Host system:
Debian Testing/Sid
$ uname -a
Linux darkside 3.8-1-amd64 #1 SMP Debian 3.8.11-1 x86_64 GNU/Linux
With git rev 38ebb396c955ceb2ef7e246248ceb7f8bfe1b774:
I created a HDD image:
qemu-img create -f qcow2 powerpc.img 10G
I fetched this CD image (I think it's 32bit but I'm not familiar with this architecture):
ftp://ftp.debian.org/debian/dists/wheezy/main/installer-powerpc/current/images/powerpc/netboot/mini.iso
I booted the ppc netinst iso with
ppc-softmmu/qemu-system-ppc -m 256 -hda /path/to/ppc/powerpc.img -cdrom /path/to/ppc/mini.iso -boot d
I started the installation. After specifying the partitioning information the qemu process aborted with the following showing in the terminal:
*** Error in `./qemu-system-ppc': free(): invalid pointer: 0x00007fcf801aa7f8 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x7aac6)[0x7fcf7874aac6]
/lib/x86_64-linux-gnu/libc.so.6(+0x7b843)[0x7fcf7874b843]
./qemu-system-ppc(+0xfc090)[0x7fcf7fafc090]
./qemu-system-ppc(+0x15310d)[0x7fcf7fb5310d]
./qemu-system-ppc(+0xfc781)[0x7fcf7fafc781]
./qemu-system-ppc(+0xfc9fa)[0x7fcf7fafc9fa]
./qemu-system-ppc(+0x14e402)[0x7fcf7fb4e402]
./qemu-system-ppc(+0xa9f77)[0x7fcf7faa9f77]
./qemu-system-ppc(+0xa9af9)[0x7fcf7faa9af9]
./qemu-system-ppc(+0xa9e50)[0x7fcf7faa9e50]
/lib/x86_64-linux-gnu/libglib-2.0.so.0(g_main_context_dispatch+0x135)[0x7fcf7f11a355]
./qemu-system-ppc(+0x1c8238)[0x7fcf7fbc8238]
./qemu-system-ppc(main+0x10c5)[0x7fcf7fa9fc45]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7fcf786f1a55]
./qemu-system-ppc(+0xa963d)[0x7fcf7faa963d]
======= Memory map: ========
7fcf48000000-7fcf480aa000 rw-p 00000000 00:00 0
7fcf480aa000-7fcf4c000000 ---p 00000000 00:00 0
7fcf50000000-7fcf60000000 rw-p 00000000 00:00 0
7fcf60000000-7fcf60022000 rw-p 00000000 00:00 0
7fcf60022000-7fcf64000000 ---p 00000000 00:00 0
7fcf6438b000-7fcf64560000 rw-p 00000000 00:00 0
7fcf64560000-7fcf645c0000 rw-s 00000000 00:04 71172116 /SYSV00000000 (deleted)
7fcf645c0000-7fcf645cc000 r--p 00000000 08:02 1842018 /usr/share/fonts/truetype/mathematica/VeraMoBd.ttf
7fcf645d0000-7fcf645dd000 r--p 00000000 08:02 1842006 /usr/share/fonts/truetype/mathematica/VeraMono.ttf
7fcf645e0000-7fcf64690000 r--p 00000000 08:02 1835254 /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf
7fcf64690000-7fcf64692000 r-xp 00000000 08:02 285548 /usr/lib/x86_64-linux-gnu/pango/1.6.0/modules/pango-basic-fc.so
7fcf64692000-7fcf64891000 ---p 00002000 08:02 285548 /usr/lib/x86_64-linux-gnu/pango/1.6.0/modules/pango-basic-fc.so
7fcf64891000-7fcf64892000 r--p 00001000 08:02 285548 /usr/lib/x86_64-linux-gnu/pango/1.6.0/modules/pango-basic-fc.so
7fcf64892000-7fcf64893000 rw-p 00002000 08:02 285548 /usr/lib/x86_64-linux-gnu/pango/1.6.0/modules/pango-basic-fc.so
7fcf64898000-7fcf6489b000 r-xp 00000000 08:02 287612 /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-bmp.so
7fcf6489b000-7fcf64a9b000 ---p 00003000 08:02 287612 /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-bmp.so
7fcf64a9b000-7fcf64a9c000 r--p 00003000 08:02 287612 /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-bmp.so
7fcf64a9c000-7fcf64a9d000 rw-p 00004000 08:02 287612 /usr/lib/x86_64-linux-gnu/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-bmp.so
7fcf64aa0000-7fcf64b10000 r-xp 00000000 08:02 262891 /usr/lib/x86_64-linux-gnu/gtk-2.0/2.10.0/engines/libqtcurve.so
7fcf64b10000-7fcf64d0f000 ---p 00070000 08:02 262891 /usr/lib/x86_64-linux-gnu/gtk-2.0/2.10.0/engines/libqtcurve.so
7fcf64d0f000-7fcf64d10000 r--p 0006f000 08:02 262891 /usr/lib/x86_64-linux-gnu/gtk-2.0/2.10.0/engines/libqtcurve.so
7fcf64d10000-7fcf64d12000 rw-p 00070000 08:02 262891 /usr/lib/x86_64-linux-gnu/gtk-2.0/2.10.0/engines/libqtcurve.so
7fcf64d12000-7fcf64d13000 rw-p 00000000 00:00 0
7fcf64d18000-7fcf64d24000 r-xp 00000000 08:02 788582 /lib/x86_64-linux-gnu/libnss_files-2.17.so
7fcf64d24000-7fcf64f23000 ---p 0000c000 08:02 788582 /lib/x86_64-linux-gnu/libnss_files-2.17.so
7fcf64f23000-7fcf64f24000 r--p 0000b000 08:02 788582 /lib/x86_64-linux-gnu/libnss_files-2.17.so
7fcf64f24000-7fcf64f25000 rw-p 0000c000 08:02 788582 /lib/x86_64-linux-gnu/libnss_files-2.17.so
7fcf64f28000-7fcf64f32000 r-xp 00000000 08:02 788590 /lib/x86_64-linux-gnu/libnss_nis-2.17.so
7fcf64f32000-7fcf65131000 ---p 0000a000 08:02 788590 /lib/x86_64-linux-gnu/libnss_nis-2.17.so
7fcf65131000-7fcf65132000 r--p 00009000 08:02 788590 /lib/x86_64-linux-gnu/libnss_nis-2.17.so
7fcf65132000-7fcf65133000 rw-p 0000a000 08:02 788590 /lib/x86_64-linux-gnu/libnss_nis-2.17.so
7fcf65138000-7fcf6513f000 r-xp 00000000 08:02 788550 /lib/x86_64-linux-gnu/libnss_compat-2.17.so
7fcf6513f000-7fcf6533e000 ---p 00007000 08:02 788550 /lib/x86_64-linux-gnu/libnss_compat-2.17.so
7fcf6533e000-7fcf6533f000 r--p 00006000 08:02 788550 /lib/x86_64-linux-gnu/libnss_compat-2.17.so
7fcf6533f000-7fcf65340000 rw-p 00007000 08:02 788550 /lib/x86_64-linux-gnu/libnss_compat-2.17.so
7fcf65340000-7fcf655fb000 r--p 00000000 08:02 392962 /usr/lib/locale/locale-archive
7fcf65600000-7fcf65640000 rw-p 00000000 00:00 0
7fcf65650000-7fcf65651000 r--s 00000000 08:02 927793 /var/cache/fontconfig/c05880de57d1f5e948fdfacc138775d9-le64.cache-3
7fcf65658000-7fcf65669000 r--s 00000000 08:02 927791 /var/cache/fontconfig/99323171c53ab78df6914f910138fdd6-le64.cache-3
7fcf65670000-7fcf65679000 r--s 00000000 08:02 921505 /var/cache/fontconfig/945677eb7aeaf62f1d50efc3fb3ec7d8-le64.cache-3
7fcf65680000-7fcf65683000 r--s 00000000 08:02 927785 /var/cache/fontconfig/99e8ed0e538f840c565b6ed5dad60d56-le64.cache-3
7fcf65688000-7fcf6568b000 r--s 00000000 08:02 919689 /var/cache/fontconfig/f24b2111ab8703b4e963115a8cf14259-le64.cache-3
7fcf65690000-7fcf65692000 r--s 00000000 08:02 923763 /var/cache/fontconfig/0fafd173547752dce4dee1a69e0b3c95-le64.cache-3
7fcf65698000-7fcf656a0000 r--s 00000000 08:02 919688 /var/cache/fontconfig/a6d8cf8e4ec09cdbc8633c31745a07dd-le64.cache-3Aborted
This looks like some TRIM (mis)support in action. It crashes in different paces but repeatable/
(gdb) ru -m 256 -hda /stage/
...
Program received signal SIGSEGV, Segmentation fault.
pmac_ide_
117 ide_set_
(gdb) bt
#0 pmac_ide_
#1 0x565fcd74 in dma_complete (dbs=dbs@
#2 0x565fd059 in dma_bdrv_cb (opaque=0x571a2250, ret=0) at dma-helpers.c:152
#3 0x5664fe06 in ide_trim_bh_cb (opaque=0x57282c28) at hw/ide/core.c:360
#4 0x565a15b3 in aio_bh_poll (ctx=ctx@
#5 0x565a1124 in aio_poll (ctx=ctx@
#6 0x565a1488 in aio_ctx_dispatch (source=0x570e8918, callback=0, user_data=0x0) at async.c:167
#7 0xf7f006d3 in g_main_
#8 0x566cd06b in glib_pollfds_poll () at main-loop.c:187
#9 os_host_
#10 main_loop_wait (nonblocking=1) at /build/
#11 0x56597f76 in main_loop () at /build/
#12 main (argc=9, argv=0xffffd9a4, envp=0xffffd9cc) at /build/
(gdb) l
112 }
113
114 /* end of transfer ? */
115 if (s->nsector == 0) {
116 s->status = READY_STAT | SEEK_STAT;
117 ide_set_
118 }
119
120 /* end of DMA ? */
121 if (io->len == 0) {
(gdb) p *s
$1 = {bus = 0x0, unit = 0 '\000', drive_kind = IDE_HD, cylinders = 0,
heads = 0, sectors = 0, chs_trans = 0, nb_sectors = 0, mult_sectors = 0,
identify_set = 0, identify_data = '\000' <repeats 511 times>,
drive_serial = 0, drive_serial_str = '\000' <repeats 20 times>,
drive_model_str = '\000' <repeats 40 times>, wwn = 0, feature = 0 '\000',
error = 0 '\000', nsector = 0, sector = 0 '\000', lcyl = 0 '\000',
hcyl = 0 '\000', hob_feature = 0 '\000', hob_nsector = 0 '\000',
hob_sector = 0 '\000', hob_lcyl = 0 '\000', hob_hcyl = 0 '\000',
select = 0 '\000', status = 80 'P', lba48 = 0 '\000', bs = 0x0,
version = "\000\000\
eject_request = false, new_media = false}, sense_key = 0 '\000',
asc = 0 '\000', tray_open = false, tray_locked = false,
cdrom_changed = 0 '\000', packet_
elementary_
cd_sector_size = 0, atapi_dma = 0, acct = {bytes = 0, start_time_ns = 0,
type = BDRV_ACCT_READ}, pio_aiocb = 0x0, iov = {iov_base = 0x0,
iov_len = 0}, qiov = {iov = 0x0, niov = 0, nalloc = 0, size = 0},
io_buffer_offset = 0, io_buffer_size = 0, sg = {sg = 0x0, nsg = 0,
nalloc = 0, size = 0, dma = 0x0}, req_nb_sectors = 0,
end_transfer_func = 0, data_ptr = 0x0, data_end = 0x0, io_buffer = 0x0,
io_buffer_