From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:43859) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RP80I-0004P3-K5 for qemu-devel@nongnu.org; Sat, 12 Nov 2011 02:27:55 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RP80H-0002zX-Jh for qemu-devel@nongnu.org; Sat, 12 Nov 2011 02:27:54 -0500 Received: from v220110690675601.yourvserver.net ([78.47.199.172]:37600) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RP80H-0002yn-Aq for qemu-devel@nongnu.org; Sat, 12 Nov 2011 02:27:53 -0500 Message-ID: <4EBE1FBD.3030207@weilnetz.de> Date: Sat, 12 Nov 2011 08:26:53 +0100 From: Stefan Weil MIME-Version: 1.0 References: <4EBDD460.10103@suse.de> In-Reply-To: <4EBDD460.10103@suse.de> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: quoted-printable Subject: Re: [Qemu-devel] [TestDays] info mtree abort List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: =?ISO-8859-15?Q?Andreas_F=E4rber?= Cc: Jan Kiszka , qemu-devel Developers , Avi Kivity Am 12.11.2011 03:05, schrieb Andreas F=E4rber: > Hello, > > On current qemu.git master for qemu-system-x86_64 I observe crashes > similar to this one when running info mtree on the SDL monitor console: > > *** glibc detected *** > /home/andreas/QEMU/qemu-rl78/rl78-softmmu/qemu-system-rl78: free(): > invalid pointer: 0x4545454545454545 *** > > #0 0x00007ffff6308d95 in raise () from /lib64/libc.so.6 > #1 0x00007ffff630a2ab in abort () from /lib64/libc.so.6 > #2 0x00007ffff6342ece in __libc_message () from /lib64/libc.so.6 > #3 0x00007ffff6348c06 in malloc_printerr () from /lib64/libc.so.6 > #4 0x00000000004e9024 in mtree_print_mr (mon_printf=3D0x4ef720 > , f=3D0xf89b10, mr=3D, level=3D0, base=3D= 0, > alias_print_queue=3D0x7fffffffd610) > at /home/andreas/QEMU/qemu-rl78/memory.c:1405 > #5 0x00000000004ec8b6 in mtree_info (mon_printf=3D0x4ef720 > , f=3D0xf89b10) at=20 > /home/andreas/QEMU/qemu-rl78/memory.c:1417 > > Regards, > Andreas qemu-system-i386 also has the same problem. It does not crash (so most users won't notice anything going wrong), but Valgrind shows the bug, too: =3D=3D29459=3D=3D Invalid read of size 4 =3D=3D29459=3D=3D at 0x81ED59A: mtree_print_mr (memory.c:1404) =3D=3D29459=3D=3D by 0x81ED61E: mtree_info (memory.c:1417) =3D=3D29459=3D=3D by 0x81F1781: do_info_mtree (monitor.c:2247) =3D=3D29459=3D=3D by 0x81EE916: do_info (monitor.c:698) =3D=3D29459=3D=3D by 0x81F4234: handle_user_command (monitor.c:4130) =3D=3D29459=3D=3D by 0x81F57A6: monitor_command_cb (monitor.c:4746) =3D=3D29459=3D=3D by 0x8147992: readline_handle_byte (readline.c:370) =3D=3D29459=3D=3D by 0x81F572A: monitor_read (monitor.c:4732) =3D=3D29459=3D=3D by 0x81385AF: qemu_chr_be_write (qemu-char.c:163) =3D=3D29459=3D=3D by 0x809D1B1: kbd_send_chars (console.c:1124) =3D=3D29459=3D=3D by 0x809D440: kbd_put_keysym (console.c:1183) =3D=3D29459=3D=3D by 0x8163FBA: handle_keydown (sdl.c:724) =3D=3D29459=3D=3D Address 0x12f882c8 is 8 bytes inside a block of size 1= 6 free'd =3D=3D29459=3D=3D at 0x4024B3A: free (vg_replace_malloc.c:366) =3D=3D29459=3D=3D by 0x8116580: free_and_trace (vl.c:2149) =3D=3D29459=3D=3D by 0x4098FC5: g_free (in /lib/libglib-2.0.so.0.2400.= 1) =3D=3D29459=3D=3D by 0x81ED5AA: mtree_print_mr (memory.c:1405) =3D=3D29459=3D=3D by 0x81ED61E: mtree_info (memory.c:1417) =3D=3D29459=3D=3D by 0x81F1781: do_info_mtree (monitor.c:2247) =3D=3D29459=3D=3D by 0x81EE916: do_info (monitor.c:698) =3D=3D29459=3D=3D by 0x81F4234: handle_user_command (monitor.c:4130) =3D=3D29459=3D=3D by 0x81F57A6: monitor_command_cb (monitor.c:4746) =3D=3D29459=3D=3D by 0x8147992: readline_handle_byte (readline.c:370) =3D=3D29459=3D=3D by 0x81F572A: monitor_read (monitor.c:4732) =3D=3D29459=3D=3D by 0x81385AF: qemu_chr_be_write (qemu-char.c:163) =3D=3D29459=3D=3D =3D=3D29459=3D=3D Invalid read of size 4 =3D=3D29459=3D=3D at 0x81ED59A: mtree_print_mr (memory.c:1404) =3D=3D29459=3D=3D by 0x81ED57B: mtree_print_mr (memory.c:1400) =3D=3D29459=3D=3D by 0x81ED68D: mtree_info (memory.c:1423) =3D=3D29459=3D=3D by 0x81F1781: do_info_mtree (monitor.c:2247) =3D=3D29459=3D=3D by 0x81EE916: do_info (monitor.c:698) =3D=3D29459=3D=3D by 0x81F4234: handle_user_command (monitor.c:4130) =3D=3D29459=3D=3D by 0x81F57A6: monitor_command_cb (monitor.c:4746) =3D=3D29459=3D=3D by 0x8147992: readline_handle_byte (readline.c:370) =3D=3D29459=3D=3D by 0x81F572A: monitor_read (monitor.c:4732) =3D=3D29459=3D=3D by 0x81385AF: qemu_chr_be_write (qemu-char.c:163) =3D=3D29459=3D=3D by 0x809D1B1: kbd_send_chars (console.c:1124) =3D=3D29459=3D=3D by 0x809D440: kbd_put_keysym (console.c:1183) =3D=3D29459=3D=3D Address 0x12f88508 is 8 bytes inside a block of size 1= 6 free'd =3D=3D29459=3D=3D at 0x4024B3A: free (vg_replace_malloc.c:366) =3D=3D29459=3D=3D by 0x8116580: free_and_trace (vl.c:2149) =3D=3D29459=3D=3D by 0x4098FC5: g_free (in /lib/libglib-2.0.so.0.2400.= 1) =3D=3D29459=3D=3D by 0x81ED5AA: mtree_print_mr (memory.c:1405) =3D=3D29459=3D=3D by 0x81ED57B: mtree_print_mr (memory.c:1400) =3D=3D29459=3D=3D by 0x81ED68D: mtree_info (memory.c:1423) =3D=3D29459=3D=3D by 0x81F1781: do_info_mtree (monitor.c:2247) =3D=3D29459=3D=3D by 0x81EE916: do_info (monitor.c:698) =3D=3D29459=3D=3D by 0x81F4234: handle_user_command (monitor.c:4130) =3D=3D29459=3D=3D by 0x81F57A6: monitor_command_cb (monitor.c:4746) =3D=3D29459=3D=3D by 0x8147992: readline_handle_byte (readline.c:370) =3D=3D29459=3D=3D by 0x81F572A: monitor_read (monitor.c:4732) =3D=3D29459=3D=3D (more bug messages for the same problem follow, I removed them here) Valgrind was started like this from QEMU's source directory: valgrind -v --error-limit=3Dno --track-origins=3Dyes --smc-check=3Dall \ --leak-check=3Dfull bin/debug/386/i386-softmmu/qemu-system-i386 -L=20 pc-bios Regards, Stefan Weil