[Qemu-devel] "sleep" segfaults on qemu-0.8.1/kqemu-1.3.0pre6

[Qemu-devel] "sleep" segfaults on qemu-0.8.1/kqemu-1.3.0pre6

[Christian MICHON]

Host: winXP pro
Guest: Redhat 7.2

when kqemu (user mode) is active, "sleep 1" segfaults each time.
With kqemu disabled, no problem

--
Christian

[Qemu-devel] Re: "sleep" segfaults on qemu-0.8.1/kqemu-1.3.0pre6

[Lorenzo Campedelli]

[-- Attachment #1: Type: text/plain, Size: 547 bytes --]

I see this also.

host is Fedora Core 4
guest is a 2.4 kernel

It seems to die in modify_ldt(), the libc function just after returning 
from the modify_ldt() system call, if I understand the traces.

This doesn't happen using the same qemu with kqemu-1.3.0pre5.

Attached are gdb and strace output, in case they can tell something more...

Regards,
Lorenzo


Christian MICHON wrote:
> Host: winXP pro
> Guest: Redhat 7.2
> 
> when kqemu (user mode) is active, "sleep 1" segfaults each time.
> With kqemu disabled, no problem
> 
> -- 
> Christian


[-- Attachment #2: strace.out --]
[-- Type: text/plain, Size: 5090 bytes --]

execve("/bin/sleep", ["sleep", "1"], [/* 21 vars */]) = 0
uname({sys="Linux", node="MCP-1-0", ...}) = 0
brk(0)                                  = 0x804b310
open("/etc/ld.so.preload", O_RDONLY)    = -1 ENOENT (No such file or directory)
open("i686/mmx/libm.so.6", O_RDONLY)    = -1 ENOENT (No such file or directory)
open("i686/libm.so.6", O_RDONLY)        = -1 ENOENT (No such file or directory)
open("mmx/libm.so.6", O_RDONLY)         = -1 ENOENT (No such file or directory)
open("libm.so.6", O_RDONLY)             = -1 ENOENT (No such file or directory)
open("/usr/local/lib/i686/mmx/libm.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/local/lib/i686/mmx", 0xbffff200) = -1 ENOENT (No such file or directory)
open("/usr/local/lib/i686/libm.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/local/lib/i686", 0xbffff200) = -1 ENOENT (No such file or directory)
open("/usr/local/lib/mmx/libm.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/local/lib/mmx", 0xbffff200) = -1 ENOENT (No such file or directory)
open("/usr/local/lib/libm.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
stat64("/usr/local/lib", {st_mode=S_IFDIR|0755, st_size=3072, ...}) = 0
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=11583, ...}) = 0
mmap2(NULL, 11583, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40016000
close(3)                                = 0
open("/lib/libm.so.6", O_RDONLY)        = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\3005\0"..., 1024) = 1024
fstat64(3, {st_mode=S_IFREG|0644, st_size=152872, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40019000
mmap2(NULL, 137984, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4001a000
mprotect(0x4003b000, 2816, PROT_NONE)   = 0
mmap2(0x4003b000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x20) = 0x4003b000
close(3)                                = 0
open("i686/mmx/librt.so.1", O_RDONLY)   = -1 ENOENT (No such file or directory)
open("i686/librt.so.1", O_RDONLY)       = -1 ENOENT (No such file or directory)
open("mmx/librt.so.1", O_RDONLY)        = -1 ENOENT (No such file or directory)
open("librt.so.1", O_RDONLY)            = -1 ENOENT (No such file or directory)
open("/usr/local/lib/librt.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/librt.so.1", O_RDONLY)       = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\33"..., 1024) = 1024
fstat64(3, {st_mode=S_IFREG|0644, st_size=29700, ...}) = 0
mmap2(NULL, 74584, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4003c000
mprotect(0x40043000, 45912, PROT_NONE)  = 0
mmap2(0x40043000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x6) = 0x40043000
mmap2(0x40044000, 41816, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40044000
close(3)                                = 0
open("i686/mmx/libc.so.6", O_RDONLY)    = -1 ENOENT (No such file or directory)
open("i686/libc.so.6", O_RDONLY)        = -1 ENOENT (No such file or directory)
open("mmx/libc.so.6", O_RDONLY)         = -1 ENOENT (No such file or directory)
open("libc.so.6", O_RDONLY)             = -1 ENOENT (No such file or directory)
open("/usr/local/lib/libc.so.6", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 Z\1\000"..., 1024) = 1024
fstat64(3, {st_mode=S_IFREG|0755, st_size=1356440, ...}) = 0
mmap2(NULL, 1300612, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4004f000
mprotect(0x40186000, 26756, PROT_NONE)  = 0
mmap2(0x40186000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x136) = 0x40186000
mmap2(0x4018a000, 10372, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4018a000
close(3)                                = 0
open("i686/mmx/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("i686/libpthread.so.0", O_RDONLY)  = -1 ENOENT (No such file or directory)
open("mmx/libpthread.so.0", O_RDONLY)   = -1 ENOENT (No such file or directory)
open("libpthread.so.0", O_RDONLY)       = -1 ENOENT (No such file or directory)
open("/usr/local/lib/libpthread.so.0", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/libpthread.so.0", O_RDONLY)  = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340@\0"..., 1024) = 1024
fstat64(3, {st_mode=S_IFREG|0644, st_size=61612, ...}) = 0
mmap2(NULL, 327296, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4018d000
mprotect(0x4019a000, 274048, PROT_NONE) = 0
mmap2(0x4019a000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xd) = 0x4019a000
mmap2(0x4019b000, 269952, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4019b000
close(3)                                = 0
munmap(0x40016000, 11583)               = 0
modify_ldt(1, {entry_number:0, base_addr:0x4019a060, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}, 16) = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++

[-- Attachment #3: gdb.out --]
[-- Type: text/plain, Size: 792 bytes --]

root@MCP-1-0:~# gdb /bin/sleep
GNU gdb 6.0 (MontaVista 6.0-8.0.7.0300532 2003-12-24)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i686-hardhat-linux"...(no debugging symbols found)...
(gdb) r 1
Starting program: /bin/sleep 1
(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x4014f794 in modify_ldt () from /lib/libc.so.6
(gdb)

Re: [Qemu-devel] Re: "sleep" segfaults on qemu-0.8.1/kqemu-1.3.0pre6

[Fabrice Bellard]

Right, it is a regression caused by a typo in kqemu 1.3.0pre6. I just 
released kqemu-1.3.0pre7 which should correct the issue. Windows 98 
should also work again with it.

Regards,

Fabrice.

Lorenzo Campedelli wrote:
> I see this also.
> 
> host is Fedora Core 4
> guest is a 2.4 kernel
> 
> It seems to die in modify_ldt(), the libc function just after returning 
> from the modify_ldt() system call, if I understand the traces.
> 
> This doesn't happen using the same qemu with kqemu-1.3.0pre5.
> 
> Attached are gdb and strace output, in case they can tell something more...
> 
> Regards,
> Lorenzo
> 
> 
> Christian MICHON wrote:
> 
>> Host: winXP pro
>> Guest: Redhat 7.2
>>
>> when kqemu (user mode) is active, "sleep 1" segfaults each time.
>> With kqemu disabled, no problem
>>
>> -- 
>> Christian

Re: [Qemu-devel] Re: "sleep" segfaults on qemu-0.8.1/kqemu-1.3.0pre6

[Lorenzo Campedelli]

Just tried kqemu-1.3.0pre7 and it works great now.

I still have some problems when using -kernel-kqemu, but I couldn't tell 
exactly what... It looks not stable, sometimes it just doesn't finish 
the linux boot, for instance. I'll let you know more when/if I have more 
clear ideas ;).

Thanks for your work!

Regards,
Lorenzo

Fabrice Bellard wrote:
> Right, it is a regression caused by a typo in kqemu 1.3.0pre6. I just 
> released kqemu-1.3.0pre7 which should correct the issue. Windows 98 
> should also work again with it.
> 
> Regards,
> 
> Fabrice.
> 
> Lorenzo Campedelli wrote:
> 
>> I see this also.
>>
>> host is Fedora Core 4
>> guest is a 2.4 kernel
>>
>> It seems to die in modify_ldt(), the libc function just after 
>> returning from the modify_ldt() system call, if I understand the traces.
>>
>> This doesn't happen using the same qemu with kqemu-1.3.0pre5.
>>
>> Attached are gdb and strace output, in case they can tell something 
>> more...
>>
>> Regards,
>> Lorenzo
>>
>>
>> Christian MICHON wrote:
>>
>>> Host: winXP pro
>>> Guest: Redhat 7.2
>>>
>>> when kqemu (user mode) is active, "sleep 1" segfaults each time.
>>> With kqemu disabled, no problem
>>>
>>> -- 
>>> Christian
> 
> 
> 
> _______________________________________________
> Qemu-devel mailing list
> Qemu-devel@nongnu.org
> http://lists.nongnu.org/mailman/listinfo/qemu-devel
> 

Re: [Qemu-devel] Re: "sleep" segfaults on qemu-0.8.1/kqemu-1.3.0pre6

[Christian MICHON]

yep, it's fixed. Zith regqrds to -kernel-kqemu, it still generate a
TRAP unknown and hangs xp hosts...
Thanks for the quick fix.

On 5/7/06, Fabrice Bellard <fabrice@bellard.org> wrote:
> Right, it is a regression caused by a typo in kqemu 1.3.0pre6. I just
> released kqemu-1.3.0pre7 which should correct the issue. Windows 98
> should also work again with it.
>
> Regards,
>
> Fabrice.
>