Hi,
I'm getting a segfault for qemu-system-arm (git).
Git bisect points to 33e95c6328a3149a52615176617997c4f8f7088b.
Host is x86-32, I'm not getting it in a 64bit environment.
However, valgrind is showing a similar output for arm_gic_class_init and
arm_gic_init.
$ arm-softmmu/qemu-system-arm -M realview-eb
*** glibc detected *** arm-softmmu/qemu-system-arm: malloc(): memory
corruption: 0xf7f15b38 ***
======= Backtrace: =========
/lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x6e3b1)[0xf6da43b1]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x71194)[0xf6da7194]
/lib/i386-linux-gnu/i686/cmov/libc.so.6(__libc_malloc+0x5c)[0xf6da8d9c]
arm-softmmu/qemu-system-arm(+0x15aae7)[0xf758dae7]
...
$ gdb --args arm-softmmu/qemu-system-arm -M realview-eb
(gdb) r
Starting program: /tmp/qemu/qemu/arm-softmmu/qemu-system-arm -M realview-eb
[Thread debugging using libthread_db enabled]
Using host libthread_db library
"/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1".
[New Thread 0xf3ccab70 (LWP 11267)]
Program received signal SIGSEGV, Segmentation fault.
_int_malloc (av=<optimized out>, bytes=<optimized out>) at malloc.c:4674
4674 malloc.c: No such file or directory.
(gdb) bt
#0 _int_malloc (av=<optimized out>, bytes=<optimized out>) at malloc.c:4674
#1 0xf7973d9c in *__GI___libc_malloc (bytes=32) at malloc.c:3660
#2 0x566afae7 in malloc_and_trace (n_bytes=32) at /tmp/qemu/qemu/vl.c:2322
#3 0xf7edd45c in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#4 0xf7edd78b in g_malloc0 () from /lib/i386-linux-gnu/libglib-2.0.so.0
#5 0x566f29c6 in object_property_add (obj=obj@entry=0x57042a18,
name=name@entry=0x56881b00 "type",
type=type@entry=0x568a1c87 "string", get=get@entry=0x566f1620
<property_get_str>, set=set@entry=0,
release=release@entry=0x566f15e0 <property_release_str>, opaque=0x570413a0,
errp=0x0) at qom/object.c:623
#6 0x566f438d in object_property_add_str (obj=obj@entry=0x57042a18,
name=name@entry=0x56881b00 "type",
get=get@entry=0x566f14c0 <qdev_get_type>, set=set@entry=0,
errp=errp@entry=0x0) at qom/object.c:1179
#7 0x566f440b in object_instance_init (obj=0x57042a18) at qom/object.c:1193
#8 0x566f18af in object_init_with_type (obj=obj@entry=0x57042a18,
ti=0x56fd0e10) at qom/object.c:294
#9 0x566f18a3 in object_init_with_type (obj=obj@entry=0x57042a18,
ti=0x56fc8b88) at qom/object.c:290
#10 0x566f18a3 in object_init_with_type (obj=obj@entry=0x57042a18,
ti=0x56fcea50) at qom/object.c:290
#11 0x566f18a3 in object_init_with_type (obj=obj@entry=0x57042a18,
ti=0x56fd1470) at qom/object.c:290
#12 0x566f18a3 in object_init_with_type (obj=obj@entry=0x57042a18,
ti=ti@entry=0x56fd1388) at qom/object.c:290
#13 0x566f1fae in object_initialize_with_type (data=data@entry=0x57042a18,
type=type@entry=0x56fd1388) at qom/object.c:311
#14 0x566f21fe in object_new_with_type (type=0x56fd1388) at qom/object.c:397
#15 0x566f2291 in object_new (typename=0x56fd1388 "H\024\375V4",
typename@entry=0x5688b60a "arm_gic") at qom/object.c:407
#16 0x565f93a2 in qdev_try_create (bus=bus@entry=0x0,
type=type@entry=0x5688b60a "arm_gic") at hw/qdev.c:134
#17 0x565f944a in qdev_create (bus=bus@entry=0x0, name=name@entry=0x5688b60a
"arm_gic") at hw/qdev.c:114
#18 0x567adf7e in realview_gic_init (dev=0x57041748) at
/tmp/qemu/qemu/hw/arm/../realview_gic.c:34
#19 0x56697148 in sysbus_device_init (dev=0x57041748) at
/tmp/qemu/qemu/hw/sysbus.c:121
#20 0x565fa6c8 in qdev_init (dev=dev@entry=0x57041748) at hw/qdev.c:160
#21 0x565fa84c in qdev_init_nofail (dev=dev@entry=0x57041748) at hw/qdev.c:261
#22 0x56697884 in sysbus_create_varargs (name=name@entry=0x5688b742
"realview_gic", addr=268697600)
at /tmp/qemu/qemu/hw/sysbus.c:135
#23 0x567ada5c in sysbus_create_simple (irq=<optimized out>, addr=<optimized
out>, name=0x5688b742 "realview_gic")
at /tmp/qemu/qemu/hw/arm/../sysbus.h:79
#24 realview_init (ram_size=<optimized out>, kernel_filename=0x0,
kernel_cmdline=0x5685a80d "", initrd_filename=0x0,
cpu_model=0x5689010b "arm926", board_type=BOARD_EB,
boot_device=<error reading variable: Unhandled dwarf expression opcode
0xfa>) at /tmp/qemu/qemu/hw/arm/../realview.c:168
#25 0x5658e7c8 in main (argc=3, argv=0xffffd6a4, envp=0xffffd6b4) at
/tmp/qemu/qemu/vl.c:3616
(gdb)
$ valgrind arm-softmmu/qemu-system-arm -M realview-eb
[master]
==11274== Memcheck, a memory error detector
==11274== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==11274== Using Valgrind-3.8.0 and LibVEX; rerun with -h for copyright info
==11274== Command: arm-softmmu/qemu-system-arm -M realview-eb
==11274==
==11274== Invalid write of size 4
==11274== at 0x3035AB: arm_gic_class_init (arm_gic.c:696)
==11274== by 0x2A4E48: type_initialize (object.c:281)
==11274== by 0x2A5633: object_class_by_name (object.c:510)
==11274== by 0x1AC395: qdev_try_create (qdev.c:131)
==11274== by 0x1AC449: qdev_create (qdev.c:114)
==11274== by 0x360F7D: realview_gic_init (realview_gic.c:34)
==11274== by 0x24A147: sysbus_device_init (sysbus.c:121)
==11274== by 0x1AD6C7: qdev_init (qdev.c:160)
==11274== by 0x1AD84B: qdev_init_nofail (qdev.c:261)
==11274== by 0x24A883: sysbus_create_varargs (sysbus.c:135)
==11274== by 0x360A5B: realview_init.isra.0 (sysbus.h:79)
==11274== by 0x1417C7: main (vl.c:3616)
==11274== Address 0x5b54374 is 0 bytes after a block of size 52 alloc'd
==11274== at 0x4828868: malloc (vg_replace_malloc.c:270)
==11274== by 0x262AE6: malloc_and_trace (vl.c:2322)
==11274== by 0x48D345B: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.3)
==11274== by 0x48D378A: g_malloc0 (in
/lib/i386-linux-gnu/libglib-2.0.so.0.3200.3)
==11274== by 0x2A4D29: type_initialize (object.c:237)
==11274== by 0x2A5633: object_class_by_name (object.c:510)
==11274== by 0x1AC395: qdev_try_create (qdev.c:131)
==11274== by 0x1AC449: qdev_create (qdev.c:114)
==11274== by 0x360F7D: realview_gic_init (realview_gic.c:34)
==11274== by 0x24A147: sysbus_device_init (sysbus.c:121)
==11274== by 0x1AD6C7: qdev_init (qdev.c:160)
==11274== by 0x1AD84B: qdev_init_nofail (qdev.c:261)
==11274==
==11274== Invalid read of size 4
==11274== at 0x304C85: arm_gic_init (arm_gic.c:663)
==11274== by 0x24A147: sysbus_device_init (sysbus.c:121)
==11274== by 0x1AD6C7: qdev_init (qdev.c:160)
==11274== by 0x1AD84B: qdev_init_nofail (qdev.c:261)
==11274== by 0x360FCB: realview_gic_init (realview_gic.c:37)
==11274== by 0x24A147: sysbus_device_init (sysbus.c:121)
==11274== by 0x1AD6C7: qdev_init (qdev.c:160)
==11274== by 0x1AD84B: qdev_init_nofail (qdev.c:261)
==11274== by 0x24A883: sysbus_create_varargs (sysbus.c:135)
==11274== by 0x360A5B: realview_init.isra.0 (sysbus.h:79)
==11274== by 0x1417C7: main (vl.c:3616)
==11274== Address 0x5b54374 is 0 bytes after a block of size 52 alloc'd
==11274== at 0x4828868: malloc (vg_replace_malloc.c:270)
==11274== by 0x262AE6: malloc_and_trace (vl.c:2322)
==11274== by 0x48D345B: ??? (in /lib/i386-linux-gnu/libglib-2.0.so.0.3200.3)
==11274== by 0x48D378A: g_malloc0 (in
/lib/i386-linux-gnu/libglib-2.0.so.0.3200.3)
==11274== by 0x2A4D29: type_initialize (object.c:237)
==11274== by 0x2A5633: object_class_by_name (object.c:510)
==11274== by 0x1AC395: qdev_try_create (qdev.c:131)
==11274== by 0x1AC449: qdev_create (qdev.c:114)
==11274== by 0x360F7D: realview_gic_init (realview_gic.c:34)
==11274== by 0x24A147: sysbus_device_init (sysbus.c:121)
==11274== by 0x1AD6C7: qdev_init (qdev.c:160)
==11274== by 0x1AD84B: qdev_init_nofail (qdev.c:261)
==11274==
oss: Could not initialize DAC
oss: Failed to open `/dev/dsp'
oss: Reason: Device or resource busy
oss: Could not initialize DAC
oss: Failed to open `/dev/dsp'
oss: Reason: Device or resource busy
audio: Failed to create voice `lm4549.out'
Kernel image must be specified
==11274==
==11274== HEAP SUMMARY:
==11274== in use at exit: 154,051,577 bytes in 9,549 blocks
==11274== total heap usage: 10,430 allocs, 881 frees, 154,943,524 bytes
allocated
==11274==
==11274== LEAK SUMMARY:
==11274== definitely lost: 148 bytes in 7 blocks
==11274== indirectly lost: 0 bytes in 0 blocks
==11274== possibly lost: 3,024 bytes in 11 blocks
==11274== still reachable: 154,048,405 bytes in 9,531 blocks
==11274== suppressed: 0 bytes in 0 blocks
==11274== Rerun with --leak-check=full to see details of leaked memory
==11274==
==11274== For counts of detected and suppressed errors, rerun with: -v
==11274== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 157 from 8)
Adam
--
Adam a...@os.inf.tu-dresden.de
Lackorzynski http://os.inf.tu-dresden.de/~adam/
