On 09/11/2016 11:27, Stefan Hajnoczi wrote:
Heap corruption. Valgrind's memcheck tool could be fruitful here:
http://valgrind.org/docs/manual/quick-start.html#quick-start.mcrun
This is really frustrating. I have been running with the following
script instead of invoking qemu directly:
$ cat /usr/local/bin/valgrind-qemu-system-x86_64
#!/bin/sh -e
valgrind --leak-check=yes /usr/local/bin/qemu-system-x86_64 "$@"
But over more than 10 runs (some with MALLOC_xxx_ and some without) it
did not crash once :-(
Switching back to running /usr/local/bin/qemu-system-x86_64 directly,
and it crashed the first time:
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/local/bin/qemu-system-x86_64 -netdev
user,id=user.0,hostfwd=tcp::2373-:22'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 scsi_req_dequeue (req=0x55b22b57f930) at
/home/nsrc/qemu-2.7.0/hw/scsi/scsi-bus.c:790
790 QTAILQ_REMOVE(&req->dev->requests, req, next);
[Current thread is 1 (Thread 0x7faece41fa80 (LWP 13702))]
(gdb) bt
#0 scsi_req_dequeue (req=0x55b22b57f930) at
/home/nsrc/qemu-2.7.0/hw/scsi/scsi-bus.c:790
#1 0x000055b2291b5c84 in scsi_req_complete (req=0x55b22b57f930,
status=<optimised out>)
at /home/nsrc/qemu-2.7.0/hw/scsi/scsi-bus.c:1774
#2 0x000055b2291af2d0 in scsi_write_do_fua (r=0x55b22b57f930) at
/home/nsrc/qemu-2.7.0/hw/scsi/scsi-disk.c:261
#3 0x000055b2290e1779 in dma_complete (ret=0, dbs=0x55b22d121770) at
/home/nsrc/qemu-2.7.0/dma-helpers.c:115
#4 dma_blk_cb (opaque=0x55b22d121770, ret=0) at
/home/nsrc/qemu-2.7.0/dma-helpers.c:137
#5 0x000055b22928f25a in blk_aio_complete (acb=0x55b22b0dda00) at
/home/nsrc/qemu-2.7.0/block/block-backend.c:923
#6 0x000055b2292feaea in coroutine_trampoline (i0=<optimised out>,
i1=<optimised out>)
at /home/nsrc/qemu-2.7.0/util/coroutine-ucontext.c:78
#7 0x00007faecca145d0 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#8 0x00007ffde52394b0 in ?? ()
#9 0x0000000000000000 in ?? ()
(gdb)
I'm now trying valgrind again with some more options:
#!/bin/sh -e
valgrind --leak-check=yes --track-origins=yes
--show-mismatched-frees=yes --malloc-fill=aa --free-fill=55
/usr/local/bin/qemu-system-x86_64 "$@"
and maybe I'll give helgrind a go, but if you have any other suggestions
please let me know.
Thanks,
Brian.
