qemu-system-x86_64 crashes in temp_load (tcg) on i686 host
Host environment
-
Operating system: Slackware 15.0 i586
-
OS/kernel version: Linux slax 5.19.8-x64 #1 SMP PREEMPT_DYNAMIC Thu Sep 8 20:29:55 MSK 2022 x86_64 AMD FX(tm)-4300 Quad-Core Processor AuthenticAMD GNU/Linux
-
Architecture: x86_64
-
QEMU flavor: qemu-system-x86_64
-
QEMU version: QEMU emulator version 8.2.50 Copyright (c) 2003-2023 Fabrice Bellard and the QEMU Project developers
-
QEMU command line: inside gdb: r -m 1000 -cdrom /home/guest/ISO/slackellive64-openbox-7.7.1.iso
Emulated/Virtualized environment
- Operating system: Slackel 7.7.1
- OS/kernel version: N/A
- Architecture: x86_64
Description of problem
qemu crashes early
Steps to reproduce
-
compile qemu git (commit commit 5d1fc614 (origin/master, origin/HEAD) ) with line ../configure --prefix=/usr --enable-virglrenderer --libdir=lib --audio-drv-list=alsa,oss --enable-opengl --extra-cflags="-I/usr/X11R7/include -O2 -march=i686 -mtune=native -m32 -Wno-maybe-uninitialized -Wno-nested-externs -Wno-implicit-function-declaration" --disable-werror
-
setarch i686 ninja (kernel is x86_64 on host)
-
try to boot 64-bit x86 Salix/Slackel (Slackware live images)
Additional information
gdb x86_64-softmmu/qemu-system-x86_64
GNU gdb (GDB) 11.2
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "i586-slackware-linux".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from x86_64-softmmu/qemu-system-x86_64...
warning: File "/dev/shm/qemu/.gdbinit" auto-loading has been declined by your `auto-load safe-path' set to "$debugdir:$datadir/auto-load".
To enable execution of this file add
add-auto-load-safe-path /dev/shm/qemu/.gdbinit
line to your configuration file "/root/.config/gdb/gdbinit".
To completely disable this security protection add
set auto-load safe-path /
line to your configuration file "/root/.config/gdb/gdbinit".
For more information about this security protection see the
--Type <RET> for more, q to quit, c to continue without paging--
"Auto-loading safe path" section in the GDB manual. E.g., run from the shell:
info "(gdb)Auto-loading safe path"
(gdb) r -m 1000 -cdrom /home/guest/ISO/sla
slackellive64-openbox-7.7.1.iso slackware-8.0-install-d1.iso
(gdb) r -m 1000 -cdrom /home/guest/ISO/slackellive64-openbox-7.7.1.iso
Starting program: /dev/shm/qemu/build/x86_64-softmmu/qemu-system-x86_64 -m 1000 -cdrom /home/guest/ISO/slackellive64-openbox-7.7.1.iso
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
[New Thread 0xf3e79b00 (LWP 27354)]
[New Thread 0xf2f09b00 (LWP 27355)]
[New Thread 0xb1917b00 (LWP 27356)]
[New Thread 0xaf60cb00 (LWP 27357)]
[Thread 0xaf60cb00 (LWP 27357) exited]
[New Thread 0xaf60cb00 (LWP 27358)]
[New Thread 0xaec86b00 (LWP 27359)]
[Thread 0xaf60cb00 (LWP 27358) exited]
[Thread 0xaec86b00 (LWP 27359) exited]
[New Thread 0xaec86b00 (LWP 27360)]
[New Thread 0xaf60cb00 (LWP 27361)]
[Thread 0xaec86b00 (LWP 27360) exited]
[Thread 0xaf60cb00 (LWP 27361) exited]
[Thread 0xf2f09b00 (LWP 27355) exited]
Thread 4 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb1917b00 (LWP 27356)]
0x56d08a95 in temp_load (s=0xb1000610, ts=ts@entry=0xb1001f40, desired_regs=<optimized out>, allocated_regs=2097200, preferred_regs=0) at ../tcg/tcg.c:4441
4441 tcg_out_ld(s, ts->type, reg, ts->mem_base->reg, ts->mem_offset);
(gdb) bt full
#0 0x56d08a95 in temp_load
(s=0xb1000610, ts=ts@entry=0xb1001f40, desired_regs=<optimized out>, allocated_regs=2097200, preferred_regs=0) at ../tcg/tcg.c:4441
reg = TCG_REG_ECX
__func__ = "temp_load"
#1 0x56d0fe23 in tcg_reg_alloc_op (op=<optimized out>, s=<optimized out>)
at ../tcg/tcg.c:4881
i_required_regs = <optimized out>
copyto_new_reg = false
ts2 = <optimized out>
i1 = <optimized out>
i_preferred_regs = <optimized out>
allocate_new_reg = <optimized out>
i2 = <optimized out>
i = 0
new_args =
{1, 5, 2852, 0, 64, 0, 0, 1467284236, 4149882880, 2829350448, 1, 1456305553, 4149882880, 2969568784, 2969568920, 2969568944}
arg_life = <optimized out>
i_allocated_regs = <optimized out>
nb_oargs = <optimized out>
arg = <optimized out>
const_args =
--Type <RET> for more, q to quit, c to continue without paging--
{0, 0, 0, 0, 1, 1, 1467284236, -1315870200, 1487331864, -1069806704, 0, 1467284236, 1456520351, 1489883472, 2, -1325347776}
k = <optimized out>
arg_ct = <optimized out>
o_allocated_regs = <optimized out>
nb_iargs = <optimized out>
reg = <optimized out>
ts = 0xb1001f40
op_cond = <optimized out>
opc = <optimized out>
i = <optimized out>
start_words = <optimized out>
num_insns = <optimized out>
op = <optimized out>
__PRETTY_FUNCTION__ = "tcg_gen_code"
#2 tcg_gen_code
(s=<optimized out>, tb=<optimized out>, pc_start=<optimized out>)
at ../tcg/tcg.c:6216
opc = <optimized out>
i = <optimized out>
start_words = <optimized out>
num_insns = <optimized out>
op = <optimized out>
--Type <RET> for more, q to quit, c to continue without paging--
__PRETTY_FUNCTION__ = "tcg_gen_code"
#3 0x56af0118 in setjmp_gen_code
(env=env@entry=0x57afab90, tb=tb@entry=0xf0b7d580 <code_gen_buffer+8389982>, pc=18446744072243800976, host_pc=0xc03c0b90, max_insns=0xb1916acc, ti=<optimized out>) at ../accel/tcg/translate-all.c:284
ret = <optimized out>
__PRETTY_FUNCTION__ = "setjmp_gen_code"
#4 0x56af06e2 in tb_gen_code
(cpu=0x57af8860, pc=18446744072243800976, cs_base=0, flags=4244144, cflags=<optimized out>) at ../accel/tcg/translate-all.c:359
env = 0x57afab90
tb = 0xf0b7d580 <code_gen_buffer+8389982>
existing_tb = <optimized out>
phys_pc = 245525392
phys_p2 = <optimized out>
gen_code_buf = 0xf0b7d600 <code_gen_buffer+8390110> "‹]ш…Ы\017Њр"
gen_code_size = <optimized out>
search_size = <optimized out>
max_insns = 64
host_pc = 0xc03c0b90
__PRETTY_FUNCTION__ = "tb_gen_code"
__func__ = "tb_gen_code"
#5 0x56ae75bd in cpu_exec_loop
--Type <RET> for more, q to quit, c to continue without paging--
(cpu=cpu@entry=0x57af8860, sc=sc@entry=0xb1916c24)
at ../accel/tcg/cpu-exec.c:982
jc = <optimized out>
h = <optimized out>
tb = 0x0
flags = <optimized out>
cflags = 4278321152
pc = <optimized out>
cs_base = <optimized out>
last_tb = <optimized out>
tb_exit = 0
ret = <optimized out>
#6 0x56ae7a70 in cpu_exec_setjmp
(cpu=cpu@entry=0x57af8860, sc=sc@entry=0xb1916c24)
at ../accel/tcg/cpu-exec.c:1028
#7 0x56ae83a8 in cpu_exec (cpu=<optimized out>)
at ../accel/tcg/cpu-exec.c:1054
ret = <optimized out>
sc = {diff_clk = 0, last_cpu_icount = 0, realtime_clock = 0}
_rcu_read_auto = 0x1
#8 0x56b0ff5e in tcg_cpu_exec (cpu=0x57af8860)
at ../accel/tcg/tcg-accel-ops.c:76
ret = <optimized out>
--Type <RET> for more, q to quit, c to continue without paging--
__PRETTY_FUNCTION__ = "tcg_cpu_exec"
#9 0x56b10a47 in rr_cpu_thread_fn (arg=<optimized out>)
at ../accel/tcg/tcg-accel-ops-rr.c:261
r = <optimized out>
cpu_budget = <optimized out>
force_rcu =
{notify = 0x56b106e0 <rr_force_rcu>, node = {le_next = 0x0, le_prev = 0xb19179b0}}
cpu = 0x57af8860
__PRETTY_FUNCTION__ = "rr_cpu_thread_fn"
#10 0x56cc77e5 in qemu_thread_start (args=0x57b51ce0)
at ../util/qemu-thread-posix.c:541
__cancel_buf =
{__cancel_jmp_buf = {{__cancel_jmp_buf = {1467284236, 1471487200, 1471152128, -1315869272, 1617656260, -631423478}, __mask_was_saved = 0}}, __pad = {0xb1916d64, 0x0, 0x0, 0x0}}
__cancel_routine = 0x56cc7840 <qemu_thread_atexit_notify>
__not_first_call = <optimized out>
start_routine = 0x56b10818 <rr_cpu_thread_fn>
arg = 0x57af8860
r = <optimized out>
#11 0xf63d5328 in start_thread () at /lib/libpthread.so.0
#12 0xf604ef06 in clone () at /lib/libc.so.6