On Fr, 2014-03-28 at 15:37 +0100, Frederic Konrad wrote:
> Hi everybody,
>
> I didn't see anything on the list about that.
> I get this bug in the current git.
>
> I configured qemu with the following command line:
>
> ./configure --target-list=ppc-softmmu
>
> I ran QEMU with the following command line:
>
> ./ppc-softmmu/qemu-system-ppc --M mpc8544ds
... then hit any key. Crashes on first keypress for me, and given the
stacktrace I think it is the same for you.
> (gdb) bt
> #0 0x00007fecf8e2a578 in qemu_input_transform_abs_rotate
> (evt=<optimized out>) at ui/input.c:79
> #1 qemu_input_event_send (src=src@entry=0x0,
> evt=evt@entry=0x7fecfaac3130) at ui/input.c:141
> #2 0x00007fecf8e2a71a in qemu_input_event_send_key (src=0x0,
> key=<optimized out>, down=<optimized out>) at ui/input.c:185
> #3 0x00007fecf8e2a7c2 in qemu_input_event_send_key_number
> (src=<optimized out>, num=<optimized out>, down=<optimized out>) at
> ui/input.c:195
The key press event is created, then sent, and qemu crashes in a code
path which isn't executed in the first place for keyboard events.
Trying to reproduce locally crashes in a slightly different place, but
it is a simliar pattern here:
(gdb) bt
#0 0x00005555557ba7b8 in fprintf (__fmt=<optimized out>,
__stream=<optimized out>)
at /usr/include/bits/stdio2.h:97
#1 trace_input_event_key_qcode (down=<optimized out>, qcode=<optimized
out>,
conidx=<optimized out>) at ./trace/generated-tracers.h:5664
#2 qemu_input_event_trace (evt=0x5555564012c0, src=0x0)
at /home/kraxel/projects/qemu/ui/input.c:104
#3 qemu_input_event_send (src=src@entry=0x0,
evt=evt@entry=0x5555564012c0)
at /home/kraxel/projects/qemu/ui/input.c:137
#4 0x00005555557baab2 in qemu_input_event_send_key (src=0x0,
key=<optimized out>,
down=<optimized out>) at /home/kraxel/projects/qemu/ui/input.c:185
[ ... ]
(gdb) up
#1 trace_input_event_key_qcode (down=<optimized out>, qcode=<optimized
out>,
conidx=<optimized out>) at ./trace/generated-tracers.h:5664
5664 fprintf(stderr, "input_event_key_qcode " "con %d, key
qcode %s, down %d" "\n" , conidx, qcode, down);
(gdb) up
#2 qemu_input_event_trace (evt=0x5555564012c0, src=0x0)
at /home/kraxel/projects/qemu/ui/input.c:104
104 trace_input_event_key_qcode(idx, name,
evt->key->down);
(gdb) print *evt
$1 = {kind = INPUT_EVENT_KIND_KEY, {data = 0x5555564012e0, key =
0x5555564012e0,
btn = 0x5555564012e0, rel = 0x5555564012e0, abs = 0x5555564012e0}}
(gdb) print *evt->key->key
$2 = {kind = KEY_VALUE_KIND_NUMBER, {data = 0x20, number = 32, qcode =
Q_KEY_CODE_I}}
So, again, qemu crashing in a code path (trace_input_event_key_qcode)
which it should not have been executed in the first place (we have
KEY_VALUE_KIND_NUMBER not KEY_VALUE_KIND_QCODE).
Hmm. Puzzling. Anyone has an idea what is going on here?
cheers,
Gerd
