From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:50227)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <breuerr@mc.net>) id 1RFexq-0005IW-AM
	for qemu-devel@nongnu.org; Mon, 17 Oct 2011 00:38:15 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <breuerr@mc.net>) id 1RFexp-0003f3-7Q
	for qemu-devel@nongnu.org; Mon, 17 Oct 2011 00:38:14 -0400
Received: from mail.mc.net ([209.172.128.24]:53457)
	by eggs.gnu.org with smtp (Exim 4.71)
	(envelope-from <breuerr@mc.net>) id 1RFexp-0003en-2H
	for qemu-devel@nongnu.org; Mon, 17 Oct 2011 00:38:13 -0400
Message-ID: <4E9BB180.6080506@mc.net>
Date: Sun, 16 Oct 2011 23:39:28 -0500
From: Bob Breuer <breuerr@mc.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] qemu-system-sparc io-thread segfault on win32
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel <qemu-devel@nongnu.org>

I'm getting a segfault from qemu-system-sparc with the io thread enabled
on win32.  This is with the latest mingw (gcc 4.6.1).  mipsel also
fails, but i386 is ok.  I haven't checked any of the other system
targets, but they might also show this problem.

git bisect points to commit cea5f9a cpu-exec.c: avoid AREG0 use, but
that would seem to only expose the bug instead of creating it.  In
cpu_exec(), assigning any valid pointer to ebp before setjmp will get it
working again.  It looks like a bogus value in ebp at the time of setjmp
will cause longjmp to abort on win32.

Here's some output from gdb for the crash:
  Starting program: d:\qemu\build-mingw\sparc-softmmu\qemu-system-sparc.exe
  -m 64 -L ./qemu-git/pc-bios
  [New Thread 2128.0x664]
  [New Thread 2128.0x5d4]
  [New Thread 2128.0x6dc]
  [Switching to Thread 2128.0x6dc]

  Breakpoint 1, 0x00514a30 in _setjmp ()
  (gdb) info registers
  eax            0x1989b7c        26778492
  ecx            0x1982008        26746888
  edx            0x0      0
  ebx            0x1982008        26746888
  esp            0x378fe00        0x378fe00
  ebp            0xfffffffe       0xfffffffe
  esi            0x0      0
  edi            0x1982008        26746888
  eip            0x514a30 0x514a30 <_setjmp>
  eflags         0x202    [ IF ]
  cs             0x1b     27
  ss             0x23     35
  ds             0x23     35
  es             0x23     35
  fs             0x38     56
  gs             0x0      0
  (gdb) c
  Continuing.

  Program received signal SIGSEGV, Segmentation fault.
  0x7800bd65 in abnormal_termination () from C:\WINNT\system32\msvcrt.dll
  (gdb) bt
  #0  0x7800bd65 in abnormal_termination () from
C:\WINNT\system32\msvcrt.dll
  #1  0x0378ffa4 in ?? ()
  Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Bob