I've narrowed the crash to a stmia instruction in U-Boot's relocate_code: Breakpoint 3, relocate_code () at arch/arm/lib/relocate.S:81 81 subs r4, r0, r1 /* r4 <- relocation offset */ (gdb) disas Dump of assembler code for function relocate_code: 0x17802620 <+0>: ldr r1, [pc, #76] ; 0x17802674 <relocate_done+4> => 0x17802624 <+4>: subs r4, r0, r1 0x17802628 <+8>: beq 0x17802670 <relocate_done> 0x1780262c <+12>: ldr r2, [pc, #68] ; 0x17802678 <relocate_done+8> 0x17802630 <+16>: ldm r1!, {r10, r11} 0x17802634 <+20>: stmia r0!, {r10, r11} 0x17802638 <+24>: cmp r1, r2 0x1780263c <+28>: bcc 0x17802630 <relocate_code+16> 0x17802640 <+32>: ldr r2, [pc, #52] ; 0x1780267c <relocate_done+12> 0x17802644 <+36>: ldr r3, [pc, #52] ; 0x17802680 <relocate_done+16> 0x17802648 <+0>: ldm r2!, {r0, r1} 0x1780264c <+4>: and r1, r1, #255 ; 0xff 0x17802650 <+8>: cmp r1, #23 0x17802654 <+12>: bne 0x17802668 <fixnext> 0x17802658 <+16>: add r0, r0, r4 0x1780265c <+20>: ldr r1, [r0] 0x17802660 <+24>: add r1, r1, r4 0x17802664 <+28>: str r1, [r0] 0x17802668 <+0>: cmp r2, r3 0x1780266c <+4>: bcc 0x17802648 <fixloop> 0x17802670 <+0>: bx lr End of assembler dump. (gdb) si 82 beq relocate_done /* skip relocation */ (gdb) 83 ldr r2, =__image_copy_end /* r2 <- SRC &__image_copy_end */ (gdb) 86 ldmia r1!, {r10-r11} /* copy from source address [r1] */ (gdb) 87 stmia r0!, {r10-r11} /* copy to target address [r0] */ (gdb) bt #0 relocate_code () at arch/arm/lib/relocate.S:87 #1 0x178025cc in _main () at arch/arm/lib/crt0.S:121 Backtrace stopped: previous frame identical to this frame (corrupt stack?) (gdb) si Remote connection closed
-- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1596160 Title: SIGSEGV in memory_region_access_valid on Sabre Lite board Status in QEMU: New Bug description: I'm trying to emulate a Sabre Lite board and booting U-Boot, but I'm encountering a SIGSEGV almost immediately after starting QEMU. QEMU version: 6f1d2d1c5ad20d464705b17318cb7ca495f8078a U-Boot version: mx6qsabrelite_defconfig 2016.05 (with http://git.denx.de/?p=u-boot.git;a=commitdiff;h=1f516faa45611aedc8c2e3f303b3866f615d481e reverted, since it hangs the CPU) $ gdb --args ./arm-softmmu/qemu-system-arm -machine sabrelite -kernel ~/u-boot-2016.05/u-boot GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1 ... (gdb) r Starting program: /home/kota/qemu/build/arm-softmmu/qemu-system-arm -machine sabrelite -kernel /home/kota/u-boot-2016.05/u-boot [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7fffe9074700 (LWP 18025)] [New Thread 0x7fffe58c0700 (LWP 18027)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffe58c0700 (LWP 18027)] 0x00005555557aaaa8 in memory_region_access_valid (mr=mr@entry=0x7fffe594e0e0, addr=addr@entry=0, size=size@entry=4, is_write=is_write@entry=true) at /home/kota/qemu/memory.c:1143 1143 if (!mr->ops->valid.unaligned && (addr & (size - 1))) { (gdb) bt #0 0x00005555557aaaa8 in memory_region_access_valid (mr=mr@entry=0x7fffe594e0e0, addr=addr@entry=0, size=size@entry=4, is_write=is_write@entry=true) at /home/kota/qemu/memory.c:1143 #1 0x00005555557aacbd in memory_region_dispatch_write (mr=0x7fffe594e0e0, addr=0, data=3925868734, size=4, attrs=...) at /home/kota/qemu/memory.c:1249 #2 0x00007fffe645a4e4 in code_gen_buffer () #3 0x0000555555778d4d in cpu_tb_exec (itb=<optimized out>, itb=<optimized out>, cpu=0x7fffe58c92e0) at /home/kota/qemu/cpu-exec.c:166 #4 cpu_loop_exec_tb (sc=0x7fffe58bfab0, tb_exit=<synthetic pointer>, last_tb=0x7fffe58bfaa0, tb=<optimized out>, cpu=0x7fffe58c92e0) at /home/kota/qemu/cpu-exec.c:530 #5 cpu_arm_exec (cpu=cpu@entry=0x7fffe58c1080) at /home/kota/qemu/cpu-exec.c:626 #6 0x0000555555798a20 in tcg_cpu_exec (cpu=0x7fffe58c1080) at /home/kota/qemu/cpus.c:1541 #7 tcg_exec_all () at /home/kota/qemu/cpus.c:1574 #8 qemu_tcg_cpu_thread_fn (arg=<optimized out>) at /home/kota/qemu/cpus.c:1171 #9 0x00007ffff27f1184 in start_thread (arg=0x7fffe58c0700) at pthread_create.c:312 #10 0x00007ffff251e37d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1596160/+subscriptions