This issue as same as when I build yocto sabrelite build. You can find detailed information as below: berte [ ~/playground/fsl-arm-yocto-bsp/hmi_test/tmp/deploy/images/imx6dlsabresd ]$ gdb --args ~/playground/qemu/debug/arm-softmmu/qemu-system-arm -smp 4 -M sabrelite -m 1024M -kernel u-boot.imx-sd GNU gdb (Gentoo 7.10.1 vanilla) 7.10.1 Copyright (C) 2015 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-pc-linux-gnu". Type "show configuration" for configuration details. For bug reporting instructions, please see: <https://bugs.gentoo.org/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /home/berte/playground/qemu/debug/arm-softmmu/qemu-system-arm...done. (gdb) r Starting program: /home/berte/playground/qemu/debug/arm-softmmu/qemu-system-arm -smp 4 -M sabrelite -m 1024M -kernel u-boot.imx-sd [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". [New Thread 0x7fffeb37b700 (LWP 8652)] [New Thread 0x7fffd63ca700 (LWP 8653)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffd63ca700 (LWP 8653)] 0x00005555557ac1fa in memory_region_access_valid (mr=0x7ffff7f2b0e0, addr=0, size=1, is_write=true) at /home/berte/playground/qemu/memory.c:1143 1143 if (!mr->ops->valid.unaligned && (addr & (size - 1))) { (gdb) bt #0 0x00005555557ac1fa in memory_region_access_valid (mr=0x7ffff7f2b0e0, addr=0, size=1, is_write=true) at /home/berte/playground/qemu/memory.c:1143 #1 0x00005555557ac663 in memory_region_dispatch_write (mr=0x7ffff7f2b0e0, addr=0, data=0, size=1, attrs=...) at /home/berte/playground/qemu/memory.c:1249 #2 0x00005555557b24f4 in io_writeb (env=0x7ffff7ea62f8, iotlbentry=0x7ffff7eb9688, val=0 '\000', addr=0, retaddr=140736862856889) at /home/berte/playground/qemu/softmmu_template.h:369 #3 0x00005555557b2837 in helper_ret_stb_mmu (env=0x7ffff7ea62f8, addr=0, val=0 '\000', oi=4, retaddr=140736862856889) at /home/berte/playground/qemu/softmmu_template.h:409 #4 0x00007fffdab7a6bb in code_gen_buffer () #5 0x000055555576a056 in cpu_tb_exec (cpu=0x7ffff7e9e080, itb=0x7fffd63cb240) at /home/berte/playground/qemu/cpu-exec.c:166 #6 0x000055555576ab3a in cpu_loop_exec_tb (cpu=0x7ffff7e9e080, tb=0x7fffd63cb240, last_tb=0x7fffd63c9a68, tb_exit=0x7fffd63c9a64, sc=0x7fffd63c9a80) at /home/berte/playground/qemu/cpu-exec.c:530 #7 0x000055555576ae26 in cpu_arm_exec (cpu=0x7ffff7e9e080) at /home/berte/playground/qemu/cpu-exec.c:626 #8 0x000055555579483a in tcg_cpu_exec (cpu=0x7ffff7e9e080) at /home/berte/playground/qemu/cpus.c:1541 #9 0x0000555555794925 in tcg_exec_all () at /home/berte/playground/qemu/cpus.c:1574 #10 0x0000555555793d05 in qemu_tcg_cpu_thread_fn (arg=0x7ffff7e9e080) at /home/berte/playground/qemu/cpus.c:1171 #11 0x00007ffff56ec434 in start_thread () from /lib64/libpthread.so.0 #12 0x00007ffff0fbb28d in clone () from /lib64/libc.so.6 (gdb) disas Dump of assembler code for function memory_region_access_valid: 0x00005555557ac1da <+0>: push %rbp 0x00005555557ac1db <+1>: mov %rsp,%rbp 0x00005555557ac1de <+4>: sub $0x30,%rsp 0x00005555557ac1e2 <+8>: mov %rdi,-0x18(%rbp) 0x00005555557ac1e6 <+12>: mov %rsi,-0x20(%rbp) 0x00005555557ac1ea <+16>: mov %edx,-0x24(%rbp) 0x00005555557ac1ed <+19>: mov %ecx,%eax 0x00005555557ac1ef <+21>: mov %al,-0x28(%rbp) 0x00005555557ac1f2 <+24>: mov -0x18(%rbp),%rax 0x00005555557ac1f6 <+28>: mov 0x48(%rax),%rax => 0x00005555557ac1fa <+32>: movzbl 0x30(%rax),%eax 0x00005555557ac1fe <+36>: xor $0x1,%eax 0x00005555557ac201 <+39>: test %al,%al 0x00005555557ac203 <+41>: je 0x5555557ac220 <memory_region_access_valid+70> 0x00005555557ac205 <+43>: mov -0x24(%rbp),%eax 0x00005555557ac208 <+46>: sub $0x1,%eax 0x00005555557ac20b <+49>: mov %eax,%eax 0x00005555557ac20d <+51>: and -0x20(%rbp),%rax 0x00005555557ac211 <+55>: test %rax,%rax 0x00005555557ac214 <+58>: je 0x5555557ac220 <memory_region_access_valid+70> 0x00005555557ac216 <+60>: mov $0x0,%eax 0x00005555557ac21b <+65>: jmpq 0x5555557ac2f1 <memory_region_access_valid+279> 0x00005555557ac220 <+70>: mov -0x18(%rbp),%rax 0x00005555557ac224 <+74>: mov 0x48(%rax),%rax 0x00005555557ac228 <+78>: mov 0x38(%rax),%rax 0x00005555557ac22c <+82>: test %rax,%rax 0x00005555557ac22f <+85>: jne 0x5555557ac23b <memory_region_access_valid+97> 0x00005555557ac231 <+87>: mov $0x1,%eax 0x00005555557ac236 <+92>: jmpq 0x5555557ac2f1 <memory_region_access_valid+279> 0x00005555557ac23b <+97>: mov -0x18(%rbp),%rax 0x00005555557ac23f <+101>: mov 0x48(%rax),%rax 0x00005555557ac243 <+105>: mov 0x28(%rax),%eax 0x00005555557ac246 <+108>: mov %eax,-0x10(%rbp) 0x00005555557ac249 <+111>: mov -0x18(%rbp),%rax 0x00005555557ac24d <+115>: mov 0x48(%rax),%rax 0x00005555557ac251 <+119>: mov 0x28(%rax),%eax 0x00005555557ac254 <+122>: test %eax,%eax 0x00005555557ac256 <+124>: jne 0x5555557ac25f <memory_region_access_valid+133> 0x00005555557ac258 <+126>: movl $0x1,-0x10(%rbp) 0x00005555557ac25f <+133>: mov -0x18(%rbp),%rax 0x00005555557ac263 <+137>: mov 0x48(%rax),%rax 0x00005555557ac267 <+141>: mov 0x2c(%rax),%eax ---Type <return> to continue, or q <return> to quit--- 0x00005555557ac26a <+144>: mov %eax,-0xc(%rbp) 0x00005555557ac26d <+147>: mov -0x18(%rbp),%rax 0x00005555557ac271 <+151>: mov 0x48(%rax),%rax 0x00005555557ac275 <+155>: mov 0x2c(%rax),%eax 0x00005555557ac278 <+158>: test %eax,%eax 0x00005555557ac27a <+160>: jne 0x5555557ac283 <memory_region_access_valid+169> 0x00005555557ac27c <+162>: movl $0x4,-0xc(%rbp) 0x00005555557ac283 <+169>: mov -0xc(%rbp),%edx 0x00005555557ac286 <+172>: mov -0x24(%rbp),%eax 0x00005555557ac289 <+175>: cmp %eax,%edx 0x00005555557ac28b <+177>: cmova %eax,%edx 0x00005555557ac28e <+180>: mov -0x10(%rbp),%eax 0x00005555557ac291 <+183>: cmp %eax,%edx 0x00005555557ac293 <+185>: cmovae %edx,%eax 0x00005555557ac296 <+188>: mov %eax,-0x4(%rbp) 0x00005555557ac299 <+191>: movl $0x0,-0x8(%rbp) 0x00005555557ac2a0 <+198>: jmp 0x5555557ac2e4 <memory_region_access_valid+266> 0x00005555557ac2a2 <+200>: mov -0x18(%rbp),%rax 0x00005555557ac2a6 <+204>: mov 0x48(%rax),%rax 0x00005555557ac2aa <+208>: mov 0x38(%rax),%rax 0x00005555557ac2ae <+212>: movzbl -0x28(%rbp),%ecx 0x00005555557ac2b2 <+216>: mov -0x4(%rbp),%edx 0x00005555557ac2b5 <+219>: mov -0x8(%rbp),%esi 0x00005555557ac2b8 <+222>: movslq %esi,%rdi 0x00005555557ac2bb <+225>: mov -0x20(%rbp),%rsi 0x00005555557ac2bf <+229>: lea (%rdi,%rsi,1),%r8 0x00005555557ac2c3 <+233>: mov -0x18(%rbp),%rsi 0x00005555557ac2c7 <+237>: mov 0x50(%rsi),%rdi 0x00005555557ac2cb <+241>: mov %r8,%rsi 0x00005555557ac2ce <+244>: callq *%rax 0x00005555557ac2d0 <+246>: xor $0x1,%eax 0x00005555557ac2d3 <+249>: test %al,%al 0x00005555557ac2d5 <+251>: je 0x5555557ac2de <memory_region_access_valid+260> 0x00005555557ac2d7 <+253>: mov $0x0,%eax 0x00005555557ac2dc <+258>: jmp 0x5555557ac2f1 <memory_region_access_valid+279> 0x00005555557ac2de <+260>: mov -0x4(%rbp),%eax 0x00005555557ac2e1 <+263>: add %eax,-0x8(%rbp) 0x00005555557ac2e4 <+266>: mov -0x8(%rbp),%eax 0x00005555557ac2e7 <+269>: cmp -0x24(%rbp),%eax 0x00005555557ac2ea <+272>: jb 0x5555557ac2a2 <memory_region_access_valid+200> 0x00005555557ac2ec <+274>: mov $0x1,%eax 0x00005555557ac2f1 <+279>: leaveq 0x00005555557ac2f2 <+280>: retq ---Type <return> to continue, or q <return> to quit--- End of assembler dump. (gdb) (gdb) info reg rax 0x0 0 rbx 0x4 4 rcx 0x1 1 rdx 0x1 1 rsi 0x0 0 rdi 0x7ffff7f2b0e0 140737353265376 rbp 0x7fffd63c93c0 0x7fffd63c93c0 rsp 0x7fffd63c9390 0x7fffd63c9390 r8 0x6 6 r9 0x7 7 r10 0x0 0 r11 0x217 535 r12 0x0 0 r13 0x7fffffffd70f 140737488344847 r14 0x7ffff7ea62f8 140737352721144 r15 0x7fffffffd7d0 140737488345040 rip 0x5555557ac1fa 0x5555557ac1fa <memory_region_access_valid+32> eflags 0x10206 [ PF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 (gdb)
-- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1596160 Title: SIGSEGV in memory_region_access_valid on Sabre Lite board Status in QEMU: New Bug description: I'm trying to emulate a Sabre Lite board and booting U-Boot, but I'm encountering a SIGSEGV almost immediately after starting QEMU. QEMU version: 6f1d2d1c5ad20d464705b17318cb7ca495f8078a U-Boot version: mx6qsabrelite_defconfig 2016.05 (with http://git.denx.de/?p=u-boot.git;a=commitdiff;h=1f516faa45611aedc8c2e3f303b3866f615d481e reverted, since it hangs the CPU) $ gdb --args ./arm-softmmu/qemu-system-arm -machine sabrelite -kernel ~/u-boot-2016.05/u-boot GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1 ... (gdb) r Starting program: /home/kota/qemu/build/arm-softmmu/qemu-system-arm -machine sabrelite -kernel /home/kota/u-boot-2016.05/u-boot [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7fffe9074700 (LWP 18025)] [New Thread 0x7fffe58c0700 (LWP 18027)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffe58c0700 (LWP 18027)] 0x00005555557aaaa8 in memory_region_access_valid (mr=mr@entry=0x7fffe594e0e0, addr=addr@entry=0, size=size@entry=4, is_write=is_write@entry=true) at /home/kota/qemu/memory.c:1143 1143 if (!mr->ops->valid.unaligned && (addr & (size - 1))) { (gdb) print mr->ops $1 = (const MemoryRegionOps *) 0x0 (gdb) print *mr $2 = {parent_obj = {class = 0x555556678990, free = 0x0, properties = 0x555557002d20, ref = 1, parent = 0x555556693d10}, romd_mode = true, ram = false, subpage = false, readonly = false, rom_device = true, flush_coalesced_mmio = false, global_locking = true, dirty_log_mask = 0 '\000', ram_block = 0x5555570228f0, owner = 0x0, iommu_ops = 0x0, ops = 0x0, opaque = 0x0, container = 0x555556693980, size = { lo = 98304, hi = 0}, addr = 0, destructor = 0x5555557a70b0 <memory_region_destructor_rom_device>, align = 2097152, terminates = true, skip_dump = false, enabled = true, warning_printed = false, vga_logging_count = 0 '\000', alias = 0x0, alias_offset = 0, priority = 0, subregions = {tqh_first = 0x0, tqh_last = 0x7fffe594e188}, subregions_link = {tqe_next = 0x7fffe594d988, tqe_prev = 0x7fffe594e290}, coalesced = {tqh_first = 0x0, tqh_last = 0x7fffe594e1a8}, name = 0x555557022710 "imx6.rom", ioeventfd_nb = 0, ioeventfds = 0x0, iommu_notify = {notifiers = {lh_first = 0x0}}} (gdb) bt #0 0x00005555557aaaa8 in memory_region_access_valid (mr=mr@entry=0x7fffe594e0e0, addr=addr@entry=0, size=size@entry=4, is_write=is_write@entry=true) at /home/kota/qemu/memory.c:1143 #1 0x00005555557aacbd in memory_region_dispatch_write (mr=0x7fffe594e0e0, addr=0, data=3925868734, size=4, attrs=...) at /home/kota/qemu/memory.c:1249 #2 0x00007fffe645a4e4 in code_gen_buffer () #3 0x0000555555778d4d in cpu_tb_exec (itb=<optimized out>, itb=<optimized out>, cpu=0x7fffe58c92e0) at /home/kota/qemu/cpu-exec.c:166 #4 cpu_loop_exec_tb (sc=0x7fffe58bfab0, tb_exit=<synthetic pointer>, last_tb=0x7fffe58bfaa0, tb=<optimized out>, cpu=0x7fffe58c92e0) at /home/kota/qemu/cpu-exec.c:530 #5 cpu_arm_exec (cpu=cpu@entry=0x7fffe58c1080) at /home/kota/qemu/cpu-exec.c:626 #6 0x0000555555798a20 in tcg_cpu_exec (cpu=0x7fffe58c1080) at /home/kota/qemu/cpus.c:1541 #7 tcg_exec_all () at /home/kota/qemu/cpus.c:1574 #8 qemu_tcg_cpu_thread_fn (arg=<optimized out>) at /home/kota/qemu/cpus.c:1171 #9 0x00007ffff27f1184 in start_thread (arg=0x7fffe58c0700) at pthread_create.c:312 #10 0x00007ffff251e37d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1596160/+subscriptions
