Re: [Qemu-devel] [PULL] qemu-sparc updates

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Peter Maydell <peter.maydell@linaro.org>
To: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Cc: QEMU Developers <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] [PULL] qemu-sparc updates
Date: Tue, 9 Jan 2018 18:22:53 +0000	[thread overview]
Message-ID: <CAFEAcA-dOpPiiGA28agziDyi5QKn4ErGgPyG_vL9ixk9iKUv0g@mail.gmail.com> (raw)
In-Reply-To: <20180108193124.mjei33w5wopmadmk@kentang.home>

On 8 January 2018 at 19:31, Mark Cave-Ayland
<mark.cave-ayland@ilande.co.uk> wrote:
> Hi Peter,
>
> Here is the first set of SPARC updates for 2.12. Please pull.
>
>
> ATB,
>
> Mark.
>
>
> The following changes since commit 4124ea4f5bd367ca6412fb2dfe7ac4d80e1504d9:
>
>   Merge remote-tracking branch 'remotes/rth/tags/pull-tcg-20171229' into staging (2018-01-08 16:17:04 +0000)
>
> are available in the git repository at:
>
>   https://github.com/mcayland/qemu.git tags/qemu-sparc-signed
>
> for you to fetch changes up to 6a52624720e5abc6a1f067a7e7b8239b428e0c95:
>
>   sun4u_iommu: add trace event for IOMMU translations (2018-01-08 19:07:55 +0000)
>
> ----------------------------------------------------------------
> qemu-sparc update
>
> ----------------------------------------------------------------

Hi. This seems to crash in 'make check'. One of the crashes has a
memory corruption splat:

TEST: tests/device-introspect-test... (pid=20423)
  /sparc64/device/introspect/list:                                     OK
  /sparc64/device/introspect/list-fields:                              OK
  /sparc64/device/introspect/none:                                     OK
  /sparc64/device/introspect/abstract:                                 OK
  /sparc64/device/introspect/concrete:
*** Error in `sparc64-softmmu/qemu-system-spar
c64': corrupted double-linked list (not small): 0x0000010033b823a0 ***
======= Backtrace: =========
/lib64/libc.so.6(+0xb0b94)[0x3fff90ce0b94]
/lib64/libc.so.6(+0xb5b18)[0x3fff90ce5b18]
/lib64/libc.so.6(__libc_calloc-0x14b664)[0x3fff90ce9934]
/lib64/libglib-2.0.so.0(g_malloc0-0x100d54)[0x3fff97a634d4]
sparc64-softmmu/qemu-system-sparc64[0x1030a9bc]
sparc64-softmmu/qemu-system-sparc64[0x103062c8]
sparc64-softmmu/qemu-system-sparc64[0x103062a0]

Running it under valgrind with
QTEST_QEMU_BINARY='valgrind sparc64-softmmu/qemu-system-sparc64'
./tests/device-introspect-test -p /sparc64/device/introspect/concrete

gives this write-after-free:

==1931== Invalid write of size 8
==1931==    at 0x55EA51: pci_host_bus_register (pci.c:331)
==1931==    by 0x55ECBD: pci_bus_init (pci.c:393)
==1931==    by 0x55EE18: pci_bus_new (pci.c:424)
==1931==    by 0x55EEE2: pci_register_bus (pci.c:447)
==1931==    by 0x55D14F: pci_pbm_init (apb.c:464)
==1931==    by 0x69179B: object_init_with_type (object.c:353)
==1931==    by 0x6919D0: object_initialize_with_type (object.c:384)
==1931==    by 0x691E3B: object_new_with_type (object.c:492)
==1931==    by 0x691E78: object_new (object.c:502)
==1931==    by 0x479A3C: qmp_device_list_properties (qmp.c:537)
==1931==    by 0x455479: qdev_device_help (qdev-monitor.c:279)
==1931==    by 0x456C9E: qmp_device_add (qdev-monitor.c:802)
==1931==  Address 0x2ca7af08 is 1,528 bytes inside a block of size 3,312 free'd
==1931==    at 0x4C2EDEB: free (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1931==    by 0x691DC6: object_finalize (object.c:480)
==1931==    by 0x692CBD: object_unref (object.c:911)
==1931==    by 0x479B91: qmp_device_list_properties (qmp.c:572)
==1931==    by 0x469EA0: qmp_marshal_device_list_properties (qmp-marshal.c:1393)
==1931==    by 0x7A25D2: do_qmp_dispatch (qmp-dispatch.c:104)
==1931==    by 0x7A2703: qmp_dispatch (qmp-dispatch.c:131)
==1931==    by 0x39E36D: handle_qmp_command (monitor.c:3839)
==1931==    by 0x7AA357: json_message_process_token (json-streamer.c:105)
==1931==    by 0x7D70CB: json_lexer_feed_char (json-lexer.c:323)
==1931==    by 0x7D7213: json_lexer_feed (json-lexer.c:373)
==1931==    by 0x7AA3FE: json_message_parser_feed (json-streamer.c:124)
==1931==  Block was alloc'd at
==1931==    at 0x4C2DB8F: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1931==    by 0x1C004718: g_malloc (in
/lib/x86_64-linux-gnu/libglib-2.0.so.0.4800.2)
==1931==    by 0x691E1C: object_new_with_type (object.c:491)
==1931==    by 0x691E78: object_new (object.c:502)
==1931==    by 0x479A3C: qmp_device_list_properties (qmp.c:537)
==1931==    by 0x469EA0: qmp_marshal_device_list_properties (qmp-marshal.c:1393)
==1931==    by 0x7A25D2: do_qmp_dispatch (qmp-dispatch.c:104)
==1931==    by 0x7A2703: qmp_dispatch (qmp-dispatch.c:131)
==1931==    by 0x39E36D: handle_qmp_command (monitor.c:3839)
==1931==    by 0x7AA357: json_message_process_token (json-streamer.c:105)
==1931==    by 0x7D70CB: json_lexer_feed_char (json-lexer.c:323)
==1931==    by 0x7D7213: json_lexer_feed (json-lexer.c:373)



thanks
-- PMM

next prev parent reply	other threads:[~2018-01-09 18:23 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-08 19:31 [Qemu-devel] [PULL] qemu-sparc updates Mark Cave-Ayland
2018-01-09 18:22 ` Peter Maydell [this message]
2018-01-09 22:18   ` Mark Cave-Ayland
2018-01-11 11:07     ` Peter Maydell
  -- strict thread matches above, loose matches on Subject: below --
2018-03-08  7:47 Mark Cave-Ayland
2018-03-08 14:48 ` Peter Maydell
2018-02-27 19:16 Mark Cave-Ayland
2018-03-01 12:32 ` Peter Maydell
2018-01-24 19:58 Mark Cave-Ayland
2018-01-25 12:51 ` Peter Maydell
2018-01-25 13:48   ` Mark Cave-Ayland
2018-01-25 17:04     ` Peter Maydell
2017-10-19  6:58 Mark Cave-Ayland
2017-10-19 18:17 ` Peter Maydell
2017-09-21  7:51 Mark Cave-Ayland
2017-09-21 13:39 ` Peter Maydell
2017-09-04 17:51 Mark Cave-Ayland
2017-09-05  9:25 ` Peter Maydell
2017-06-02  5:32 Mark Cave-Ayland
2017-06-02 15:35 ` Peter Maydell
2017-05-05  8:57 Mark Cave-Ayland
2017-05-08 16:46 ` Stefan Hajnoczi
2014-08-17 12:50 Mark Cave-Ayland
2014-08-18 13:33 ` Peter Maydell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAFEAcA-dOpPiiGA28agziDyi5QKn4ErGgPyG_vL9ixk9iKUv0g@mail.gmail.com \
    --to=peter.maydell@linaro.org \
    --cc=mark.cave-ayland@ilande.co.uk \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).