From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:37909)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <avi@redhat.com>) id 1TRQ2l-0005DI-Qi
	for qemu-devel@nongnu.org; Thu, 25 Oct 2012 12:12:31 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <avi@redhat.com>) id 1TRQ2a-00072d-0U
	for qemu-devel@nongnu.org; Thu, 25 Oct 2012 12:12:27 -0400
Received: from mx1.redhat.com ([209.132.183.28]:12657)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <avi@redhat.com>) id 1TRQ2Z-00072Z-Mc
	for qemu-devel@nongnu.org; Thu, 25 Oct 2012 12:12:15 -0400
Message-ID: <508964D6.8080607@redhat.com>
Date: Thu, 25 Oct 2012 18:12:06 +0200
From: Avi Kivity <avi@redhat.com>
MIME-Version: 1.0
References: <50872514.1090207@twiddle.net>
	<20121024140015.GA14279@hall.aurel32.net>
	<508942F6.5050001@redhat.com>
	<20121025143937.GH5261@ohm.aurel32.net>
In-Reply-To: <20121025143937.GH5261@ohm.aurel32.net>
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [memory] abort with head a8170e5
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Aurelien Jarno <aurelien@aurel32.net>
Cc: qemu-devel@nongnu.org, Richard Henderson <rth@twiddle.net>

On 10/25/2012 04:39 PM, Aurelien Jarno wrote:
> On Thu, Oct 25, 2012 at 03:47:34PM +0200, Avi Kivity wrote:
>> On 10/24/2012 04:00 PM, Aurelien Jarno wrote:
>> > 
>> > mips is also broken but by commit 1c380f9460522f32c8dd2577b2a53d518ec91c6d:
>> > 
>> > | [    0.436000] PCI: Enabling device 0000:00:0a.1 (0000 -> 0001)
>> > | Segmentation fault (core dumped)
>> > 
>> 
>> How do you reproduce it?
> 
> You can use the mips kernel version 2.6.32 from:
>   http://people.debian.org/~aurel32/qemu/mips/
> 
> Then just run it with the following command:
>   qemu-system-mips -M malta -kernel vmlinux-2.6.32-5-4kc-malta -append "console=tty0"
> 
> (You can also get the README command line if you don't care about
> downloading the disk image).

Doesn't reproduce here with this command line (upstream + the bridge patch).

[    0.568000] PCI: Enabling device 0000:00:12.0 (0000 -> 0002)
[    0.572000] cirrusfb 0000:00:12.0: Cirrus Logic chipset on PCI bus,
RAM (4096 kB) at 0x10000000

...

[    1.172000] PCI: Enabling device 0000:00:0a.1 (0000 -> 0001)
[    1.188000] scsi0 : ata_piix

(with console=ttyS0)

What's lp - p when the segfault occurs?  What's *index?

| #3  0x00007f4e10f3477f in phys_page_set (leaf=<optimized out>, nb=16,
index=65696, d=0x7f4e124ffb50) at /home/aurel32/qemu/exec.c:458

We're setting 16 pages around address 269090816.  Should be totally
straightforward.

If you make memory_region_transaction_begin()/_commit() no-ops, we can
get a clearer stack trace.


-- 
error compiling committee.c: too many arguments to function