* [Qemu-devel] Bug with mpc8544ds machine.
@ 2014-03-28 14:37 Frederic Konrad
2014-03-31 11:30 ` Gerd Hoffmann
0 siblings, 1 reply; 3+ messages in thread
From: Frederic Konrad @ 2014-03-28 14:37 UTC (permalink / raw)
To: Gerd Hoffmann, qemu-devel; +Cc: fred.konrad
Hi everybody,
I didn't see anything on the list about that.
I get this bug in the current git.
I configured qemu with the following command line:
./configure --target-list=ppc-softmmu
I ran QEMU with the following command line:
./ppc-softmmu/qemu-system-ppc --M mpc8544ds
I get this segfault:
(gdb) bt
#0 0x00007fecf8e2a578 in qemu_input_transform_abs_rotate
(evt=<optimized out>) at ui/input.c:79
#1 qemu_input_event_send (src=src@entry=0x0,
evt=evt@entry=0x7fecfaac3130) at ui/input.c:141
#2 0x00007fecf8e2a71a in qemu_input_event_send_key (src=0x0,
key=<optimized out>, down=<optimized out>) at ui/input.c:185
#3 0x00007fecf8e2a7c2 in qemu_input_event_send_key_number
(src=<optimized out>, num=<optimized out>, down=<optimized out>) at
ui/input.c:195
#4 0x00007fecf8e26c9a in gd_key_event (widget=<optimized out>,
key=<optimized out>, opaque=0x7fecfa790510) at ui/gtk.c:762
#5 0x00007fecf6864f0c in _gtk_marshal_BOOLEAN__BOXED () from
/lib64/libgtk-x11-2.0.so.0
#6 0x00007fecf4f38910 in g_closure_invoke () from
/lib64/libgobject-2.0.so.0
#7 0x00007fecf4f49d08 in signal_emit_unlocked_R () from
/lib64/libgobject-2.0.so.0
#8 0x00007fecf4f518c7 in g_signal_emit_valist () from
/lib64/libgobject-2.0.so.0
#9 0x00007fecf4f51de2 in g_signal_emit () from /lib64/libgobject-2.0.so.0
#10 0x00007fecf6998fee in gtk_widget_event_internal () from
/lib64/libgtk-x11-2.0.so.0
#11 0x00007fecf69af96b in gtk_window_propagate_key_event () from
/lib64/libgtk-x11-2.0.so.0
#12 0x00007fecf69af9af in gtk_window_key_release_event () from
/lib64/libgtk-x11-2.0.so.0
#13 0x00007fecf6864f0c in _gtk_marshal_BOOLEAN__BOXED () from
/lib64/libgtk-x11-2.0.so.0
#14 0x00007fecf4f38910 in g_closure_invoke () from
/lib64/libgobject-2.0.so.0
#15 0x00007fecf4f49a80 in signal_emit_unlocked_R () from
/lib64/libgobject-2.0.so.0
#16 0x00007fecf4f518c7 in g_signal_emit_valist () from
/lib64/libgobject-2.0.so.0
#17 0x00007fecf4f51de2 in g_signal_emit () from /lib64/libgobject-2.0.so.0
#18 0x00007fecf6998fee in gtk_widget_event_internal () from
/lib64/libgtk-x11-2.0.so.0
#19 0x00007fecf6862d67 in gtk_propagate_event () from
/lib64/libgtk-x11-2.0.so.0
#20 0x00007fecf6863013 in gtk_main_do_event () from
/lib64/libgtk-x11-2.0.so.0
#21 0x00007fecf64b9f1c in gdk_event_dispatch () from
/lib64/libgdk-x11-2.0.so.0
#22 0x00007fecf80e0a55 in g_main_context_dispatch () from
/lib64/libglib-2.0.so.0
#23 0x00007fecf8dc6958 in glib_pollfds_poll () at main-loop.c:190
#24 os_host_main_loop_wait (timeout=<optimized out>) at main-loop.c:235
#25 main_loop_wait (nonblocking=<optimized out>) at main-loop.c:484
#26 0x00007fecf8caeece in main_loop () at vl.c:2051
#27 main (argc=<optimized out>, argv=<optimized out>, envp=<optimized
out>) at vl.c:4507
Git bisect gives:
9784e5793000f27cf4b506511fedf207dcf8521c is the first bad commit
commit 9784e5793000f27cf4b506511fedf207dcf8521c
Author: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed Nov 27 11:59:25 2013 +0100
input: keyboard: switch legacy handlers to new core
legacy kbd event handlers are registered in the new core,
so they receive events from the new input core code.
keycode -> scancode translation needed here.
legacy kbd_put_keycode() sends events to the new core.
scancode -> keycode translation needed here.
So with this patch the new input core is fully functional
for keyboard events. New + legacy interfaces can be mixed
in any way.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Did I miss something?
Thanks,
Fred
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [Qemu-devel] Bug with mpc8544ds machine. 2014-03-28 14:37 [Qemu-devel] Bug with mpc8544ds machine Frederic Konrad @ 2014-03-31 11:30 ` Gerd Hoffmann 2014-03-31 11:43 ` Frederic Konrad 0 siblings, 1 reply; 3+ messages in thread From: Gerd Hoffmann @ 2014-03-31 11:30 UTC (permalink / raw) To: Frederic Konrad; +Cc: qemu-devel On Fr, 2014-03-28 at 15:37 +0100, Frederic Konrad wrote: > Hi everybody, > > I didn't see anything on the list about that. > I get this bug in the current git. > > I configured qemu with the following command line: > > ./configure --target-list=ppc-softmmu > > I ran QEMU with the following command line: > > ./ppc-softmmu/qemu-system-ppc --M mpc8544ds ... then hit any key. Crashes on first keypress for me, and given the stacktrace I think it is the same for you. > (gdb) bt > #0 0x00007fecf8e2a578 in qemu_input_transform_abs_rotate > (evt=<optimized out>) at ui/input.c:79 > #1 qemu_input_event_send (src=src@entry=0x0, > evt=evt@entry=0x7fecfaac3130) at ui/input.c:141 > #2 0x00007fecf8e2a71a in qemu_input_event_send_key (src=0x0, > key=<optimized out>, down=<optimized out>) at ui/input.c:185 > #3 0x00007fecf8e2a7c2 in qemu_input_event_send_key_number > (src=<optimized out>, num=<optimized out>, down=<optimized out>) at > ui/input.c:195 The key press event is created, then sent, and qemu crashes in a code path which isn't executed in the first place for keyboard events. Trying to reproduce locally crashes in a slightly different place, but it is a simliar pattern here: (gdb) bt #0 0x00005555557ba7b8 in fprintf (__fmt=<optimized out>, __stream=<optimized out>) at /usr/include/bits/stdio2.h:97 #1 trace_input_event_key_qcode (down=<optimized out>, qcode=<optimized out>, conidx=<optimized out>) at ./trace/generated-tracers.h:5664 #2 qemu_input_event_trace (evt=0x5555564012c0, src=0x0) at /home/kraxel/projects/qemu/ui/input.c:104 #3 qemu_input_event_send (src=src@entry=0x0, evt=evt@entry=0x5555564012c0) at /home/kraxel/projects/qemu/ui/input.c:137 #4 0x00005555557baab2 in qemu_input_event_send_key (src=0x0, key=<optimized out>, down=<optimized out>) at /home/kraxel/projects/qemu/ui/input.c:185 [ ... ] (gdb) up #1 trace_input_event_key_qcode (down=<optimized out>, qcode=<optimized out>, conidx=<optimized out>) at ./trace/generated-tracers.h:5664 5664 fprintf(stderr, "input_event_key_qcode " "con %d, key qcode %s, down %d" "\n" , conidx, qcode, down); (gdb) up #2 qemu_input_event_trace (evt=0x5555564012c0, src=0x0) at /home/kraxel/projects/qemu/ui/input.c:104 104 trace_input_event_key_qcode(idx, name, evt->key->down); (gdb) print *evt $1 = {kind = INPUT_EVENT_KIND_KEY, {data = 0x5555564012e0, key = 0x5555564012e0, btn = 0x5555564012e0, rel = 0x5555564012e0, abs = 0x5555564012e0}} (gdb) print *evt->key->key $2 = {kind = KEY_VALUE_KIND_NUMBER, {data = 0x20, number = 32, qcode = Q_KEY_CODE_I}} So, again, qemu crashing in a code path (trace_input_event_key_qcode) which it should not have been executed in the first place (we have KEY_VALUE_KIND_NUMBER not KEY_VALUE_KIND_QCODE). Hmm. Puzzling. Anyone has an idea what is going on here? cheers, Gerd ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Qemu-devel] Bug with mpc8544ds machine. 2014-03-31 11:30 ` Gerd Hoffmann @ 2014-03-31 11:43 ` Frederic Konrad 0 siblings, 0 replies; 3+ messages in thread From: Frederic Konrad @ 2014-03-31 11:43 UTC (permalink / raw) To: Gerd Hoffmann; +Cc: qemu-devel On 31/03/2014 13:30, Gerd Hoffmann wrote: > On Fr, 2014-03-28 at 15:37 +0100, Frederic Konrad wrote: >> Hi everybody, >> >> I didn't see anything on the list about that. >> I get this bug in the current git. >> >> I configured qemu with the following command line: >> >> ./configure --target-list=ppc-softmmu >> >> I ran QEMU with the following command line: >> >> ./ppc-softmmu/qemu-system-ppc --M mpc8544ds > ... then hit any key. Crashes on first keypress for me, and given the > stacktrace I think it is the same for you. Hi, On my side I don't need to push any key. >> (gdb) bt >> #0 0x00007fecf8e2a578 in qemu_input_transform_abs_rotate >> (evt=<optimized out>) at ui/input.c:79 >> #1 qemu_input_event_send (src=src@entry=0x0, >> evt=evt@entry=0x7fecfaac3130) at ui/input.c:141 >> #2 0x00007fecf8e2a71a in qemu_input_event_send_key (src=0x0, >> key=<optimized out>, down=<optimized out>) at ui/input.c:185 >> #3 0x00007fecf8e2a7c2 in qemu_input_event_send_key_number >> (src=<optimized out>, num=<optimized out>, down=<optimized out>) at >> ui/input.c:195 > The key press event is created, then sent, and qemu crashes in a code > path which isn't executed in the first place for keyboard events. > > Trying to reproduce locally crashes in a slightly different place, but > it is a simliar pattern here: > > (gdb) bt > #0 0x00005555557ba7b8 in fprintf (__fmt=<optimized out>, > __stream=<optimized out>) > at /usr/include/bits/stdio2.h:97 > #1 trace_input_event_key_qcode (down=<optimized out>, qcode=<optimized > out>, > conidx=<optimized out>) at ./trace/generated-tracers.h:5664 > #2 qemu_input_event_trace (evt=0x5555564012c0, src=0x0) > at /home/kraxel/projects/qemu/ui/input.c:104 > #3 qemu_input_event_send (src=src@entry=0x0, > evt=evt@entry=0x5555564012c0) > at /home/kraxel/projects/qemu/ui/input.c:137 > #4 0x00005555557baab2 in qemu_input_event_send_key (src=0x0, > key=<optimized out>, > down=<optimized out>) at /home/kraxel/projects/qemu/ui/input.c:185 > [ ... ] > > (gdb) up > #1 trace_input_event_key_qcode (down=<optimized out>, qcode=<optimized > out>, > conidx=<optimized out>) at ./trace/generated-tracers.h:5664 > 5664 fprintf(stderr, "input_event_key_qcode " "con %d, key > qcode %s, down %d" "\n" , conidx, qcode, down); > (gdb) up > #2 qemu_input_event_trace (evt=0x5555564012c0, src=0x0) > at /home/kraxel/projects/qemu/ui/input.c:104 > 104 trace_input_event_key_qcode(idx, name, > evt->key->down); > (gdb) print *evt > $1 = {kind = INPUT_EVENT_KIND_KEY, {data = 0x5555564012e0, key = > 0x5555564012e0, > btn = 0x5555564012e0, rel = 0x5555564012e0, abs = 0x5555564012e0}} > (gdb) print *evt->key->key > $2 = {kind = KEY_VALUE_KIND_NUMBER, {data = 0x20, number = 32, qcode = > Q_KEY_CODE_I}} > > So, again, qemu crashing in a code path (trace_input_event_key_qcode) > which it should not have been executed in the first place (we have > KEY_VALUE_KIND_NUMBER not KEY_VALUE_KIND_QCODE). > > Hmm. Puzzling. Anyone has an idea what is going on here? > > cheers, > Gerd > > > I had a different behaviour with --enable-debug configure flags: Program received signal SIGSEGV, Segmentation fault. 0x0000555555808193 in qemu_input_event_send (src=0x0, evt=0x5555566202f0) at ui/input.c:146 146 s->handler->event(s->dev, src, evt); 2: evt->kind = INPUT_EVENT_KIND_BTN 1: s = (QemuInputHandlerState *) 0x0 Seems qemu_input_find_handler returned NULL for me. Adding this fixes the issue: diff --git a/ui/input.c b/ui/input.c index 2761911..d7670e9 100644 --- a/ui/input.c +++ b/ui/input.c @@ -143,8 +143,11 @@ void qemu_input_event_send(QemuConsole *src, InputEvent *evt) /* send event */ s = qemu_input_find_handler(1 << evt->kind); - s->handler->event(s->dev, src, evt); - s->events++; + + if (s != NULL) { + s->handler->event(s->dev, src, evt); + s->events++; + } } void qemu_input_event_sync(void) Thanks, Fred ^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-03-31 11:44 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2014-03-28 14:37 [Qemu-devel] Bug with mpc8544ds machine Frederic Konrad 2014-03-31 11:30 ` Gerd Hoffmann 2014-03-31 11:43 ` Frederic Konrad
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.