QEMU

qemu-system-ppc segfaults with -display sdl

Bug #1837049 reported by Andrew Randrianasulu
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
QEMU
Fix Released
Undecided
Unassigned

Bug Description

Hello.

I was trying to debug this segfault:
https://lists.nongnu.org/archive/html/qemu-ppc/2019-07/msg00186.html

I recompiled latest qemu from git (commit 0b18cfb8f1828c905139b54c8644b0d8f4aad879 ), using this configure line:
./configure --target-list=i386-softmmu,x86_64-softmmu,ppc-softmmu --audio-drv-list=alsa --disable-werror --extra-cflags="-Og" --enable-debug-tcg

after this I tried original line under gdb, it was still segfaulting:

--------------copy-----------------
gdb ./ppc-softmmu/qemu-system-ppc
GNU gdb (GDB) 7.11.1
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i586-slackware-linux".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./ppc-softmmu/qemu-system-ppc...done.
warning: File "/dev/shm/qemu/.gdbinit" auto-loading has been declined by your `auto-load safe-path' set to "$debugdir:$datadir/auto-load".
To enable execution of this file add
        add-auto-load-safe-path /dev/shm/qemu/.gdbinit
line to your configuration file "/home/guest/.gdbinit".
To completely disable this security protection add
        set auto-load safe-path /
line to your configuration file "/home/guest/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual. E.g., run from the shell:
        info "(gdb)Auto-loading safe path"
(gdb) run -M mac99,via=pmu -L ../queue-vga/pc-bios -cdrom /mnt/sdb1/PPC-img/lubuntu-16.04-desktop-powerpc.iso -m 512 -display sdl,gl=on -vga std -d guest_errors,unimp -boot d -cpu G4 -g 1024x768x24 -device ES1370
Starting program: /dev/shm/qemu/ppc-softmmu/qemu-system-ppc -M mac99,via=pmu -L ../queue-vga/pc-bios -cdrom /mnt/sdb1/PPC-img/lubuntu-16.04-desktop-powerpc.iso -m 512 -display sdl,gl=on -vga std -d guest_errors,unimp -boot d -cpu G4 -g 1024x768x24 -device ES1370
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
[New Thread 0xf560cb40 (LWP 8100)]
[New Thread 0xf4c1ab40 (LWP 8101)]
[New Thread 0xec1b7b40 (LWP 8102)]
[New Thread 0xc5821b40 (LWP 8104)]
[Thread 0xf4c1ab40 (LWP 8101) exited]
[New Thread 0xf4c1ab40 (LWP 8119)]

Thread 4 "qemu-system-ppc" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xec1b7b40 (LWP 8102)]
0xf26c2e44 in code_gen_buffer ()
(gdb) bt full
#0 0xffffffff in code_gen_buffer ()
#1 0x56710cf6 in cpu_exec (itb=<optimized out>, cpu=<optimized out>) at /dev/shm/qemu/accel/tcg/cpu-exec.c:173
        env = <optimized out>
        ret = <optimized out>
        last_tb = <optimized out>
        tb_exit = <optimized out>
        tb_ptr = 0xf26c2cc0 <code_gen_buffer+103976094> "‹]ш…Ы\017ЊБ\020"
        ret = 0
        insns_left = <optimized out>
        cflags = <optimized out>
        tb = 0x5722fe58
        last_tb = <optimized out>
        tb_exit = <optimized out>
        cc = <optimized out>
        __func__ = "cpu_exec"
        ret = <optimized out>
        sc = <optimized out>
#2 0x56710cf6 in cpu_exec (tb_exit=<synthetic pointer>, last_tb=<synthetic pointer>, tb=<optimized out>, cpu=<optimized out>) at /dev/shm/qemu/accel/tcg/cpu-exec.c:621
        ret = 0
        insns_left = <optimized out>
        cflags = <optimized out>
        tb = 0x5722fe58
        last_tb = <optimized out>
        tb_exit = <optimized out>
        cc = <optimized out>
        __func__ = "cpu_exec"
        ret = <optimized out>
        sc = <optimized out>
#3 0x56710cf6 in cpu_exec (cpu=0x573db8f8) at /dev/shm/qemu/accel/tcg/cpu-exec.c:732
        cflags = <optimized out>
        tb = 0x5722fe58
        last_tb = <optimized out>
        tb_exit = <optimized out>
        cc = <optimized out>
        __func__ = "cpu_exec"
        ret = <optimized out>
        sc = <optimized out>
#4 0x566cfade in tcg_cpu_exec (cpu=0x573db8f8) at /dev/shm/qemu/cpus.c:1435
        ret = <optimized out>
#5 0x566d1e6d in qemu_tcg_rr_cpu_thread_fn (arg=0x573db8f8) at /dev/shm/qemu/cpus.c:1537
        r = <optimized out>
        cpu = 0x573db8f8
        __PRETTY_FUNCTION__ = "qemu_tcg_rr_cpu_thread_fn"
#6 0x56b56fe0 in qemu_thread_start (args=0x57400668) at util/qemu-thread-posix.c:502
        __cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {1461911128, 1463813736, 1461911128, -333745816, 247778263, 1392237730}, __mask_was_saved = 0}}, __pad = {0xec1b70d0, 0x0, 0x0, 0x0}}
        __cancel_routine = 0x56b57040 <qemu_thread_atexit_notify>
        __not_first_call = <optimized out>
        qemu_thread_args = 0x57400668
        start_routine = 0x566d1a30 <qemu_tcg_rr_cpu_thread_fn>
        arg = 0x573db8f8
        r = <optimized out>
#7 0xffffffff in start_thread () at /lib/libpthread.so.0
#8 0xffffffff in clone () at /lib/libc.so.6
(gdb) quit
A debugging session is active.

        Inferior 1 [process 8096] will be killed.

Quit anyway? (y or n) y
--------------copy end----------

But when I take away -display sdl, or replace it with -display gtk - same line was booting to desktop!

Changing cpu to G3 also allowed boot:

./ppc-softmmu/qemu-system-ppc -M mac99,via=pmu -L ../queue-vga/pc-bios -cdrom /mnt/sdb1/PPC-img/lubuntu-16.04-desktop-powerpc.iso -m 512 -display sdl -vga std -d guest_errors,unimp -boot d -cpu G3 -g 1024x768x24 -device ES1370

This is 32-bit qemu complied with Slackware's gcc 5.5.0.
64-bit qemu works fine.

Tags: ppc tcg
Alex Bennée (ajbennee)
tags: added: tcg
Revision history for this message
Richard Henderson (rth) wrote :

Works for me with a 32-bit install of fedora 30.
That's using gcc 9.1.1.

Is building with -Og required to reproduce this?
If so, I'm thinking compiler bug...

Revision history for this message
Andrew Randrianasulu (andrew-randrianasulu) wrote :

Hello, Richard!
No, same bug was biting me without any specific options, i tried to add -Og for better debugging, but backtrace was anyway not complete ... I think I can live with -display gtk workaround for now.

Revision history for this message
Andrew Randrianasulu (andrew-randrianasulu) wrote :

I think this one is fixed, I can boot Lubuntu to desktop like this:

qemu-system-ppc -cdrom /dev/shm/lubuntu-16.04-desktop-powerpc.iso -boot d -display sdl,gl=on -g 1024x768x32 -M mac99,via=pmu -cpu G4 -device ES1370 -m 2047 -accel tcg,tb-size=384 -device usb-mouse

without any crash, tried few times.

Note, tb-size seems to be important on 32-bit host now, near qemu 5.0.

qemu-system-ppc --version
QEMU emulator version 4.2.91 (v5.0.0-rc1-dirty)
Copyright (c) 2003-2020 Fabrice Bellard and the QEMU Project developers

-dirty probably because I reinstalled SDL2 (2.0.9- > 2.0.12 during compilation of qemu). I also have different glibc this time (2.30 instead of 2.23)

Revision history for this message
Alex Bennée (ajbennee) wrote : Re: [Bug 1837049] Re: qemu-system-ppc segfaults with -display sdl

Andrew Randrianasulu <email address hidden> writes:

> I think this one is fixed, I can boot Lubuntu to desktop like this:
>
> qemu-system-ppc -cdrom /dev/shm/lubuntu-16.04-desktop-powerpc.iso -boot
> d -display sdl,gl=on -g 1024x768x32 -M mac99,via=pmu -cpu G4 -device
> ES1370 -m 2047 -accel tcg,tb-size=384 -device usb-mouse
>
> without any crash, tried few times.
>
> Note, tb-size seems to be important on 32-bit host now, near qemu 5.0.

There were changes this cycle to remove the TB size heuristic based on
guest RAM size. System emulation of 64 bit hosts gets a generous 1gb per
system by default where-as 32 bit hosts make do with a smaller code
buffer (which is statically allocated for user-mode).

See the commits around 600e17b2615 (pull-tcg-20200228)

>
> qemu-system-ppc --version
> QEMU emulator version 4.2.91 (v5.0.0-rc1-dirty)
> Copyright (c) 2003-2020 Fabrice Bellard and the QEMU Project developers
>
> -dirty probably because I reinstalled SDL2 (2.0.9- > 2.0.12 during
> compilation of qemu). I also have different glibc this time (2.30
> instead of 2.23)

--
Alex Bennée

Revision history for this message
Thomas Huth (th-huth) wrote :

Closing according to comment #3

Changed in qemu:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.