[Bug 224740] emulators/qemu-user-static: RLIMIT_VMEM crashes Glib slice allocator
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Dec 31 01:48:23 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224740
Bug ID: 224740
Summary: emulators/qemu-user-static: RLIMIT_VMEM crashes Glib
slice allocator
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Keywords: needs-patch
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: sbruno at FreeBSD.org
Reporter: jbeich at FreeBSD.org
CC: markmi at dsl-only.net
Assignee: sbruno at FreeBSD.org
Flags: maintainer-feedback?(sbruno at FreeBSD.org)
$ cat a.c
#include <sys/resource.h>
int main()
{
struct rlimit limit;
limit.rlim_cur = limit.rlim_max = 5000000;
if (setrlimit (RLIMIT_VMEM, &limit) < 0)
return 1;
return 0;
}
$ cc a.c
$ G_SLICE=always-malloc ./a.out
$ ./a.out
***MEMORY-ERROR***: [39424]: GSlice: failed to allocate 496 bytes (alignment:
512): Cannot allocate memory
load: 0.86 cmd: qemu-aarch64-static 39424 [uwait] 1.80r 0.04u 0.00s 0% 12872k
$ gdb -q =qemu-aarch64-static 39424
Reading symbols from /usr/local/bin/qemu-aarch64-static...done.
Attaching to program: /usr/local/bin/qemu-aarch64-static, process 39424
[New LWP 102113 of process 39424]
[Switching to LWP 102337 of process 39424]
_umtx_op_err () at /usr/src/lib/libthr/arch/amd64/amd64/_umtx_op_err.S:37
37 RSYSCALL_ERR(_umtx_op)
(gdb) bt f
#0 _umtx_op_err () at /usr/src/lib/libthr/arch/amd64/amd64/_umtx_op_err.S:37
No locals.
#1 0x000000006026e160 in _thr_umtx_timedwait_uint (mtx=0x62528af0
<default_wake_addr+8>,
id=<optimized out>, clockid=<optimized out>, abstime=<optimized out>,
shared=<optimized out>)
at /usr/src/lib/libthr/thread/thr_umtx.c:236
tm_p = 0x6026e57c <_thr_ast+44>
tm_size = 24
#2 0x000000006027822c in cond_wait_user (abstime=<optimized out>, cancel=1,
cvp=<optimized out>,
mp=<optimized out>) at /usr/src/lib/libthr/thread/thr_cond.c:306
curthread = 0x860b002b8
deferred = 0
recurse = 0
error = <optimized out>
sq = <optimized out>
error2 = <optimized out>
#3 cond_wait_common (cond=<optimized out>, mutex=<optimized out>, abstime=0x0,
cancel=1)
at /usr/src/lib/libthr/thread/thr_cond.c:366
cvp = 0x860aed320
mp = 0x860afe560
error = <optimized out>
#4 0x00000000601c7df4 in qemu_cond_wait (cond=0x6251c450 <exclusive_cond>,
mutex=0x6251c440 <qemu_cpu_list_lock>) at util/qemu-thread-posix.c:161
err = 0
#5 0x0000000060120645 in start_exclusive () at cpus-common.c:204
other_cpu = 0x0
running_cpus = 1
#6 0x0000000060044819 in stop_all_tasks ()
No locals.
#7 0x0000000060050d93 in force_sig (target_sig=6)
at
/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-8dcfea1/bsd-user/signal.c:338
env = 0x860eac758
cpu = 0x860ea4540
ts = 0x7ffffffe5490
core_dumped = 0
host_sig = 6
act = {__sigaction_u = {__sa_handler = 0x0, __sa_sigaction = 0x0},
sa_flags = 0, sa_mask = {
__bits = {0, 0, 0, 0}}}
#8 0x0000000060051094 in queue_signal (env=0x860eac758, sig=6,
info=0x7ffffffe3db8)
19
cpu = 0x860ea4540
ts = 0x7ffffffe5490
k = 0x7ffffffe56d0
q = 0x0
pq = 0x0
handler = 0
#9 0x0000000060051a26 in host_signal_handler (host_signum=6,
info=0x7ffffffe45f0,
puc=0x7ffffffe4280)
at
/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-8dcfea1/bsd-user/signal.c:482
env = 0x860eac758
sig = 6
tinfo = {si_signo = 6, si_errno = 0, si_code = 65543, si_pid = 39424,
si_uid = 1001,
si_status = 0, si_addr = 0, si_value = {sival_int = 0, sival_ptr = 0,
sigval_int = 0,
sigval_ptr = 0}, _reason = {_fault = {_trapno = 0}, _timer =
{_timerid = 0,
_overrun = 0}, _mesgp = {_mqd = 0}, _poll = {_band = 0},
__spare__ = {__spare1__ = 0,
__spare2_ = {0, 0, 0, 0, 0, 0, 0}}}}
#10 0x000000006026f774 in handle_signal (actp=0x7ffffffe4208, sig=6,
info=0x7ffffffe45f0,
ucp=0x7ffffffe4280) at /usr/src/lib/libthr/thread/thr_sig.c:246
in_sigsuspend = 0
cancel_enable = 1
cancel_point = 0
sigfunc = 0x0
err = <optimized out>
uc2 = <optimized out>
#11 0x000000006026ec47 in thr_sighandler (sig=6, info=0x7ffffffe45f0,
_ucp=0x7ffffffe4280)
at /usr/src/lib/libthr/thread/thr_sig.c:191
err = 12
curthread = 0x860b00000
act = {__sigaction_u = {__sa_handler = 0x60051950
<host_signal_handler>,
__sa_sigaction = 0x60051950 <host_signal_handler>}, sa_flags = 64,
sa_mask = {__bits = {
2147483647, 4294967295, 4294967295, 4294967295}}}
#12 <signal handler called>
No symbol table info available.
#13 thr_kill () at thr_kill.S:3
No locals.
#14 0x00000000602d29ff in __raise (s=6) at /usr/src/lib/libc/gen/raise.c:54
id = 102337
#15 0x00000000602d2979 in abort () at /usr/src/lib/libc/stdlib/abort.c:67
act = <optimized out>
#16 0x00000000601f880e in mem_error (
format=0x6038ab81 "failed to allocate %u bytes (alignment: %u): %s\n") at
gslice.c:1465
pname = 0x0
args = {{gp_offset = 32, fp_offset = 48, overflow_arg_area =
0x7ffffffe4b60,
reg_save_area = 0x7ffffffe4a70}}
#17 0x00000000601f8cec in allocator_add_slab (allocator=0x62521250 <allocator>,
ix=2, chunk_size=48)
at gslice.c:1284
syserr = 0x62532f10 <strerror.ebuf> "Cannot allocate memory"
chunk = 0x868fd4f90
sinfo = 0x868fd4fd0
addr = 36121169408
padding = 32
n_chunks = 9
color = 0
page_size = 512
aligned_memory = 0x0
mem = 0x0
i = 8
#18 0x00000000601f72b6 in slab_allocator_alloc_chunk (chunk_size=48) at
gslice.c:1323
chunk = 0x868fd4f90
ix = 2
#19 0x00000000601f89b7 in magazine_cache_pop_magazine (ix=2,
countp=0x860b0c038) at gslice.c:731
magazine_threshold = 34
i = 9
chunk = 0x868fd4f90
head = 0x868fd4e10
chunk_size = 48
#20 0x00000000601f71d8 in thread_memory_magazine1_reload (tmem=0x860b0c000,
ix=2) at gslice.c:801
mag = 0x860b0c030
#21 0x00000000601f6e7e in g_slice_alloc (mem_size=40) at gslice.c:1014
ix = 2
tmem = 0x860b0c000
chunk_size = 48
mem = 0x800000003e
acat = 1
#22 0x000000006021299f in g_tree_node_new (key=0x605cfe20
<static_code_gen_buffer+742800>,
value=0x605cfe00 <static_code_gen_buffer+742768>) at gtree.c:136
node = 0x605cfca0 <static_code_gen_buffer+742416>
#23 0x000000006021129a in g_tree_insert_internal (tree=0x860b0a800,
key=0x605cfe20 <static_code_gen_buffer+742800>,
value=0x605cfe00 <static_code_gen_buffer+742768>, replace=0) at gtree.c:510
child = 0x605cfef8 <static_code_gen_buffer+743016>
cmp = 1
node = 0x868fd4d80
path = {0x0, 0x868fc4950, 0x868fcbb30, 0x868fd2790, 0x868fd3610,
0x868fd4430, 0x868fd4790,
0x868fd4b30, 0x868fd4c30, 0x868fd4cf0, 0x868fd4d50,
0x605cfec8 <static_code_gen_buffer+742968>, 0x7ffffffe4e00,
0x600090ce <patch_reloc+190>,
0x604f2cf0 <tcg_init_ctx+1776>, 0x4010604f2600, 0x2fffe4e60,
0x860e33d04, 0x7ffffffe4e70,
0x601d3f3e <qht_insert__locked+478>, 0x605cfe00
<static_code_gen_buffer+742768>,
0x23754574605cfec8, 0x868f6cd80, 0x868f6cd80, 0x860b1a060, 0x604f25c8
<tb_ctx+8>, 0x0,
0x0, 0x860e33d00, 0x7ffffffe4e87, 0x2375457460b1a060,
0x605cfe00 <static_code_gen_buffer+742768>, 0x860e33d00, 0x860b1a060,
0x604f25c8 <tb_ctx+8>, 0x860e33d00, 0x7ffffffe4eb0, 0x601d3c1f
<qht_insert+95>,
0x17ffffffe4eb0, 0x860b1a060}
idx = 11
#24 0x0000000060211004 in g_tree_insert (tree=0x860b0a800,
key=0x605cfe20 <static_code_gen_buffer+742800>,
value=0x605cfe00 <static_code_gen_buffer+742768>) at gtree.c:391
No locals.
#25 0x000000006003d852 in tb_gen_code (cpu=0x860ea4540, pc=131572, cs_base=0,
flags=2147483648,
cflags=0)
at
/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-8dcfea1/accel/tcg/translate-all.c:1399
env = 0x860eac758
tb = 0x605cfe00 <static_code_gen_buffer+742768>
phys_pc = 131572
phys_page2 = 18446744073709551615
virt_page2 = 131072
gen_code_buf = 0x605cfec0 <static_code_gen_buffer+742960>
"A\213n\354\205\355\017\214\062"
gen_code_size = 72
search_size = 14
#26 0x000000006003ab59 in tb_find (cpu=0x860ea4540,
last_tb=0x605cfc80 <static_code_gen_buffer+742384>, tb_exit=0, cf_mask=0)
at
/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-8dcfea1/accel/tcg/cpu-exec.c:402
tb = 0x0
cs_base = 0
pc = 131572
flags = 2147483648
acquired_tb_lock = true
#27 0x000000006003a518 in cpu_exec (cpu=0x860ea4540)
at
/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-8dcfea1/accel/tcg/cpu-exec.c:735
cflags = 0
tb = 0x605cfc80 <static_code_gen_buffer+742384>
last_tb = 0x605cfc80 <static_code_gen_buffer+742384>
tb_exit = 0
cc = 0x860e9f500
ret = 340
sc = {diff_clk = 0, last_cpu_icount = 0, realtime_clock = 0}
#28 0x00000000600442ff in target_cpu_loop (env=0x860eac758)
at
/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-8dcfea1/bsd-user/aarch64/target_arch_cpu.h:58
cs = 0x860ea4540
trapnr = 2
sig = 1615966250
info = {si_signo = 1615799808, si_errno = 0, si_code = 1649512448,
si_pid = 0,
si_uid = -110224, si_status = 32767, si_addr = 1610618197, si_value =
{sival_int = 4096,
sival_ptr = 4096, sigval_int = 4096, sigval_ptr = 4096}, _reason =
{_fault = {
_trapno = 1615799808}, _timer = {_timerid = 1615799808, _overrun
= 0}, _mesgp = {
_mqd = 1615799808}, _poll = {_band = 1615799808}, __spare__ = {
__spare1__ = 1615799808, __spare2_ = {-110128, 32767, 1610618804,
0, 3603561, 0, 1}}}}
code = 340
arg1 = 3
arg2 = 274878237620
arg3 = 0
arg4 = 274878037912
arg5 = 0
arg6 = 0
arg7 = 2101248
arg8 = 4194305
pstate = 1073741824
ret = 0
#29 0x00000000600442c5 in cpu_loop (env=0x860eac758)
at
/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-8dcfea1/bsd-user/main.c:122
No locals.
#30 0x0000000060045b61 in main (argc=2, argv=0x7fffffffec18)
at
/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-8dcfea1/bsd-user/main.c:516
filename = 0x7fffffffee4b "./a.out"
log_file = 0x0
log_mask = 0x0
regs1 = {regs = {36120075632, 0 <repeats 30 times>}, sp = 36120075632,
pc = 274877972480,
pstate = 0}
regs = 0x7ffffffe5358
info1 = {load_bias = 0, load_addr = 274877906944, start_code = 65536,
end_code = 131872,
start_data = 196608, end_data = 262552, start_brk = 327688, brk =
327688,
start_mmap = 2147483648, mmap = 0, rss = 0, start_stack =
36120075632,
entry = 274877972480, code_offset = 0, data_offset = 0, arg_start =
0, arg_end = 0,
personality = 0}
info = 0x7ffffffe52c0
bprm = {
buf =
"\177ELF\002\001\001\t\000\000\000\000\000\000\000\000\003\000\267\000\001\000\000\000\000\000\001\000\000\000\000\000@\000\000\000\000\000\000\000\b\035\004\000\000\000\000\000\000\000\000\000@\000\070\000\a\000@\000\024\000\023\000\006\000\000\000\004\000\000\000@\000\000\000\000\000\000\000@\000\000\000\000\000\000\000@\000\000\000\000\000\000\000\210\001\000\000\000\000\000\000\210\001\000\000\000\000\000\000\b\000\000\000\000\000\000\000\001\000\000\000\004\000\000",
page = {
0x0 <repeats 64 times>}, p = 36120075632, stringp = 36120076008, fd
= 3, e_uid = 1001,
e_gid = 1001, argc = 1, envc = 8, argv = 0x7fffffffec20, envp =
0x860ec6000,
filename = 0x7fffffffee4b "./a.out", fullpath = 0x860b1e0d0
"/tmp/a.out",
core_dump = 0x6004b3b0 <elf_core_dump>}
ts1 = <error reading variable ts1 (value of type `TaskState' requires
103504 bytes, which is more than max-value-size)>
ts = 0x7ffffffe5490
env = 0x860eac758
cpu = 0x860ea4540
optind = 1
r = 0x7fffffffee4b "./a.out"
gdbstub_port = 0
target_environ = 0x860ec6000
wrk = 0x860ec6040
envlist = 0x860b1e0d0
trace_file = 0x0
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list