summary refs log tree commit diff stats
path: root/results/classifier/108/other/1267
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--results/classifier/108/other/1267108
-rw-r--r--results/classifier/108/other/126752045
-rw-r--r--results/classifier/108/other/1267955189
3 files changed, 342 insertions, 0 deletions
diff --git a/results/classifier/108/other/1267 b/results/classifier/108/other/1267
new file mode 100644
index 000000000..cef3885c3
--- /dev/null
+++ b/results/classifier/108/other/1267
@@ -0,0 +1,108 @@
+graphic: 0.821
+vnc: 0.771
+device: 0.757
+permissions: 0.756
+KVM: 0.755
+performance: 0.750
+other: 0.732
+debug: 0.723
+PID: 0.694
+semantic: 0.691
+socket: 0.682
+boot: 0.645
+network: 0.606
+files: 0.593
+
+qemu-i386 missing VDSO
+Description of problem:
+Qemu crashes with a segmentation fault when running any binary using qemu-i386. Steps to reproduce are trivial, simply run `qemu-user ./test`. The file is here: [test](/uploads/fe0d498713e79d7e39f417e69ad64c2f/test). Basically any binary compiled with `GOARCH=386` using [TinyGo](https://tinygo.org/) should reproduce this issue.
+I also tried some trivial Go compiled binary and they also crash, but this time with an internal Go error that suggests something is terribly broken over there too: `fatal error: mallocgc called without a P or outside bootstrapping`
+
+Interestingly, qemu-x86_64 and qemu-arm appear to work just fine.
+
+Unfortunately I couldn't get a good backtrace on newer versions. It looks like this in the git version, which I doubt is correct:
+
+```
+~/src/qemu/build$ /bin/lldb ./qemu-i386
+(lldb) target create "./qemu-i386"
+Current executable set to '/home/ayke/src/qemu/build/qemu-i386' (aarch64).
+(lldb) run /home/ayke/src/tinygo/tinygo/test
+Process 97986 launched: '/home/ayke/src/qemu/build/qemu-i386' (aarch64)
+Process 97986 stopped
+* thread #1, name = 'qemu-i386', stop reason = unknown crash reason
+    frame #0: 0x0000fffff78fb9fc libc.so.6`__sigsuspend + 92
+libc.so.6`__sigsuspend:
+->  0xfffff78fb9fc <+92>:  svc    #0
+    0xfffff78fba00 <+96>:  cmn    x0, #0x1, lsl #12         ; =0x1000 
+    0xfffff78fba04 <+100>: b.hi   0xfffff78fba3c            ; <+156>
+    0xfffff78fba08 <+104>: mov    w19, w0
+(lldb) bt
+* thread #1, name = 'qemu-i386', stop reason = unknown crash reason
+  * frame #0: 0x0000fffff78fb9fc libc.so.6`__sigsuspend + 92
+    frame #1: 0x0000aaaaaabfcedc qemu-i386`dump_core_and_abort(target_sig=11) at signal.c:745:5
+    frame #2: 0x0000aaaaaabfc128 qemu-i386`handle_pending_signal(cpu_env=0x0000aaaaaae5d2e0, sig=11, k=0x0000aaaaaae68af8) at signal.c:1061:13
+    frame #3: 0x0000aaaaaabfbe48 qemu-i386`process_pending_signals(cpu_env=0x0000aaaaaae5d2e0) at signal.c:1141:13
+    frame #4: 0x0000aaaaaaae5a04 qemu-i386`cpu_loop(env=0x0000aaaaaae5d2e0) at cpu_loop.c:315:9
+    frame #5: 0x0000aaaaaabf5e7c qemu-i386`main(argc=2, argv=0x0000ffffffffecd8, envp=0x0000ffffffffecf0) at main.c:925:5
+    frame #6: 0x0000fffff78e7b80 libc.so.6`___lldb_unnamed_symbol2945 + 112
+    frame #7: 0x0000fffff78e7c60 libc.so.6`__libc_start_main + 160
+    frame #8: 0x0000aaaaaaae0430 qemu-i386`_start at start.S:81
+(lldb) ^D
+```
+
+I got a better (but still not great) backtrace in Qemu 7.0.0:
+
+```
+~/src/tinygo/tinygo$ /bin/lldb qemu-i386
+(lldb) target create "qemu-i386"
+Current executable set to 'qemu-i386' (aarch64).
+(lldb) run test
+Process 98106 launched: '/usr/bin/qemu-i386' (aarch64)
+Process 98106 stopped
+* thread #1, name = 'qemu-i386', stop reason = signal SIGSEGV: address access protected (fault address: 0x8000)
+    frame #0: 0x0000aaaaaac4b564 qemu-i386`cpu_ldub_code + 32
+qemu-i386`cpu_ldub_code:
+->  0xaaaaaac4b564 <+32>: ldrb   w0, [x0, w1, uxtw]
+    0xaaaaaac4b568 <+36>: str    xzr, [x2]
+    0xaaaaaac4b56c <+40>: ret    
+
+qemu-i386`cpu_lduw_code:
+    0xaaaaaac4b570 <+0>:  mrs    x2, TPIDR_EL0
+(lldb) bt
+* thread #1, name = 'qemu-i386', stop reason = signal SIGSEGV: address access protected (fault address: 0x8000)
+  * frame #0: 0x0000aaaaaac4b564 qemu-i386`cpu_ldub_code + 32
+    frame #1: 0x0000aaaaaac4a4a8 qemu-i386`translator_ldub_swap + 72
+    frame #2: 0x0000aaaaaabe6714 qemu-i386`___lldb_unnamed_symbol6310 + 144
+    frame #3: 0x0000aaaaaabed2e8 qemu-i386`___lldb_unnamed_symbol6311 + 24
+    frame #4: 0x0000aaaaaac4a040 qemu-i386`translator_loop + 400
+    frame #5: 0x0000aaaaaabed5a8 qemu-i386`gen_intermediate_code + 72
+    frame #6: 0x0000aaaaaac486ec qemu-i386`tb_gen_code + 364
+    frame #7: 0x0000aaaaaac43068 qemu-i386`cpu_exec + 1480
+    frame #8: 0x0000aaaaaabaa4b0 qemu-i386`cpu_loop + 208
+    frame #9: 0x0000aaaaaab8cb54 qemu-i386`main + 2020
+    frame #10: 0x0000fffff7687b80 libc.so.6`___lldb_unnamed_symbol2945 + 112
+    frame #11: 0x0000fffff7687c60 libc.so.6`__libc_start_main + 160
+    frame #12: 0x0000aaaaaab8d3b0 qemu-i386`_start + 48
+(lldb) ^D
+```
+
+And an even better backtrace for an even older version (5.2.0). Though I should note that this GDB also had an assertion failue, but the backtrace looks reasonable:
+
+```
+#0  0x0000aaaaaaba7804 in cpu_ldub_code (env=env@entry=0x0, ptr=0) at ../../accel/tcg/user-exec.c:1170
+#1  0x0000aaaaaab40d04 in translator_ldub_swap (do_swap=false, pc=<optimized out>, env=<optimized out>) at ./include/exec/translator.h:176
+#2  translator_ldub (pc=<optimized out>, env=<optimized out>) at ./include/exec/translator.h:176
+#3  x86_ldub_code (env=env@entry=0xaaaaaad809f0, s=s@entry=0xffffffffe990) at ../../target/i386/translate.c:1916
+#4  0x0000aaaaaab51670 in disas_insn (s=s@entry=0xffffffffe990, cpu=<optimized out>, cpu=<optimized out>) at ../../target/i386/translate.c:4506
+#5  0x0000aaaaaab5e1c8 in i386_tr_translate_insn (dcbase=0xffffffffe990, cpu=<optimized out>) at ../../target/i386/translate.c:8569
+#6  0x0000aaaaaabbc9f4 in translator_loop (ops=0xaaaaaacd62b0 <i386_tr_ops>, db=0xffffffffe990, cpu=0xaaaaaad786a0, tb=<optimized out>, max_insns=<optimized out>)
+    at ../../accel/tcg/translator.c:103
+#7  0x0000aaaaaab5e470 in gen_intermediate_code (cpu=cpu@entry=0xaaaaaad786a0, tb=tb@entry=0xffffe8007f00, max_insns=max_insns@entry=512)
+    at ../../target/i386/translate.c:8631
+#8  0x0000aaaaaabcd54c in tb_gen_code (cpu=cpu@entry=0xaaaaaad786a0, pc=pc@entry=0, cs_base=cs_base@entry=0, flags=flags@entry=4194483, cflags=-16777216, 
+    cflags@entry=0) at ../../accel/tcg/translate-all.c:1744
+#9  0x0000aaaaaabbe2a8 in tb_find (cf_mask=0, tb_exit=0, last_tb=0x0, cpu=0xaaaaaad786a0) at ../../accel/tcg/cpu-exec.c:414
+#10 cpu_exec (cpu=cpu@entry=0xaaaaaad786a0) at ../../accel/tcg/cpu-exec.c:770
+#11 0x0000aaaaaab3a438 in cpu_loop (env=env@entry=0xaaaaaad809f0) at ../../linux-user/i386/cpu_loop.c:207
+#12 0x0000aaaaaab1df00 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at ../../linux-user/main.c:882
+```
diff --git a/results/classifier/108/other/1267520 b/results/classifier/108/other/1267520
new file mode 100644
index 000000000..ba81bf64a
--- /dev/null
+++ b/results/classifier/108/other/1267520
@@ -0,0 +1,45 @@
+device: 0.792
+graphic: 0.775
+boot: 0.764
+KVM: 0.715
+files: 0.698
+semantic: 0.690
+permissions: 0.683
+performance: 0.674
+other: 0.661
+socket: 0.643
+network: 0.620
+vnc: 0.600
+PID: 0.499
+debug: 0.490
+
+Keyboard input not working when the "-k en-us" argument is specified.
+
+This bug occurs on qemu compiled with i386_softmmu and x86-64_softmmu on linux kernel 3.5.0.
+Whenever I run qemu (both i386 and x86_64) to use the en-us language (even though it is the default), I get "Warning: no scancode found for keysym X" (X is an integer).
+In the disk image I need qemu to run, I had a shell set up.  The shell doesn't register keyboard input when the '-k en-us' command line argument is set when running qemu. I did not have this problem with earlier versions of qemu.
+
+I think I stumbled on this bug.  I was using packer to generate qemu-based virtual machines, and identical configurations would fail (complaining about invalid keymaps when keystrokes were sent) depending on where the current directory was.  It doesn't work if qemu is run from a directory containing a directory named "common".
+
+Guessing this is related to qemu_find_file, maybe https://github.com/qemu/qemu/commit/31783203c3b74c11015b20194d57dada559940cf#diff-48a342a3d278d5bdcc69db8f9758dcd6 .
+
+Yes, that's exactly the issue.  If you run qemu in a directory with a file or subdir called 'common' then the keymap won't load.
+
+I can confirm that this issue is still present with:
+QEMU emulator version 2.5.0 (Debian 1:2.5+dfsg-5ubuntu10.6)
+Kernel: 4.4.0-53-generic
+
+I am using Packer and the QEMU builder and only the \ key was working in a Windows Guest. I had created folder called "common" to host all the Windows Powershell scripts and this is causing the issue.
+
+I confirm this too: Qemu 2.6.1.
+
+I have tried to install Fedora with kickstart file through Packer with `"boot_command": [ "<tab>text ks=http://{{.HTTPIP}}:{{.HTTPPort}}/ks.cfg<enter>"]`. But no symbol from `["<tab>", " ", "[:alpha:]"]` were printed. Only `["=", ":", "/", "."]` could be seen if I manually press "<tab>".
+
+I think this is likely fixed with QEMU 4.0 by this commit here:
+
+https://git.qemu.org/?p=qemu.git;a=commitdiff;h=26b1cbf8b65b3b55c3f
+
+Could you please try again with QEMU 4.0-rc4 (or the final 4.0 release next week)?
+
+[Expired for QEMU because there has been no activity for 60 days.]
+
diff --git a/results/classifier/108/other/1267955 b/results/classifier/108/other/1267955
new file mode 100644
index 000000000..4986c2343
--- /dev/null
+++ b/results/classifier/108/other/1267955
@@ -0,0 +1,189 @@
+other: 0.979
+permissions: 0.965
+PID: 0.959
+device: 0.954
+KVM: 0.953
+vnc: 0.950
+debug: 0.948
+semantic: 0.945
+graphic: 0.944
+network: 0.942
+files: 0.939
+performance: 0.937
+socket: 0.912
+boot: 0.895
+
+[i386] Parity Flag Not Set On xor %eax,%eax
+
+Tested against qemu-1.7.0 as well as qemu-1.7.50 on Debian Sid
+
+Steps To Reproduce
+
+$ cat > prog.hex << EOF
+
+7f 45 4c 46 01 01 01 00  00 00 00 00 00 00 00 00
+02 00 03 00 01 00 00 00  54 80 04 08 34 00 00 00
+00 00 00 00 00 00 00 00  34 00 20 00 01 00 28 00
+00 00 00 00 01 00 00 00  00 00 00 00 00 80 04 08
+00 80 04 08 76 00 00 00  76 00 00 00 05 00 00 00
+00 10 00 00
+
+31 c0
+9c
+
+b8 04 00 00 00
+bb 01 00 00 00
+89 e1
+ba 04 00 00 00
+cd 80
+
+b8 01 00 00 00
+bb 00 00 00 00
+cd 80
+
+EOF
+
+$ xxd -p -r prog.hex > prog
+$ chmod 700 prog
+
+$ ./prog | hexdump -vC
+00000000  46 02 00 00                                       |F...|
+00000004
+
+$ qemu-i386 ./prog | hexdump -vC
+00000000  42 02 00 00                                       |B...|
+00000004
+
+On the other hand if [xor %eax, %eax] (31 c0) is replaced with sub %eax,%eax (29 c0), then the parity flag is set correctly.
+
+Parity should be set for a zero result.
+
+Signed-off-by: Richard Henderson <email address hidden>
+---
+ target-i386/cc_helper.c | 2 +-
+ target-i386/translate.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/target-i386/cc_helper.c b/target-i386/cc_helper.c
+index ee04092..05dd12b 100644
+--- a/target-i386/cc_helper.c
++++ b/target-i386/cc_helper.c
+@@ -103,7 +103,7 @@ target_ulong helper_cc_compute_all(target_ulong dst, target_ulong src1,
+     case CC_OP_EFLAGS:
+         return src1;
+     case CC_OP_CLR:
+-        return CC_Z;
++        return CC_Z | CC_P;
+ 
+     case CC_OP_MULB:
+         return compute_all_mulb(dst, src1);
+diff --git a/target-i386/translate.c b/target-i386/translate.c
+index b0f2279..34f35e7 100644
+--- a/target-i386/translate.c
++++ b/target-i386/translate.c
+@@ -748,7 +748,7 @@ static void gen_compute_eflags(DisasContext *s)
+         return;
+     }
+     if (s->cc_op == CC_OP_CLR) {
+-        tcg_gen_movi_tl(cpu_cc_src, CC_Z);
++        tcg_gen_movi_tl(cpu_cc_src, CC_Z | CC_P);
+         set_cc_op(s, CC_OP_EFLAGS);
+         return;
+     }
+-- 
+1.8.4.2
+
+
+
+On Fri, Jan 10, 2014 at 12:39:56PM -0800, Richard Henderson wrote:
+> Parity should be set for a zero result.
+> 
+> Signed-off-by: Richard Henderson <email address hidden>
+
+Reviewed-by: Edgar E. Iglesias <email address hidden>
+
+
+> ---
+>  target-i386/cc_helper.c | 2 +-
+>  target-i386/translate.c | 2 +-
+>  2 files changed, 2 insertions(+), 2 deletions(-)
+> 
+> diff --git a/target-i386/cc_helper.c b/target-i386/cc_helper.c
+> index ee04092..05dd12b 100644
+> --- a/target-i386/cc_helper.c
+> +++ b/target-i386/cc_helper.c
+> @@ -103,7 +103,7 @@ target_ulong helper_cc_compute_all(target_ulong dst, target_ulong src1,
+>      case CC_OP_EFLAGS:
+>          return src1;
+>      case CC_OP_CLR:
+> -        return CC_Z;
+> +        return CC_Z | CC_P;
+>  
+>      case CC_OP_MULB:
+>          return compute_all_mulb(dst, src1);
+> diff --git a/target-i386/translate.c b/target-i386/translate.c
+> index b0f2279..34f35e7 100644
+> --- a/target-i386/translate.c
+> +++ b/target-i386/translate.c
+> @@ -748,7 +748,7 @@ static void gen_compute_eflags(DisasContext *s)
+>          return;
+>      }
+>      if (s->cc_op == CC_OP_CLR) {
+> -        tcg_gen_movi_tl(cpu_cc_src, CC_Z);
+> +        tcg_gen_movi_tl(cpu_cc_src, CC_Z | CC_P);
+>          set_cc_op(s, CC_OP_EFLAGS);
+>          return;
+>      }
+> -- 
+> 1.8.4.2
+> 
+> 
+
+
+Quoting Richard Henderson (2014-01-10 14:39:56)
+> Parity should be set for a zero result.
+> 
+> Signed-off-by: Richard Henderson <email address hidden>
+
+ping for 1.7.1
+
+> ---
+>  target-i386/cc_helper.c | 2 +-
+>  target-i386/translate.c | 2 +-
+>  2 files changed, 2 insertions(+), 2 deletions(-)
+> 
+> diff --git a/target-i386/cc_helper.c b/target-i386/cc_helper.c
+> index ee04092..05dd12b 100644
+> --- a/target-i386/cc_helper.c
+> +++ b/target-i386/cc_helper.c
+> @@ -103,7 +103,7 @@ target_ulong helper_cc_compute_all(target_ulong dst, target_ulong src1,
+>      case CC_OP_EFLAGS:
+>          return src1;
+>      case CC_OP_CLR:
+> -        return CC_Z;
+> +        return CC_Z | CC_P;
+> 
+>      case CC_OP_MULB:
+>          return compute_all_mulb(dst, src1);
+> diff --git a/target-i386/translate.c b/target-i386/translate.c
+> index b0f2279..34f35e7 100644
+> --- a/target-i386/translate.c
+> +++ b/target-i386/translate.c
+> @@ -748,7 +748,7 @@ static void gen_compute_eflags(DisasContext *s)
+>          return;
+>      }
+>      if (s->cc_op == CC_OP_CLR) {
+> -        tcg_gen_movi_tl(cpu_cc_src, CC_Z);
+> +        tcg_gen_movi_tl(cpu_cc_src, CC_Z | CC_P);
+>          set_cc_op(s, CC_OP_EFLAGS);
+>          return;
+>      }
+> -- 
+> 1.8.4.2
+
+
+
+Fix had been included here:
+http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d2fe51bda8adf33d07c21
+==> Closing
+