Qemu 0.10.0 HOWTO

Matthew Dillon dillon at apollo.backplane.com
Fri Mar 27 20:27:53 PDT 2009 

    I was able to attach a gdb to qemu and get a backtrace.  There is a
    pool structure 's' which contains garbaged-up pointers.  This structure
    is a static declaration so the 's' pointer itself is good.

    Clearly something is getting corrupted, but I have no idea where or why.

    I also tried compiling with CCVER=gcc34.  It didn't help... still
    seg-faulted.

    From searching around with google several people are reporting issues
    with the TCG (Tiny Code Generator), though I don't know if they are
    related.  It looks like TCG was brought in recently.  It could very
    well be too buggy right now.

						-Matt

(gdb) back
#0  tcg_malloc_internal (s=0x84086e0, size=1024)
    at /netboot1/qemu/qemu-0.10.1/tcg/tcg.c:176
#1  0x0818682f in tcg_liveness_analysis (s=0x84086e0)
    at /netboot1/qemu/qemu-0.10.1/tcg/tcg.h:306
#2  0x08189b65 in tcg_gen_code (s=0x84086e0, gen_code_buf=0x3191d150 "")
    at /netboot1/qemu/qemu-0.10.1/tcg/tcg.c:1891
#3  0x080f6b57 in cpu_x86_gen_code (env=0x34cd3000, tb=0x336620a0, 
    gen_code_size_ptr=0xbfbff2b4)
    at /netboot1/qemu/qemu-0.10.1/translate-all.c:121
#4  0x080f1fa7 in tb_gen_code (env=0x34cd3000, pc=539105859, 
    cs_base=3703683615127437324, flags=1769484, cflags=1769484)
    at /netboot1/qemu/qemu-0.10.1/exec.c:873
#5  0x080f700a in tb_find_slow (pc=538210304, cs_base=2232320, 
    flags=504211980798612) at /netboot1/qemu/qemu-0.10.1/cpu-exec.c:161
#6  0x080f75e6 in cpu_x86_exec (env1=0x336620a0)
    at /netboot1/qemu/qemu-0.10.1/cpu-exec.c:182
#7  0x0804fa77 in main_loop () at /netboot1/qemu/qemu-0.10.1/vl.c:3797
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb) print *s
$10 = {
  pool_cur = 0x1b000c <Address 0x1b000c out of bounds>, 
  pool_end = 0x6001b <Address 0x6001b out of bounds>, 
  pool_first = 0xc0006, 
  pool_current = 0xc0007, 
  labels = 0x14000c, 
  nb_labels = 2490388, 
  temps = 0x8400000, 
  nb_globals = 8, 
  nb_temps = 49, 
  first_free_temp = {32, 47, -1, 39}, 
  code_buf = 0x3191cbf0 "\213E(\213U,\213M \213]$\203Áø\203Óÿ\213ð\213ú\211\215@\224", 
  tb_next = 0x0, 
  tb_next_offset = 0x336620dc, 
  tb_jmp_offset = 0x336620e0, 
  op_dead_iargs = 0x34d60010, 
  reg_to_temp = {-1, -1, -1, -1, -1, -1, -1, -1}, 
  reserved_regs = 48, 
  current_frame_offset = 37952, 
  frame_start = 37952, 
  frame_end = 38464, 
  frame_reg = 5, 
  code_ptr = 0x3191d141 "", 
. ..

More information about the Users mailing list