8.1.0 regression: abnormal segfault in qemu-riscv64-static
Host environment
- Operating system: Arch Linux
- OS/kernel version: Linux 6.5.4-arch2-1 #1 SMP PREEMPT_DYNAMIC Thu, 21 Sep 2023 11:06:39 +0000 x86_64 GNU/Linux
- Architecture: x86
- QEMU flavor: qemu-riscv64-static
- QEMU version: 8.1.0
- QEMU command line:
Emulated/Virtualized environment
- Operating system: Arch Linux riscv64
- OS/kernel version: Linux 6.5.4-arch2-1 #1 SMP PREEMPT_DYNAMIC Thu, 21 Sep 2023 11:06:39 +0000 riscv64 GNU/Linux
- Architecture: riscv
Description of problem
loading_from_clipboard_test of Cockatrice segfaults in qemu-riscv64-static.
Steps to reproduce
- Setup an Arch Linux riscv64 qemu-user container: https://github.com/felixonmars/archriscv-packages/wiki/Setup-Arch-Linux-RISC-V-Development-Environment
- Start the container:
sudo systemd-nspawn -D ./archriscv -a -U - Build cockatrice 2.9.0 with tests in the container: https://github.com/Cockatrice/Cockatrice/releases/tag/2023-09-14-Release-2.9.0
- Run tests/loading_from_clipboard/loading_from_clipboard_test in the container
Additional information
I have done bisection and find out that this commit caused the regression: 2d708164
qemu built from HEAD(494a6a2c) is still affected by this bug.
Backtrace:
#0 0x00007fffe849f133 in code_gen_buffer ()
#1 0x00007ffff7b3a433 in cpu_tb_exec (cpu=0x7ffff7f71010, itb=0x7fffe849f040 <code_gen_buffer+4845587>,
tb_exit=0x7fffffffde20) at ../qemu/accel/tcg/cpu-exec.c:457
#2 0x00007ffff7b3aeac in cpu_loop_exec_tb (cpu=0x7ffff7f71010, tb=0x7fffe849f040 <code_gen_buffer+4845587>,
pc=46912625654024, last_tb=0x7fffffffde30, tb_exit=0x7fffffffde20) at ../qemu/accel/tcg/cpu-exec.c:919
#3 0x00007ffff7b3b0e0 in cpu_exec_loop (cpu=0x7ffff7f71010, sc=0x7fffffffdeb0) at ../qemu/accel/tcg/cpu-exec.c:1040
#4 0x00007ffff7b3b19e in cpu_exec_setjmp (cpu=0x7ffff7f71010, sc=0x7fffffffdeb0)
at ../qemu/accel/tcg/cpu-exec.c:1057
#5 0x00007ffff7b3b225 in cpu_exec (cpu=0x7ffff7f71010) at ../qemu/accel/tcg/cpu-exec.c:1083
#6 0x00007ffff7a53707 in cpu_loop (env=0x7ffff7f71330) at ../qemu/linux-user/riscv/cpu_loop.c:37
#7 0x00007ffff7b5d0e0 in main (argc=4, argv=0x7fffffffe768, envp=0x7fffffffe790) at ../qemu/linux-user/main.c:9990x7fffe849f105 <code_gen_buffer+4845784> jl 0x7fffe849f265 <code_gen_buffer+4846136> │
│ 0x7fffe849f10b <code_gen_buffer+4845790> mov 0x50(%rbp),%rbx │
│ 0x7fffe849f10f <code_gen_buffer+4845794> mov %rbx,%r12 │
│ 0x7fffe849f112 <code_gen_buffer+4845797> mov %r12,0x70(%rbp) │
│ 0x7fffe849f116 <code_gen_buffer+4845801> movabs $0x2aaaaf9bb000,%r13 │
│ 0x7fffe849f120 <code_gen_buffer+4845811> mov %r13,0x38(%rbp) │
│ 0x7fffe849f124 <code_gen_buffer+4845815> movq $0xffffffffaf9bb000,0x60(%rbp) │
│ 0x7fffe849f12c <code_gen_buffer+4845823> mov $0xffffffffaf9bb4e0,%r13 │
│ > 0x7fffe849f133 <code_gen_buffer+4845830> movzwl 0x0(%r13),%r13d │
│ 0x7fffe849f138 <code_gen_buffer+4845835> and $0x7f,%ebx │
│ 0x7fffe849f13b <code_gen_buffer+4845838> shl $0x7,%r13 │
│ 0x7fffe849f13f <code_gen_buffer+4845842> add %r13,%rbx │
│ 0x7fffe849f142 <code_gen_buffer+4845845> mov %rbx,0x50(%rbp) │
│ 0x7fffe849f146 <code_gen_buffer+4845849> shl %rbx │
│ 0x7fffe849f149 <code_gen_buffer+4845852> mov %rbx,0x38(%rbp) │
│ 0x7fffe849f14d <code_gen_buffer+4845856> movabs $0x2aaaaf9a88e0,%r13 │
│ 0x7fffe849f157 <code_gen_buffer+4845866> add %r13,%rbx │
│ 0x7fffe849f15a <code_gen_buffer+4845869> mov %rbx,0x60(%rbp)