Date: Sun, 31 Dec 2017 01:48:22 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 224740] emulators/qemu-user-static: RLIMIT_VMEM crashes Glib slice allocator Message-ID: <bug-224740-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D224740 Bug ID: 224740 Summary: emulators/qemu-user-static: RLIMIT_VMEM crashes Glib slice allocator Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Keywords: needs-patch Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: sbruno@FreeBSD.org Reporter: jbeich@FreeBSD.org CC: markmi@dsl-only.net Assignee: sbruno@FreeBSD.org Flags: maintainer-feedback?(sbruno@FreeBSD.org) $ cat a.c #include <sys/resource.h> int main() { struct rlimit limit; limit.rlim_cur =3D limit.rlim_max =3D 5000000; if (setrlimit (RLIMIT_VMEM, &limit) < 0) return 1; return 0; } $ cc a.c $ G_SLICE=3Dalways-malloc ./a.out $ ./a.out ***MEMORY-ERROR***: [39424]: GSlice: failed to allocate 496 bytes (alignmen= t: 512): Cannot allocate memory load: 0.86 cmd: qemu-aarch64-static 39424 [uwait] 1.80r 0.04u 0.00s 0% 128= 72k $ gdb -q =3Dqemu-aarch64-static 39424 Reading symbols from /usr/local/bin/qemu-aarch64-static...done. Attaching to program: /usr/local/bin/qemu-aarch64-static, process 39424 [New LWP 102113 of process 39424] [Switching to LWP 102337 of process 39424] _umtx_op_err () at /usr/src/lib/libthr/arch/amd64/amd64/_umtx_op_err.S:37 37 RSYSCALL_ERR(_umtx_op) (gdb) bt f #0 _umtx_op_err () at /usr/src/lib/libthr/arch/amd64/amd64/_umtx_op_err.S:= 37 No locals. #1 0x000000006026e160 in _thr_umtx_timedwait_uint (mtx=3D0x62528af0 <default_wake_addr+8>, id=3D<optimized out>, clockid=3D<optimized out>, abstime=3D<optimized o= ut>, shared=3D<optimized out>) at /usr/src/lib/libthr/thread/thr_umtx.c:236 tm_p =3D 0x6026e57c <_thr_ast+44> tm_size =3D 24 #2 0x000000006027822c in cond_wait_user (abstime=3D<optimized out>, cancel= =3D1, cvp=3D<optimized out>, mp=3D<optimized out>) at /usr/src/lib/libthr/thread/thr_cond.c:306 curthread =3D 0x860b002b8 deferred =3D 0 recurse =3D 0 error =3D <optimized out> sq =3D <optimized out> error2 =3D <optimized out> #3 cond_wait_common (cond=3D<optimized out>, mutex=3D<optimized out>, abst= ime=3D0x0, cancel=3D1) at /usr/src/lib/libthr/thread/thr_cond.c:366 cvp =3D 0x860aed320 mp =3D 0x860afe560 error =3D <optimized out> #4 0x00000000601c7df4 in qemu_cond_wait (cond=3D0x6251c450 <exclusive_cond= >, mutex=3D0x6251c440 <qemu_cpu_list_lock>) at util/qemu-thread-posix.c:161 err =3D 0 #5 0x0000000060120645 in start_exclusive () at cpus-common.c:204 other_cpu =3D 0x0 running_cpus =3D 1 #6 0x0000000060044819 in stop_all_tasks () No locals. #7 0x0000000060050d93 in force_sig (target_sig=3D6) at /usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-8dcfea1/bsd-user/s= ignal.c:338 env =3D 0x860eac758 cpu =3D 0x860ea4540 ts =3D 0x7ffffffe5490 core_dumped =3D 0 host_sig =3D 6 act =3D {__sigaction_u =3D {__sa_handler =3D 0x0, __sa_sigaction = =3D 0x0}, sa_flags =3D 0, sa_mask =3D { __bits =3D {0, 0, 0, 0}}} #8 0x0000000060051094 in queue_signal (env=3D0x860eac758, sig=3D6, info=3D0x7ffffffe3db8) 19 cpu =3D 0x860ea4540 ts =3D 0x7ffffffe5490 k =3D 0x7ffffffe56d0 q =3D 0x0 pq =3D 0x0 handler =3D 0 #9 0x0000000060051a26 in host_signal_handler (host_signum=3D6, info=3D0x7ffffffe45f0, puc=3D0x7ffffffe4280) at /usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-8dcfea1/bsd-user/s= ignal.c:482 env =3D 0x860eac758 sig =3D 6 tinfo =3D {si_signo =3D 6, si_errno =3D 0, si_code =3D 65543, si_pi= d =3D 39424, si_uid =3D 1001, si_status =3D 0, si_addr =3D 0, si_value =3D {sival_int =3D 0, si= val_ptr =3D 0, sigval_int =3D 0, sigval_ptr =3D 0}, _reason =3D {_fault =3D {_trapno =3D 0}, _ti= mer =3D {_timerid =3D 0, _overrun =3D 0}, _mesgp =3D {_mqd =3D 0}, _poll =3D {_band = =3D 0}, __spare__ =3D {__spare1__ =3D 0, __spare2_ =3D {0, 0, 0, 0, 0, 0, 0}}}} #10 0x000000006026f774 in handle_signal (actp=3D0x7ffffffe4208, sig=3D6, info=3D0x7ffffffe45f0, ucp=3D0x7ffffffe4280) at /usr/src/lib/libthr/thread/thr_sig.c:246 in_sigsuspend =3D 0 cancel_enable =3D 1 cancel_point =3D 0 sigfunc =3D 0x0 err =3D <optimized out> uc2 =3D <optimized out> #11 0x000000006026ec47 in thr_sighandler (sig=3D6, info=3D0x7ffffffe45f0, _ucp=3D0x7ffffffe4280) at /usr/src/lib/libthr/thread/thr_sig.c:191 err =3D 12 curthread =3D 0x860b00000 act =3D {__sigaction_u =3D {__sa_handler =3D 0x60051950 <host_signal_handler>, __sa_sigaction =3D 0x60051950 <host_signal_handler>}, sa_flags = =3D 64, sa_mask =3D {__bits =3D { 2147483647, 4294967295, 4294967295, 4294967295}}} #12 <signal handler called> No symbol table info available. #13 thr_kill () at thr_kill.S:3 No locals. #14 0x00000000602d29ff in __raise (s=3D6) at /usr/src/lib/libc/gen/raise.c:= 54 id =3D 102337 #15 0x00000000602d2979 in abort () at /usr/src/lib/libc/stdlib/abort.c:67 act =3D <optimized out> #16 0x00000000601f880e in mem_error ( format=3D0x6038ab81 "failed to allocate %u bytes (alignment: %u): %s\n"= ) at gslice.c:1465 pname =3D 0x0 args =3D {{gp_offset =3D 32, fp_offset =3D 48, overflow_arg_area =3D 0x7ffffffe4b60, reg_save_area =3D 0x7ffffffe4a70}} #17 0x00000000601f8cec in allocator_add_slab (allocator=3D0x62521250 <alloc= ator>, ix=3D2, chunk_size=3D48) at gslice.c:1284 syserr =3D 0x62532f10 <strerror.ebuf> "Cannot allocate memory" chunk =3D 0x868fd4f90 sinfo =3D 0x868fd4fd0 addr =3D 36121169408 padding =3D 32 n_chunks =3D 9 color =3D 0 page_size =3D 512 aligned_memory =3D 0x0 mem =3D 0x0 i =3D 8 #18 0x00000000601f72b6 in slab_allocator_alloc_chunk (chunk_size=3D48) at gslice.c:1323 chunk =3D 0x868fd4f90 ix =3D 2 #19 0x00000000601f89b7 in magazine_cache_pop_magazine (ix=3D2, countp=3D0x860b0c038) at gslice.c:731 magazine_threshold =3D 34 i =3D 9 chunk =3D 0x868fd4f90 head =3D 0x868fd4e10 chunk_size =3D 48 #20 0x00000000601f71d8 in thread_memory_magazine1_reload (tmem=3D0x860b0c00= 0, ix=3D2) at gslice.c:801 mag =3D 0x860b0c030 #21 0x00000000601f6e7e in g_slice_alloc (mem_size=3D40) at gslice.c:1014 ix =3D 2 tmem =3D 0x860b0c000 chunk_size =3D 48 mem =3D 0x800000003e acat =3D 1 #22 0x000000006021299f in g_tree_node_new (key=3D0x605cfe20 <static_code_gen_buffer+742800>, value=3D0x605cfe00 <static_code_gen_buffer+742768>) at gtree.c:136 node =3D 0x605cfca0 <static_code_gen_buffer+742416> #23 0x000000006021129a in g_tree_insert_internal (tree=3D0x860b0a800, key=3D0x605cfe20 <static_code_gen_buffer+742800>, value=3D0x605cfe00 <static_code_gen_buffer+742768>, replace=3D0) at gtr= ee.c:510 child =3D 0x605cfef8 <static_code_gen_buffer+743016> cmp =3D 1 node =3D 0x868fd4d80 path =3D {0x0, 0x868fc4950, 0x868fcbb30, 0x868fd2790, 0x868fd3610, 0x868fd4430, 0x868fd4790, 0x868fd4b30, 0x868fd4c30, 0x868fd4cf0, 0x868fd4d50, 0x605cfec8 <static_code_gen_buffer+742968>, 0x7ffffffe4e00, 0x600090ce <patch_reloc+190>, 0x604f2cf0 <tcg_init_ctx+1776>, 0x4010604f2600, 0x2fffe4e60, 0x860e33d04, 0x7ffffffe4e70, 0x601d3f3e <qht_insert__locked+478>, 0x605cfe00 <static_code_gen_buffer+742768>, 0x23754574605cfec8, 0x868f6cd80, 0x868f6cd80, 0x860b1a060, 0x604f= 25c8 <tb_ctx+8>, 0x0, 0x0, 0x860e33d00, 0x7ffffffe4e87, 0x2375457460b1a060, 0x605cfe00 <static_code_gen_buffer+742768>, 0x860e33d00, 0x860b1a= 060, 0x604f25c8 <tb_ctx+8>, 0x860e33d00, 0x7ffffffe4eb0, 0x601d3c1f <qht_insert+95>, 0x17ffffffe4eb0, 0x860b1a060} idx =3D 11 #24 0x0000000060211004 in g_tree_insert (tree=3D0x860b0a800, key=3D0x605cfe20 <static_code_gen_buffer+742800>, value=3D0x605cfe00 <static_code_gen_buffer+742768>) at gtree.c:391 No locals. #25 0x000000006003d852 in tb_gen_code (cpu=3D0x860ea4540, pc=3D131572, cs_b= ase=3D0, flags=3D2147483648, cflags=3D0) at /usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-8dcfea1/accel/tcg/= translate-all.c:1399 env =3D 0x860eac758 tb =3D 0x605cfe00 <static_code_gen_buffer+742768> phys_pc =3D 131572 phys_page2 =3D 18446744073709551615 virt_page2 =3D 131072 gen_code_buf =3D 0x605cfec0 <static_code_gen_buffer+742960> "A\213n\354\205\355\017\214\062" gen_code_size =3D 72 search_size =3D 14 #26 0x000000006003ab59 in tb_find (cpu=3D0x860ea4540, last_tb=3D0x605cfc80 <static_code_gen_buffer+742384>, tb_exit=3D0, cf_m= ask=3D0) at /usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-8dcfea1/accel/tcg/= cpu-exec.c:402 tb =3D 0x0 cs_base =3D 0 pc =3D 131572 flags =3D 2147483648 acquired_tb_lock =3D true #27 0x000000006003a518 in cpu_exec (cpu=3D0x860ea4540) at /usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-8dcfea1/accel/tcg/= cpu-exec.c:735 cflags =3D 0 tb =3D 0x605cfc80 <static_code_gen_buffer+742384> last_tb =3D 0x605cfc80 <static_code_gen_buffer+742384> tb_exit =3D 0 cc =3D 0x860e9f500 ret =3D 340 sc =3D {diff_clk =3D 0, last_cpu_icount =3D 0, realtime_clock =3D 0} #28 0x00000000600442ff in target_cpu_loop (env=3D0x860eac758) at /usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-8dcfea1/bsd-user/a= arch64/target_arch_cpu.h:58 cs =3D 0x860ea4540 trapnr =3D 2 sig =3D 1615966250 info =3D {si_signo =3D 1615799808, si_errno =3D 0, si_code =3D 1649= 512448, si_pid =3D 0, si_uid =3D -110224, si_status =3D 32767, si_addr =3D 1610618197, = si_value =3D {sival_int =3D 4096, sival_ptr =3D 4096, sigval_int =3D 4096, sigval_ptr =3D 4096}, = _reason =3D {_fault =3D { _trapno =3D 1615799808}, _timer =3D {_timerid =3D 1615799808,= _overrun =3D 0}, _mesgp =3D { _mqd =3D 1615799808}, _poll =3D {_band =3D 1615799808}, __spa= re__ =3D { __spare1__ =3D 1615799808, __spare2_ =3D {-110128, 32767, 161= 0618804, 0, 3603561, 0, 1}}}} code =3D 340 arg1 =3D 3 arg2 =3D 274878237620 arg3 =3D 0 arg4 =3D 274878037912 arg5 =3D 0 arg6 =3D 0 arg7 =3D 2101248 arg8 =3D 4194305 pstate =3D 1073741824 ret =3D 0 #29 0x00000000600442c5 in cpu_loop (env=3D0x860eac758) at /usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-8dcfea1/bsd-user/m= ain.c:122 No locals. #30 0x0000000060045b61 in main (argc=3D2, argv=3D0x7fffffffec18) at /usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-8dcfea1/bsd-user/m= ain.c:516 filename =3D 0x7fffffffee4b "./a.out" log_file =3D 0x0 log_mask =3D 0x0 regs1 =3D {regs =3D {36120075632, 0 <repeats 30 times>}, sp =3D 361= 20075632, pc =3D 274877972480, pstate =3D 0} regs =3D 0x7ffffffe5358 info1 =3D {load_bias =3D 0, load_addr =3D 274877906944, start_code = =3D 65536, end_code =3D 131872, start_data =3D 196608, end_data =3D 262552, start_brk =3D 327688,= brk =3D 327688, start_mmap =3D 2147483648, mmap =3D 0, rss =3D 0, start_stack =3D 36120075632, entry =3D 274877972480, code_offset =3D 0, data_offset =3D 0, arg= _start =3D 0, arg_end =3D 0, personality =3D 0} info =3D 0x7ffffffe52c0 bprm =3D { buf =3D "\177ELF\002\001\001\t\000\000\000\000\000\000\000\000\003\000\267\000\001\= 000\000\000\000\000\001\000\000\000\000\000@\000\000\000\000\000\000\000\b\= 035\004\000\000\000\000\000\000\000\000\000@\000\070\000\a\000@\000\024\000= \023\000\006\000\000\000\004\000\000\000@\000\000\000\000\000\000\000@\000\= 000\000\000\000\000\000@\000\000\000\000\000\000\000\210\001\000\000\000\00= 0\000\000\210\001\000\000\000\000\000\000\b\000\000\000\000\000\000\000\001= \000\000\000\004\000\000", page =3D { 0x0 <repeats 64 times>}, p =3D 36120075632, stringp =3D 3612007= 6008, fd =3D 3, e_uid =3D 1001, e_gid =3D 1001, argc =3D 1, envc =3D 8, argv =3D 0x7fffffffec20, = envp =3D 0x860ec6000, filename =3D 0x7fffffffee4b "./a.out", fullpath =3D 0x860b1e0d0 "/tmp/a.out", core_dump =3D 0x6004b3b0 <elf_core_dump>} ts1 =3D <error reading variable ts1 (value of type `TaskState' requ= ires 103504 bytes, which is more than max-value-size)> ts =3D 0x7ffffffe5490 env =3D 0x860eac758 cpu =3D 0x860ea4540 optind =3D 1 r =3D 0x7fffffffee4b "./a.out" gdbstub_port =3D 0 target_environ =3D 0x860ec6000 wrk =3D 0x860ec6040 envlist =3D 0x860b1e0d0 trace_file =3D 0x0 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-224740-13>