Am Samstag, 24. August 2013, 00:21:57 schrieb Christof Schulze: > Hello qemu-devel list,
> This is my first post to this list and I am not sure whether this
> actually is the correct Mailinglist. I recently compiled qemu-1.6.0
> on an arm platform for the purpose of running the binary only
> otrdecoder-software which is available for a 64bit linux only. I
> pursued the following steps:
> * creating a chroot on my x64-box that contained the otrdecoder and
> all libraries it needs to run
> * test-run the otrdecoder from within the chroot (it works)
> * copying this chroot to my arm box, where I compiled qemu previously
> * copying qemu and all required libs to the chroot
> * copying a shell to the chroot
> * copying libnss* libraries from my 64bit system and from my arm
> system to the chroot
> * test network connectivity from within the chroot using native
> nslookup and native ping (it works)
> * from within the chroot I ran the otrdecoder using qemu-x86_64 which
> works up to a point where it segfaults.
> running qemu using the -strace flag and comparing the output with a
> successful strace from my 64bit-box reveals that the segfault happens
> after an munmap and before (or at) the spot where a socket() operation
> is run.
> This is the operation that should be run:
> socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
> I am not sure if qemu segfaults because
> * there are actually libs missing in the chroot
> * the syscall is not supported
> * the binary does crazy things and is not supported by qemu-user
> At the same time running the 64bit version of ping results in a
> segfault as well which might be related.
> this is what the segfault of the otrdecoder shows:
> --- SIGSEGV (Segmentation fault) @ 0 (0) ---
> rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
> SYS_369(0, 0x4, 0, 0xbe9f6d48, 0x4) = 0
> SYS_369(0, 0x4, 0, 0xbe9f8dd8, 0x4) = 0
> SYS_369(0, 0x4, 0xbe9f8dd8, 0, 0xbe9f8dd8) = 0
> futex(0xb6dcf7d0, FUTEX_WAKE_PRIVATE, 2147483647) = 0
> write(2, "qemu: uncaught target signal 11 "..., 67qemu: uncaught target
> signal 11 (Segmentation fault) - core dumped
> ) = 67
> rt_sigaction(SIGSEGV, {SIG_DFL, ~[RTMIN RT_1], SA_INTERRUPT|SA_NODEFER|
> 0x5199d28}, NULL, 8) = 0
> kill(30161, SIGSEGV) = 0
> --- SIGSEGV (Segmentation fault) @ 0 (0) ---
> +++ killed by SIGSEGV +++
> What can I do to investigate further and get this fixed besides trying
> to emulate a full-blown system?
After reading this https://bugs.launchpad.net/qemu/+bug/739785, I
started another try with a statically built version of qemu-1.6.0 with
enabled debugging options. As discussed on irc I am cc'ing rth.
After I copied qemu-x86_64-static to the chroot things still lead to a
segfault. This happens as well when qemu-user is run with "-R 32M".
A 64bit version of ping and the otrdecoder (the application that I am
actually trying to run) show the same symptoms and apart from the memory
addresses exactly the same backtrace.
Please find below a backtrace of the crash:
#0 0x600dcb8c in ldub_p (ptr=0xff600400) at /mnt/data/build/qemu-1.6.0-
ministatic/include/qemu/bswap.h:223
#1 0x60104fc4 in disas_insn (env=0x612def20, s=0xbeffeb30,
pc_start=18446744073699066880)
at /mnt/data/build/qemu-1.6.0-ministatic/target-i386/translate.c:4692
#2 0x60113abc in gen_intermediate_code_internal (cpu=0x612dee60,
tb=0xb5a869a0, search_pc=false)
at /mnt/data/build/qemu-1.6.0-ministatic/target-i386/translate.c:8367
#3 0x60113ea0 in gen_intermediate_code (env=0x612def20, tb=0xb5a869a0)
at /mnt/data/build/qemu-1.6.0-ministatic/target-i386/translate.c:8433
#4 0x60128638 in cpu_x86_gen_code (env=0x612def20, tb=0xb5a869a0,
gen_code_size_ptr=0xbeffecc8)
at /mnt/data/build/qemu-1.6.0-ministatic/translate-all.c:155
#5 0x6012a100 in tb_gen_code (env=0x612def20, pc=18446744073699066880,
cs_base=0, flags=4243635, cflags=0)
at /mnt/data/build/qemu-1.6.0-ministatic/translate-all.c:964
#6 0x600402c4 in tb_find_slow (env=0x612def20, pc=18446744073699066880,
cs_base=0, flags=4243635)
at /mnt/data/build/qemu-1.6.0-ministatic/cpu-exec.c:145
#7 0x60040508 in tb_find_fast (env=0x612def20) at /mnt/data/build/qemu-1.6.0-
ministatic/cpu-exec.c:172
#8 0x60040c60 in cpu_x86_exec (env=0x612def20) at /mnt/data/build/qemu-1.6.0-
ministatic/cpu-exec.c:599
#9 0x6006fedc in cpu_loop (env=0x612def20) at /mnt/data/build/qemu-1.6.0-
ministatic/linux-user/main.c:283
#10 0x60072110 in main (argc=13, argv=0xbefff714, envp=0xbefff74c) at
/mnt/data/build/qemu-1.6.0-ministatic/linux-user/main.c:4079
A 64bit version of ls does not crash however the output is mangled and
incomplete - also a sign of corruption. So many programs seem to be
affected.
Additional information that might be useful:
cat /proc/cpu/alignment
User: 411600089
System: 5057
Skipped: 0
Half: 61365313
Word: 350239832
DWord: 1
Multi: 0
User faults: 2 (fixup)
# cat /proc/cpuinfo
processor : 0
model name : Feroceon 88FR131 rev 1 (v5l)
BogoMIPS : 1191.11
Features : swp half thumb fastmult edsp
CPU implementer : 0x56
CPU architecture: 5TE
CPU variant : 0x2
CPU part : 0x131
CPU revision : 1
Hardware : Marvell GuruPlug Reference Board
Revision : 0000
Serial : 0000000000000000
What further input is required? If needed, I can provide my chroot that
has only ~50MB via torrent.
Christof
--
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments
signature.asc
Description: This is a digitally signed message part.
