Re: [Qemu-devel] qemu-i386 segfaults running "hello world".

[Rob Landley <rob@landley.net>]

On Friday 22 June 2007 19:13:19 Alexander Graf wrote:
> Rob Landley wrote:
> > Ok, it's a more fundamental problem:
> >
> > landley@triolith:/sys$ qemu-i386
> > Segmentation fault (core dumped)
> >
> > Nothing to do with the program it's trying to run, it segfaults with no
> > arguments.
> >
> > Is anybody else seeing this?
> >
> > Rob
>
> agraf@mac:/vm/qemu-devel/patches/qemu> qemu-i386 ~/hello
> Hello world!
>
> Well it works for me. I usually see this segfault when trying to compile
> qemu with a gcc4. Try gcc3 and everything should be fine.

It's using gcc-3.4.  The one that comes with Ubuntu 7.04.  (Or at 
least ./configure said it had found gcc-3.4 during configuration, anyway.)

I ran the sucker under strace and it seems to be segfaulting right before it 
calls main().  I stuck an exit(1) at the start of main and it doesn't get to 
it, but it's after all the shared libraries are loaded:

> mprotect(0xb7f3f000, 4096, PROT_READ)   = 0
> mprotect(0x80000000, 548864, PROT_READ|PROT_WRITE) = 0
> mprotect(0x80000000, 548864, PROT_READ|PROT_EXEC) = 0
> munmap(0xb7f76000, 57255)               = 0
> set_tid_address(0xb7deca88)             = 4338
> sendto(-1210135920, umovestr: Input/output error
> 0xc, 3084914676,
> MSG_DONTWAIT|MSG_CONFIRM|MSG_FIN|MSG_NOSIGNAL|MSG_MORE|0xb7de0000,
> {sa_family=AF_DECnet, sa_data="\0\0\320=\0\0\r\0\0\0p\362\0\0"},
> 3217384328) = 0 rt_sigaction(SIGRTMIN, {0xb7df13f0, [], SA_SIGINFO}, NULL,
> 8) = 0
> rt_sigaction(SIGRT_1, {0xb7df1300, [], SA_RESTART|SA_SIGINFO}, NULL, 8) = 0
> rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
> getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
> uname({sys="Linux", node="triolith", ...}) = 0
> --- SIGSEGV (Segmentation fault) @ 0 (0) ---
> +++ killed by SIGSEGV (core dumped) +++
> Process 4338 detached

If I link "int main() {}" against -lm and -lrt I get the same set of calls up 
through the first mprotect.  (The next two mprotects are probably setting up 
other segments like bss that an empty program doesn't have.)  Then everything 
up through the uname() is the same...  And then it would call "main".

Right now I'm commenting out various global variable initializations because 
that's what comes to mind as "stuff that runs right before main()".

By the way, by commenting out this bit:

//const char interp[] __attribute__((section(".interp"))) 
= "/lib/ld-linux.so.2";

I made it go from "segmentation fault" to "illegal instruction" as the reason 
it dies.  Which is weird because there's no non-x86 toolchain the path, this 
is all stock Ubuntu stuff.  But oh well...

> Alex

Rob
-- 
"One of my most productive days was throwing away 1000 lines of code."
  - Ken Thompson.