[Qemu-devel] qemu-system_x86-64 (32-bit binary) -M q35 can be crashed on

qemu-devel
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] qemu-system_x86-64 (32-bit binary) -M q35 can be crashed on

From:	Andrew Randrianasulu
Subject:	[Qemu-devel] qemu-system_x86-64 (32-bit binary) -M q35 can be crashed on viewing youtube.
Date:	Mon, 23 Jul 2018 03:42:05 +0300
User-agent:	KMail/1.9.10
It was crashing and crashing, so I tried to debug it a bit ... 


valgrind --leak-check=yes /dev/shm/qemu/x86_64-softmmu/qemu-system-x86_64  
-display 
sdl,gl=on  -M q35 -soundhw 
hda -cdrom /home/guest/Downloads/ISO/slax-English-US-7.0.8-x86_64.iso -m 
1G -enable-kvm -d trace:e1000e*   shows some errors at very end, see attached 
file.

For reproduction, wait for liveCD to finish loading, start firefox, go to 
youtube.com, it will warn you about outdated browser but continue anyway, try 
to click on any video ....

It seems even modern KDE Neon distribution affected by same bug :/
--------------quote-----

address@hidden:e1000e_core_write Write to register 0xd0, 4 byte(s), 
value: 0x100000
address@hidden:e1000e_irq_set_ims Setting IMS bits 0x100000: 
0x1500004 --> 0x1500004
address@hidden:e1000e_irq_msix_pending_clearing Clearing MSI-X pending 
bit for cause 0x100000, IVAR config 0x800a0908, vector 0
address@hidden:e1000e_irq_fix_icr_asserted ICR_ASSERTED bit fixed: 
0x80000002
address@hidden:e1000e_irq_pending_interrupts ICR PENDING: 0x0 (ICR: 
0x80000002, IMS: 0x1500004)
address@hidden:e1000e_core_write Write to register 0x3818, 4 byte(s), 
value: 0x97
address@hidden:e1000e_tx_descr 0x21180e : 27000b68 5b43600
address@hidden:e1000e_tx_descr 0x3bf970fa : 261005c6 300
address@hidden:e1000e_tx_descr 0x1c1c8000 : af1005d8 300
==29362== Invalid write of size 4
==29362==    at 0x552E58: memcpy (string3.h:53)
==29362==    by 0x552E58: m_cat (mbuf.c:143)
==29362==    by 0x54FE1E: ip_reass (ip_input.c:341)
==29362==    by 0x54FE1E: ip_input (ip_input.c:190)
==29362==    by 0x552478: slirp_input (slirp.c:874)
==29362==    by 0x53FBE7: net_slirp_receive (slirp.c:121)
==29362==    by 0x537478: nc_sendv_compat (net.c:701)
==29362==    by 0x537478: qemu_deliver_packet_iov (net.c:728)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==    by 0x538925: qemu_sendv_packet (net.c:772)
==29362==    by 0x53AB71: net_hub_receive_iov (hub.c:73)
==29362==    by 0x53AB71: net_hub_port_receive_iov (hub.c:124)
==29362==    by 0x53748D: qemu_deliver_packet_iov (net.c:726)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==  Address 0x114f9b60 is 0 bytes after a block of size 2,976 alloc'd
==29362==    at 0x482B29C: malloc (vg_replace_malloc.c:299)
==29362==    by 0x534D3E1: g_malloc (in /usr/lib/libglib-2.0.so.0.4600.2)
==29362==    by 0x552B53: m_inc.part.1 (mbuf.c:166)
==29362==    by 0x552EAE: m_inc (string3.h:53)
==29362==    by 0x552EAE: m_cat (mbuf.c:141)
==29362==    by 0x54FE1E: ip_reass (ip_input.c:341)
==29362==    by 0x54FE1E: ip_input (ip_input.c:190)
==29362==    by 0x552478: slirp_input (slirp.c:874)
==29362==    by 0x53FBE7: net_slirp_receive (slirp.c:121)
==29362==    by 0x537478: nc_sendv_compat (net.c:701)
==29362==    by 0x537478: qemu_deliver_packet_iov (net.c:728)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==    by 0x538925: qemu_sendv_packet (net.c:772)
==29362==    by 0x53AB71: net_hub_receive_iov (hub.c:73)
==29362==    by 0x53AB71: net_hub_port_receive_iov (hub.c:124)
==29362==
==29362== Invalid write of size 4
==29362==    at 0x552E5E: memcpy (string3.h:53)
==29362==    by 0x552E5E: m_cat (mbuf.c:143)
==29362==    by 0x54FE1E: ip_reass (ip_input.c:341)
==29362==    by 0x54FE1E: ip_input (ip_input.c:190)
==29362==    by 0x552478: slirp_input (slirp.c:874)
==29362==    by 0x53FBE7: net_slirp_receive (slirp.c:121)
==29362==    by 0x537478: nc_sendv_compat (net.c:701)
==29362==    by 0x537478: qemu_deliver_packet_iov (net.c:728)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==    by 0x538925: qemu_sendv_packet (net.c:772)
==29362==    by 0x53AB71: net_hub_receive_iov (hub.c:73)
==29362==    by 0x53AB71: net_hub_port_receive_iov (hub.c:124)
==29362==    by 0x53748D: qemu_deliver_packet_iov (net.c:726)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==  Address 0x114f9b78 is 24 bytes before an unallocated block of size 
156,632 in arena "client"
==29362==
==29362== Invalid write of size 4
==29362==    at 0x552E6B: memcpy (string3.h:53)
==29362==    by 0x552E6B: m_cat (mbuf.c:143)
==29362==    by 0x54FE1E: ip_reass (ip_input.c:341)
==29362==    by 0x54FE1E: ip_input (ip_input.c:190)
==29362==    by 0x552478: slirp_input (slirp.c:874)
==29362==    by 0x53FBE7: net_slirp_receive (slirp.c:121)
==29362==    by 0x537478: nc_sendv_compat (net.c:701)
==29362==    by 0x537478: qemu_deliver_packet_iov (net.c:728)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==    by 0x538925: qemu_sendv_packet (net.c:772)
==29362==    by 0x53AB71: net_hub_receive_iov (hub.c:73)
==29362==    by 0x53AB71: net_hub_port_receive_iov (hub.c:124)
==29362==    by 0x53748D: qemu_deliver_packet_iov (net.c:726)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==  Address 0x114f9b64 is 4 bytes after a block of size 2,976 alloc'd
==29362==    at 0x482B29C: malloc (vg_replace_malloc.c:299)
==29362==    by 0x534D3E1: g_malloc (in /usr/lib/libglib-2.0.so.0.4600.2)
==29362==    by 0x552B53: m_inc.part.1 (mbuf.c:166)
==29362==    by 0x552EAE: m_inc (string3.h:53)
==29362==    by 0x552EAE: m_cat (mbuf.c:141)
==29362==    by 0x54FE1E: ip_reass (ip_input.c:341)
==29362==    by 0x54FE1E: ip_input (ip_input.c:190)
==29362==    by 0x552478: slirp_input (slirp.c:874)
==29362==    by 0x53FBE7: net_slirp_receive (slirp.c:121)
==29362==    by 0x537478: nc_sendv_compat (net.c:701)
==29362==    by 0x537478: qemu_deliver_packet_iov (net.c:728)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==    by 0x538925: qemu_sendv_packet (net.c:772)
==29362==    by 0x53AB71: net_hub_receive_iov (hub.c:73)
==29362==    by 0x53AB71: net_hub_port_receive_iov (hub.c:124)
==29362==
==29362== Invalid read of size 2
==29362==    at 0x54D710: cksum (cksum.c:94)
==29362==    by 0x555C93: tcp_input (tcp_input.c:336)
==29362==    by 0x54FEEB: ip_input (ip_input.c:206)
==29362==    by 0x552478: slirp_input (slirp.c:874)
==29362==    by 0x53FBE7: net_slirp_receive (slirp.c:121)
==29362==    by 0x537478: nc_sendv_compat (net.c:701)
==29362==    by 0x537478: qemu_deliver_packet_iov (net.c:728)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==    by 0x538925: qemu_sendv_packet (net.c:772)
==29362==    by 0x53AB71: net_hub_receive_iov (hub.c:73)
==29362==    by 0x53AB71: net_hub_port_receive_iov (hub.c:124)
==29362==    by 0x53748D: qemu_deliver_packet_iov (net.c:726)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==  Address 0x114f9b60 is 0 bytes after a block of size 2,976 alloc'd
==29362==    at 0x482B29C: malloc (vg_replace_malloc.c:299)
==29362==    by 0x534D3E1: g_malloc (in /usr/lib/libglib-2.0.so.0.4600.2)
==29362==    by 0x552B53: m_inc.part.1 (mbuf.c:166)
==29362==    by 0x552EAE: m_inc (string3.h:53)
==29362==    by 0x552EAE: m_cat (mbuf.c:141)
==29362==    by 0x54FE1E: ip_reass (ip_input.c:341)
==29362==    by 0x54FE1E: ip_input (ip_input.c:190)
==29362==    by 0x552478: slirp_input (slirp.c:874)
==29362==    by 0x53FBE7: net_slirp_receive (slirp.c:121)
==29362==    by 0x537478: nc_sendv_compat (net.c:701)
==29362==    by 0x537478: qemu_deliver_packet_iov (net.c:728)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==    by 0x538925: qemu_sendv_packet (net.c:772)
==29362==    by 0x53AB71: net_hub_receive_iov (hub.c:73)
==29362==    by 0x53AB71: net_hub_port_receive_iov (hub.c:124)
==29362==
==29362== Invalid read of size 2
==29362==    at 0x54D716: cksum (cksum.c:94)
==29362==    by 0x555C93: tcp_input (tcp_input.c:336)
==29362==    by 0x54FEEB: ip_input (ip_input.c:206)
==29362==    by 0x552478: slirp_input (slirp.c:874)
==29362==    by 0x53FBE7: net_slirp_receive (slirp.c:121)
==29362==    by 0x537478: nc_sendv_compat (net.c:701)
==29362==    by 0x537478: qemu_deliver_packet_iov (net.c:728)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==    by 0x538925: qemu_sendv_packet (net.c:772)
==29362==    by 0x53AB71: net_hub_receive_iov (hub.c:73)
==29362==    by 0x53AB71: net_hub_port_receive_iov (hub.c:124)
==29362==    by 0x53748D: qemu_deliver_packet_iov (net.c:726)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==  Address 0x114f9b62 is 2 bytes after a block of size 2,976 alloc'd
==29362==    at 0x482B29C: malloc (vg_replace_malloc.c:299)
==29362==    by 0x534D3E1: g_malloc (in /usr/lib/libglib-2.0.so.0.4600.2)
==29362==    by 0x552B53: m_inc.part.1 (mbuf.c:166)
==29362==    by 0x552EAE: m_inc (string3.h:53)
==29362==    by 0x552EAE: m_cat (mbuf.c:141)
==29362==    by 0x54FE1E: ip_reass (ip_input.c:341)
==29362==    by 0x54FE1E: ip_input (ip_input.c:190)
==29362==    by 0x552478: slirp_input (slirp.c:874)
==29362==    by 0x53FBE7: net_slirp_receive (slirp.c:121)
==29362==    by 0x537478: nc_sendv_compat (net.c:701)
==29362==    by 0x537478: qemu_deliver_packet_iov (net.c:728)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==    by 0x538925: qemu_sendv_packet (net.c:772)
==29362==    by 0x53AB71: net_hub_receive_iov (hub.c:73)
==29362==    by 0x53AB71: net_hub_port_receive_iov (hub.c:124)
==29362==
==29362== Invalid read of size 2
==29362==    at 0x54D71C: cksum (cksum.c:94)
==29362==    by 0x555C93: tcp_input (tcp_input.c:336)
==29362==    by 0x54FEEB: ip_input (ip_input.c:206)
==29362==    by 0x552478: slirp_input (slirp.c:874)
==29362==    by 0x53FBE7: net_slirp_receive (slirp.c:121)
==29362==    by 0x537478: nc_sendv_compat (net.c:701)
==29362==    by 0x537478: qemu_deliver_packet_iov (net.c:728)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==    by 0x538925: qemu_sendv_packet (net.c:772)
==29362==    by 0x53AB71: net_hub_receive_iov (hub.c:73)
==29362==    by 0x53AB71: net_hub_port_receive_iov (hub.c:124)
==29362==    by 0x53748D: qemu_deliver_packet_iov (net.c:726)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==  Address 0x114f9b64 is 4 bytes after a block of size 2,976 alloc'd
==29362==    at 0x482B29C: malloc (vg_replace_malloc.c:299)
==29362==    by 0x534D3E1: g_malloc (in /usr/lib/libglib-2.0.so.0.4600.2)
==29362==    by 0x552B53: m_inc.part.1 (mbuf.c:166)
==29362==    by 0x552EAE: m_inc (string3.h:53)
==29362==    by 0x552EAE: m_cat (mbuf.c:141)
==29362==    by 0x54FE1E: ip_reass (ip_input.c:341)
==29362==    by 0x54FE1E: ip_input (ip_input.c:190)
==29362==    by 0x552478: slirp_input (slirp.c:874)
==29362==    by 0x53FBE7: net_slirp_receive (slirp.c:121)
==29362==    by 0x537478: nc_sendv_compat (net.c:701)
==29362==    by 0x537478: qemu_deliver_packet_iov (net.c:728)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==    by 0x538925: qemu_sendv_packet (net.c:772)
==29362==    by 0x53AB71: net_hub_receive_iov (hub.c:73)
==29362==    by 0x53AB71: net_hub_port_receive_iov (hub.c:124)
==29362==
==29362== Invalid read of size 2
==29362==    at 0x54D722: cksum (cksum.c:94)
==29362==    by 0x555C93: tcp_input (tcp_input.c:336)
==29362==    by 0x54FEEB: ip_input (ip_input.c:206)
==29362==    by 0x552478: slirp_input (slirp.c:874)
==29362==    by 0x53FBE7: net_slirp_receive (slirp.c:121)
==29362==    by 0x537478: nc_sendv_compat (net.c:701)
==29362==    by 0x537478: qemu_deliver_packet_iov (net.c:728)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==    by 0x538925: qemu_sendv_packet (net.c:772)
==29362==    by 0x53AB71: net_hub_receive_iov (hub.c:73)
==29362==    by 0x53AB71: net_hub_port_receive_iov (hub.c:124)
==29362==    by 0x53748D: qemu_deliver_packet_iov (net.c:726)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==  Address 0x114f9b66 is 6 bytes after a block of size 2,976 alloc'd
==29362==    at 0x482B29C: malloc (vg_replace_malloc.c:299)
==29362==    by 0x534D3E1: g_malloc (in /usr/lib/libglib-2.0.so.0.4600.2)
==29362==    by 0x552B53: m_inc.part.1 (mbuf.c:166)
==29362==    by 0x552EAE: m_inc (string3.h:53)
==29362==    by 0x552EAE: m_cat (mbuf.c:141)
==29362==    by 0x54FE1E: ip_reass (ip_input.c:341)
==29362==    by 0x54FE1E: ip_input (ip_input.c:190)
==29362==    by 0x552478: slirp_input (slirp.c:874)
==29362==    by 0x53FBE7: net_slirp_receive (slirp.c:121)
==29362==    by 0x537478: nc_sendv_compat (net.c:701)
==29362==    by 0x537478: qemu_deliver_packet_iov (net.c:728)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==    by 0x538925: qemu_sendv_packet (net.c:772)
==29362==    by 0x53AB71: net_hub_receive_iov (hub.c:73)
==29362==    by 0x53AB71: net_hub_port_receive_iov (hub.c:124)
==29362==
==29362== Invalid read of size 2
==29362==    at 0x54D728: cksum (cksum.c:95)
==29362==    by 0x555C93: tcp_input (tcp_input.c:336)
==29362==    by 0x54FEEB: ip_input (ip_input.c:206)
==29362==    by 0x552478: slirp_input (slirp.c:874)
==29362==    by 0x53FBE7: net_slirp_receive (slirp.c:121)
==29362==    by 0x537478: nc_sendv_compat (net.c:701)
==29362==    by 0x537478: qemu_deliver_packet_iov (net.c:728)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==    by 0x538925: qemu_sendv_packet (net.c:772)
==29362==    by 0x53AB71: net_hub_receive_iov (hub.c:73)
==29362==    by 0x53AB71: net_hub_port_receive_iov (hub.c:124)
==29362==    by 0x53748D: qemu_deliver_packet_iov (net.c:726)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==  Address 0x114f9b68 is 8 bytes after a block of size 2,976 alloc'd
==29362==    at 0x482B29C: malloc (vg_replace_malloc.c:299)
==29362==    by 0x534D3E1: g_malloc (in /usr/lib/libglib-2.0.so.0.4600.2)
==29362==    by 0x552B53: m_inc.part.1 (mbuf.c:166)
==29362==    by 0x552EAE: m_inc (string3.h:53)
==29362==    by 0x552EAE: m_cat (mbuf.c:141)
==29362==    by 0x54FE1E: ip_reass (ip_input.c:341)
==29362==    by 0x54FE1E: ip_input (ip_input.c:190)
==29362==    by 0x552478: slirp_input (slirp.c:874)
==29362==    by 0x53FBE7: net_slirp_receive (slirp.c:121)
==29362==    by 0x537478: nc_sendv_compat (net.c:701)
==29362==    by 0x537478: qemu_deliver_packet_iov (net.c:728)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==    by 0x538925: qemu_sendv_packet (net.c:772)
==29362==    by 0x53AB71: net_hub_receive_iov (hub.c:73)
==29362==    by 0x53AB71: net_hub_port_receive_iov (hub.c:124)
==29362==
==29362== Invalid read of size 2
==29362==    at 0x54D72E: cksum (cksum.c:95)
==29362==    by 0x555C93: tcp_input (tcp_input.c:336)
==29362==    by 0x54FEEB: ip_input (ip_input.c:206)
==29362==    by 0x552478: slirp_input (slirp.c:874)
==29362==    by 0x53FBE7: net_slirp_receive (slirp.c:121)
==29362==    by 0x537478: nc_sendv_compat (net.c:701)
==29362==    by 0x537478: qemu_deliver_packet_iov (net.c:728)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==    by 0x538925: qemu_sendv_packet (net.c:772)
==29362==    by 0x53AB71: net_hub_receive_iov (hub.c:73)
==29362==    by 0x53AB71: net_hub_port_receive_iov (hub.c:124)
==29362==    by 0x53748D: qemu_deliver_packet_iov (net.c:726)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==  Address 0x114f9b6a is 10 bytes after a block of size 2,976 alloc'd
==29362==    at 0x482B29C: malloc (vg_replace_malloc.c:299)
==29362==    by 0x534D3E1: g_malloc (in /usr/lib/libglib-2.0.so.0.4600.2)
==29362==    by 0x552B53: m_inc.part.1 (mbuf.c:166)
==29362==    by 0x552EAE: m_inc (string3.h:53)
==29362==    by 0x552EAE: m_cat (mbuf.c:141)
==29362==    by 0x54FE1E: ip_reass (ip_input.c:341)
==29362==    by 0x54FE1E: ip_input (ip_input.c:190)
==29362==    by 0x552478: slirp_input (slirp.c:874)
==29362==    by 0x53FBE7: net_slirp_receive (slirp.c:121)
==29362==    by 0x537478: nc_sendv_compat (net.c:701)
==29362==    by 0x537478: qemu_deliver_packet_iov (net.c:728)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==    by 0x538925: qemu_sendv_packet (net.c:772)
==29362==    by 0x53AB71: net_hub_receive_iov (hub.c:73)
==29362==    by 0x53AB71: net_hub_port_receive_iov (hub.c:124)
==29362==
==29362== Invalid read of size 2
==29362==    at 0x54D734: cksum (cksum.c:95)
==29362==    by 0x555C93: tcp_input (tcp_input.c:336)
==29362==    by 0x54FEEB: ip_input (ip_input.c:206)
==29362==    by 0x552478: slirp_input (slirp.c:874)
==29362==    by 0x53FBE7: net_slirp_receive (slirp.c:121)
==29362==    by 0x537478: nc_sendv_compat (net.c:701)
==29362==    by 0x537478: qemu_deliver_packet_iov (net.c:728)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==    by 0x538925: qemu_sendv_packet (net.c:772)
==29362==    by 0x53AB71: net_hub_receive_iov (hub.c:73)
==29362==    by 0x53AB71: net_hub_port_receive_iov (hub.c:124)
==29362==    by 0x53748D: qemu_deliver_packet_iov (net.c:726)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==  Address 0x114f9b6c is 12 bytes after a block of size 2,976 alloc'd
==29362==    at 0x482B29C: malloc (vg_replace_malloc.c:299)
==29362==    by 0x534D3E1: g_malloc (in /usr/lib/libglib-2.0.so.0.4600.2)
==29362==    by 0x552B53: m_inc.part.1 (mbuf.c:166)
==29362==    by 0x552EAE: m_inc (string3.h:53)
==29362==    by 0x552EAE: m_cat (mbuf.c:141)
==29362==    by 0x54FE1E: ip_reass (ip_input.c:341)
==29362==    by 0x54FE1E: ip_input (ip_input.c:190)
==29362==    by 0x552478: slirp_input (slirp.c:874)
==29362==    by 0x53FBE7: net_slirp_receive (slirp.c:121)
==29362==    by 0x537478: nc_sendv_compat (net.c:701)
==29362==    by 0x537478: qemu_deliver_packet_iov (net.c:728)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==    by 0x538925: qemu_sendv_packet (net.c:772)
==29362==    by 0x53AB71: net_hub_receive_iov (hub.c:73)
==29362==    by 0x53AB71: net_hub_port_receive_iov (hub.c:124)
==29362==
==29362== Invalid read of size 2
==29362==    at 0x54D73A: cksum (cksum.c:95)
==29362==    by 0x555C93: tcp_input (tcp_input.c:336)
==29362==    by 0x54FEEB: ip_input (ip_input.c:206)
==29362==    by 0x552478: slirp_input (slirp.c:874)
==29362==    by 0x53FBE7: net_slirp_receive (slirp.c:121)
==29362==    by 0x537478: nc_sendv_compat (net.c:701)
==29362==    by 0x537478: qemu_deliver_packet_iov (net.c:728)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==    by 0x538925: qemu_sendv_packet (net.c:772)
==29362==    by 0x53AB71: net_hub_receive_iov (hub.c:73)
==29362==    by 0x53AB71: net_hub_port_receive_iov (hub.c:124)
==29362==    by 0x53748D: qemu_deliver_packet_iov (net.c:726)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==  Address 0x114f9b6e is 14 bytes after a block of size 2,976 alloc'd
==29362==    at 0x482B29C: malloc (vg_replace_malloc.c:299)
==29362==    by 0x534D3E1: g_malloc (in /usr/lib/libglib-2.0.so.0.4600.2)
==29362==    by 0x552B53: m_inc.part.1 (mbuf.c:166)
==29362==    by 0x552EAE: m_inc (string3.h:53)
==29362==    by 0x552EAE: m_cat (mbuf.c:141)
==29362==    by 0x54FE1E: ip_reass (ip_input.c:341)
==29362==    by 0x54FE1E: ip_input (ip_input.c:190)
==29362==    by 0x552478: slirp_input (slirp.c:874)
==29362==    by 0x53FBE7: net_slirp_receive (slirp.c:121)
==29362==    by 0x537478: nc_sendv_compat (net.c:701)
==29362==    by 0x537478: qemu_deliver_packet_iov (net.c:728)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==    by 0x538925: qemu_sendv_packet (net.c:772)
==29362==    by 0x53AB71: net_hub_receive_iov (hub.c:73)
==29362==    by 0x53AB71: net_hub_port_receive_iov (hub.c:124)
==29362==
==29362== Invalid read of size 2
==29362==    at 0x54D780: cksum (cksum.c:100)
==29362==    by 0x555C93: tcp_input (tcp_input.c:336)
==29362==    by 0x54FEEB: ip_input (ip_input.c:206)
==29362==    by 0x552478: slirp_input (slirp.c:874)
==29362==    by 0x53FBE7: net_slirp_receive (slirp.c:121)
==29362==    by 0x537478: nc_sendv_compat (net.c:701)
==29362==    by 0x537478: qemu_deliver_packet_iov (net.c:728)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==    by 0x538925: qemu_sendv_packet (net.c:772)
==29362==    by 0x53AB71: net_hub_receive_iov (hub.c:73)
==29362==    by 0x53AB71: net_hub_port_receive_iov (hub.c:124)
==29362==    by 0x53748D: qemu_deliver_packet_iov (net.c:726)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==  Address 0x114f9b72 is 18 bytes after a block of size 2,976 alloc'd
==29362==    at 0x482B29C: malloc (vg_replace_malloc.c:299)
==29362==    by 0x534D3E1: g_malloc (in /usr/lib/libglib-2.0.so.0.4600.2)
==29362==    by 0x552B53: m_inc.part.1 (mbuf.c:166)
==29362==    by 0x552EAE: m_inc (string3.h:53)
==29362==    by 0x552EAE: m_cat (mbuf.c:141)
==29362==    by 0x54FE1E: ip_reass (ip_input.c:341)
==29362==    by 0x54FE1E: ip_input (ip_input.c:190)
==29362==    by 0x552478: slirp_input (slirp.c:874)
==29362==    by 0x53FBE7: net_slirp_receive (slirp.c:121)
==29362==    by 0x537478: nc_sendv_compat (net.c:701)
==29362==    by 0x537478: qemu_deliver_packet_iov (net.c:728)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==    by 0x538925: qemu_sendv_packet (net.c:772)
==29362==    by 0x53AB71: net_hub_receive_iov (hub.c:73)
==29362==    by 0x53AB71: net_hub_port_receive_iov (hub.c:124)
==29362==
==29362== Invalid read of size 2
==29362==    at 0x54D784: cksum (cksum.c:100)
==29362==    by 0x555C93: tcp_input (tcp_input.c:336)
==29362==    by 0x54FEEB: ip_input (ip_input.c:206)
==29362==    by 0x552478: slirp_input (slirp.c:874)
==29362==    by 0x53FBE7: net_slirp_receive (slirp.c:121)
==29362==    by 0x537478: nc_sendv_compat (net.c:701)
==29362==    by 0x537478: qemu_deliver_packet_iov (net.c:728)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==    by 0x538925: qemu_sendv_packet (net.c:772)
==29362==    by 0x53AB71: net_hub_receive_iov (hub.c:73)
==29362==    by 0x53AB71: net_hub_port_receive_iov (hub.c:124)
==29362==    by 0x53748D: qemu_deliver_packet_iov (net.c:726)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==  Address 0x114f9b70 is 16 bytes after a block of size 2,976 alloc'd
==29362==    at 0x482B29C: malloc (vg_replace_malloc.c:299)
==29362==    by 0x534D3E1: g_malloc (in /usr/lib/libglib-2.0.so.0.4600.2)
==29362==    by 0x552B53: m_inc.part.1 (mbuf.c:166)
==29362==    by 0x552EAE: m_inc (string3.h:53)
==29362==    by 0x552EAE: m_cat (mbuf.c:141)
==29362==    by 0x54FE1E: ip_reass (ip_input.c:341)
==29362==    by 0x54FE1E: ip_input (ip_input.c:190)
==29362==    by 0x552478: slirp_input (slirp.c:874)
==29362==    by 0x53FBE7: net_slirp_receive (slirp.c:121)
==29362==    by 0x537478: nc_sendv_compat (net.c:701)
==29362==    by 0x537478: qemu_deliver_packet_iov (net.c:728)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==    by 0x538925: qemu_sendv_packet (net.c:772)
==29362==    by 0x53AB71: net_hub_receive_iov (hub.c:73)
==29362==    by 0x53AB71: net_hub_port_receive_iov (hub.c:124)
==29362==

valgrind: m_mallocfree.c:303 (get_bszB_as_is): Assertion 'bszB_lo == bszB_hi' 
failed.
valgrind: Heap block lo/hi size mismatch: lo = 3024, hi = 4106420400.
This is probably caused by your program erroneously writing past the
end of a heap block and corrupting heap metadata.  If you fix any
invalid writes reported by Memcheck, this assertion failure will
probably go away.  Please try that before reporting this as a bug.


host stacktrace:
==29362==    at 0x3803B71E: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
==29362==    by 0x3803B846: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
==29362==    by 0x3803B96D: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
==29362==    by 0x3804BE12: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
==29362==    by 0x3803424E: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
==29362==    by 0x380321BF: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
==29362==    by 0x3803262F: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
==29362==    by 0x3803714E: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
==29362==    by 0x3803169D: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
==29362==    by 0x3800FCEB: ??? (in /usr/lib/valgrind/memcheck-x86-linux)
==29362==    by 0x8809D25D: ???

sched status:
  running_tid=5

Thread 1: status = VgTs_WaitSys (lwpid 29362)
==29362==    at 0x55413CE: ppoll (in /lib/libc-2.23.so)
==29362==    by 0x683634: ppoll (poll2.h:77)
==29362==    by 0x683634: qemu_poll_ns (qemu-timer.c:334)
==29362==    by 0x6847C9: os_host_main_loop_wait (main-loop.c:233)
==29362==    by 0x6847C9: main_loop_wait (main-loop.c:497)
==29362==    by 0x398A6D: main_loop (vl.c:1866)
==29362==    by 0x1FF9E9: main (vl.c:4644)

Thread 2: status = VgTs_WaitSys (lwpid 29363)
==29362==    at 0x5547C12: syscall (in /lib/libc-2.23.so)
==29362==    by 0x68854C: qemu_futex_wait (futex.h:29)
==29362==    by 0x68854C: qemu_event_wait (qemu-thread-posix.c:442)
==29362==    by 0x69A300: call_rcu_thread (rcu.c:261)
==29362==    by 0x68792D: qemu_thread_start (qemu-thread-posix.c:504)
==29362==    by 0x544F308: start_thread (in /lib/libpthread-2.23.so)
==29362==    by 0x554CA5D: clone (in /lib/libc-2.23.so)

Thread 3: status = VgTs_WaitSys (lwpid 29364)
==29362==    at 0x55413CE: ppoll (in /lib/libc-2.23.so)
==29362==    by 0x68365D: ppoll (poll2.h:77)
==29362==    by 0x68365D: qemu_poll_ns (qemu-timer.c:322)
==29362==    by 0x68569D: aio_poll (aio-posix.c:629)
==29362==    by 0x391D8C: iothread_run (iothread.c:64)
==29362==    by 0x68792D: qemu_thread_start (qemu-thread-posix.c:504)
==29362==    by 0x544F308: start_thread (in /lib/libpthread-2.23.so)
==29362==    by 0x554CA5D: clone (in /lib/libc-2.23.so)

Thread 4: status = VgTs_WaitSys (lwpid 29492)
==29362==    at 0x54593FD: __libc_do_syscall (in /lib/libpthread-2.23.so)
==29362==    by 0x5456148: do_futex_wait (in /lib/libpthread-2.23.so)
==29362==    by 0x5456258: __new_sem_wait_slow (in /lib/libpthread-2.23.so)
==29362==    by 0x6882B5: qemu_sem_timedwait (qemu-thread-posix.c:289)
==29362==    by 0x682B05: worker_thread (thread-pool.c:92)
==29362==    by 0x68792D: qemu_thread_start (qemu-thread-posix.c:504)
==29362==    by 0x544F308: start_thread (in /lib/libpthread-2.23.so)
==29362==    by 0x554CA5D: clone (in /lib/libc-2.23.so)

Thread 5: status = VgTs_Runnable (lwpid 29367)
==29362==    at 0x54D78C: cksum (cksum.c:100)
==29362==    by 0x555C93: tcp_input (tcp_input.c:336)
==29362==    by 0x54FEEB: ip_input (ip_input.c:206)
==29362==    by 0x552478: slirp_input (slirp.c:874)
==29362==    by 0x53FBE7: net_slirp_receive (slirp.c:121)
==29362==    by 0x537478: nc_sendv_compat (net.c:701)
==29362==    by 0x537478: qemu_deliver_packet_iov (net.c:728)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==    by 0x538925: qemu_sendv_packet (net.c:772)
==29362==    by 0x53AB71: net_hub_receive_iov (hub.c:73)
==29362==    by 0x53AB71: net_hub_port_receive_iov (hub.c:124)
==29362==    by 0x53748D: qemu_deliver_packet_iov (net.c:726)
==29362==    by 0x53A649: qemu_net_queue_deliver_iov (queue.c:179)
==29362==    by 0x53A649: qemu_net_queue_send_iov (queue.c:224)
==29362==    by 0x538901: qemu_sendv_packet_async (net.c:764)
==29362==    by 0x538925: qemu_sendv_packet (net.c:772)
==29362==    by 0x47C1C1: net_tx_pkt_sendv (net_tx_pkt.c:546)
==29362==    by 0x47C1C1: net_tx_pkt_do_sw_fragmentation (net_tx_pkt.c:588)
==29362==    by 0x47CF0F: net_tx_pkt_send (net_tx_pkt.c:625)
==29362==    by 0x487256: e1000e_tx_pkt_send (e1000e_core.c:665)
==29362==    by 0x487256: e1000e_process_tx_desc (e1000e_core.c:742)
==29362==    by 0x487256: e1000e_start_xmit (e1000e_core.c:933)
==29362==    by 0x4875DF: e1000e_set_tdt (e1000e_core.c:2450)
==29362==    by 0x48A7F3: e1000e_core_write (e1000e_core.c:3255)
==29362==    by 0x47FCD1: e1000e_mmio_write (e1000e.c:105)
==29362==    by 0x271548: memory_region_write_accessor (memory.c:527)
==29362==    by 0x26D783: access_with_adjusted_size (memory.c:594)
==29362==    by 0x274308: memory_region_dispatch_write (memory.c:1486)
==29362==    by 0x209B6C: flatview_write_continue (exec.c:3255)
==29362==    by 0x209DA4: flatview_write (exec.c:3294)
==29362==    by 0x20E0A4: address_space_write (exec.c:3384)
==29362==    by 0x288278: kvm_cpu_exec (kvm-all.c:1979)
==29362==    by 0x25B256: qemu_kvm_cpu_thread_fn (cpus.c:1215)
==29362==    by 0x68792D: qemu_thread_start (qemu-thread-posix.c:504)
==29362==    by 0x544F308: start_thread (in /lib/libpthread-2.23.so)
==29362==    by 0x554CA5D: clone (in /lib/libc-2.23.so)

Thread 6: status = VgTs_WaitSys (lwpid 29373)
==29362==    at 0x5453AE1: pthread_cond_wait@@GLIBC_2.3.2 
(in /lib/libpthread-2.23.so)
==29362==    by 0xC3F5149: ??? (in /usr/X11R7/lib/dri/nouveau_dri.so)
==29362==    by 0xC3F4EB4: ??? (in /usr/X11R7/lib/dri/nouveau_dri.so)
==29362==    by 0x544F308: start_thread (in /lib/libpthread-2.23.so)
==29362==    by 0x554CA5D: clone (in /lib/libc-2.23.so)


Note: see also the FAQ in the source distribution.
It contains workarounds to several common problems.
In particular, if Valgrind aborted or crashed after
identifying problems in your program, there's a good chance
that fixing those problems will prevent Valgrind aborting or
crashing, especially if it happened in m_mallocfree.c.

If that doesn't help, please report this bug to: www.valgrind.org

In the bug report, send all the above text, the valgrind
version, and what OS and version you are using.  Thanks.

------------quote end-----

it seems slirp (user-mode networking) and e1000e doesn't work yet?


You can download slax-English-US-7.0.8-x86_64.iso for example from 
http://ftp.linux.cz/pub/linux/slax/Slax-7.x/7.0.8/

default machine (without M parameter) works fine, also -M pc-q35-2.11 works 
fine.

qemu-system-x86_64 --version
QEMU emulator version 2.12.91 (v3.0.0-rc1-17-g5b3ecd3d94-dirty)
Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers

(same as in my qemu-system-ppc bug)
log.txt
Description: Text document
[Prev in Thread]
Current Thread
[Next in Thread]
[Qemu-devel] qemu-system_x86-64 (32-bit binary) -M q35 can be crashed on viewing youtube., Andrew Randrianasulu <=
- Re: [Qemu-devel] qemu-system_x86-64 (32-bit binary) -M q35 can be crashed on viewing youtube., Fam Zheng, 2018/07/22
Prev by Date: [Qemu-devel] qemu-system-ppc -M mac99 and -soundhw es1370 doesn't start
Next by Date: [Qemu-devel] [PATCH for-3.0] tcg/i386: Mark xmm registers call-clobbered
Previous by thread: [Qemu-devel] qemu-system-ppc -M mac99 and -soundhw es1370 doesn't start
Next by thread: Re: [Qemu-devel] qemu-system_x86-64 (32-bit binary) -M q35 can be crashed on viewing youtube.
Index(es):
- Date
- Thread