[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [Bug 1596160] Re: SIGSEGV in memory_region_access_valid on

From: Peter Maydell
Subject: [Qemu-devel] [Bug 1596160] Re: SIGSEGV in memory_region_access_valid on Sabre Lite board
Date: Tue, 28 Jun 2016 11:22:16 -0000

The immediate cause of this crash is that the guest is trying to write
to the imx6.rom region, which (as the name suggests) is read-only, so
your guest is probably misconfigured if it's doing that. However we
shouldn't crash.

The bug here is that the various imx boards call
memory_region_init_rom_device() for the ROMs passing a NULL pointer for
the 'ops' argument, which is always a bug. The right API for this is to
call memory_region_init_ram() and then memory_region_set_readonly(). We
should also assert in memory_region_rom_device() if the ops argument is

You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.

  SIGSEGV in memory_region_access_valid on Sabre Lite board

Status in QEMU:

Bug description:
  I'm trying to emulate a Sabre Lite board and booting U-Boot, but I'm
  encountering a SIGSEGV almost immediately after starting QEMU.

  QEMU version: 6f1d2d1c5ad20d464705b17318cb7ca495f8078a
  U-Boot version: mx6qsabrelite_defconfig 2016.05 (with 
 reverted, since it hangs the CPU)

  $ gdb --args ./arm-softmmu/qemu-system-arm -machine sabrelite -kernel 
  GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1


  (gdb) r
  Starting program: /home/kota/qemu/build/arm-softmmu/qemu-system-arm -machine 
sabrelite -kernel /home/kota/u-boot-2016.05/u-boot
  [Thread debugging using libthread_db enabled]
  Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
  [New Thread 0x7fffe9074700 (LWP 18025)]
  [New Thread 0x7fffe58c0700 (LWP 18027)]

  Program received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0x7fffe58c0700 (LWP 18027)]
  0x00005555557aaaa8 in memory_region_access_valid (address@hidden, 
address@hidden, address@hidden, address@hidden) at /home/kota/qemu/memory.c:1143
  1143      if (!mr->ops->valid.unaligned && (addr & (size - 1))) {
  (gdb) print mr->ops
  $1 = (const MemoryRegionOps *) 0x0
  (gdb) print *mr
  $2 = {parent_obj = {class = 0x555556678990, free = 0x0, properties = 
0x555557002d20, ref = 1, parent = 0x555556693d10}, romd_mode = true, ram = 
false, subpage = false, readonly = false, rom_device = true, 
    flush_coalesced_mmio = false, global_locking = true, dirty_log_mask = 0 
'\000', ram_block = 0x5555570228f0, owner = 0x0, iommu_ops = 0x0, ops = 0x0, 
opaque = 0x0, container = 0x555556693980, size = {
      lo = 98304, hi = 0}, addr = 0, destructor = 0x5555557a70b0 
<memory_region_destructor_rom_device>, align = 2097152, terminates = true, 
skip_dump = false, enabled = true, warning_printed = false, 
    vga_logging_count = 0 '\000', alias = 0x0, alias_offset = 0, priority = 0, 
subregions = {tqh_first = 0x0, tqh_last = 0x7fffe594e188}, subregions_link = 
{tqe_next = 0x7fffe594d988, tqe_prev = 0x7fffe594e290}, 
    coalesced = {tqh_first = 0x0, tqh_last = 0x7fffe594e1a8}, name = 
0x555557022710 "imx6.rom", ioeventfd_nb = 0, ioeventfds = 0x0, iommu_notify = 
{notifiers = {lh_first = 0x0}}}
  (gdb) bt
  #0  0x00005555557aaaa8 in memory_region_access_valid (address@hidden, 
address@hidden, address@hidden, address@hidden) at /home/kota/qemu/memory.c:1143
  #1  0x00005555557aacbd in memory_region_dispatch_write (mr=0x7fffe594e0e0, 
addr=0, data=3925868734, size=4, attrs=...) at /home/kota/qemu/memory.c:1249
  #2  0x00007fffe645a4e4 in code_gen_buffer ()
  #3  0x0000555555778d4d in cpu_tb_exec (itb=<optimized out>, itb=<optimized 
out>, cpu=0x7fffe58c92e0) at /home/kota/qemu/cpu-exec.c:166
  #4  cpu_loop_exec_tb (sc=0x7fffe58bfab0, tb_exit=<synthetic pointer>, 
last_tb=0x7fffe58bfaa0, tb=<optimized out>, cpu=0x7fffe58c92e0) at 
  #5  cpu_arm_exec (address@hidden) at /home/kota/qemu/cpu-exec.c:626
  #6  0x0000555555798a20 in tcg_cpu_exec (cpu=0x7fffe58c1080) at 
  #7  tcg_exec_all () at /home/kota/qemu/cpus.c:1574
  #8  qemu_tcg_cpu_thread_fn (arg=<optimized out>) at 
  #9  0x00007ffff27f1184 in start_thread (arg=0x7fffe58c0700) at 
  #10 0x00007ffff251e37d in clone () at 

To manage notifications about this bug go to:

reply via email to

[Prev in Thread] Current Thread [Next in Thread]