qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
* [Bug 1922391] [NEW] qemu-system-ppc assertion "!mr->container" failed
@ 2021-04-02 20:48 Håvard Eidnes
  2021-04-02 21:00 ` [Bug 1922391] " Håvard Eidnes
                   ` (5 more replies)
  0 siblings, 6 replies; 14+ messages in thread
From: Håvard Eidnes @ 2021-04-02 20:48 UTC (permalink / raw)
  To: qemu-devel

Public bug reported:

Hi,

I'm trying to run the NetBSD/macppc 8.2 installer (which is 32-bit ppc) in qemu-system-ppc
version 5.2.0, and I'm hitting this assertion failure quite a bit into the "unpacking sets" 
part of the installation procedure, unpacking from the install iso image.

Qemu is run on a NetBSD/amd64 9.1 host system.  The stack backtrace from
the core file is

Program terminated with signal SIGABRT, Aborted.
#0  0x000078859a36791a in _lwp_kill () from /usr/lib/libc.so.12
[Current thread is 1 (process 1)]
(gdb) where
#0  0x000078859a36791a in _lwp_kill () from /usr/lib/libc.so.12
#1  0x000078859a3671ca in abort () from /usr/lib/libc.so.12
#2  0x000078859a2a8507 in __assert13 () from /usr/lib/libc.so.12
#3  0x000000015a3c19c0 in memory_region_finalize ()
#4  0x000000015a3fef1c in object_unref ()
#5  0x000000015a3feee6 in object_unref ()
#6  0x000000015a374154 in address_space_unmap ()
#7  0x000000015a276551 in pmac_ide_atapi_transfer_cb ()
#8  0x000000015a150a59 in dma_blk_cb ()
#9  0x000000015a46a1c7 in blk_aio_complete ()
#10 0x000000015a5a617d in coroutine_trampoline ()
#11 0x000078859a264150 in ?? () from /usr/lib/libc.so.12
Backtrace stopped: Cannot access memory at address 0x7884894ff000
(gdb) 

I start qemu with this small script:

---
#!/bin/sh

MEM=3g
qemu-system-ppc \
        -M mac99,via=pmu \
        -m $MEM  \
        -nographic \
        -drive id=hda,format=raw,file=disk.img \
        -L pc-bios \
        -netdev user,id=net0,hostfwd=tcp::2223-:22,ipv6=off \
        -net nic,model=rtl8139,netdev=net0 \
        -boot d \
        -cdrom NetBSD-8.2-macppc.iso
---

and boot the install kernel with "boot cd:ofwboot.xcf".  If someone wants
to replicate this I can provide more detailed instructions to repeat the
procedure I used to start the install.

Any hints about what more to look for?

Regards,

- Håvard

** Affects: qemu
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1922391

Title:
  qemu-system-ppc assertion "!mr->container" failed

Status in QEMU:
  New

Bug description:
  Hi,

  I'm trying to run the NetBSD/macppc 8.2 installer (which is 32-bit ppc) in qemu-system-ppc
  version 5.2.0, and I'm hitting this assertion failure quite a bit into the "unpacking sets" 
  part of the installation procedure, unpacking from the install iso image.

  Qemu is run on a NetBSD/amd64 9.1 host system.  The stack backtrace
  from the core file is

  Program terminated with signal SIGABRT, Aborted.
  #0  0x000078859a36791a in _lwp_kill () from /usr/lib/libc.so.12
  [Current thread is 1 (process 1)]
  (gdb) where
  #0  0x000078859a36791a in _lwp_kill () from /usr/lib/libc.so.12
  #1  0x000078859a3671ca in abort () from /usr/lib/libc.so.12
  #2  0x000078859a2a8507 in __assert13 () from /usr/lib/libc.so.12
  #3  0x000000015a3c19c0 in memory_region_finalize ()
  #4  0x000000015a3fef1c in object_unref ()
  #5  0x000000015a3feee6 in object_unref ()
  #6  0x000000015a374154 in address_space_unmap ()
  #7  0x000000015a276551 in pmac_ide_atapi_transfer_cb ()
  #8  0x000000015a150a59 in dma_blk_cb ()
  #9  0x000000015a46a1c7 in blk_aio_complete ()
  #10 0x000000015a5a617d in coroutine_trampoline ()
  #11 0x000078859a264150 in ?? () from /usr/lib/libc.so.12
  Backtrace stopped: Cannot access memory at address 0x7884894ff000
  (gdb) 

  I start qemu with this small script:

  ---
  #!/bin/sh

  MEM=3g
  qemu-system-ppc \
          -M mac99,via=pmu \
          -m $MEM  \
          -nographic \
          -drive id=hda,format=raw,file=disk.img \
          -L pc-bios \
          -netdev user,id=net0,hostfwd=tcp::2223-:22,ipv6=off \
          -net nic,model=rtl8139,netdev=net0 \
          -boot d \
          -cdrom NetBSD-8.2-macppc.iso
  ---

  and boot the install kernel with "boot cd:ofwboot.xcf".  If someone wants
  to replicate this I can provide more detailed instructions to repeat the
  procedure I used to start the install.

  Any hints about what more to look for?

  Regards,

  - Håvard

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1922391/+subscriptions


^ permalink raw reply	[flat|nested] 14+ messages in thread

* [Bug 1922391] Re: qemu-system-ppc assertion "!mr->container" failed
  2021-04-02 20:48 [Bug 1922391] [NEW] qemu-system-ppc assertion "!mr->container" failed Håvard Eidnes
@ 2021-04-02 21:00 ` Håvard Eidnes
  2021-04-02 21:59 ` Håvard Eidnes
                   ` (4 subsequent siblings)
  5 siblings, 0 replies; 14+ messages in thread
From: Håvard Eidnes @ 2021-04-02 21:00 UTC (permalink / raw)
  To: qemu-devel

** Tags added: ppc

** Description changed:

  Hi,
  
- I'm trying to run the NetBSD/macppc 8.2 installer (which is 32-bit ppc) in qemu-system-ppc
- version 5.2.0, and I'm hitting this assertion failure quite a bit into the "unpacking sets" 
- part of the installation procedure, unpacking from the install iso image.
+ I'm trying to run the NetBSD/macppc 8.2 installer (which is 32-bit ppc) in qemu-system-ppc version 5.2.0, and I'm hitting this assertion failure
+ quite a bit into the "unpacking sets" part of the installation procedure,
+ unpacking from the install iso image.
  
  Qemu is run on a NetBSD/amd64 9.1 host system.  The stack backtrace from
  the core file is
  
  Program terminated with signal SIGABRT, Aborted.
  #0  0x000078859a36791a in _lwp_kill () from /usr/lib/libc.so.12
  [Current thread is 1 (process 1)]
  (gdb) where
  #0  0x000078859a36791a in _lwp_kill () from /usr/lib/libc.so.12
  #1  0x000078859a3671ca in abort () from /usr/lib/libc.so.12
  #2  0x000078859a2a8507 in __assert13 () from /usr/lib/libc.so.12
  #3  0x000000015a3c19c0 in memory_region_finalize ()
  #4  0x000000015a3fef1c in object_unref ()
  #5  0x000000015a3feee6 in object_unref ()
  #6  0x000000015a374154 in address_space_unmap ()
  #7  0x000000015a276551 in pmac_ide_atapi_transfer_cb ()
  #8  0x000000015a150a59 in dma_blk_cb ()
  #9  0x000000015a46a1c7 in blk_aio_complete ()
  #10 0x000000015a5a617d in coroutine_trampoline ()
  #11 0x000078859a264150 in ?? () from /usr/lib/libc.so.12
  Backtrace stopped: Cannot access memory at address 0x7884894ff000
- (gdb) 
+ (gdb)
  
  I start qemu with this small script:
  
  ---
  #!/bin/sh
  
  MEM=3g
  qemu-system-ppc \
-         -M mac99,via=pmu \
-         -m $MEM  \
-         -nographic \
-         -drive id=hda,format=raw,file=disk.img \
-         -L pc-bios \
-         -netdev user,id=net0,hostfwd=tcp::2223-:22,ipv6=off \
-         -net nic,model=rtl8139,netdev=net0 \
-         -boot d \
-         -cdrom NetBSD-8.2-macppc.iso
+         -M mac99,via=pmu \
+         -m $MEM  \
+         -nographic \
+         -drive id=hda,format=raw,file=disk.img \
+         -L pc-bios \
+         -netdev user,id=net0,hostfwd=tcp::2223-:22,ipv6=off \
+         -net nic,model=rtl8139,netdev=net0 \
+         -boot d \
+         -cdrom NetBSD-8.2-macppc.iso
  ---
  
  and boot the install kernel with "boot cd:ofwboot.xcf".  If someone wants
  to replicate this I can provide more detailed instructions to repeat the
  procedure I used to start the install.
  
  Any hints about what more to look for?
  
  Regards,
  
  - Håvard

** Description changed:

  Hi,
  
  I'm trying to run the NetBSD/macppc 8.2 installer (which is 32-bit ppc) in qemu-system-ppc version 5.2.0, and I'm hitting this assertion failure
  quite a bit into the "unpacking sets" part of the installation procedure,
  unpacking from the install iso image.
  
- Qemu is run on a NetBSD/amd64 9.1 host system.  The stack backtrace from
- the core file is
+ Qemu is run on a NetBSD/amd64 9.1 host system.
+ 
+ The asert message from qemu is
+ 
+ assertion "!mr->container" failed: file "../softmmu/memory.c", line
+ 1739, function "memory_region_finalize"
+ 
+ The stack backtrace from the core file is
  
  Program terminated with signal SIGABRT, Aborted.
  #0  0x000078859a36791a in _lwp_kill () from /usr/lib/libc.so.12
  [Current thread is 1 (process 1)]
  (gdb) where
  #0  0x000078859a36791a in _lwp_kill () from /usr/lib/libc.so.12
  #1  0x000078859a3671ca in abort () from /usr/lib/libc.so.12
  #2  0x000078859a2a8507 in __assert13 () from /usr/lib/libc.so.12
  #3  0x000000015a3c19c0 in memory_region_finalize ()
  #4  0x000000015a3fef1c in object_unref ()
  #5  0x000000015a3feee6 in object_unref ()
  #6  0x000000015a374154 in address_space_unmap ()
  #7  0x000000015a276551 in pmac_ide_atapi_transfer_cb ()
  #8  0x000000015a150a59 in dma_blk_cb ()
  #9  0x000000015a46a1c7 in blk_aio_complete ()
  #10 0x000000015a5a617d in coroutine_trampoline ()
  #11 0x000078859a264150 in ?? () from /usr/lib/libc.so.12
  Backtrace stopped: Cannot access memory at address 0x7884894ff000
  (gdb)
  
  I start qemu with this small script:
  
  ---
  #!/bin/sh
  
  MEM=3g
  qemu-system-ppc \
          -M mac99,via=pmu \
          -m $MEM  \
          -nographic \
          -drive id=hda,format=raw,file=disk.img \
          -L pc-bios \
          -netdev user,id=net0,hostfwd=tcp::2223-:22,ipv6=off \
          -net nic,model=rtl8139,netdev=net0 \
          -boot d \
          -cdrom NetBSD-8.2-macppc.iso
  ---
  
  and boot the install kernel with "boot cd:ofwboot.xcf".  If someone wants
  to replicate this I can provide more detailed instructions to repeat the
  procedure I used to start the install.
  
  Any hints about what more to look for?
  
  Regards,
  
  - Håvard

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1922391

Title:
  qemu-system-ppc assertion "!mr->container" failed

Status in QEMU:
  New

Bug description:
  Hi,

  I'm trying to run the NetBSD/macppc 8.2 installer (which is 32-bit ppc) in qemu-system-ppc version 5.2.0, and I'm hitting this assertion failure
  quite a bit into the "unpacking sets" part of the installation procedure,
  unpacking from the install iso image.

  Qemu is run on a NetBSD/amd64 9.1 host system.

  The asert message from qemu is

  assertion "!mr->container" failed: file "../softmmu/memory.c", line
  1739, function "memory_region_finalize"

  The stack backtrace from the core file is

  Program terminated with signal SIGABRT, Aborted.
  #0  0x000078859a36791a in _lwp_kill () from /usr/lib/libc.so.12
  [Current thread is 1 (process 1)]
  (gdb) where
  #0  0x000078859a36791a in _lwp_kill () from /usr/lib/libc.so.12
  #1  0x000078859a3671ca in abort () from /usr/lib/libc.so.12
  #2  0x000078859a2a8507 in __assert13 () from /usr/lib/libc.so.12
  #3  0x000000015a3c19c0 in memory_region_finalize ()
  #4  0x000000015a3fef1c in object_unref ()
  #5  0x000000015a3feee6 in object_unref ()
  #6  0x000000015a374154 in address_space_unmap ()
  #7  0x000000015a276551 in pmac_ide_atapi_transfer_cb ()
  #8  0x000000015a150a59 in dma_blk_cb ()
  #9  0x000000015a46a1c7 in blk_aio_complete ()
  #10 0x000000015a5a617d in coroutine_trampoline ()
  #11 0x000078859a264150 in ?? () from /usr/lib/libc.so.12
  Backtrace stopped: Cannot access memory at address 0x7884894ff000
  (gdb)

  I start qemu with this small script:

  ---
  #!/bin/sh

  MEM=3g
  qemu-system-ppc \
          -M mac99,via=pmu \
          -m $MEM  \
          -nographic \
          -drive id=hda,format=raw,file=disk.img \
          -L pc-bios \
          -netdev user,id=net0,hostfwd=tcp::2223-:22,ipv6=off \
          -net nic,model=rtl8139,netdev=net0 \
          -boot d \
          -cdrom NetBSD-8.2-macppc.iso
  ---

  and boot the install kernel with "boot cd:ofwboot.xcf".  If someone wants
  to replicate this I can provide more detailed instructions to repeat the
  procedure I used to start the install.

  Any hints about what more to look for?

  Regards,

  - Håvard

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1922391/+subscriptions


^ permalink raw reply	[flat|nested] 14+ messages in thread

* [Bug 1922391] Re: qemu-system-ppc assertion "!mr->container" failed
  2021-04-02 20:48 [Bug 1922391] [NEW] qemu-system-ppc assertion "!mr->container" failed Håvard Eidnes
  2021-04-02 21:00 ` [Bug 1922391] " Håvard Eidnes
@ 2021-04-02 21:59 ` Håvard Eidnes
  2021-04-05 19:40 ` Håvard Eidnes
                   ` (3 subsequent siblings)
  5 siblings, 0 replies; 14+ messages in thread
From: Håvard Eidnes @ 2021-04-02 21:59 UTC (permalink / raw)
  To: qemu-devel

** Description changed:

  Hi,
  
  I'm trying to run the NetBSD/macppc 8.2 installer (which is 32-bit ppc) in qemu-system-ppc version 5.2.0, and I'm hitting this assertion failure
  quite a bit into the "unpacking sets" part of the installation procedure,
  unpacking from the install iso image.
  
  Qemu is run on a NetBSD/amd64 9.1 host system.
  
  The asert message from qemu is
  
  assertion "!mr->container" failed: file "../softmmu/memory.c", line
  1739, function "memory_region_finalize"
  
- The stack backtrace from the core file is
+ The stack backtrace from the core file (when built with debug symbols)
+ is
  
+ Core was generated by `qemu-system-ppc'.
  Program terminated with signal SIGABRT, Aborted.
- #0  0x000078859a36791a in _lwp_kill () from /usr/lib/libc.so.12
+ #0  0x00007a8f2596791a in _lwp_kill () from /usr/lib/libc.so.12
  [Current thread is 1 (process 1)]
  (gdb) where
- #0  0x000078859a36791a in _lwp_kill () from /usr/lib/libc.so.12
- #1  0x000078859a3671ca in abort () from /usr/lib/libc.so.12
- #2  0x000078859a2a8507 in __assert13 () from /usr/lib/libc.so.12
- #3  0x000000015a3c19c0 in memory_region_finalize ()
- #4  0x000000015a3fef1c in object_unref ()
- #5  0x000000015a3feee6 in object_unref ()
- #6  0x000000015a374154 in address_space_unmap ()
- #7  0x000000015a276551 in pmac_ide_atapi_transfer_cb ()
- #8  0x000000015a150a59 in dma_blk_cb ()
- #9  0x000000015a46a1c7 in blk_aio_complete ()
- #10 0x000000015a5a617d in coroutine_trampoline ()
- #11 0x000078859a264150 in ?? () from /usr/lib/libc.so.12
- Backtrace stopped: Cannot access memory at address 0x7884894ff000
- (gdb)
+ #0  0x00007a8f2596791a in _lwp_kill () from /usr/lib/libc.so.12
+ #1  0x00007a8f259671ca in abort () from /usr/lib/libc.so.12
+ #2  0x00007a8f258a8507 in __assert13 () from /usr/lib/libc.so.12
+ #3  0x000000003e79d8a0 in memory_region_finalize (obj=<optimized out>)
+     at ../softmmu/memory.c:1739
+ #4  0x000000003e87aacc in object_deinit (type=0x7a8f2c280780, 
+     obj=<optimized out>) at ../qom/object.c:671
+ #5  object_finalize (data=0x7a8f2b62baa0) at ../qom/object.c:685
+ #6  object_unref (objptr=0x7a8f2b62baa0) at ../qom/object.c:1183
+ #7  0x000000003e87aa96 in object_property_del_all (obj=0x7a8f2b629000)
+     at ../qom/object.c:623
+ #8  object_finalize (data=0x7a8f2b629000) at ../qom/object.c:684
+ #9  object_unref (objptr=0x7a8f2b629000) at ../qom/object.c:1183
+ #10 0x000000003e79ab6b in memory_region_unref (mr=<optimized out>)
+     at ../softmmu/memory.c:1787
+ #11 0x000000003e7d8eb4 in address_space_unmap (
+     as=as@entry=0x3f4731a0 <address_space_memory>, buffer=<optimized out>, 
+     len=<optimized out>, is_write=<optimized out>, access_len=<optimized out>)
+     at ../softmmu/physmem.c:3222
+ #12 0x000000003e66389a in dma_memory_unmap (access_len=<optimized out>, 
+     dir=<optimized out>, len=<optimized out>, buffer=<optimized out>, 
+     as=<optimized out>)
+     at /usr/pkgsrc/emulators/qemu/work/qemu-5.2.0/include/sysemu/dma.h:145
+ #13 pmac_ide_atapi_transfer_cb (opaque=0x7a8f2ab4aef0, ret=<optimized out>)
+     at ../hw/ide/macio.c:122
+ #14 0x000000003e5b22a0 in dma_complete (ret=0, dbs=0x7a8f2bb4d380)
+     at ../softmmu/dma-helpers.c:120
+ #15 dma_blk_cb (opaque=0x7a8f2bb4d380, ret=0) at ../softmmu/dma-helpers.c:138
+ #16 0x000000003e864ef7 in blk_aio_complete (acb=0x7a8f2af2be90)
+     at ../block/block-backend.c:1412
+ #17 0x000000003e9a9be1 in coroutine_trampoline (i0=<optimized out>, 
+     i1=<optimized out>) at ../util/coroutine-ucontext.c:173
+ #18 0x00007a8f25864150 in ?? () from /usr/lib/libc.so.12
+ Backtrace stopped: Cannot access memory at address 0x7a8e137ec000
+ (gdb) 
+ 
  
  I start qemu with this small script:
  
  ---
  #!/bin/sh
  
  MEM=3g
  qemu-system-ppc \
          -M mac99,via=pmu \
          -m $MEM  \
          -nographic \
          -drive id=hda,format=raw,file=disk.img \
          -L pc-bios \
          -netdev user,id=net0,hostfwd=tcp::2223-:22,ipv6=off \
          -net nic,model=rtl8139,netdev=net0 \
          -boot d \
          -cdrom NetBSD-8.2-macppc.iso
  ---
  
  and boot the install kernel with "boot cd:ofwboot.xcf".  If someone wants
  to replicate this I can provide more detailed instructions to repeat the
  procedure I used to start the install.
  
  Any hints about what more to look for?
  
  Regards,
  
  - Håvard

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1922391

Title:
  qemu-system-ppc assertion "!mr->container" failed

Status in QEMU:
  New

Bug description:
  Hi,

  I'm trying to run the NetBSD/macppc 8.2 installer (which is 32-bit ppc) in qemu-system-ppc version 5.2.0, and I'm hitting this assertion failure
  quite a bit into the "unpacking sets" part of the installation procedure,
  unpacking from the install iso image.

  Qemu is run on a NetBSD/amd64 9.1 host system.

  The asert message from qemu is

  assertion "!mr->container" failed: file "../softmmu/memory.c", line
  1739, function "memory_region_finalize"

  The stack backtrace from the core file (when built with debug symbols)
  is

  Core was generated by `qemu-system-ppc'.
  Program terminated with signal SIGABRT, Aborted.
  #0  0x00007a8f2596791a in _lwp_kill () from /usr/lib/libc.so.12
  [Current thread is 1 (process 1)]
  (gdb) where
  #0  0x00007a8f2596791a in _lwp_kill () from /usr/lib/libc.so.12
  #1  0x00007a8f259671ca in abort () from /usr/lib/libc.so.12
  #2  0x00007a8f258a8507 in __assert13 () from /usr/lib/libc.so.12
  #3  0x000000003e79d8a0 in memory_region_finalize (obj=<optimized out>)
      at ../softmmu/memory.c:1739
  #4  0x000000003e87aacc in object_deinit (type=0x7a8f2c280780, 
      obj=<optimized out>) at ../qom/object.c:671
  #5  object_finalize (data=0x7a8f2b62baa0) at ../qom/object.c:685
  #6  object_unref (objptr=0x7a8f2b62baa0) at ../qom/object.c:1183
  #7  0x000000003e87aa96 in object_property_del_all (obj=0x7a8f2b629000)
      at ../qom/object.c:623
  #8  object_finalize (data=0x7a8f2b629000) at ../qom/object.c:684
  #9  object_unref (objptr=0x7a8f2b629000) at ../qom/object.c:1183
  #10 0x000000003e79ab6b in memory_region_unref (mr=<optimized out>)
      at ../softmmu/memory.c:1787
  #11 0x000000003e7d8eb4 in address_space_unmap (
      as=as@entry=0x3f4731a0 <address_space_memory>, buffer=<optimized out>, 
      len=<optimized out>, is_write=<optimized out>, access_len=<optimized out>)
      at ../softmmu/physmem.c:3222
  #12 0x000000003e66389a in dma_memory_unmap (access_len=<optimized out>, 
      dir=<optimized out>, len=<optimized out>, buffer=<optimized out>, 
      as=<optimized out>)
      at /usr/pkgsrc/emulators/qemu/work/qemu-5.2.0/include/sysemu/dma.h:145
  #13 pmac_ide_atapi_transfer_cb (opaque=0x7a8f2ab4aef0, ret=<optimized out>)
      at ../hw/ide/macio.c:122
  #14 0x000000003e5b22a0 in dma_complete (ret=0, dbs=0x7a8f2bb4d380)
      at ../softmmu/dma-helpers.c:120
  #15 dma_blk_cb (opaque=0x7a8f2bb4d380, ret=0) at ../softmmu/dma-helpers.c:138
  #16 0x000000003e864ef7 in blk_aio_complete (acb=0x7a8f2af2be90)
      at ../block/block-backend.c:1412
  #17 0x000000003e9a9be1 in coroutine_trampoline (i0=<optimized out>, 
      i1=<optimized out>) at ../util/coroutine-ucontext.c:173
  #18 0x00007a8f25864150 in ?? () from /usr/lib/libc.so.12
  Backtrace stopped: Cannot access memory at address 0x7a8e137ec000
  (gdb) 

  
  I start qemu with this small script:

  ---
  #!/bin/sh

  MEM=3g
  qemu-system-ppc \
          -M mac99,via=pmu \
          -m $MEM  \
          -nographic \
          -drive id=hda,format=raw,file=disk.img \
          -L pc-bios \
          -netdev user,id=net0,hostfwd=tcp::2223-:22,ipv6=off \
          -net nic,model=rtl8139,netdev=net0 \
          -boot d \
          -cdrom NetBSD-8.2-macppc.iso
  ---

  and boot the install kernel with "boot cd:ofwboot.xcf".  If someone wants
  to replicate this I can provide more detailed instructions to repeat the
  procedure I used to start the install.

  Any hints about what more to look for?

  Regards,

  - Håvard

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1922391/+subscriptions


^ permalink raw reply	[flat|nested] 14+ messages in thread

* [Bug 1922391] Re: qemu-system-ppc assertion "!mr->container" failed
  2021-04-02 20:48 [Bug 1922391] [NEW] qemu-system-ppc assertion "!mr->container" failed Håvard Eidnes
  2021-04-02 21:00 ` [Bug 1922391] " Håvard Eidnes
  2021-04-02 21:59 ` Håvard Eidnes
@ 2021-04-05 19:40 ` Håvard Eidnes
  2021-04-06  7:39 ` Philippe Mathieu-Daudé
                   ` (2 subsequent siblings)
  5 siblings, 0 replies; 14+ messages in thread
From: Håvard Eidnes @ 2021-04-05 19:40 UTC (permalink / raw)
  To: qemu-devel

Hmm,

it seems I need to retract this bug.  It turns out that the 32-bit macppc port
of NetBSD only supports a maximum of 2GB of memory.  As a NetBSD developer said it:

> The physical memory map on G4 Macs doesn't have room for more than 2G
of RAM.

So, I've set the status of this bug report to "Invalid", as that seemed to be the
best fit.

Regards,

- Håvard


** Changed in: qemu
       Status: New => Invalid

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1922391

Title:
  qemu-system-ppc assertion "!mr->container" failed

Status in QEMU:
  Invalid

Bug description:
  Hi,

  I'm trying to run the NetBSD/macppc 8.2 installer (which is 32-bit ppc) in qemu-system-ppc version 5.2.0, and I'm hitting this assertion failure
  quite a bit into the "unpacking sets" part of the installation procedure,
  unpacking from the install iso image.

  Qemu is run on a NetBSD/amd64 9.1 host system.

  The asert message from qemu is

  assertion "!mr->container" failed: file "../softmmu/memory.c", line
  1739, function "memory_region_finalize"

  The stack backtrace from the core file (when built with debug symbols)
  is

  Core was generated by `qemu-system-ppc'.
  Program terminated with signal SIGABRT, Aborted.
  #0  0x00007a8f2596791a in _lwp_kill () from /usr/lib/libc.so.12
  [Current thread is 1 (process 1)]
  (gdb) where
  #0  0x00007a8f2596791a in _lwp_kill () from /usr/lib/libc.so.12
  #1  0x00007a8f259671ca in abort () from /usr/lib/libc.so.12
  #2  0x00007a8f258a8507 in __assert13 () from /usr/lib/libc.so.12
  #3  0x000000003e79d8a0 in memory_region_finalize (obj=<optimized out>)
      at ../softmmu/memory.c:1739
  #4  0x000000003e87aacc in object_deinit (type=0x7a8f2c280780, 
      obj=<optimized out>) at ../qom/object.c:671
  #5  object_finalize (data=0x7a8f2b62baa0) at ../qom/object.c:685
  #6  object_unref (objptr=0x7a8f2b62baa0) at ../qom/object.c:1183
  #7  0x000000003e87aa96 in object_property_del_all (obj=0x7a8f2b629000)
      at ../qom/object.c:623
  #8  object_finalize (data=0x7a8f2b629000) at ../qom/object.c:684
  #9  object_unref (objptr=0x7a8f2b629000) at ../qom/object.c:1183
  #10 0x000000003e79ab6b in memory_region_unref (mr=<optimized out>)
      at ../softmmu/memory.c:1787
  #11 0x000000003e7d8eb4 in address_space_unmap (
      as=as@entry=0x3f4731a0 <address_space_memory>, buffer=<optimized out>, 
      len=<optimized out>, is_write=<optimized out>, access_len=<optimized out>)
      at ../softmmu/physmem.c:3222
  #12 0x000000003e66389a in dma_memory_unmap (access_len=<optimized out>, 
      dir=<optimized out>, len=<optimized out>, buffer=<optimized out>, 
      as=<optimized out>)
      at /usr/pkgsrc/emulators/qemu/work/qemu-5.2.0/include/sysemu/dma.h:145
  #13 pmac_ide_atapi_transfer_cb (opaque=0x7a8f2ab4aef0, ret=<optimized out>)
      at ../hw/ide/macio.c:122
  #14 0x000000003e5b22a0 in dma_complete (ret=0, dbs=0x7a8f2bb4d380)
      at ../softmmu/dma-helpers.c:120
  #15 dma_blk_cb (opaque=0x7a8f2bb4d380, ret=0) at ../softmmu/dma-helpers.c:138
  #16 0x000000003e864ef7 in blk_aio_complete (acb=0x7a8f2af2be90)
      at ../block/block-backend.c:1412
  #17 0x000000003e9a9be1 in coroutine_trampoline (i0=<optimized out>, 
      i1=<optimized out>) at ../util/coroutine-ucontext.c:173
  #18 0x00007a8f25864150 in ?? () from /usr/lib/libc.so.12
  Backtrace stopped: Cannot access memory at address 0x7a8e137ec000
  (gdb) 

  
  I start qemu with this small script:

  ---
  #!/bin/sh

  MEM=3g
  qemu-system-ppc \
          -M mac99,via=pmu \
          -m $MEM  \
          -nographic \
          -drive id=hda,format=raw,file=disk.img \
          -L pc-bios \
          -netdev user,id=net0,hostfwd=tcp::2223-:22,ipv6=off \
          -net nic,model=rtl8139,netdev=net0 \
          -boot d \
          -cdrom NetBSD-8.2-macppc.iso
  ---

  and boot the install kernel with "boot cd:ofwboot.xcf".  If someone wants
  to replicate this I can provide more detailed instructions to repeat the
  procedure I used to start the install.

  Any hints about what more to look for?

  Regards,

  - Håvard

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1922391/+subscriptions


^ permalink raw reply	[flat|nested] 14+ messages in thread

* [Bug 1922391] Re: qemu-system-ppc assertion "!mr->container" failed
  2021-04-02 20:48 [Bug 1922391] [NEW] qemu-system-ppc assertion "!mr->container" failed Håvard Eidnes
                   ` (2 preceding siblings ...)
  2021-04-05 19:40 ` Håvard Eidnes
@ 2021-04-06  7:39 ` Philippe Mathieu-Daudé
  2021-04-06 10:14 ` Philippe Mathieu-Daudé
  2021-05-15 10:25 ` Thomas Huth
  5 siblings, 0 replies; 14+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-04-06  7:39 UTC (permalink / raw)
  To: qemu-devel

If the machine can not support more than 2GB, QEMU should report an error when the user tries to assign too many memory, not crash and let it figure out.
Setting the bug status to confirmed.

** Changed in: qemu
       Status: Invalid => Confirmed

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1922391

Title:
  qemu-system-ppc assertion "!mr->container" failed

Status in QEMU:
  Confirmed

Bug description:
  Hi,

  I'm trying to run the NetBSD/macppc 8.2 installer (which is 32-bit ppc) in qemu-system-ppc version 5.2.0, and I'm hitting this assertion failure
  quite a bit into the "unpacking sets" part of the installation procedure,
  unpacking from the install iso image.

  Qemu is run on a NetBSD/amd64 9.1 host system.

  The asert message from qemu is

  assertion "!mr->container" failed: file "../softmmu/memory.c", line
  1739, function "memory_region_finalize"

  The stack backtrace from the core file (when built with debug symbols)
  is

  Core was generated by `qemu-system-ppc'.
  Program terminated with signal SIGABRT, Aborted.
  #0  0x00007a8f2596791a in _lwp_kill () from /usr/lib/libc.so.12
  [Current thread is 1 (process 1)]
  (gdb) where
  #0  0x00007a8f2596791a in _lwp_kill () from /usr/lib/libc.so.12
  #1  0x00007a8f259671ca in abort () from /usr/lib/libc.so.12
  #2  0x00007a8f258a8507 in __assert13 () from /usr/lib/libc.so.12
  #3  0x000000003e79d8a0 in memory_region_finalize (obj=<optimized out>)
      at ../softmmu/memory.c:1739
  #4  0x000000003e87aacc in object_deinit (type=0x7a8f2c280780, 
      obj=<optimized out>) at ../qom/object.c:671
  #5  object_finalize (data=0x7a8f2b62baa0) at ../qom/object.c:685
  #6  object_unref (objptr=0x7a8f2b62baa0) at ../qom/object.c:1183
  #7  0x000000003e87aa96 in object_property_del_all (obj=0x7a8f2b629000)
      at ../qom/object.c:623
  #8  object_finalize (data=0x7a8f2b629000) at ../qom/object.c:684
  #9  object_unref (objptr=0x7a8f2b629000) at ../qom/object.c:1183
  #10 0x000000003e79ab6b in memory_region_unref (mr=<optimized out>)
      at ../softmmu/memory.c:1787
  #11 0x000000003e7d8eb4 in address_space_unmap (
      as=as@entry=0x3f4731a0 <address_space_memory>, buffer=<optimized out>, 
      len=<optimized out>, is_write=<optimized out>, access_len=<optimized out>)
      at ../softmmu/physmem.c:3222
  #12 0x000000003e66389a in dma_memory_unmap (access_len=<optimized out>, 
      dir=<optimized out>, len=<optimized out>, buffer=<optimized out>, 
      as=<optimized out>)
      at /usr/pkgsrc/emulators/qemu/work/qemu-5.2.0/include/sysemu/dma.h:145
  #13 pmac_ide_atapi_transfer_cb (opaque=0x7a8f2ab4aef0, ret=<optimized out>)
      at ../hw/ide/macio.c:122
  #14 0x000000003e5b22a0 in dma_complete (ret=0, dbs=0x7a8f2bb4d380)
      at ../softmmu/dma-helpers.c:120
  #15 dma_blk_cb (opaque=0x7a8f2bb4d380, ret=0) at ../softmmu/dma-helpers.c:138
  #16 0x000000003e864ef7 in blk_aio_complete (acb=0x7a8f2af2be90)
      at ../block/block-backend.c:1412
  #17 0x000000003e9a9be1 in coroutine_trampoline (i0=<optimized out>, 
      i1=<optimized out>) at ../util/coroutine-ucontext.c:173
  #18 0x00007a8f25864150 in ?? () from /usr/lib/libc.so.12
  Backtrace stopped: Cannot access memory at address 0x7a8e137ec000
  (gdb) 

  
  I start qemu with this small script:

  ---
  #!/bin/sh

  MEM=3g
  qemu-system-ppc \
          -M mac99,via=pmu \
          -m $MEM  \
          -nographic \
          -drive id=hda,format=raw,file=disk.img \
          -L pc-bios \
          -netdev user,id=net0,hostfwd=tcp::2223-:22,ipv6=off \
          -net nic,model=rtl8139,netdev=net0 \
          -boot d \
          -cdrom NetBSD-8.2-macppc.iso
  ---

  and boot the install kernel with "boot cd:ofwboot.xcf".  If someone wants
  to replicate this I can provide more detailed instructions to repeat the
  procedure I used to start the install.

  Any hints about what more to look for?

  Regards,

  - Håvard

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1922391/+subscriptions


^ permalink raw reply	[flat|nested] 14+ messages in thread

* [PATCH-for-6.0] hw/ppc/mac_newworld: Restrict RAM to 2 GiB
@ 2021-04-06  8:48 Philippe Mathieu-Daudé
  2021-04-06 10:38 ` BALATON Zoltan
                   ` (2 more replies)
  0 siblings, 3 replies; 14+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-04-06  8:48 UTC (permalink / raw)
  To: qemu-devel
  Cc: Mark Cave-Ayland, Philippe Mathieu-Daudé,
	Greg Kurz, qemu-ppc, Igor Mammedov, Håvard Eidnes,
	David Gibson

On Mac99 and newer machines, the Uninorth PCI host bridge maps
the PCI hole region at 2GiB, so the RAM area beside 2GiB is not
accessible by the CPU. Restrict the memory to 2GiB to avoid
problems such the one reported in the buglink.

Buglink: https://bugs.launchpad.net/qemu/+bug/1922391
Reported-by: Håvard Eidnes <he@NetBSD.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
---
 hw/ppc/mac_newworld.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
index 21759628466..d88b38e9258 100644
--- a/hw/ppc/mac_newworld.c
+++ b/hw/ppc/mac_newworld.c
@@ -157,6 +157,10 @@ static void ppc_core99_init(MachineState *machine)
     }
 
     /* allocate RAM */
+    if (machine->ram_size > 2 * GiB) {
+        error_report("RAM size more than 2 GiB is not supported");
+        exit(1);
+    }
     memory_region_add_subregion(get_system_memory(), 0, machine->ram);
 
     /* allocate and load firmware ROM */
-- 
2.26.3



^ permalink raw reply	[flat|nested] 14+ messages in thread

* [Bug 1922391] Re: qemu-system-ppc assertion "!mr->container" failed
  2021-04-02 20:48 [Bug 1922391] [NEW] qemu-system-ppc assertion "!mr->container" failed Håvard Eidnes
                   ` (3 preceding siblings ...)
  2021-04-06  7:39 ` Philippe Mathieu-Daudé
@ 2021-04-06 10:14 ` Philippe Mathieu-Daudé
  2021-05-15 10:25 ` Thomas Huth
  5 siblings, 0 replies; 14+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-04-06 10:14 UTC (permalink / raw)
  To: qemu-devel

Proposed fix:
https://lists.gnu.org/archive/html/qemu-devel/2021-04/msg00570.html

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1922391

Title:
  qemu-system-ppc assertion "!mr->container" failed

Status in QEMU:
  Confirmed

Bug description:
  Hi,

  I'm trying to run the NetBSD/macppc 8.2 installer (which is 32-bit ppc) in qemu-system-ppc version 5.2.0, and I'm hitting this assertion failure
  quite a bit into the "unpacking sets" part of the installation procedure,
  unpacking from the install iso image.

  Qemu is run on a NetBSD/amd64 9.1 host system.

  The asert message from qemu is

  assertion "!mr->container" failed: file "../softmmu/memory.c", line
  1739, function "memory_region_finalize"

  The stack backtrace from the core file (when built with debug symbols)
  is

  Core was generated by `qemu-system-ppc'.
  Program terminated with signal SIGABRT, Aborted.
  #0  0x00007a8f2596791a in _lwp_kill () from /usr/lib/libc.so.12
  [Current thread is 1 (process 1)]
  (gdb) where
  #0  0x00007a8f2596791a in _lwp_kill () from /usr/lib/libc.so.12
  #1  0x00007a8f259671ca in abort () from /usr/lib/libc.so.12
  #2  0x00007a8f258a8507 in __assert13 () from /usr/lib/libc.so.12
  #3  0x000000003e79d8a0 in memory_region_finalize (obj=<optimized out>)
      at ../softmmu/memory.c:1739
  #4  0x000000003e87aacc in object_deinit (type=0x7a8f2c280780, 
      obj=<optimized out>) at ../qom/object.c:671
  #5  object_finalize (data=0x7a8f2b62baa0) at ../qom/object.c:685
  #6  object_unref (objptr=0x7a8f2b62baa0) at ../qom/object.c:1183
  #7  0x000000003e87aa96 in object_property_del_all (obj=0x7a8f2b629000)
      at ../qom/object.c:623
  #8  object_finalize (data=0x7a8f2b629000) at ../qom/object.c:684
  #9  object_unref (objptr=0x7a8f2b629000) at ../qom/object.c:1183
  #10 0x000000003e79ab6b in memory_region_unref (mr=<optimized out>)
      at ../softmmu/memory.c:1787
  #11 0x000000003e7d8eb4 in address_space_unmap (
      as=as@entry=0x3f4731a0 <address_space_memory>, buffer=<optimized out>, 
      len=<optimized out>, is_write=<optimized out>, access_len=<optimized out>)
      at ../softmmu/physmem.c:3222
  #12 0x000000003e66389a in dma_memory_unmap (access_len=<optimized out>, 
      dir=<optimized out>, len=<optimized out>, buffer=<optimized out>, 
      as=<optimized out>)
      at /usr/pkgsrc/emulators/qemu/work/qemu-5.2.0/include/sysemu/dma.h:145
  #13 pmac_ide_atapi_transfer_cb (opaque=0x7a8f2ab4aef0, ret=<optimized out>)
      at ../hw/ide/macio.c:122
  #14 0x000000003e5b22a0 in dma_complete (ret=0, dbs=0x7a8f2bb4d380)
      at ../softmmu/dma-helpers.c:120
  #15 dma_blk_cb (opaque=0x7a8f2bb4d380, ret=0) at ../softmmu/dma-helpers.c:138
  #16 0x000000003e864ef7 in blk_aio_complete (acb=0x7a8f2af2be90)
      at ../block/block-backend.c:1412
  #17 0x000000003e9a9be1 in coroutine_trampoline (i0=<optimized out>, 
      i1=<optimized out>) at ../util/coroutine-ucontext.c:173
  #18 0x00007a8f25864150 in ?? () from /usr/lib/libc.so.12
  Backtrace stopped: Cannot access memory at address 0x7a8e137ec000
  (gdb) 

  
  I start qemu with this small script:

  ---
  #!/bin/sh

  MEM=3g
  qemu-system-ppc \
          -M mac99,via=pmu \
          -m $MEM  \
          -nographic \
          -drive id=hda,format=raw,file=disk.img \
          -L pc-bios \
          -netdev user,id=net0,hostfwd=tcp::2223-:22,ipv6=off \
          -net nic,model=rtl8139,netdev=net0 \
          -boot d \
          -cdrom NetBSD-8.2-macppc.iso
  ---

  and boot the install kernel with "boot cd:ofwboot.xcf".  If someone wants
  to replicate this I can provide more detailed instructions to repeat the
  procedure I used to start the install.

  Any hints about what more to look for?

  Regards,

  - Håvard

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1922391/+subscriptions


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [PATCH-for-6.0] hw/ppc/mac_newworld: Restrict RAM to 2 GiB
  2021-04-06  8:48 [PATCH-for-6.0] hw/ppc/mac_newworld: Restrict RAM to 2 GiB Philippe Mathieu-Daudé
@ 2021-04-06 10:38 ` BALATON Zoltan
  2021-04-07 13:11 ` Mark Cave-Ayland
  2021-04-08  2:33 ` David Gibson
  2 siblings, 0 replies; 14+ messages in thread
From: BALATON Zoltan @ 2021-04-06 10:38 UTC (permalink / raw)
  To: Philippe Mathieu-Daudé
  Cc: qemu-devel, Greg Kurz, qemu-ppc, Igor Mammedov,
	Håvard Eidnes, David Gibson

[-- Attachment #1: Type: text/plain, Size: 1112 bytes --]

On Tue, 6 Apr 2021, Philippe Mathieu-Daudé wrote:
> On Mac99 and newer machines, the Uninorth PCI host bridge maps
> the PCI hole region at 2GiB, so the RAM area beside 2GiB is not
> accessible by the CPU. Restrict the memory to 2GiB to avoid
> problems such the one reported in the buglink.
>
> Buglink: https://bugs.launchpad.net/qemu/+bug/1922391
> Reported-by: Håvard Eidnes <he@NetBSD.org>
> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>

> ---
> hw/ppc/mac_newworld.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
> index 21759628466..d88b38e9258 100644
> --- a/hw/ppc/mac_newworld.c
> +++ b/hw/ppc/mac_newworld.c
> @@ -157,6 +157,10 @@ static void ppc_core99_init(MachineState *machine)
>     }
>
>     /* allocate RAM */
> +    if (machine->ram_size > 2 * GiB) {
> +        error_report("RAM size more than 2 GiB is not supported");
> +        exit(1);
> +    }
>     memory_region_add_subregion(get_system_memory(), 0, machine->ram);
>
>     /* allocate and load firmware ROM */
>

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [PATCH-for-6.0] hw/ppc/mac_newworld: Restrict RAM to 2 GiB
  2021-04-06  8:48 [PATCH-for-6.0] hw/ppc/mac_newworld: Restrict RAM to 2 GiB Philippe Mathieu-Daudé
  2021-04-06 10:38 ` BALATON Zoltan
@ 2021-04-07 13:11 ` Mark Cave-Ayland
  2021-04-07 13:44   ` Philippe Mathieu-Daudé
  2021-04-08  2:33 ` David Gibson
  2 siblings, 1 reply; 14+ messages in thread
From: Mark Cave-Ayland @ 2021-04-07 13:11 UTC (permalink / raw)
  To: Philippe Mathieu-Daudé, qemu-devel
  Cc: Igor Mammedov, qemu-ppc, Greg Kurz, Håvard Eidnes, David Gibson

On 06/04/2021 09:48, Philippe Mathieu-Daudé wrote:

> On Mac99 and newer machines, the Uninorth PCI host bridge maps
> the PCI hole region at 2GiB, so the RAM area beside 2GiB is not
> accessible by the CPU. Restrict the memory to 2GiB to avoid
> problems such the one reported in the buglink.
> 
> Buglink: https://bugs.launchpad.net/qemu/+bug/1922391
> Reported-by: Håvard Eidnes <he@NetBSD.org>
> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> ---
>   hw/ppc/mac_newworld.c | 4 ++++
>   1 file changed, 4 insertions(+)
> 
> diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
> index 21759628466..d88b38e9258 100644
> --- a/hw/ppc/mac_newworld.c
> +++ b/hw/ppc/mac_newworld.c
> @@ -157,6 +157,10 @@ static void ppc_core99_init(MachineState *machine)
>       }
>   
>       /* allocate RAM */
> +    if (machine->ram_size > 2 * GiB) {
> +        error_report("RAM size more than 2 GiB is not supported");
> +        exit(1);
> +    }
>       memory_region_add_subregion(get_system_memory(), 0, machine->ram);
>   
>       /* allocate and load firmware ROM */

I think the patch is correct, however I'm fairly sure that the default g3beige 
machine also has the PCI hole located at 0x80000000 so the same problem exists there too.

Also are you keen to get this merged for 6.0? It doesn't seem to solve a security 
issue/release blocker and I'm sure the current behaviour has been like this for a 
long time...


ATB,

Mark.


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [PATCH-for-6.0] hw/ppc/mac_newworld: Restrict RAM to 2 GiB
  2021-04-07 13:11 ` Mark Cave-Ayland
@ 2021-04-07 13:44   ` Philippe Mathieu-Daudé
  2021-04-07 13:44     ` [Bug 1922391] " Philippe Mathieu-Daudé
  2021-04-08  2:34     ` David Gibson
  0 siblings, 2 replies; 14+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-04-07 13:44 UTC (permalink / raw)
  To: Mark Cave-Ayland, qemu-devel
  Cc: Greg Kurz, qemu-ppc, 1922391, Igor Mammedov, Håvard Eidnes,
	David Gibson

On 4/7/21 3:11 PM, Mark Cave-Ayland wrote:
> On 06/04/2021 09:48, Philippe Mathieu-Daudé wrote:
> 
>> On Mac99 and newer machines, the Uninorth PCI host bridge maps
>> the PCI hole region at 2GiB, so the RAM area beside 2GiB is not
>> accessible by the CPU. Restrict the memory to 2GiB to avoid
>> problems such the one reported in the buglink.
>>
>> Buglink: https://bugs.launchpad.net/qemu/+bug/1922391
>> Reported-by: Håvard Eidnes <he@NetBSD.org>
>> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
>> ---
>>   hw/ppc/mac_newworld.c | 4 ++++
>>   1 file changed, 4 insertions(+)
>>
>> diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
>> index 21759628466..d88b38e9258 100644
>> --- a/hw/ppc/mac_newworld.c
>> +++ b/hw/ppc/mac_newworld.c
>> @@ -157,6 +157,10 @@ static void ppc_core99_init(MachineState *machine)
>>       }
>>         /* allocate RAM */
>> +    if (machine->ram_size > 2 * GiB) {
>> +        error_report("RAM size more than 2 GiB is not supported");
>> +        exit(1);
>> +    }
>>       memory_region_add_subregion(get_system_memory(), 0, machine->ram);
>>         /* allocate and load firmware ROM */
> 
> I think the patch is correct, however I'm fairly sure that the default
> g3beige machine also has the PCI hole located at 0x80000000 so the same
> problem exists there too.
> 
> Also are you keen to get this merged for 6.0? It doesn't seem to solve a
> security issue/release blocker and I'm sure the current behaviour has
> been like this for a long time...

No problem. I wanted to revisit this bug anyway, I realized during the
night, while this patch makes QEMU exit cleanly, it hides the bug which
is likely in TYPE_MACIO_IDE (I haven't tried Håvard's full reproducer).

Regards,

Phil.


^ permalink raw reply	[flat|nested] 14+ messages in thread

* [Bug 1922391] Re: [PATCH-for-6.0] hw/ppc/mac_newworld: Restrict RAM to 2 GiB
  2021-04-07 13:44   ` Philippe Mathieu-Daudé
@ 2021-04-07 13:44     ` Philippe Mathieu-Daudé
  2021-04-08  2:34     ` David Gibson
  1 sibling, 0 replies; 14+ messages in thread
From: Philippe Mathieu-Daudé @ 2021-04-07 13:44 UTC (permalink / raw)
  To: qemu-devel

On 4/7/21 3:11 PM, Mark Cave-Ayland wrote:
> On 06/04/2021 09:48, Philippe Mathieu-Daudé wrote:
> 
>> On Mac99 and newer machines, the Uninorth PCI host bridge maps
>> the PCI hole region at 2GiB, so the RAM area beside 2GiB is not
>> accessible by the CPU. Restrict the memory to 2GiB to avoid
>> problems such the one reported in the buglink.
>>
>> Buglink: https://bugs.launchpad.net/qemu/+bug/1922391
>> Reported-by: Håvard Eidnes <he@NetBSD.org>
>> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
>> ---
>>   hw/ppc/mac_newworld.c | 4 ++++
>>   1 file changed, 4 insertions(+)
>>
>> diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
>> index 21759628466..d88b38e9258 100644
>> --- a/hw/ppc/mac_newworld.c
>> +++ b/hw/ppc/mac_newworld.c
>> @@ -157,6 +157,10 @@ static void ppc_core99_init(MachineState *machine)
>>       }
>>         /* allocate RAM */
>> +    if (machine->ram_size > 2 * GiB) {
>> +        error_report("RAM size more than 2 GiB is not supported");
>> +        exit(1);
>> +    }
>>       memory_region_add_subregion(get_system_memory(), 0, machine->ram);
>>         /* allocate and load firmware ROM */
> 
> I think the patch is correct, however I'm fairly sure that the default
> g3beige machine also has the PCI hole located at 0x80000000 so the same
> problem exists there too.
> 
> Also are you keen to get this merged for 6.0? It doesn't seem to solve a
> security issue/release blocker and I'm sure the current behaviour has
> been like this for a long time...

No problem. I wanted to revisit this bug anyway, I realized during the
night, while this patch makes QEMU exit cleanly, it hides the bug which
is likely in TYPE_MACIO_IDE (I haven't tried Håvard's full reproducer).

Regards,

Phil.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1922391

Title:
  qemu-system-ppc assertion "!mr->container" failed

Status in QEMU:
  Confirmed

Bug description:
  Hi,

  I'm trying to run the NetBSD/macppc 8.2 installer (which is 32-bit ppc) in qemu-system-ppc version 5.2.0, and I'm hitting this assertion failure
  quite a bit into the "unpacking sets" part of the installation procedure,
  unpacking from the install iso image.

  Qemu is run on a NetBSD/amd64 9.1 host system.

  The asert message from qemu is

  assertion "!mr->container" failed: file "../softmmu/memory.c", line
  1739, function "memory_region_finalize"

  The stack backtrace from the core file (when built with debug symbols)
  is

  Core was generated by `qemu-system-ppc'.
  Program terminated with signal SIGABRT, Aborted.
  #0  0x00007a8f2596791a in _lwp_kill () from /usr/lib/libc.so.12
  [Current thread is 1 (process 1)]
  (gdb) where
  #0  0x00007a8f2596791a in _lwp_kill () from /usr/lib/libc.so.12
  #1  0x00007a8f259671ca in abort () from /usr/lib/libc.so.12
  #2  0x00007a8f258a8507 in __assert13 () from /usr/lib/libc.so.12
  #3  0x000000003e79d8a0 in memory_region_finalize (obj=<optimized out>)
      at ../softmmu/memory.c:1739
  #4  0x000000003e87aacc in object_deinit (type=0x7a8f2c280780, 
      obj=<optimized out>) at ../qom/object.c:671
  #5  object_finalize (data=0x7a8f2b62baa0) at ../qom/object.c:685
  #6  object_unref (objptr=0x7a8f2b62baa0) at ../qom/object.c:1183
  #7  0x000000003e87aa96 in object_property_del_all (obj=0x7a8f2b629000)
      at ../qom/object.c:623
  #8  object_finalize (data=0x7a8f2b629000) at ../qom/object.c:684
  #9  object_unref (objptr=0x7a8f2b629000) at ../qom/object.c:1183
  #10 0x000000003e79ab6b in memory_region_unref (mr=<optimized out>)
      at ../softmmu/memory.c:1787
  #11 0x000000003e7d8eb4 in address_space_unmap (
      as=as@entry=0x3f4731a0 <address_space_memory>, buffer=<optimized out>, 
      len=<optimized out>, is_write=<optimized out>, access_len=<optimized out>)
      at ../softmmu/physmem.c:3222
  #12 0x000000003e66389a in dma_memory_unmap (access_len=<optimized out>, 
      dir=<optimized out>, len=<optimized out>, buffer=<optimized out>, 
      as=<optimized out>)
      at /usr/pkgsrc/emulators/qemu/work/qemu-5.2.0/include/sysemu/dma.h:145
  #13 pmac_ide_atapi_transfer_cb (opaque=0x7a8f2ab4aef0, ret=<optimized out>)
      at ../hw/ide/macio.c:122
  #14 0x000000003e5b22a0 in dma_complete (ret=0, dbs=0x7a8f2bb4d380)
      at ../softmmu/dma-helpers.c:120
  #15 dma_blk_cb (opaque=0x7a8f2bb4d380, ret=0) at ../softmmu/dma-helpers.c:138
  #16 0x000000003e864ef7 in blk_aio_complete (acb=0x7a8f2af2be90)
      at ../block/block-backend.c:1412
  #17 0x000000003e9a9be1 in coroutine_trampoline (i0=<optimized out>, 
      i1=<optimized out>) at ../util/coroutine-ucontext.c:173
  #18 0x00007a8f25864150 in ?? () from /usr/lib/libc.so.12
  Backtrace stopped: Cannot access memory at address 0x7a8e137ec000
  (gdb) 

  
  I start qemu with this small script:

  ---
  #!/bin/sh

  MEM=3g
  qemu-system-ppc \
          -M mac99,via=pmu \
          -m $MEM  \
          -nographic \
          -drive id=hda,format=raw,file=disk.img \
          -L pc-bios \
          -netdev user,id=net0,hostfwd=tcp::2223-:22,ipv6=off \
          -net nic,model=rtl8139,netdev=net0 \
          -boot d \
          -cdrom NetBSD-8.2-macppc.iso
  ---

  and boot the install kernel with "boot cd:ofwboot.xcf".  If someone wants
  to replicate this I can provide more detailed instructions to repeat the
  procedure I used to start the install.

  Any hints about what more to look for?

  Regards,

  - Håvard

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1922391/+subscriptions


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [PATCH-for-6.0] hw/ppc/mac_newworld: Restrict RAM to 2 GiB
  2021-04-06  8:48 [PATCH-for-6.0] hw/ppc/mac_newworld: Restrict RAM to 2 GiB Philippe Mathieu-Daudé
  2021-04-06 10:38 ` BALATON Zoltan
  2021-04-07 13:11 ` Mark Cave-Ayland
@ 2021-04-08  2:33 ` David Gibson
  2 siblings, 0 replies; 14+ messages in thread
From: David Gibson @ 2021-04-08  2:33 UTC (permalink / raw)
  To: Philippe Mathieu-Daudé
  Cc: Mark Cave-Ayland, qemu-devel, Greg Kurz, qemu-ppc, Igor Mammedov,
	Håvard Eidnes

[-- Attachment #1: Type: text/plain, Size: 1367 bytes --]

On Tue, Apr 06, 2021 at 10:48:42AM +0200, Philippe Mathieu-Daudé wrote:
> On Mac99 and newer machines, the Uninorth PCI host bridge maps
> the PCI hole region at 2GiB, so the RAM area beside 2GiB is not
> accessible by the CPU. Restrict the memory to 2GiB to avoid
> problems such the one reported in the buglink.
> 
> Buglink: https://bugs.launchpad.net/qemu/+bug/1922391
> Reported-by: Håvard Eidnes <he@NetBSD.org>
> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>

Simple, and a bugfix.  Applied to ppc-for-6.0.

> ---
>  hw/ppc/mac_newworld.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
> index 21759628466..d88b38e9258 100644
> --- a/hw/ppc/mac_newworld.c
> +++ b/hw/ppc/mac_newworld.c
> @@ -157,6 +157,10 @@ static void ppc_core99_init(MachineState *machine)
>      }
>  
>      /* allocate RAM */
> +    if (machine->ram_size > 2 * GiB) {
> +        error_report("RAM size more than 2 GiB is not supported");
> +        exit(1);
> +    }
>      memory_region_add_subregion(get_system_memory(), 0, machine->ram);
>  
>      /* allocate and load firmware ROM */

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [PATCH-for-6.0] hw/ppc/mac_newworld: Restrict RAM to 2 GiB
  2021-04-07 13:44   ` Philippe Mathieu-Daudé
  2021-04-07 13:44     ` [Bug 1922391] " Philippe Mathieu-Daudé
@ 2021-04-08  2:34     ` David Gibson
  1 sibling, 0 replies; 14+ messages in thread
From: David Gibson @ 2021-04-08  2:34 UTC (permalink / raw)
  To: Philippe Mathieu-Daudé
  Cc: Mark Cave-Ayland, qemu-devel, Greg Kurz, qemu-ppc, 1922391,
	Igor Mammedov, Håvard Eidnes

[-- Attachment #1: Type: text/plain, Size: 2249 bytes --]

On Wed, Apr 07, 2021 at 03:44:35PM +0200, Philippe Mathieu-Daudé wrote:
> On 4/7/21 3:11 PM, Mark Cave-Ayland wrote:
> > On 06/04/2021 09:48, Philippe Mathieu-Daudé wrote:
> > 
> >> On Mac99 and newer machines, the Uninorth PCI host bridge maps
> >> the PCI hole region at 2GiB, so the RAM area beside 2GiB is not
> >> accessible by the CPU. Restrict the memory to 2GiB to avoid
> >> problems such the one reported in the buglink.
> >>
> >> Buglink: https://bugs.launchpad.net/qemu/+bug/1922391
> >> Reported-by: Håvard Eidnes <he@NetBSD.org>
> >> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
> >> ---
> >>   hw/ppc/mac_newworld.c | 4 ++++
> >>   1 file changed, 4 insertions(+)
> >>
> >> diff --git a/hw/ppc/mac_newworld.c b/hw/ppc/mac_newworld.c
> >> index 21759628466..d88b38e9258 100644
> >> --- a/hw/ppc/mac_newworld.c
> >> +++ b/hw/ppc/mac_newworld.c
> >> @@ -157,6 +157,10 @@ static void ppc_core99_init(MachineState *machine)
> >>       }
> >>         /* allocate RAM */
> >> +    if (machine->ram_size > 2 * GiB) {
> >> +        error_report("RAM size more than 2 GiB is not supported");
> >> +        exit(1);
> >> +    }
> >>       memory_region_add_subregion(get_system_memory(), 0, machine->ram);
> >>         /* allocate and load firmware ROM */
> > 
> > I think the patch is correct, however I'm fairly sure that the default
> > g3beige machine also has the PCI hole located at 0x80000000 so the same
> > problem exists there too.
> > 
> > Also are you keen to get this merged for 6.0? It doesn't seem to solve a
> > security issue/release blocker and I'm sure the current behaviour has
> > been like this for a long time...
> 
> No problem. I wanted to revisit this bug anyway, I realized during the
> night, while this patch makes QEMU exit cleanly, it hides the bug which
> is likely in TYPE_MACIO_IDE (I haven't tried Håvard's full
> reproducer).

Ah, given the comments above, I've pulled this out of ppc-for-6.0 and
moved it to ppc-for-6.1.

> 
> Regards,
> 
> Phil.
> 

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 14+ messages in thread

* [Bug 1922391] Re: qemu-system-ppc assertion "!mr->container" failed
  2021-04-02 20:48 [Bug 1922391] [NEW] qemu-system-ppc assertion "!mr->container" failed Håvard Eidnes
                   ` (4 preceding siblings ...)
  2021-04-06 10:14 ` Philippe Mathieu-Daudé
@ 2021-05-15 10:25 ` Thomas Huth
  5 siblings, 0 replies; 14+ messages in thread
From: Thomas Huth @ 2021-05-15 10:25 UTC (permalink / raw)
  To: qemu-devel

Philippe's fix has been merged here:
https://gitlab.com/qemu-project/qemu/-/commit/03b3542ac93cb196bf6a6

** Changed in: qemu
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1922391

Title:
  qemu-system-ppc assertion "!mr->container" failed

Status in QEMU:
  Fix Released

Bug description:
  Hi,

  I'm trying to run the NetBSD/macppc 8.2 installer (which is 32-bit ppc) in qemu-system-ppc version 5.2.0, and I'm hitting this assertion failure
  quite a bit into the "unpacking sets" part of the installation procedure,
  unpacking from the install iso image.

  Qemu is run on a NetBSD/amd64 9.1 host system.

  The asert message from qemu is

  assertion "!mr->container" failed: file "../softmmu/memory.c", line
  1739, function "memory_region_finalize"

  The stack backtrace from the core file (when built with debug symbols)
  is

  Core was generated by `qemu-system-ppc'.
  Program terminated with signal SIGABRT, Aborted.
  #0  0x00007a8f2596791a in _lwp_kill () from /usr/lib/libc.so.12
  [Current thread is 1 (process 1)]
  (gdb) where
  #0  0x00007a8f2596791a in _lwp_kill () from /usr/lib/libc.so.12
  #1  0x00007a8f259671ca in abort () from /usr/lib/libc.so.12
  #2  0x00007a8f258a8507 in __assert13 () from /usr/lib/libc.so.12
  #3  0x000000003e79d8a0 in memory_region_finalize (obj=<optimized out>)
      at ../softmmu/memory.c:1739
  #4  0x000000003e87aacc in object_deinit (type=0x7a8f2c280780, 
      obj=<optimized out>) at ../qom/object.c:671
  #5  object_finalize (data=0x7a8f2b62baa0) at ../qom/object.c:685
  #6  object_unref (objptr=0x7a8f2b62baa0) at ../qom/object.c:1183
  #7  0x000000003e87aa96 in object_property_del_all (obj=0x7a8f2b629000)
      at ../qom/object.c:623
  #8  object_finalize (data=0x7a8f2b629000) at ../qom/object.c:684
  #9  object_unref (objptr=0x7a8f2b629000) at ../qom/object.c:1183
  #10 0x000000003e79ab6b in memory_region_unref (mr=<optimized out>)
      at ../softmmu/memory.c:1787
  #11 0x000000003e7d8eb4 in address_space_unmap (
      as=as@entry=0x3f4731a0 <address_space_memory>, buffer=<optimized out>, 
      len=<optimized out>, is_write=<optimized out>, access_len=<optimized out>)
      at ../softmmu/physmem.c:3222
  #12 0x000000003e66389a in dma_memory_unmap (access_len=<optimized out>, 
      dir=<optimized out>, len=<optimized out>, buffer=<optimized out>, 
      as=<optimized out>)
      at /usr/pkgsrc/emulators/qemu/work/qemu-5.2.0/include/sysemu/dma.h:145
  #13 pmac_ide_atapi_transfer_cb (opaque=0x7a8f2ab4aef0, ret=<optimized out>)
      at ../hw/ide/macio.c:122
  #14 0x000000003e5b22a0 in dma_complete (ret=0, dbs=0x7a8f2bb4d380)
      at ../softmmu/dma-helpers.c:120
  #15 dma_blk_cb (opaque=0x7a8f2bb4d380, ret=0) at ../softmmu/dma-helpers.c:138
  #16 0x000000003e864ef7 in blk_aio_complete (acb=0x7a8f2af2be90)
      at ../block/block-backend.c:1412
  #17 0x000000003e9a9be1 in coroutine_trampoline (i0=<optimized out>, 
      i1=<optimized out>) at ../util/coroutine-ucontext.c:173
  #18 0x00007a8f25864150 in ?? () from /usr/lib/libc.so.12
  Backtrace stopped: Cannot access memory at address 0x7a8e137ec000
  (gdb) 

  
  I start qemu with this small script:

  ---
  #!/bin/sh

  MEM=3g
  qemu-system-ppc \
          -M mac99,via=pmu \
          -m $MEM  \
          -nographic \
          -drive id=hda,format=raw,file=disk.img \
          -L pc-bios \
          -netdev user,id=net0,hostfwd=tcp::2223-:22,ipv6=off \
          -net nic,model=rtl8139,netdev=net0 \
          -boot d \
          -cdrom NetBSD-8.2-macppc.iso
  ---

  and boot the install kernel with "boot cd:ofwboot.xcf".  If someone wants
  to replicate this I can provide more detailed instructions to repeat the
  procedure I used to start the install.

  Any hints about what more to look for?

  Regards,

  - Håvard

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1922391/+subscriptions


^ permalink raw reply	[flat|nested] 14+ messages in thread

end of thread, other threads:[~2021-05-15 10:36 UTC | newest]

Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-02 20:48 [Bug 1922391] [NEW] qemu-system-ppc assertion "!mr->container" failed Håvard Eidnes
2021-04-02 21:00 ` [Bug 1922391] " Håvard Eidnes
2021-04-02 21:59 ` Håvard Eidnes
2021-04-05 19:40 ` Håvard Eidnes
2021-04-06  7:39 ` Philippe Mathieu-Daudé
2021-04-06 10:14 ` Philippe Mathieu-Daudé
2021-05-15 10:25 ` Thomas Huth
2021-04-06  8:48 [PATCH-for-6.0] hw/ppc/mac_newworld: Restrict RAM to 2 GiB Philippe Mathieu-Daudé
2021-04-06 10:38 ` BALATON Zoltan
2021-04-07 13:11 ` Mark Cave-Ayland
2021-04-07 13:44   ` Philippe Mathieu-Daudé
2021-04-07 13:44     ` [Bug 1922391] " Philippe Mathieu-Daudé
2021-04-08  2:34     ` David Gibson
2021-04-08  2:33 ` David Gibson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).