From: Szabolcs Nagy <szabolcs.nagy@arm.com>
To: Richard Henderson <richard.henderson@linaro.org>
Cc: nd@arm.com, qemu-devel@nongnu.org
Subject: Re: tst-arm-mte bug: PSTATE.TCO is cleared on exceptions
Date: Thu, 7 May 2020 10:59:03 +0100 [thread overview]
Message-ID: <20200507095902.GA30635@arm.com> (raw)
In-Reply-To: <20200506125709.GK23080@arm.com>
The 05/06/2020 13:57, Szabolcs Nagy wrote:
> However later on during testing malloc with PROT_MTE
> i got a qemu assert failure:
>
> Bail out! ERROR:/S/target/arm/mte_helper.c:97:allocation_tag_mem: assertion failed: (tag_size <= in_page)
>
> i can reproduce it, but i don't know how to debug it
> further, i don't know what the application is doing
> when this happens, nor what the kernel is doing.
actually i know what the application is doing,
it's in an mmap when qemu aborts:
...
23:15:17.379227 munmap(0x100ffff9675a000, 8192) = 0
23:15:17.428456 mmap(NULL, 8192, PROT_READ|PROT_WRITE|0x20, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xffff9675a000
23:15:17.502543 mmap(NULL, 36864, PROT_READ|PROT_WRITE|0x20, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xffff96707000
23:15:17.572469 munmap(0x100ffff96707000, 36864) = 0
23:15:17.645050 munmap(0x100ffff9675a000, 8192) = 0
23:15:17.721526 mmap(NULL, 8192, PROT_READ|PROT_WRITE|0x20, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xffff9675a000
23:15:17.779768 mmap(NULL, 36864, PROT_READ|PROT_WRITE|0x20, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xffff96707000
23:15:17.840278 newfstatat(3, "usr/lib", {st_mode=S_IFDIR|0755, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
23:15:18.164292 unlinkat(3, "usr/lib/.apk.1e1bebb420b720c23f29fc2cacd5581b598339805fd12c00", 0) = 0
23:15:18.357742 symlinkat("libXau.so.6.0.0", 3, "usr/lib/.apk.1e1bebb420b720c23f29fc2cacd5581b598339805fd12c00") = 0
23:15:18.469921 fchownat(3, "usr/lib/.apk.1e1bebb420b720c23f29fc2cacd5581b598339805fd12c00", 0, 0, AT_SYMLINK_NOFOLLOW) = 0
23:15:18.638698 unlinkat(3, "usr/lib/.apk.93d31976aebb056b6e2d9577dc8a2f112e28756d03f736a4", 0) = 0
23:15:18.760374 openat(3, "usr/lib/.apk.93d31976aebb056b6e2d9577dc8a2f112e28756d03f736a4", O_RDWR|O_CREAT|O_EXCL|O_TRUNC|O_LARGEFILE|O_CLOEXEC, 0755) = 8
23:15:18.916049 write(8, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\267\0\1\0\0\0\300\r\0\0\0\0\0\0@\0\0\0\0\0\0\0\3700\0\0\0\0\0\0\0\0\0\0@\08\0\6\0@\0\26\0\25\0\1\0\0\0\5\0"..., 13944) = 13944
23:15:18.961239 close(8) = 0
23:15:20.137627 fchownat(3, "usr/lib/.apk.93d31976aebb056b6e2d9577dc8a2f112e28756d03f736a4", 0, 0, 0) = 0
23:15:20.289924 utimensat(3, "usr/lib/.apk.93d31976aebb056b6e2d9577dc8a2f112e28756d03f736a4", [{tv_sec=1579395233, tv_nsec=0} /* 2020-01-19T00:53:53+0000 */, {tv_sec=1579395233, tv_nsec=0} /* 2020-01-19T00:53:53+0000 */], 0) = 0
23:15:20.467212 munmap(0x100ffff96707000, 36864) = 0
23:15:20.503631 munmap(0x100ffff9675a000, 8192) = 0
23:15:20.550130 mmap(NULL, 8192, PROT_READ|PROT_WRITE|0x20, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0Connection to localhost closed by remote host.
(this allocator does a lot of small mmap and munmap)
but i cant tell what happens on the kernel side.
is there some recommended way to turn some form
of tracing on in qemu before i execute the
problematic application?
or is it better if i try to extract a reproducer?
(that does not use the network)
>
> i rebuilt qemu with --enable-debug but now it's very
> slow (still booting into linux 3h later).
this is too slow, things time out.
next prev parent reply other threads:[~2020-05-07 10:03 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-20 10:29 tst-arm-mte bug: PSTATE.TCO is cleared on exceptions Szabolcs Nagy
2020-04-22 4:39 ` Richard Henderson
2020-04-24 19:47 ` Richard Henderson
2020-05-06 12:57 ` Szabolcs Nagy
2020-05-07 9:59 ` Szabolcs Nagy [this message]
2020-05-07 17:21 ` Richard Henderson
2020-05-18 12:59 ` Szabolcs Nagy
2020-05-19 18:46 ` Richard Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200507095902.GA30635@arm.com \
--to=szabolcs.nagy@arm.com \
--cc=nd@arm.com \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).