* [Qemu-devel] [TestDays] info mtree abort
@ 2011-11-12 2:05 Andreas Färber
2011-11-12 2:27 ` Andreas Färber
2011-11-12 7:26 ` Stefan Weil
0 siblings, 2 replies; 4+ messages in thread
From: Andreas Färber @ 2011-11-12 2:05 UTC (permalink / raw)
To: qemu-devel Developers; +Cc: Avi Kivity
Hello,
On current qemu.git master for qemu-system-x86_64 I observe crashes
similar to this one when running info mtree on the SDL monitor console:
*** glibc detected ***
/home/andreas/QEMU/qemu-rl78/rl78-softmmu/qemu-system-rl78: free():
invalid pointer: 0x4545454545454545 ***
#0 0x00007ffff6308d95 in raise () from /lib64/libc.so.6
#1 0x00007ffff630a2ab in abort () from /lib64/libc.so.6
#2 0x00007ffff6342ece in __libc_message () from /lib64/libc.so.6
#3 0x00007ffff6348c06 in malloc_printerr () from /lib64/libc.so.6
#4 0x00000000004e9024 in mtree_print_mr (mon_printf=0x4ef720
<monitor_printf>, f=0xf89b10, mr=<optimized out>, level=0, base=0,
alias_print_queue=0x7fffffffd610)
at /home/andreas/QEMU/qemu-rl78/memory.c:1405
#5 0x00000000004ec8b6 in mtree_info (mon_printf=0x4ef720
<monitor_printf>, f=0xf89b10) at /home/andreas/QEMU/qemu-rl78/memory.c:1417
Regards,
Andreas
--
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [TestDays] info mtree abort
2011-11-12 2:05 [Qemu-devel] [TestDays] info mtree abort Andreas Färber
@ 2011-11-12 2:27 ` Andreas Färber
2011-11-12 7:26 ` Stefan Weil
1 sibling, 0 replies; 4+ messages in thread
From: Andreas Färber @ 2011-11-12 2:27 UTC (permalink / raw)
To: qemu-devel Developers; +Cc: Avi Kivity
Am 12.11.2011 03:05, schrieb Andreas Färber:
> On current qemu.git master for qemu-system-x86_64 I observe crashes
> similar to this one when running info mtree on the SDL monitor console:
>
> *** glibc detected ***
> /home/andreas/QEMU/qemu-rl78/rl78-softmmu/qemu-system-rl78: free():
> invalid pointer: 0x4545454545454545 ***
>
> #0 0x00007ffff6308d95 in raise () from /lib64/libc.so.6
> #1 0x00007ffff630a2ab in abort () from /lib64/libc.so.6
> #2 0x00007ffff6342ece in __libc_message () from /lib64/libc.so.6
> #3 0x00007ffff6348c06 in malloc_printerr () from /lib64/libc.so.6
> #4 0x00000000004e9024 in mtree_print_mr (mon_printf=0x4ef720
> <monitor_printf>, f=0xf89b10, mr=<optimized out>, level=0, base=0,
> alias_print_queue=0x7fffffffd610)
> at /home/andreas/QEMU/qemu-rl78/memory.c:1405
> #5 0x00000000004ec8b6 in mtree_info (mon_printf=0x4ef720
> <monitor_printf>, f=0xf89b10) at /home/andreas/QEMU/qemu-rl78/memory.c:1417
Commenting out both g_free()s in QTAILQ_FOREACH_SAFE() in
mtree_print_mr() and mtree_info() respectively avoids this.
Andreas
--
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [TestDays] info mtree abort
2011-11-12 2:05 [Qemu-devel] [TestDays] info mtree abort Andreas Färber
2011-11-12 2:27 ` Andreas Färber
@ 2011-11-12 7:26 ` Stefan Weil
2011-11-12 9:38 ` Andreas Färber
1 sibling, 1 reply; 4+ messages in thread
From: Stefan Weil @ 2011-11-12 7:26 UTC (permalink / raw)
To: Andreas Färber; +Cc: Jan Kiszka, qemu-devel Developers, Avi Kivity
Am 12.11.2011 03:05, schrieb Andreas Färber:
> Hello,
>
> On current qemu.git master for qemu-system-x86_64 I observe crashes
> similar to this one when running info mtree on the SDL monitor console:
>
> *** glibc detected ***
> /home/andreas/QEMU/qemu-rl78/rl78-softmmu/qemu-system-rl78: free():
> invalid pointer: 0x4545454545454545 ***
>
> #0 0x00007ffff6308d95 in raise () from /lib64/libc.so.6
> #1 0x00007ffff630a2ab in abort () from /lib64/libc.so.6
> #2 0x00007ffff6342ece in __libc_message () from /lib64/libc.so.6
> #3 0x00007ffff6348c06 in malloc_printerr () from /lib64/libc.so.6
> #4 0x00000000004e9024 in mtree_print_mr (mon_printf=0x4ef720
> <monitor_printf>, f=0xf89b10, mr=<optimized out>, level=0, base=0,
> alias_print_queue=0x7fffffffd610)
> at /home/andreas/QEMU/qemu-rl78/memory.c:1405
> #5 0x00000000004ec8b6 in mtree_info (mon_printf=0x4ef720
> <monitor_printf>, f=0xf89b10) at
> /home/andreas/QEMU/qemu-rl78/memory.c:1417
>
> Regards,
> Andreas
qemu-system-i386 also has the same problem. It does not crash
(so most users won't notice anything going wrong), but Valgrind
shows the bug, too:
==29459== Invalid read of size 4
==29459== at 0x81ED59A: mtree_print_mr (memory.c:1404)
==29459== by 0x81ED61E: mtree_info (memory.c:1417)
==29459== by 0x81F1781: do_info_mtree (monitor.c:2247)
==29459== by 0x81EE916: do_info (monitor.c:698)
==29459== by 0x81F4234: handle_user_command (monitor.c:4130)
==29459== by 0x81F57A6: monitor_command_cb (monitor.c:4746)
==29459== by 0x8147992: readline_handle_byte (readline.c:370)
==29459== by 0x81F572A: monitor_read (monitor.c:4732)
==29459== by 0x81385AF: qemu_chr_be_write (qemu-char.c:163)
==29459== by 0x809D1B1: kbd_send_chars (console.c:1124)
==29459== by 0x809D440: kbd_put_keysym (console.c:1183)
==29459== by 0x8163FBA: handle_keydown (sdl.c:724)
==29459== Address 0x12f882c8 is 8 bytes inside a block of size 16 free'd
==29459== at 0x4024B3A: free (vg_replace_malloc.c:366)
==29459== by 0x8116580: free_and_trace (vl.c:2149)
==29459== by 0x4098FC5: g_free (in /lib/libglib-2.0.so.0.2400.1)
==29459== by 0x81ED5AA: mtree_print_mr (memory.c:1405)
==29459== by 0x81ED61E: mtree_info (memory.c:1417)
==29459== by 0x81F1781: do_info_mtree (monitor.c:2247)
==29459== by 0x81EE916: do_info (monitor.c:698)
==29459== by 0x81F4234: handle_user_command (monitor.c:4130)
==29459== by 0x81F57A6: monitor_command_cb (monitor.c:4746)
==29459== by 0x8147992: readline_handle_byte (readline.c:370)
==29459== by 0x81F572A: monitor_read (monitor.c:4732)
==29459== by 0x81385AF: qemu_chr_be_write (qemu-char.c:163)
==29459==
==29459== Invalid read of size 4
==29459== at 0x81ED59A: mtree_print_mr (memory.c:1404)
==29459== by 0x81ED57B: mtree_print_mr (memory.c:1400)
==29459== by 0x81ED68D: mtree_info (memory.c:1423)
==29459== by 0x81F1781: do_info_mtree (monitor.c:2247)
==29459== by 0x81EE916: do_info (monitor.c:698)
==29459== by 0x81F4234: handle_user_command (monitor.c:4130)
==29459== by 0x81F57A6: monitor_command_cb (monitor.c:4746)
==29459== by 0x8147992: readline_handle_byte (readline.c:370)
==29459== by 0x81F572A: monitor_read (monitor.c:4732)
==29459== by 0x81385AF: qemu_chr_be_write (qemu-char.c:163)
==29459== by 0x809D1B1: kbd_send_chars (console.c:1124)
==29459== by 0x809D440: kbd_put_keysym (console.c:1183)
==29459== Address 0x12f88508 is 8 bytes inside a block of size 16 free'd
==29459== at 0x4024B3A: free (vg_replace_malloc.c:366)
==29459== by 0x8116580: free_and_trace (vl.c:2149)
==29459== by 0x4098FC5: g_free (in /lib/libglib-2.0.so.0.2400.1)
==29459== by 0x81ED5AA: mtree_print_mr (memory.c:1405)
==29459== by 0x81ED57B: mtree_print_mr (memory.c:1400)
==29459== by 0x81ED68D: mtree_info (memory.c:1423)
==29459== by 0x81F1781: do_info_mtree (monitor.c:2247)
==29459== by 0x81EE916: do_info (monitor.c:698)
==29459== by 0x81F4234: handle_user_command (monitor.c:4130)
==29459== by 0x81F57A6: monitor_command_cb (monitor.c:4746)
==29459== by 0x8147992: readline_handle_byte (readline.c:370)
==29459== by 0x81F572A: monitor_read (monitor.c:4732)
==29459==
(more bug messages for the same problem follow, I removed them here)
Valgrind was started like this from QEMU's source directory:
valgrind -v --error-limit=no --track-origins=yes --smc-check=all \
--leak-check=full bin/debug/386/i386-softmmu/qemu-system-i386 -L
pc-bios
Regards,
Stefan Weil
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Qemu-devel] [TestDays] info mtree abort
2011-11-12 7:26 ` Stefan Weil
@ 2011-11-12 9:38 ` Andreas Färber
0 siblings, 0 replies; 4+ messages in thread
From: Andreas Färber @ 2011-11-12 9:38 UTC (permalink / raw)
To: Stefan Weil; +Cc: Jan Kiszka, Alexander Graf, qemu-devel Developers, Avi Kivity
Am 12.11.2011 08:26, schrieb Stefan Weil:
> Am 12.11.2011 03:05, schrieb Andreas Färber:
>> On current qemu.git master for qemu-system-x86_64 I observe crashes
>> similar to this one when running info mtree on the SDL monitor console:
>>
>> *** glibc detected ***
>> /home/andreas/QEMU/qemu-rl78/rl78-softmmu/qemu-system-rl78: free():
>> invalid pointer: 0x4545454545454545 ***
>>
>> #0 0x00007ffff6308d95 in raise () from /lib64/libc.so.6
>> #1 0x00007ffff630a2ab in abort () from /lib64/libc.so.6
>> #2 0x00007ffff6342ece in __libc_message () from /lib64/libc.so.6
>> #3 0x00007ffff6348c06 in malloc_printerr () from /lib64/libc.so.6
>> #4 0x00000000004e9024 in mtree_print_mr (mon_printf=0x4ef720
>> <monitor_printf>, f=0xf89b10, mr=<optimized out>, level=0, base=0,
>> alias_print_queue=0x7fffffffd610)
>> at /home/andreas/QEMU/qemu-rl78/memory.c:1405
>> #5 0x00000000004ec8b6 in mtree_info (mon_printf=0x4ef720
>> <monitor_printf>, f=0xf89b10) at
>> /home/andreas/QEMU/qemu-rl78/memory.c:1417
>
>
> qemu-system-i386 also has the same problem. It does not crash
> (so most users won't notice anything going wrong), but Valgrind
> shows the bug, too:
Stefan, thanks for sharing your valgrind command line.
Alex didn't notice the missing initialization for qemu-system-s390x
virtio either, so I guess my system (openSUSE 12.1 RC2) must have some
stricter default setting...
Andreas
--
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2011-11-12 9:38 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-11-12 2:05 [Qemu-devel] [TestDays] info mtree abort Andreas Färber
2011-11-12 2:27 ` Andreas Färber
2011-11-12 7:26 ` Stefan Weil
2011-11-12 9:38 ` Andreas Färber
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).