* [Qemu-devel] Bug with mpc8544ds machine.
@ 2014-03-28 14:37 Frederic Konrad
2014-03-31 11:30 ` Gerd Hoffmann
0 siblings, 1 reply; 3+ messages in thread
From: Frederic Konrad @ 2014-03-28 14:37 UTC (permalink / raw)
To: Gerd Hoffmann, qemu-devel; +Cc: fred.konrad
Hi everybody,
I didn't see anything on the list about that.
I get this bug in the current git.
I configured qemu with the following command line:
./configure --target-list=ppc-softmmu
I ran QEMU with the following command line:
./ppc-softmmu/qemu-system-ppc --M mpc8544ds
I get this segfault:
(gdb) bt
#0 0x00007fecf8e2a578 in qemu_input_transform_abs_rotate
(evt=<optimized out>) at ui/input.c:79
#1 qemu_input_event_send (src=src@entry=0x0,
evt=evt@entry=0x7fecfaac3130) at ui/input.c:141
#2 0x00007fecf8e2a71a in qemu_input_event_send_key (src=0x0,
key=<optimized out>, down=<optimized out>) at ui/input.c:185
#3 0x00007fecf8e2a7c2 in qemu_input_event_send_key_number
(src=<optimized out>, num=<optimized out>, down=<optimized out>) at
ui/input.c:195
#4 0x00007fecf8e26c9a in gd_key_event (widget=<optimized out>,
key=<optimized out>, opaque=0x7fecfa790510) at ui/gtk.c:762
#5 0x00007fecf6864f0c in _gtk_marshal_BOOLEAN__BOXED () from
/lib64/libgtk-x11-2.0.so.0
#6 0x00007fecf4f38910 in g_closure_invoke () from
/lib64/libgobject-2.0.so.0
#7 0x00007fecf4f49d08 in signal_emit_unlocked_R () from
/lib64/libgobject-2.0.so.0
#8 0x00007fecf4f518c7 in g_signal_emit_valist () from
/lib64/libgobject-2.0.so.0
#9 0x00007fecf4f51de2 in g_signal_emit () from /lib64/libgobject-2.0.so.0
#10 0x00007fecf6998fee in gtk_widget_event_internal () from
/lib64/libgtk-x11-2.0.so.0
#11 0x00007fecf69af96b in gtk_window_propagate_key_event () from
/lib64/libgtk-x11-2.0.so.0
#12 0x00007fecf69af9af in gtk_window_key_release_event () from
/lib64/libgtk-x11-2.0.so.0
#13 0x00007fecf6864f0c in _gtk_marshal_BOOLEAN__BOXED () from
/lib64/libgtk-x11-2.0.so.0
#14 0x00007fecf4f38910 in g_closure_invoke () from
/lib64/libgobject-2.0.so.0
#15 0x00007fecf4f49a80 in signal_emit_unlocked_R () from
/lib64/libgobject-2.0.so.0
#16 0x00007fecf4f518c7 in g_signal_emit_valist () from
/lib64/libgobject-2.0.so.0
#17 0x00007fecf4f51de2 in g_signal_emit () from /lib64/libgobject-2.0.so.0
#18 0x00007fecf6998fee in gtk_widget_event_internal () from
/lib64/libgtk-x11-2.0.so.0
#19 0x00007fecf6862d67 in gtk_propagate_event () from
/lib64/libgtk-x11-2.0.so.0
#20 0x00007fecf6863013 in gtk_main_do_event () from
/lib64/libgtk-x11-2.0.so.0
#21 0x00007fecf64b9f1c in gdk_event_dispatch () from
/lib64/libgdk-x11-2.0.so.0
#22 0x00007fecf80e0a55 in g_main_context_dispatch () from
/lib64/libglib-2.0.so.0
#23 0x00007fecf8dc6958 in glib_pollfds_poll () at main-loop.c:190
#24 os_host_main_loop_wait (timeout=<optimized out>) at main-loop.c:235
#25 main_loop_wait (nonblocking=<optimized out>) at main-loop.c:484
#26 0x00007fecf8caeece in main_loop () at vl.c:2051
#27 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized
out>) at vl.c:4507
Git bisect gives:
9784e5793000f27cf4b506511fedf207dcf8521c is the first bad commit
commit 9784e5793000f27cf4b506511fedf207dcf8521c
Author: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed Nov 27 11:59:25 2013 +0100
input: keyboard: switch legacy handlers to new core
legacy kbd event handlers are registered in the new core,
so they receive events from the new input core code.
keycode -> scancode translation needed here.
legacy kbd_put_keycode() sends events to the new core.
scancode -> keycode translation needed here.
So with this patch the new input core is fully functional
for keyboard events. New + legacy interfaces can be mixed
in any way.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Did I miss something?
Thanks,
Fred
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Qemu-devel] Bug with mpc8544ds machine.
2014-03-28 14:37 [Qemu-devel] Bug with mpc8544ds machine Frederic Konrad
@ 2014-03-31 11:30 ` Gerd Hoffmann
2014-03-31 11:43 ` Frederic Konrad
0 siblings, 1 reply; 3+ messages in thread
From: Gerd Hoffmann @ 2014-03-31 11:30 UTC (permalink / raw)
To: Frederic Konrad; +Cc: qemu-devel
On Fr, 2014-03-28 at 15:37 +0100, Frederic Konrad wrote:
> Hi everybody,
>
> I didn't see anything on the list about that.
> I get this bug in the current git.
>
> I configured qemu with the following command line:
>
> ./configure --target-list=ppc-softmmu
>
> I ran QEMU with the following command line:
>
> ./ppc-softmmu/qemu-system-ppc --M mpc8544ds
... then hit any key. Crashes on first keypress for me, and given the
stacktrace I think it is the same for you.
> (gdb) bt
> #0 0x00007fecf8e2a578 in qemu_input_transform_abs_rotate
> (evt=<optimized out>) at ui/input.c:79
> #1 qemu_input_event_send (src=src@entry=0x0,
> evt=evt@entry=0x7fecfaac3130) at ui/input.c:141
> #2 0x00007fecf8e2a71a in qemu_input_event_send_key (src=0x0,
> key=<optimized out>, down=<optimized out>) at ui/input.c:185
> #3 0x00007fecf8e2a7c2 in qemu_input_event_send_key_number
> (src=<optimized out>, num=<optimized out>, down=<optimized out>) at
> ui/input.c:195
The key press event is created, then sent, and qemu crashes in a code
path which isn't executed in the first place for keyboard events.
Trying to reproduce locally crashes in a slightly different place, but
it is a simliar pattern here:
(gdb) bt
#0 0x00005555557ba7b8 in fprintf (__fmt=<optimized out>,
__stream=<optimized out>)
at /usr/include/bits/stdio2.h:97
#1 trace_input_event_key_qcode (down=<optimized out>, qcode=<optimized
out>,
conidx=<optimized out>) at ./trace/generated-tracers.h:5664
#2 qemu_input_event_trace (evt=0x5555564012c0, src=0x0)
at /home/kraxel/projects/qemu/ui/input.c:104
#3 qemu_input_event_send (src=src@entry=0x0,
evt=evt@entry=0x5555564012c0)
at /home/kraxel/projects/qemu/ui/input.c:137
#4 0x00005555557baab2 in qemu_input_event_send_key (src=0x0,
key=<optimized out>,
down=<optimized out>) at /home/kraxel/projects/qemu/ui/input.c:185
[ ... ]
(gdb) up
#1 trace_input_event_key_qcode (down=<optimized out>, qcode=<optimized
out>,
conidx=<optimized out>) at ./trace/generated-tracers.h:5664
5664 fprintf(stderr, "input_event_key_qcode " "con %d, key
qcode %s, down %d" "\n" , conidx, qcode, down);
(gdb) up
#2 qemu_input_event_trace (evt=0x5555564012c0, src=0x0)
at /home/kraxel/projects/qemu/ui/input.c:104
104 trace_input_event_key_qcode(idx, name,
evt->key->down);
(gdb) print *evt
$1 = {kind = INPUT_EVENT_KIND_KEY, {data = 0x5555564012e0, key =
0x5555564012e0,
btn = 0x5555564012e0, rel = 0x5555564012e0, abs = 0x5555564012e0}}
(gdb) print *evt->key->key
$2 = {kind = KEY_VALUE_KIND_NUMBER, {data = 0x20, number = 32, qcode =
Q_KEY_CODE_I}}
So, again, qemu crashing in a code path (trace_input_event_key_qcode)
which it should not have been executed in the first place (we have
KEY_VALUE_KIND_NUMBER not KEY_VALUE_KIND_QCODE).
Hmm. Puzzling. Anyone has an idea what is going on here?
cheers,
Gerd
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Qemu-devel] Bug with mpc8544ds machine.
2014-03-31 11:30 ` Gerd Hoffmann
@ 2014-03-31 11:43 ` Frederic Konrad
0 siblings, 0 replies; 3+ messages in thread
From: Frederic Konrad @ 2014-03-31 11:43 UTC (permalink / raw)
To: Gerd Hoffmann; +Cc: qemu-devel
On 31/03/2014 13:30, Gerd Hoffmann wrote:
> On Fr, 2014-03-28 at 15:37 +0100, Frederic Konrad wrote:
>> Hi everybody,
>>
>> I didn't see anything on the list about that.
>> I get this bug in the current git.
>>
>> I configured qemu with the following command line:
>>
>> ./configure --target-list=ppc-softmmu
>>
>> I ran QEMU with the following command line:
>>
>> ./ppc-softmmu/qemu-system-ppc --M mpc8544ds
> ... then hit any key. Crashes on first keypress for me, and given the
> stacktrace I think it is the same for you.
Hi,
On my side I don't need to push any key.
>> (gdb) bt
>> #0 0x00007fecf8e2a578 in qemu_input_transform_abs_rotate
>> (evt=<optimized out>) at ui/input.c:79
>> #1 qemu_input_event_send (src=src@entry=0x0,
>> evt=evt@entry=0x7fecfaac3130) at ui/input.c:141
>> #2 0x00007fecf8e2a71a in qemu_input_event_send_key (src=0x0,
>> key=<optimized out>, down=<optimized out>) at ui/input.c:185
>> #3 0x00007fecf8e2a7c2 in qemu_input_event_send_key_number
>> (src=<optimized out>, num=<optimized out>, down=<optimized out>) at
>> ui/input.c:195
> The key press event is created, then sent, and qemu crashes in a code
> path which isn't executed in the first place for keyboard events.
>
> Trying to reproduce locally crashes in a slightly different place, but
> it is a simliar pattern here:
>
> (gdb) bt
> #0 0x00005555557ba7b8 in fprintf (__fmt=<optimized out>,
> __stream=<optimized out>)
> at /usr/include/bits/stdio2.h:97
> #1 trace_input_event_key_qcode (down=<optimized out>, qcode=<optimized
> out>,
> conidx=<optimized out>) at ./trace/generated-tracers.h:5664
> #2 qemu_input_event_trace (evt=0x5555564012c0, src=0x0)
> at /home/kraxel/projects/qemu/ui/input.c:104
> #3 qemu_input_event_send (src=src@entry=0x0,
> evt=evt@entry=0x5555564012c0)
> at /home/kraxel/projects/qemu/ui/input.c:137
> #4 0x00005555557baab2 in qemu_input_event_send_key (src=0x0,
> key=<optimized out>,
> down=<optimized out>) at /home/kraxel/projects/qemu/ui/input.c:185
> [ ... ]
>
> (gdb) up
> #1 trace_input_event_key_qcode (down=<optimized out>, qcode=<optimized
> out>,
> conidx=<optimized out>) at ./trace/generated-tracers.h:5664
> 5664 fprintf(stderr, "input_event_key_qcode " "con %d, key
> qcode %s, down %d" "\n" , conidx, qcode, down);
> (gdb) up
> #2 qemu_input_event_trace (evt=0x5555564012c0, src=0x0)
> at /home/kraxel/projects/qemu/ui/input.c:104
> 104 trace_input_event_key_qcode(idx, name,
> evt->key->down);
> (gdb) print *evt
> $1 = {kind = INPUT_EVENT_KIND_KEY, {data = 0x5555564012e0, key =
> 0x5555564012e0,
> btn = 0x5555564012e0, rel = 0x5555564012e0, abs = 0x5555564012e0}}
> (gdb) print *evt->key->key
> $2 = {kind = KEY_VALUE_KIND_NUMBER, {data = 0x20, number = 32, qcode =
> Q_KEY_CODE_I}}
>
> So, again, qemu crashing in a code path (trace_input_event_key_qcode)
> which it should not have been executed in the first place (we have
> KEY_VALUE_KIND_NUMBER not KEY_VALUE_KIND_QCODE).
>
> Hmm. Puzzling. Anyone has an idea what is going on here?
>
> cheers,
> Gerd
>
>
>
I had a different behaviour with --enable-debug configure flags:
Program received signal SIGSEGV, Segmentation fault.
0x0000555555808193 in qemu_input_event_send (src=0x0,
evt=0x5555566202f0) at ui/input.c:146
146 s->handler->event(s->dev, src, evt);
2: evt->kind = INPUT_EVENT_KIND_BTN
1: s = (QemuInputHandlerState *) 0x0
Seems qemu_input_find_handler returned NULL for me.
Adding this fixes the issue:
diff --git a/ui/input.c b/ui/input.c
index 2761911..d7670e9 100644
--- a/ui/input.c
+++ b/ui/input.c
@@ -143,8 +143,11 @@ void qemu_input_event_send(QemuConsole *src,
InputEvent *evt)
/* send event */
s = qemu_input_find_handler(1 << evt->kind);
- s->handler->event(s->dev, src, evt);
- s->events++;
+
+ if (s != NULL) {
+ s->handler->event(s->dev, src, evt);
+ s->events++;
+ }
}
void qemu_input_event_sync(void)
Thanks,
Fred
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-03-31 11:44 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-03-28 14:37 [Qemu-devel] Bug with mpc8544ds machine Frederic Konrad
2014-03-31 11:30 ` Gerd Hoffmann
2014-03-31 11:43 ` Frederic Konrad
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.