Bug 487018

Summary: Segfault with kvm-84-1.fc11.x86_64.rpm (SDL/SSE related)
Product: [Fedora] Fedora Reporter: Tom London <selinux>
Component: kvmAssignee: Glauber Costa <gcosta>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: berrange, chrisw, clalance, ehabkost, gcosta, markmc, quintela, virt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-03-01 17:07:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tom London 2009-02-23 17:24:09 UTC 
Description of problem:
Pulled it from koji....

Reverting to kvm-83-5.fc11.x86_64.rpm fixes....

Core was generated by `qemu-kvm -localtime -vga std -m 512 -usbdevice tablet -name Windows XP -hda /ho'.
Program terminated with signal 11, Segmentation fault.
#0  0x0000003034c17ef7 in SDL_memcpySSE () at src/video/SDL_blit.c:141
141			__asm__ __volatile__ (
(gdb) where
#0  0x0000003034c17ef7 in SDL_memcpySSE () at src/video/SDL_blit.c:141
#1  SDL_BlitCopy (info=<value optimized out>) at src/video/SDL_blit.c:172
#2  0x0000003034c17d3a in SDL_SoftBlit (src=0x28a2fa0, 
    srcrect=<value optimized out>, dst=0x282fe00, dstrect=0x7fff46e60410)
    at src/video/SDL_blit.c:97
#3  0x0000003034c2e0dc in SDL_LowerBlit (src=0x28a2fa0, 
    srcrect=0x7fff46e603c0, dst=0xb40, dstrect=0xb40)
    at src/video/SDL_surface.c:440
#4  0x0000003034c2e2b7 in SDL_UpperBlit (src=0x7f8617cb9000, 
    srcrect=<value optimized out>, dst=0xb40, dstrect=0xb40)
    at src/video/SDL_surface.c:530
#5  0x00000000004927cf in sdl_update (ds=<value optimized out>, x=0, y=0, 
    w=720, h=<value optimized out>) at sdl.c:64
#6  0x000000000043a46a in dpy_update (h=<value optimized out>, 
    w=<value optimized out>, y=<value optimized out>, x=<value optimized out>, 
    s=<value optimized out>) at ../console.h:156
#7  vga_draw_text (full_update=<value optimized out>, s=<value optimized out>)
    at /usr/src/debug/kvm-84/qemu/hw/vga.c:1420
#8  vga_update_display (opaque=<value optimized out>)
    at /usr/src/debug/kvm-84/qemu/hw/vga.c:1850
#9  0x000000000049283a in sdl_refresh (ds=0x27b7f30) at sdl.c:364
#10 0x000000000040834e in dpy_refresh ()
    at /usr/src/debug/kvm-84/qemu/console.h:183
---Type <return> to continue, or q <return> to quit---
#11 gui_update (opaque=<value optimized out>)
    at /usr/src/debug/kvm-84/qemu/vl.c:3477
#12 0x000000000040937a in qemu_run_timers ()
    at /usr/src/debug/kvm-84/qemu/vl.c:1231
#13 main_loop_wait (timeout=<value optimized out>)
    at /usr/src/debug/kvm-84/qemu/vl.c:3790
#14 0x000000000051a1fa in kvm_main_loop ()
    at /usr/src/debug/kvm-84/qemu/qemu-kvm.c:596
#15 0x000000000040d7ed in main_loop () at /usr/src/debug/kvm-84/qemu/vl.c:3809
#16 main (argc=<value optimized out>, argv=<value optimized out>, 
    envp=<value optimized out>) at /usr/src/debug/kvm-84/qemu/vl.c:6092
(gdb) 



Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Mark McLoughlin 2009-02-24 09:47:05 UTC 
I just tried reproducing this with the F11 Alpha Live DVD and didn't see any crash.

My libSDL is SDL-1.2.13-7.fc11.x86_64. What version are you using? Is it easily reproducible?

I can't see anything obviously relevant upstream.
Comment 2 Tom London 2009-02-24 14:48:09 UTC 
[root@tlondon ~]# rpm -q SDL
SDL-1.2.13-7.fc11.x86_64
[root@tlondon ~]# 

Happens every time:

Core was generated by `qemu-kvm -localtime -vga std -m 512 -usbdevice tablet -name Windows XP -hda /ho'.
Program terminated with signal 11, Segmentation fault.
#0  0x0000003034c17ef7 in SDL_memcpySSE () at src/video/SDL_blit.c:141
141			__asm__ __volatile__ (
(gdb) where
#0  0x0000003034c17ef7 in SDL_memcpySSE () at src/video/SDL_blit.c:141
#1  SDL_BlitCopy (info=<value optimized out>) at src/video/SDL_blit.c:172
#2  0x0000003034c17d3a in SDL_SoftBlit (src=0x15a9870, 
    srcrect=<value optimized out>, dst=0x1559a40, dstrect=0x7fffeb4f5270)
    at src/video/SDL_blit.c:97
#3  0x0000003034c2e0dc in SDL_LowerBlit (src=0x15a9870, 
    srcrect=0x7fffeb4f5220, dst=0xb40, dstrect=0xb40)
    at src/video/SDL_surface.c:440
#4  0x0000003034c2e2b7 in SDL_UpperBlit (src=0x7f34bc382000, 
    srcrect=<value optimized out>, dst=0xb40, dstrect=0xb40)
    at src/video/SDL_surface.c:530
#5  0x00000000004927cf in sdl_update (ds=<value optimized out>, x=0, y=0, 
    w=720, h=<value optimized out>) at sdl.c:64
#6  0x000000000043a46a in dpy_update (h=<value optimized out>, 
    w=<value optimized out>, y=<value optimized out>, x=<value optimized out>, 
    s=<value optimized out>) at ../console.h:156
#7  vga_draw_text (full_update=<value optimized out>, s=<value optimized out>)
    at /usr/src/debug/kvm-84/qemu/hw/vga.c:1420
#8  vga_update_display (opaque=<value optimized out>)
    at /usr/src/debug/kvm-84/qemu/hw/vga.c:1850
#9  0x000000000049283a in sdl_refresh (ds=0x14d7dd0) at sdl.c:364
#10 0x000000000040834e in dpy_refresh ()
    at /usr/src/debug/kvm-84/qemu/console.h:183
---Type <return> to continue, or q <return> to quit---
#11 gui_update (opaque=<value optimized out>)
    at /usr/src/debug/kvm-84/qemu/vl.c:3477
#12 0x000000000040937a in qemu_run_timers ()
    at /usr/src/debug/kvm-84/qemu/vl.c:1231
#13 main_loop_wait (timeout=<value optimized out>)
    at /usr/src/debug/kvm-84/qemu/vl.c:3790
#14 0x000000000051a1fa in kvm_main_loop ()
    at /usr/src/debug/kvm-84/qemu/qemu-kvm.c:596
#15 0x000000000040d7ed in main_loop () at /usr/src/debug/kvm-84/qemu/vl.c:3809
#16 main (argc=<value optimized out>, argv=<value optimized out>, 
    envp=<value optimized out>) at /usr/src/debug/kvm-84/qemu/vl.c:6092

I can't seem to run this with gdb: I have to enable core dump and run gdb "after the crash".  

Some magic to eanble threads?

(gdb) run -localtime -vga std -m 512 -usbdevice tablet -name "Windows XP" -hda ~/raw.img -k en-us
Starting program: /usr/bin/qemu-kvm -localtime -vga std -m 512 -usbdevice tablet -name "Windows XP" -hda ~/raw.img -k en-us
[Thread debugging using libthread_db enabled]
Error while reading shared library symbols:
find_new_threads_callback: cannot get thread info: generic error
find_new_threads_callback: cannot get thread info: generic error
(gdb) 
(gdb) quit
Comment 3 Tom London 2009-02-24 17:52:36 UTC 
This happens "every time" with 2 virtual images (guests), one a WinXP guest, the other a Windows7 beta.
Comment 4 Tom London 2009-02-24 18:12:44 UTC 
Also fails immediately if I try to boot an iso:

[tbl@tlondon Download]$ qemu-kvm -m 512 -cdrom 6duj05uc.iso -boot d
Segmentation fault
[tbl@tlondon Download]$
Comment 5 Tom London 2009-02-24 19:04:50 UTC 
Also, no problem running this with "-vnc localhost:0" and running "vinagre localhost:5900"
Comment 6 Mark McLoughlin 2009-02-25 10:11:37 UTC 
(In reply to comment #2)

> #0  0x0000003034c17ef7 in SDL_memcpySSE () at src/video/SDL_blit.c:141
> 141   __asm__ __volatile__ (

Could you give some details as to what type of system you're using? e.g. cat /proc/cpuinfo

You could try rebuilding SDL with #undef SSE_ASMBLIT in SDL_blit.c and to see if the issue is specific to SDL's SSE usage?
Comment 7 Tom London 2009-02-25 14:27:27 UTC 
(In reply to comment #6)
> (In reply to comment #2)
> 
> > #0  0x0000003034c17ef7 in SDL_memcpySSE () at src/video/SDL_blit.c:141
> > 141   __asm__ __volatile__ (
> 
> Could you give some details as to what type of system you're using? e.g. cat
> /proc/cpuinfo
> 
> You could try rebuilding SDL with #undef SSE_ASMBLIT in SDL_blit.c and to see
> if the issue is specific to SDL's SSE usage?

Sure: System is Lenovo Thinkpad X200 running latest rawhide.

Here is output of "cat /proc/cpuinfo":
[root@tlondon ~]# cat /proc/cpuinfo
processor	: 0
vendor_id	: GenuineIntel
cpu family	: 6
model		: 23
model name	: Intel(R) Core(TM)2 Duo CPU     P8600  @ 2.40GHz
stepping	: 6
cpu MHz		: 800.000
cache size	: 3072 KB
physical id	: 0
siblings	: 2
core id		: 0
cpu cores	: 2
apicid		: 0
initial apicid	: 0
fpu		: yes
fpu_exception	: yes
cpuid level	: 10
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good pni dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm sse4_1 lahf_lm tpr_shadow vnmi flexpriority
bogomips	: 4787.75
clflush size	: 64
cache_alignment	: 64
address sizes	: 36 bits physical, 48 bits virtual
power management:

processor	: 1
vendor_id	: GenuineIntel
cpu family	: 6
model		: 23
model name	: Intel(R) Core(TM)2 Duo CPU     P8600  @ 2.40GHz
stepping	: 6
cpu MHz		: 800.000
cache size	: 3072 KB
physical id	: 0
siblings	: 2
core id		: 1
cpu cores	: 2
apicid		: 1
initial apicid	: 1
fpu		: yes
fpu_exception	: yes
cpuid level	: 10
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good pni dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm sse4_1 lahf_lm tpr_shadow vnmi flexpriority
bogomips	: 4787.74
clflush size	: 64
cache_alignment	: 64
address sizes	: 36 bits physical, 48 bits virtual
power management:

I'll try downloadiing SDL source and recompiling as described above.....
Comment 8 Mark McLoughlin 2009-02-25 14:48:18 UTC 
cdub: you've an x200 too, right? Could you try running e.g.:

  $> qemu-kvm -m 1024 -cdrom foo.iso

and see if you get the same crash?
Comment 9 Tom London 2009-02-25 17:40:21 UTC 
OK. Downloaded source rpm (and associated -devel packages) and I believe I "followed instructions" in rebuilding libSDL.

With this (undef-ing SSE_ASMBLIT), I get a slightly different crash:


[New Thread 30875]
Core was generated by `qemu-kvm -m 512 -cdrom 6duj05uc.iso'.
Program terminated with signal 11, Segmentation fault.
#0  SDL_memcpyMMX () at ./src/video/SDL_blit.c:118
118			__asm__ __volatile__ (
Missing separate debuginfos, use: debuginfo-install SDL-1.2.13-7.fc11.x86_64 libxcb-1.2-2.fc11.x86_64
(gdb) where
#0  SDL_memcpyMMX () at ./src/video/SDL_blit.c:118
#1  SDL_BlitCopy (info=<value optimized out>) at ./src/video/SDL_blit.c:187
#2  0x0000000000127d2a in SDL_SoftBlit (src=0x1c4bed0, 
    srcrect=<value optimized out>, dst=0x1beca50, dstrect=0x7fff4afc86d0)
    at ./src/video/SDL_blit.c:98
#3  0x000000000013dfac in SDL_LowerBlit (src=0x1c4bed0, 
    srcrect=0x7fff4afc8680, dst=0x21020b50, dstrect=0x168)
    at ./src/video/SDL_surface.c:440
#4  0x000000000013e187 in SDL_UpperBlit (src=0x21020010, 
    srcrect=<value optimized out>, dst=0x21020b50, dstrect=0x168)
    at ./src/video/SDL_surface.c:530
#5  0x00000000004927cf in sdl_update (ds=<value optimized out>, x=0, y=0, 
    w=720, h=<value optimized out>) at sdl.c:64
#6  0x000000000043a46a in dpy_update (h=<value optimized out>, 
    w=<value optimized out>, y=<value optimized out>, x=<value optimized out>, 
    s=<value optimized out>) at ../console.h:156
#7  vga_draw_text (full_update=<value optimized out>, s=<value optimized out>)
    at /usr/src/debug/kvm-84/qemu/hw/vga.c:1420
#8  vga_update_display (opaque=<value optimized out>)
    at /usr/src/debug/kvm-84/qemu/hw/vga.c:1850
#9  0x000000000049283a in sdl_refresh (ds=0x1b926b0) at sdl.c:364
#10 0x000000000040834e in dpy_refresh ()
    at /usr/src/debug/kvm-84/qemu/console.h:183
---Type <return> to continue, or q <return> to quit---
#11 gui_update (opaque=<value optimized out>)
    at /usr/src/debug/kvm-84/qemu/vl.c:3477
#12 0x000000000040937a in qemu_run_timers ()
    at /usr/src/debug/kvm-84/qemu/vl.c:1231
#13 main_loop_wait (timeout=<value optimized out>)
    at /usr/src/debug/kvm-84/qemu/vl.c:3790
#14 0x000000000051a1fa in kvm_main_loop ()
    at /usr/src/debug/kvm-84/qemu/qemu-kvm.c:596
#15 0x000000000040d7ed in main_loop () at /usr/src/debug/kvm-84/qemu/vl.c:3809
#16 main (argc=<value optimized out>, argv=<value optimized out>, 
    envp=<value optimized out>) at /usr/src/debug/kvm-84/qemu/vl.c:6092


This make sense?  Or did I screw something up?
Comment 10 Tom London 2009-02-25 17:49:21 UTC 
OK....

The "sledgehammer" of undef-ing MMX_ASMBLIT (and removing the "if) "works".

Here is the patch:

--- SDL_blit.c.old	2007-12-30 20:48:14.000000000 -0800
+++ SDL_blit.c	2009-02-25 09:44:55.000000000 -0800
@@ -27,12 +27,8 @@
 #include "SDL_RLEaccel_c.h"
 #include "SDL_pixels_c.h"
 
-#if defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) && SDL_ASSEMBLY_ROUTINES
-#define MMX_ASMBLIT
-#if (__GNUC__ > 2)  /* SSE instructions aren't in GCC 2. */
-#define SSE_ASMBLIT
-#endif
-#endif
+#undef MMX_ASMBLIT
+#undef SSE_ASMBLIT
 
 #if defined(MMX_ASMBLIT)
 #include "SDL_cpuinfo.h"

qemu-kvm now "works for me".

Thoughts on what's going on?
Comment 11 Tom London 2009-02-26 15:39:28 UTC 
Same results with kvm-84-2.fc11.x86_64 from koji: segfaults with SDL-1.2.13-7.fc11.x86_64, works fine with my "hacked up" /usr/lib64/libSDL-1.2.so.0.11.2

SDL-1.2.13-7.fc11.x86_64 works fine with kvm-83-5.fc11.x86_64 ....
Comment 12 Tom London 2009-03-01 16:57:52 UTC 
With the rawhide avalanche yesterday:

SDL-1.2.13-8.fc11.x86_64 and
kvm-84-2.fc11.x86_64

I get same segfault-ing behavior.

The only way to get qemu-kvm to "work" is to install the hacked up version of libSDL (with both SSE and MMX un-defined).

Any additional information/debugging I can do?
Comment 13 Eduardo Habkost 2009-03-01 17:07:15 UTC 
This is the same as bug #487720. There is a patch to fix the SDL issue there.

*** This bug has been marked as a duplicate of bug 487720 ***