: type_initialize (object.c:237)
==11274==    by 0x2A5633: object_class_by_name (object.c:510)
==11274==    by 0x1AC395: qdev_try_create (qdev.c:131)
==11274==    by 0x1AC449: qdev_create (qdev.c:114)
==11274==    by 0x360F7D: realview_gic_init (realview_gic.c:34)
==11274==    by 0x24A147: sysbus_device_init (sysbus.c:121)
==11274==    by 0x1AD6C7: qdev_init (qdev.c:160)
==11274==    by 0x1AD84B: qdev_init_nofail (qdev.c:261)
==11274== 
==11274== Invalid read of size 4
==11274==    at 0x304C85: arm_gic_init (arm_gic.c:663)
==11274==    by 0x24A147: sysbus_device_init (sysbus.c:121)
==11274==    by 0x1AD6C7: qdev_init (qdev.c:160)
==11274==    by 0x1AD84B: qdev_init_nofail (qdev.c:261)
==11274==    by 0x360FCB: realview_gic_init (realview_gic.c:37)
==11274==    by 0x24A147: sysbus_device_init (sysbus.c:121)
==11274==    by 0x1AD6C7: qdev_init (qdev.c:160)
==11274==    by 0x1AD84B: qdev_init_nofail (qdev.c:261)
==11274==    by 0x24A883: sysbus_create_varargs (sysbus.c:135)
==11274==    by 0x360A5B: realview_init.isra.0 (sysbus.h:79)
==11274==    by 0x1417C7: main (vl.c:3616)
==11274==  Address 0x5b54374 is 0 bytes after a block of size 52 alloc'd
==11274==    at 0x4828868: malloc (vg_replace_malloc.c:270)
==11274==    by 0x262AE6: malloc_and_trace (vl.c:2322)
==11274==    by 0x48D345B: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.3)
==11274==    by 0x48D378A: g_malloc0 (in 
/lib/i386-linux-gnu/libglib-2.0.so.0.3200.3)
==11274==    by 0x2A4D29: type_initialize (object.c:237)
==11274==    by 0x2A5633: object_class_by_name (object.c:510)
==11274==    by 0x1AC395: qdev_try_create (qdev.c:131)
==11274==    by 0x1AC449: qdev_create (qdev.c:114)
==11274==    by 0x360F7D: realview_gic_init (realview_gic.c:34)
==11274==    by 0x24A147: sysbus_device_init (sysbus.c:121)
==11274==    by 0x1AD6C7: qdev_init (qdev.c:160)
==11274==    by 0x1AD84B: qdev_init_nofail (qdev.c:261)
==11274== 
oss: Could not initialize DAC
oss: Failed to open `/dev/dsp'
oss: Reason: Device or resource busy
oss: Could not initialize DAC
oss: Failed to open `/dev/dsp'
oss: Reason: Device or resource busy
audio: Failed to create voice `lm4549.out'
Kernel image must be specified
==11274== 
==11274== HEAP SUMMARY:
==11274==     in use at exit: 154,051,577 bytes in 9,549 blocks
==11274==   total heap usage: 10,430 allocs, 881 frees, 154,943,524 bytes 
allocated
==11274== 
==11274== LEAK SUMMARY:
==11274==    definitely lost: 148 bytes in 7 blocks
==11274==    indirectly lost: 0 bytes in 0 blocks
==11274==      possibly lost: 3,024 bytes in 11 blocks
==11274==    still reachable: 154,048,405 bytes in 9,531 blocks
==11274==         suppressed: 0 bytes in 0 blocks
==11274== Rerun with --leak-check=full to see details of leaked memory
==11274== 
==11274== For counts of detected and suppressed errors, rerun with: -v
==11274== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 157 from 8)



Adam
-- 
Adam                 address@hidden
  Lackorzynski         http://os.inf.tu-dresden.de/~adam/

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] qemu-system-arm segfault, Adam Lackorzynski <=
- Re: [Qemu-devel] [BUG 1.2] qemu-system-arm segfault, Stefan Weil, 2012/08/29
  - Re: [Qemu-devel] [BUG 1.2] qemu-system-arm segfault, Peter Maydell, 2012/08/29

Prev by Date: [Qemu-devel] macvlan/macvtap: guest/host cannot communicate when network cable is unplugged
Next by Date: Re: [Qemu-devel] [PATCHv4 3/4] cpuid: disable pv eoi for 1.1 and older compat types
Previous by thread: [Qemu-devel] macvlan/macvtap: guest/host cannot communicate when network cable is unplugged
Next by thread: Re: [Qemu-devel] [BUG 1.2] qemu-system-arm segfault
Index(es):
- Date
- Thread