On Wed, Oct 24, 2012 at 09:15:32AM +1000, Richard Henderson wrote: > qemu-system-sparc64: /home/rth/work/qemu/qemu/memory.c:1022: > memory_region_destroy: Assertion `memory_region_transaction_depth == 0' > failed. > > Program received signal SIGABRT, Aborted. > 0x00007ffff5234925 in raise () from /lib64/libc.so.6 > (gdb) where > #0 0x00007ffff5234925 in raise () from /lib64/libc.so.6 > #1 0x00007ffff52360d8 in abort () from /lib64/libc.so.6 > #2 0x00007ffff522d6a2 in __assert_fail_base () from /lib64/libc.so.6 > #3 0x00007ffff522d752 in __assert_fail () from /lib64/libc.so.6 > #4 0x000055555576ebe4 in memory_region_destroy (mr=0x555556a76f60) > at /home/rth/work/qemu/qemu/memory.c:1022 > #5 0x0000555555674729 in pci_bridge_cleanup_alias ( > parent_space=<optimized out>, alias=0x555556a76f60) > at /home/rth/work/qemu/qemu/hw/pci_bridge.c:158 > #6 pci_bridge_region_cleanup (br=0x555556a75d30) > at /home/rth/work/qemu/qemu/hw/pci_bridge.c:190 > #7 0x0000555555674ccb in pci_bridge_update_mappings (br=0x555556a75d30) > at /home/rth/work/qemu/qemu/hw/pci_bridge.c:203 > #8 pci_bridge_write_config (d=0x555556a75d30, address=<optimized out>, > val=<optimized out>, len=<optimized out>) > at /home/rth/work/qemu/qemu/hw/pci_bridge.c:226 > #9 0x000055555576b072 in access_with_adjusted_size (addr=addr@entry=2052, > value=value@entry=0x7fffedaee890, size=size@entry=2, > access_size_min=<optimized out>, access_size_max=<optimized out>, > access=access@entry=0x55555576b690 <memory_region_write_accessor>, > opaque=opaque@entry=0x555556a65a38) > at /home/rth/work/qemu/qemu/memory.c:363 > #10 0x0000555555770183 in memory_region_dispatch_write (size=2, data=768, > addr= > 2052, mr=0x555556a65a38) at /home/rth/work/qemu/qemu/memory.c:914 > #11 io_mem_write (mr=0x555556a65a38, addr=2052, val=<optimized out>, size=2) > at /home/rth/work/qemu/qemu/memory.c:1570 > #12 0x00007ffff011cd3e in code_gen_buffer () > > This can be seen with the distributed OpenBIOS, i.e. no special options > needed: > > ./sparc64-softmmu/qemu-system-sparc64 >
mips is also broken but by commit 1c380f9460522f32c8dd2577b2a53d518ec91c6d: | [ 0.436000] PCI: Enabling device 0000:00:0a.1 (0000 -> 0001) | Segmentation fault (core dumped) With gdb: | Program terminated with signal 11, Segmentation fault. | #0 phys_page_set_level (lp=0x7f4e12862db0, lp@entry=0x7f4e12851cf0, index=index@entry=0x7f4e012af480, nb=nb@entry=0x7f4e012af488, leaf=leaf@entry=45, level=level@entry=0) at /home/aurel32/qemu/exec.c:440 | 440 lp->is_leaf = true; | (gdb) bt | #0 phys_page_set_level (lp=0x7f4e12862db0, lp@entry=0x7f4e12851cf0, index=index@entry=0x7f4e012af480, nb=nb@entry=0x7f4e012af488, leaf=leaf@entry=45, level=level@entry=0) at /home/aurel32/qemu/exec.c:440 | #1 0x00007f4e10f33a10 in phys_page_set_level (lp=0x7f4e12851cf0, lp@entry=0x7f4e12851470, index=index@entry=0x7f4e012af480, nb=nb@entry=0x7f4e012af488, leaf=leaf@entry=45, level=level@entry=1) | at /home/aurel32/qemu/exec.c:445 | #2 0x00007f4e10f33a10 in phys_page_set_level (lp=0x7f4e12851470, lp@entry=0x7f4e124ffb50, index=index@entry=0x7f4e012af480, nb=nb@entry=0x7f4e012af488, leaf=45, level=level@entry=2) | at /home/aurel32/qemu/exec.c:445 | #3 0x00007f4e10f3477f in phys_page_set (leaf=<optimized out>, nb=16, index=65696, d=0x7f4e124ffb50) at /home/aurel32/qemu/exec.c:458 | #4 register_multipage (section=0x7f4e012af490, d=0x7f4e124ffb50) at /home/aurel32/qemu/exec.c:2263 | #5 mem_add (listener=0x7f4e124ffb58, section=<optimized out>) at /home/aurel32/qemu/exec.c:2289 | #6 0x00007f4e10f69a3c in address_space_update_topology_pass (as=as@entry=0x7f4e126201c8, adding=adding@entry=true, old_view=..., new_view=...) at /home/aurel32/qemu/memory.c:710 | #7 0x00007f4e10f6a458 in address_space_update_topology (as=0x7f4e126201c8) at /home/aurel32/qemu/memory.c:725 | #8 memory_region_transaction_commit () at /home/aurel32/qemu/memory.c:748 | #9 0x00007f4e10e5eeff in pci_default_write_config (d=0x7f4e1261ffb0, addr=4, val=0, l=4) at hw/pci.c:1075 | #10 0x00007f4e10f67df2 in access_with_adjusted_size (addr=addr@entry=3324, value=value@entry=0x7f4e012af8a0, size=size@entry=4, access_size_min=<optimized out>, access_size_max=<optimized out>, | access=access@entry=0x7f4e10f68410 <memory_region_write_accessor>, opaque=opaque@entry=0x7f4e124f2ba8) at /home/aurel32/qemu/memory.c:363 | #11 0x00007f4e10f6cda3 in memory_region_dispatch_write (size=4, data=41943045, addr=3324, mr=0x7f4e124f2ba8) at /home/aurel32/qemu/memory.c:914 | #12 io_mem_write (mr=0x7f4e124f2ba8, addr=3324, val=<optimized out>, size=4) at /home/aurel32/qemu/memory.c:1567 | #13 0x00000000415a4be0 in code_gen_buffer () | #14 0x00007f4e10f2e811 in cpu_mips_exec (env=0x7f4e12840ed0, env@entry=0x7f4e124d98c8) at /home/aurel32/qemu/cpu-exec.c:601 | #15 0x00007f4e10f2fbc3 in tcg_cpu_exec (env=0x7f4e124d98c8) at /home/aurel32/qemu/cpus.c:1109 | #16 tcg_exec_all () at /home/aurel32/qemu/cpus.c:1141 | #17 qemu_tcg_cpu_thread_fn (arg=<optimized out>) at /home/aurel32/qemu/cpus.c:836 | #18 0x00007f4e0c2a3b50 in start_thread (arg=<optimized out>) at pthread_create.c:304 | #19 0x00007f4e0bfee70d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 | #20 0x0000000000000000 in ?? () -- Aurelien Jarno GPG: 1024D/F1BCDB73 aurel...@aurel32.net http://www.aurel32.net
