qemu-system-x86_64 crashes in temp_load (tcg) on i686 host Description of problem: qemu crashes early Steps to reproduce: 1. compile qemu git (commit commit 5d1fc614413b10dd94858b07a1b2e26b1aa0296c (origin/master, origin/HEAD) ) with line ../configure --prefix=/usr --enable-virglrenderer --libdir=lib --audio-drv-list=alsa,oss --enable-opengl --extra-cflags="-I/usr/X11R7/include -O2 -march=i686 -mtune=native -m32 -Wno-maybe-uninitialized -Wno-nested-externs -Wno-implicit-function-declaration" --disable-werror 2. setarch i686 ninja (kernel is x86_64 on host) 3. try to boot 64-bit x86 Salix/Slackel (Slackware live images) Additional information: ``` gdb x86_64-softmmu/qemu-system-x86_64 GNU gdb (GDB) 11.2 Copyright (C) 2022 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i586-slackware-linux". Type "show configuration" for configuration details. For bug reporting instructions, please see: . Find the GDB manual and other documentation resources online at: . For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from x86_64-softmmu/qemu-system-x86_64... warning: File "/dev/shm/qemu/.gdbinit" auto-loading has been declined by your `auto-load safe-path' set to "$debugdir:$datadir/auto-load". To enable execution of this file add add-auto-load-safe-path /dev/shm/qemu/.gdbinit line to your configuration file "/root/.config/gdb/gdbinit". To completely disable this security protection add set auto-load safe-path / line to your configuration file "/root/.config/gdb/gdbinit". For more information about this security protection see the --Type for more, q to quit, c to continue without paging-- "Auto-loading safe path" section in the GDB manual. E.g., run from the shell: info "(gdb)Auto-loading safe path" (gdb) r -m 1000 -cdrom /home/guest/ISO/sla slackellive64-openbox-7.7.1.iso slackware-8.0-install-d1.iso (gdb) r -m 1000 -cdrom /home/guest/ISO/slackellive64-openbox-7.7.1.iso Starting program: /dev/shm/qemu/build/x86_64-softmmu/qemu-system-x86_64 -m 1000 -cdrom /home/guest/ISO/slackellive64-openbox-7.7.1.iso [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/libthread_db.so.1". [New Thread 0xf3e79b00 (LWP 27354)] [New Thread 0xf2f09b00 (LWP 27355)] [New Thread 0xb1917b00 (LWP 27356)] [New Thread 0xaf60cb00 (LWP 27357)] [Thread 0xaf60cb00 (LWP 27357) exited] [New Thread 0xaf60cb00 (LWP 27358)] [New Thread 0xaec86b00 (LWP 27359)] [Thread 0xaf60cb00 (LWP 27358) exited] [Thread 0xaec86b00 (LWP 27359) exited] [New Thread 0xaec86b00 (LWP 27360)] [New Thread 0xaf60cb00 (LWP 27361)] [Thread 0xaec86b00 (LWP 27360) exited] [Thread 0xaf60cb00 (LWP 27361) exited] [Thread 0xf2f09b00 (LWP 27355) exited] Thread 4 "qemu-system-x86" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb1917b00 (LWP 27356)] 0x56d08a95 in temp_load (s=0xb1000610, ts=ts@entry=0xb1001f40, desired_regs=, allocated_regs=2097200, preferred_regs=0) at ../tcg/tcg.c:4441 4441 tcg_out_ld(s, ts->type, reg, ts->mem_base->reg, ts->mem_offset); (gdb) bt full #0 0x56d08a95 in temp_load (s=0xb1000610, ts=ts@entry=0xb1001f40, desired_regs=, allocated_regs=2097200, preferred_regs=0) at ../tcg/tcg.c:4441 reg = TCG_REG_ECX __func__ = "temp_load" #1 0x56d0fe23 in tcg_reg_alloc_op (op=, s=) at ../tcg/tcg.c:4881 i_required_regs = copyto_new_reg = false ts2 = i1 = i_preferred_regs = allocate_new_reg = i2 = i = 0 new_args = {1, 5, 2852, 0, 64, 0, 0, 1467284236, 4149882880, 2829350448, 1, 1456305553, 4149882880, 2969568784, 2969568920, 2969568944} arg_life = i_allocated_regs = nb_oargs = arg = const_args = --Type for more, q to quit, c to continue without paging-- {0, 0, 0, 0, 1, 1, 1467284236, -1315870200, 1487331864, -1069806704, 0, 1467284236, 1456520351, 1489883472, 2, -1325347776} k = arg_ct = o_allocated_regs = nb_iargs = reg = ts = 0xb1001f40 op_cond = opc = i = start_words = num_insns = op = __PRETTY_FUNCTION__ = "tcg_gen_code" #2 tcg_gen_code (s=, tb=, pc_start=) at ../tcg/tcg.c:6216 opc = i = start_words = num_insns = op = --Type for more, q to quit, c to continue without paging-- __PRETTY_FUNCTION__ = "tcg_gen_code" #3 0x56af0118 in setjmp_gen_code (env=env@entry=0x57afab90, tb=tb@entry=0xf0b7d580 , pc=18446744072243800976, host_pc=0xc03c0b90, max_insns=0xb1916acc, ti=) at ../accel/tcg/translate-all.c:284 ret = __PRETTY_FUNCTION__ = "setjmp_gen_code" #4 0x56af06e2 in tb_gen_code (cpu=0x57af8860, pc=18446744072243800976, cs_base=0, flags=4244144, cflags=) at ../accel/tcg/translate-all.c:359 env = 0x57afab90 tb = 0xf0b7d580 existing_tb = phys_pc = 245525392 phys_p2 = gen_code_buf = 0xf0b7d600 "‹]ш…Ы\017Њр" gen_code_size = search_size = max_insns = 64 host_pc = 0xc03c0b90 __PRETTY_FUNCTION__ = "tb_gen_code" __func__ = "tb_gen_code" #5 0x56ae75bd in cpu_exec_loop --Type for more, q to quit, c to continue without paging-- (cpu=cpu@entry=0x57af8860, sc=sc@entry=0xb1916c24) at ../accel/tcg/cpu-exec.c:982 jc = h = tb = 0x0 flags = cflags = 4278321152 pc = cs_base = last_tb = tb_exit = 0 ret = #6 0x56ae7a70 in cpu_exec_setjmp (cpu=cpu@entry=0x57af8860, sc=sc@entry=0xb1916c24) at ../accel/tcg/cpu-exec.c:1028 #7 0x56ae83a8 in cpu_exec (cpu=) at ../accel/tcg/cpu-exec.c:1054 ret = sc = {diff_clk = 0, last_cpu_icount = 0, realtime_clock = 0} _rcu_read_auto = 0x1 #8 0x56b0ff5e in tcg_cpu_exec (cpu=0x57af8860) at ../accel/tcg/tcg-accel-ops.c:76 ret = --Type for more, q to quit, c to continue without paging-- __PRETTY_FUNCTION__ = "tcg_cpu_exec" #9 0x56b10a47 in rr_cpu_thread_fn (arg=) at ../accel/tcg/tcg-accel-ops-rr.c:261 r = cpu_budget = force_rcu = {notify = 0x56b106e0 , node = {le_next = 0x0, le_prev = 0xb19179b0}} cpu = 0x57af8860 __PRETTY_FUNCTION__ = "rr_cpu_thread_fn" #10 0x56cc77e5 in qemu_thread_start (args=0x57b51ce0) at ../util/qemu-thread-posix.c:541 __cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {1467284236, 1471487200, 1471152128, -1315869272, 1617656260, -631423478}, __mask_was_saved = 0}}, __pad = {0xb1916d64, 0x0, 0x0, 0x0}} __cancel_routine = 0x56cc7840 __not_first_call = start_routine = 0x56b10818 arg = 0x57af8860 r = #11 0xf63d5328 in start_thread () at /lib/libpthread.so.0 #12 0xf604ef06 in clone () at /lib/libc.so.6 ```