From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:38306)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <aurelien@aurel32.net>) id 1TR1Vo-00053t-GA
	for qemu-devel@nongnu.org; Wed, 24 Oct 2012 10:00:55 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <aurelien@aurel32.net>) id 1TR1Vf-0004Sh-Gz
	for qemu-devel@nongnu.org; Wed, 24 Oct 2012 10:00:48 -0400
Received: from hall.aurel32.net ([88.191.126.93]:38654)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <aurelien@aurel32.net>) id 1TR1Vf-0004Kx-7v
	for qemu-devel@nongnu.org; Wed, 24 Oct 2012 10:00:39 -0400
Date: Wed, 24 Oct 2012 16:00:15 +0200
From: Aurelien Jarno <aurelien@aurel32.net>
Message-ID: <20121024140015.GA14279@hall.aurel32.net>
References: <50872514.1090207@twiddle.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
In-Reply-To: <50872514.1090207@twiddle.net>
Sender: Aurelien Jarno <aurelien@aurel32.net>
Subject: Re: [Qemu-devel] [memory] abort with head a8170e5
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Richard Henderson <rth@twiddle.net>
Cc: avi@redhat.com, qemu-devel@nongnu.org

On Wed, Oct 24, 2012 at 09:15:32AM +1000, Richard Henderson wrote:
> qemu-system-sparc64: /home/rth/work/qemu/qemu/memory.c:1022: memory_region_destroy: Assertion `memory_region_transaction_depth == 0' failed.
> 
> Program received signal SIGABRT, Aborted.
> 0x00007ffff5234925 in raise () from /lib64/libc.so.6
> (gdb) where
> #0  0x00007ffff5234925 in raise () from /lib64/libc.so.6
> #1  0x00007ffff52360d8 in abort () from /lib64/libc.so.6
> #2  0x00007ffff522d6a2 in __assert_fail_base () from /lib64/libc.so.6
> #3  0x00007ffff522d752 in __assert_fail () from /lib64/libc.so.6
> #4  0x000055555576ebe4 in memory_region_destroy (mr=0x555556a76f60)
>     at /home/rth/work/qemu/qemu/memory.c:1022
> #5  0x0000555555674729 in pci_bridge_cleanup_alias (
>     parent_space=<optimized out>, alias=0x555556a76f60)
>     at /home/rth/work/qemu/qemu/hw/pci_bridge.c:158
> #6  pci_bridge_region_cleanup (br=0x555556a75d30)
>     at /home/rth/work/qemu/qemu/hw/pci_bridge.c:190
> #7  0x0000555555674ccb in pci_bridge_update_mappings (br=0x555556a75d30)
>     at /home/rth/work/qemu/qemu/hw/pci_bridge.c:203
> #8  pci_bridge_write_config (d=0x555556a75d30, address=<optimized out>, 
>     val=<optimized out>, len=<optimized out>)
>     at /home/rth/work/qemu/qemu/hw/pci_bridge.c:226
> #9  0x000055555576b072 in access_with_adjusted_size (addr=addr@entry=2052, 
>     value=value@entry=0x7fffedaee890, size=size@entry=2, 
>     access_size_min=<optimized out>, access_size_max=<optimized out>, 
>     access=access@entry=0x55555576b690 <memory_region_write_accessor>, 
>     opaque=opaque@entry=0x555556a65a38)
>     at /home/rth/work/qemu/qemu/memory.c:363
> #10 0x0000555555770183 in memory_region_dispatch_write (size=2, data=768, addr=
>     2052, mr=0x555556a65a38) at /home/rth/work/qemu/qemu/memory.c:914
> #11 io_mem_write (mr=0x555556a65a38, addr=2052, val=<optimized out>, size=2)
>     at /home/rth/work/qemu/qemu/memory.c:1570
> #12 0x00007ffff011cd3e in code_gen_buffer ()
> 
> This can be seen with the distributed OpenBIOS, i.e. no special options needed:
> 
>   ./sparc64-softmmu/qemu-system-sparc64
> 

mips is also broken but by commit 1c380f9460522f32c8dd2577b2a53d518ec91c6d:

| [    0.436000] PCI: Enabling device 0000:00:0a.1 (0000 -> 0001)
| Segmentation fault (core dumped)

With gdb:

| Program terminated with signal 11, Segmentation fault.
| #0  phys_page_set_level (lp=0x7f4e12862db0, lp@entry=0x7f4e12851cf0, index=index@entry=0x7f4e012af480, nb=nb@entry=0x7f4e012af488, leaf=leaf@entry=45, level=level@entry=0) at /home/aurel32/qemu/exec.c:440
| 440                 lp->is_leaf = true;
| (gdb) bt
| #0  phys_page_set_level (lp=0x7f4e12862db0, lp@entry=0x7f4e12851cf0, index=index@entry=0x7f4e012af480, nb=nb@entry=0x7f4e012af488, leaf=leaf@entry=45, level=level@entry=0) at /home/aurel32/qemu/exec.c:440
| #1  0x00007f4e10f33a10 in phys_page_set_level (lp=0x7f4e12851cf0, lp@entry=0x7f4e12851470, index=index@entry=0x7f4e012af480, nb=nb@entry=0x7f4e012af488, leaf=leaf@entry=45, level=level@entry=1)
|     at /home/aurel32/qemu/exec.c:445
| #2  0x00007f4e10f33a10 in phys_page_set_level (lp=0x7f4e12851470, lp@entry=0x7f4e124ffb50, index=index@entry=0x7f4e012af480, nb=nb@entry=0x7f4e012af488, leaf=45, level=level@entry=2)
|     at /home/aurel32/qemu/exec.c:445
| #3  0x00007f4e10f3477f in phys_page_set (leaf=<optimized out>, nb=16, index=65696, d=0x7f4e124ffb50) at /home/aurel32/qemu/exec.c:458
| #4  register_multipage (section=0x7f4e012af490, d=0x7f4e124ffb50) at /home/aurel32/qemu/exec.c:2263
| #5  mem_add (listener=0x7f4e124ffb58, section=<optimized out>) at /home/aurel32/qemu/exec.c:2289
| #6  0x00007f4e10f69a3c in address_space_update_topology_pass (as=as@entry=0x7f4e126201c8, adding=adding@entry=true, old_view=..., new_view=...) at /home/aurel32/qemu/memory.c:710
| #7  0x00007f4e10f6a458 in address_space_update_topology (as=0x7f4e126201c8) at /home/aurel32/qemu/memory.c:725
| #8  memory_region_transaction_commit () at /home/aurel32/qemu/memory.c:748
| #9  0x00007f4e10e5eeff in pci_default_write_config (d=0x7f4e1261ffb0, addr=4, val=0, l=4) at hw/pci.c:1075
| #10 0x00007f4e10f67df2 in access_with_adjusted_size (addr=addr@entry=3324, value=value@entry=0x7f4e012af8a0, size=size@entry=4, access_size_min=<optimized out>, access_size_max=<optimized out>,
|     access=access@entry=0x7f4e10f68410 <memory_region_write_accessor>, opaque=opaque@entry=0x7f4e124f2ba8) at /home/aurel32/qemu/memory.c:363
| #11 0x00007f4e10f6cda3 in memory_region_dispatch_write (size=4, data=41943045, addr=3324, mr=0x7f4e124f2ba8) at /home/aurel32/qemu/memory.c:914
| #12 io_mem_write (mr=0x7f4e124f2ba8, addr=3324, val=<optimized out>, size=4) at /home/aurel32/qemu/memory.c:1567
| #13 0x00000000415a4be0 in code_gen_buffer ()
| #14 0x00007f4e10f2e811 in cpu_mips_exec (env=0x7f4e12840ed0, env@entry=0x7f4e124d98c8) at /home/aurel32/qemu/cpu-exec.c:601
| #15 0x00007f4e10f2fbc3 in tcg_cpu_exec (env=0x7f4e124d98c8) at /home/aurel32/qemu/cpus.c:1109
| #16 tcg_exec_all () at /home/aurel32/qemu/cpus.c:1141
| #17 qemu_tcg_cpu_thread_fn (arg=<optimized out>) at /home/aurel32/qemu/cpus.c:836
| #18 0x00007f4e0c2a3b50 in start_thread (arg=<optimized out>) at pthread_create.c:304
| #19 0x00007f4e0bfee70d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
| #20 0x0000000000000000 in ?? ()



-- 
Aurelien Jarno	                        GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net