1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
|
qemu-system-arm segfault in arm_v7m_mmu_idx_for_secstate
Attempting to emulate some baremetal ARM cortex-M* firmware with gdb causes a segfault every time.
qemu invocation:
qemu-system-arm -machine none -cpu cortex-m3 -nographic -monitor null -serial null -s -S -device loader,file=firmware.elf
qemu seems to startup fine with that command. Segfault happens as soon as I connect from another console with
arm-none-eabi-gdb firmware.elf
> target remote localhost:1234
# qemu segfaults, and kills arm-none-eabi-gdb along with it
Here's a bt from qemu-system-arm :
*********************************
#0 armv7m_nvic_neg_prio_requested (opaque=0x0, secure=false)
at /home/sac/qemu/src/qemu/hw/intc/armv7m_nvic.c:383
s = 0x0
#1 0x006e4806 in arm_v7m_mmu_idx_for_secstate (secstate=<optimized out>, env=0xb620263c)
at /home/sac/qemu/src/qemu/target/arm/cpu.h:2345
el = <optimized out>
mmu_idx = ARMMMUIdx_MPriv
el = <optimized out>
mmu_idx = <optimized out>
#2 cpu_mmu_index (ifetch=false, env=0xb620263c) at /home/sac/qemu/src/qemu/target/arm/cpu.h:2358
mmu_idx = <optimized out>
el = <optimized out>
ifetch = <optimized out>
env = 0xb620263c
el = <optimized out>
mmu_idx = <optimized out>
el = <optimized out>
el = <optimized out>
mmu_idx = <optimized out>
#3 arm_cpu_get_phys_page_attrs_debug (cs=0xb61fe480, addr=0, attrs=0xbfffc668)
at /home/sac/qemu/src/qemu/target/arm/helper.c:9858
cpu = 0xb61fe480
__func__ = "arm_cpu_get_phys_page_attrs_debug"
env = 0xb620263c
phys_addr = 6402535376434480864
page_size = 5
prot = -1239242724
ret = <optimized out>
fsr = 4294967041
fi = {s2addr = 0, stage2 = false, s1ptw = false, ea = false}
mmu_idx = <optimized out>
#4 0x005729d1 in cpu_get_phys_page_attrs_debug (attrs=<optimized out>, addr=<optimized out>,
cpu=<optimized out>) at /home/sac/qemu/src/qemu/include/qom/cpu.h:580
cc = <optimized out>
cc = <optimized out>
#5 cpu_memory_rw_debug (cpu=0xb61fe480, addr=0, buf=0xbfffd6dc "", len=4, is_write=0)
at /home/sac/qemu/src/qemu/exec.c:3524
asidx = <optimized out>
attrs = {unspecified = 0, secure = 0, user = 0, requester_id = 15525}
l = <optimized out>
phys_addr = <optimized out>
page = 0
__PRETTY_FUNCTION__ = "cpu_memory_rw_debug"
#6 0x005b4c5e in target_memory_rw_debug (is_write=false, len=4, buf=<optimized out>, addr=0,
cpu=0xb61fe480) at /home/sac/qemu/src/qemu/gdbstub.c:56
cc = <optimized out>
cc = <optimized out>
#7 gdb_handle_packet (s=s@entry=0xb6229800, line_buf=line_buf@entry=0xb6229810 "m0,4")
at /home/sac/qemu/src/qemu/gdbstub.c:1109
cpu = <optimized out>
cc = <optimized out>
p = 0xb6229813 "4"
thread = <optimized out>
ch = <optimized out>
reg_size = <optimized out>
type = <optimized out>
res = <optimized out>
buf = "m1\000", '\060' <repeats 109 times>, "ffffffff00000000d3010040\000t modification,\n are permitted in any medium without royalt"...
mem_buf = '\000' <repeats 56 times>, "\377\377\377\377\000\000\000\000\323\001\000@", '\000' <repeats 716 times>...
registers = <optimized out>
addr = 0
len = 4
__func__ = "gdb_handle_packet"
#8 0x005b55b3 in gdb_read_byte (ch=100, s=0xb6229800) at /home/sac/qemu/src/qemu/gdbstub.c:1664
reply = 43 '+'
reply = <optimized out>
repeat = <optimized out>
#9 gdb_chr_receive (opaque=<optimized out>, buf=<optimized out>, size=<optimized out>)
at /home/sac/qemu/src/qemu/gdbstub.c:1868
i = <optimized out>
#10 0x00980319 in tcp_chr_read (chan=0xb6c86200, cond=G_IO_IN, opaque=0xb63fc6e0)
at chardev/char-socket.c:440
chr = <optimized out>
__func__ = "tcp_chr_read"
s = 0xb63fc6e0
buf = "$m0,4#fddInfo#c8read:arm-core.xml:0,ffb#08+;qRelocInsn+;fork-events+;vfork-events+;exec-events+;vContSupported+;QThreadEvents+;no-resumed+#df\363\377\377\000\000\000\000\274\354\377\277", '\000' <repeats 16 times>, "\272\356\377 \274\354\377\277", '\000' <repeats 16 times>, "\373\377\377\377\005\000\000\000"...
len = <optimized out>
size = <optimized out>
#11 0xb7808c44 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#12 0x009e14d2 in glib_pollfds_poll () at util/main-loop.c:214
context = 0xb645f740
pfds = <optimized out>
context = <optimized out>
pfds = <optimized out>
#13 os_host_main_loop_wait (timeout=<optimized out>) at util/main-loop.c:261
context = 0xb645f740
ret = 1
spin_counter = 0
context = <optimized out>
ret = <optimized out>
spin_counter = 0
notified = false
#14 main_loop_wait (nonblocking=0) at util/main-loop.c:515
ret = <optimized out>
timeout = 1000
timeout_ns = <optimized out>
#15 0x00561781 in main_loop () at vl.c:1995
No locals.
#16 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at vl.c:4911
i = <optimized out>
snapshot = <optimized out>
linux_boot = <optimized out>
initrd_filename = <optimized out>
kernel_filename = <optimized out>
kernel_cmdline = <optimized out>
boot_order = <optimized out>
boot_once = <optimized out>
ds = <optimized out>
cyls = <optimized out>
heads = <optimized out>
secs = <optimized out>
translation = <optimized out>
opts = <optimized out>
machine_opts = <optimized out>
hda_opts = <optimized out>
icount_opts = <optimized out>
accel_opts = <optimized out>
olist = <optimized out>
optind = 14
optarg = 0xbffffcf6 "loader,file=firmware.elf"
loadvm = <optimized out>
machine_class = <optimized out>
cpu_model = <optimized out>
vga_model = <optimized out>
qtest_chrdev = <optimized out>
qtest_log = <optimized out>
pid_file = <optimized out>
incoming = <optimized out>
userconfig = <optimized out>
nographic = <optimized out>
display_type = <optimized out>
display_remote = <optimized out>
log_mask = <optimized out>
log_file = <optimized out>
trace_file = <optimized out>
maxram_size = <optimized out>
ram_slots = <optimized out>
vmstate_dump_file = <optimized out>
main_loop_err = 0x0
err = 0x0
list_data_dirs = <optimized out>
dirs = <optimized out>
bdo_queue = {sqh_first = 0x0, sqh_last = 0xbffff918}
__func__ = "main"
|