[Qemu-devel] [Bug 1776096] Re: qemu 2.12.0 qemu-system-ppc illegal instruction on ppc64le, crashes emulator
Hi, Cameron. The step "Start QEMU and boot Mac OS X 10.4.11" is not clear to me. Is there a location where one could download such image and boot? I wonder how one without access to a Mac image can reproduce this issue. Cheers Murilo -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1776096 Title: qemu 2.12.0 qemu-system-ppc illegal instruction on ppc64le, crashes emulator Status in QEMU: New Bug description: % uname -a Linux tim.floodgap.com 4.16.14-300.fc28.ppc64le #1 SMP Tue Jun 5 15:59:48 UTC 2018 ppc64le ppc64le ppc64le GNU/Linux STR: Start QEMU and boot Mac OS X 10.4.11. Download the current version of TenFourFox (I used G3 so that AltiVec was not a confounder). Try to start TenFourFox in safe mode (hold down Option as you double-click while the icon bounces in the Dock). Expected: TenFourFox starts. Actual: The entire emulator exits with an illegal instruction error. Trace of session (including some disassembly so you can see where TCG went wrong): tim:/home/spectre/src/qemu-2.12.0/ppc-softmmu/% gdb --args ./qemu- system-ppc -M mac99,accel=tcg -m 2048 -prom-env boot-args=-v -boot c -drive file=tigerhd.img,format=raw,cache=none -netdev user,id=mynet0 -device usb-net,netdev=mynet0 -usb -device usb-tablet GNU gdb (GDB) Fedora 8.1-15.fc28 [...] Reading symbols from ./qemu-system-ppc...done. (gdb) run [...] Thread 6 "qemu-system-ppc" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7242ea30 (LWP 7017)] 0xfffc in ?? () #0 0xfffc in () #1 0x7fffd4edec00 in code_gen_buffer () #2 0x100c9e20 in cpu_tb_exec (itb=, cpu=) at /home/spectre/src/qemu-2.12.0/accel/tcg/cpu-exec.c:169 #3 0x100c9e20 in cpu_loop_exec_tb (tb_exit=, last_tb=, tb=, cpu=) at /home/spectre/src/qemu-2.12.0/accel/tcg/cpu-exec.c:626 #4 0x100c9e20 in cpu_exec (cpu=) at /home/spectre/src/qemu-2.12.0/accel/tcg/cpu-exec.c:734 #5 0x1007decc in tcg_cpu_exec (cpu=0x11774e10) at /home/spectre/src/qemu-2.12.0/cpus.c:1362 (gdb) disas 0x7fffd4edebf0, 0x7fffd4edec10 Dump of assembler code from 0x7fffd4edebf0 to 0x7fffd4edec10: 0x7fffd4edebf0 :addir0,r4,3 0x7fffd4edebf4 :rlwinm r0,r0,0,0,19 0x7fffd4edebf8 :cmplw cr7,r0,r12 0x7fffd4edebfc :bnel cr7,0x7fffd4ed8b64 0x7fffd4edec00 :lwbrx r14,r3,r4 0x7fffd4edec04 :stw r14,40(r27) 0x7fffd4edec08 :clrldi r4,r14,32 0x7fffd4edec0c :rlwinm r3,r4,25,19,26 End of assembler dump. (gdb) disas 0x7fffd4ed8b60, 0x7fffd4ed8b70 Dump of assembler code from 0x7fffd4ed8b60 to 0x7fffd4ed8b70: 0x7fffd4ed8b60 :bctrl 0x7fffd4ed8b64 :mtctr r3 0x7fffd4ed8b68 :mr r31,r3 0x7fffd4ed8b6c :li r3,0 End of assembler dump. (gdb) i reg ctr ctr0x 18446744073709551615 It appears that the branch at 0x7fffd4edebfc caused a jump back (a return?) through CTR, but CTR has -1 in it, hence setting PC to 0xfffc. I am not sure how to debug this further. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1776096/+subscriptions
[Qemu-devel] [Bug 1776096] Re: qemu 2.12.0 qemu-system-ppc illegal instruction on ppc64le, crashes emulator
Sorry, more complete disassembly of the apparent actual fault: 0x7fffd4ed8b64 : mtctr r3 0x7fffd4ed8b68 : mr r31,r3 0x7fffd4ed8b6c : li r3,0 0x7fffd4ed8b70 : bctr -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1776096 Title: qemu 2.12.0 qemu-system-ppc illegal instruction on ppc64le, crashes emulator Status in QEMU: New Bug description: % uname -a Linux tim.floodgap.com 4.16.14-300.fc28.ppc64le #1 SMP Tue Jun 5 15:59:48 UTC 2018 ppc64le ppc64le ppc64le GNU/Linux STR: Start QEMU and boot Mac OS X 10.4.11. Download the current version of TenFourFox (I used G3 so that AltiVec was not a confounder). Try to start TenFourFox in safe mode (hold down Option as you double-click while the icon bounces in the Dock). Expected: TenFourFox starts. Actual: The entire emulator exits with an illegal instruction error. Trace of session (including some disassembly so you can see where TCG went wrong): tim:/home/spectre/src/qemu-2.12.0/ppc-softmmu/% gdb --args ./qemu- system-ppc -M mac99,accel=tcg -m 2048 -prom-env boot-args=-v -boot c -drive file=tigerhd.img,format=raw,cache=none -netdev user,id=mynet0 -device usb-net,netdev=mynet0 -usb -device usb-tablet GNU gdb (GDB) Fedora 8.1-15.fc28 [...] Reading symbols from ./qemu-system-ppc...done. (gdb) run [...] Thread 6 "qemu-system-ppc" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7242ea30 (LWP 7017)] 0xfffc in ?? () #0 0xfffc in () #1 0x7fffd4edec00 in code_gen_buffer () #2 0x100c9e20 in cpu_tb_exec (itb=, cpu=) at /home/spectre/src/qemu-2.12.0/accel/tcg/cpu-exec.c:169 #3 0x100c9e20 in cpu_loop_exec_tb (tb_exit=, last_tb=, tb=, cpu=) at /home/spectre/src/qemu-2.12.0/accel/tcg/cpu-exec.c:626 #4 0x100c9e20 in cpu_exec (cpu=) at /home/spectre/src/qemu-2.12.0/accel/tcg/cpu-exec.c:734 #5 0x1007decc in tcg_cpu_exec (cpu=0x11774e10) at /home/spectre/src/qemu-2.12.0/cpus.c:1362 (gdb) disas 0x7fffd4edebf0, 0x7fffd4edec10 Dump of assembler code from 0x7fffd4edebf0 to 0x7fffd4edec10: 0x7fffd4edebf0 :addir0,r4,3 0x7fffd4edebf4 :rlwinm r0,r0,0,0,19 0x7fffd4edebf8 :cmplw cr7,r0,r12 0x7fffd4edebfc :bnel cr7,0x7fffd4ed8b64 0x7fffd4edec00 :lwbrx r14,r3,r4 0x7fffd4edec04 :stw r14,40(r27) 0x7fffd4edec08 :clrldi r4,r14,32 0x7fffd4edec0c :rlwinm r3,r4,25,19,26 End of assembler dump. (gdb) disas 0x7fffd4ed8b60, 0x7fffd4ed8b70 Dump of assembler code from 0x7fffd4ed8b60 to 0x7fffd4ed8b70: 0x7fffd4ed8b60 :bctrl 0x7fffd4ed8b64 :mtctr r3 0x7fffd4ed8b68 :mr r31,r3 0x7fffd4ed8b6c :li r3,0 End of assembler dump. (gdb) i reg ctr ctr0x 18446744073709551615 It appears that the branch at 0x7fffd4edebfc caused a jump back (a return?) through CTR, but CTR has -1 in it, hence setting PC to 0xfffc. I am not sure how to debug this further. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1776096/+subscriptions
