[Qemu-devel] [Bug 1715715] [NEW] [qemu-ppc] Segfault when booting from HD after OS install

[Qemu-devel] [Bug 1715715] [NEW] [qemu-ppc] Segfault when booting from HD after OS install

[Brad Parker]

Public bug reported:

I created an empty 128G qcow2 image and booted from a Mac OS 9.2.1
Install CD, in which I was able to install the OS successfully to the
hard drive. Upon reboot, this time from the hard drive directly, qemu-
system-ppc segfaults. Host system is Ubuntu 16.04.2 with latest qemu
commit.

qemu --version reports "2.10.50 (v2.10.0-244-gb07d1c2-dirty)", but I
used git commit b07d1c2f5607489d4d4a6a65ce36a3e896ac065e and built with
"./configure --target-list=ppc-softmmu --enable-debug --disable-strip".

Here is the command-line arguments:

qemu-system-ppc -boot c -g 1024x768x32 -M mac99 -m 256 -prom-env 'auto-
boot?=true' -prom-env 'boot-args=-v' -prom-env 'vga-ndrv?=true' -drive
file=../os9.img,format=raw,media=cdrom -drive
file=MacOS9.qcow2,format=qcow2,media=disk -spice port=5901,password=XXX
-net nic,model=rtl8139 -net user -monitor stdio

And the GDB backtrace:

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0000559065fe7d3a in timer_mod (ts=0x0, expire_time=888960717010) at util/qemu-timer.c:462
462         timer_mod_ns(ts, expire_time * ts->scale);
[Current thread is 1 (Thread 0x7f60e43cb700 (LWP 9853))]
(gdb) bt
#0  0x0000559065fe7d3a in timer_mod (ts=0x0, expire_time=888960717010) at util/qemu-timer.c:462
#1  0x0000559065d63769 in openpic_tmr_set_tmr (tmr=0x5590676fa7e0, val=96, enabled=true) at hw/intc/openpic.c:861
#2  0x0000559065d63995 in openpic_tmr_write (opaque=0x5590676f71f0, addr=16, val=96, len=4) at hw/intc/openpic.c:912
#3  0x0000559065b02811 in memory_region_write_accessor (mr=0x5590676f7710, addr=32, value=0x7f60e43c7da8, size=4, shift=0, mask=4294967295, attrs=...) at /home/bp/qemu/memory.c:529
#4  0x0000559065b02a29 in access_with_adjusted_size (addr=32, value=0x7f60e43c7da8, size=1, access_size_min=4, access_size_max=4, access=0x559065b02727 <memory_region_write_accessor>, mr=0x5590676f7710, attrs=...) at /home/bp/qemu/memory.c:595
#5  0x0000559065b051eb in memory_region_dispatch_write (mr=0x5590676f7710, addr=32, data=96, size=1, attrs=...) at /home/bp/qemu/memory.c:1337
#6  0x0000559065aa3a36 in address_space_write_continue (as=0x559067614d90, addr=2147750160, attrs=..., buf=0x7f60e43c7ed0 "`_'\310`\177", len=1, addr1=32, l=1, mr=0x5590676f7710) at /home/bp/qemu/exec.c:2942
#7  0x0000559065aa3b84 in address_space_write (as=0x559067614d90, addr=2147750160, attrs=..., buf=0x7f60e43c7ed0 "`_'\310`\177", len=1) at /home/bp/qemu/exec.c:2987
#8  0x0000559065aa2ec0 in subpage_write (opaque=0x7f60c8275fc0, addr=272, value=96, len=1, attrs=...) at /home/bp/qemu/exec.c:2565
#9  0x0000559065b02906 in memory_region_write_with_attrs_accessor (mr=0x7f60c8275fc0, addr=272, value=0x7f60e43c7fc8, size=1, shift=0, mask=255, attrs=...) at /home/bp/qemu/memory.c:555
#10 0x0000559065b029d3 in access_with_adjusted_size (addr=272, value=0x7f60e43c7fc8, size=1, access_size_min=1, access_size_max=8, access=0x559065b02818 <memory_region_write_with_attrs_accessor>, mr=0x7f60c8275fc0, attrs=...) at /home/bp/qemu/memory.c:590
#11 0x0000559065b0523a in memory_region_dispatch_write (mr=0x7f60c8275fc0, addr=272, data=96, size=1, attrs=...) at /home/bp/qemu/memory.c:1344
#12 0x0000559065b175db in io_writex (env=0x7f60e43d42a0, iotlbentry=0x7f60e43e8130, mmu_idx=3, val=96, addr=2147750160, retaddr=140054158295744, size=1) at /home/bp/qemu/accel/tcg/cputlb.c:807
#13 0x0000559065b18055 in io_writeb (env=0x7f60e43d42a0, mmu_idx=3, index=65, val=96 '`', addr=2147750160, retaddr=140054158295744) at /home/bp/qemu/softmmu_template.h:265
#14 0x0000559065b181ea in helper_ret_stb_mmu (env=0x7f60e43d42a0, addr=2147750160, val=96 '`', oi=3, retaddr=140054158295744) at /home/bp/qemu/softmmu_template.h:300
#15 0x00007f60e65ac2c0 in code_gen_buffer ()
#16 0x0000559065b1ff26 in cpu_tb_exec (cpu=0x7f60e43cc010, itb=0x7f60e65ac5c0 <code_gen_buffer+935318>) at /home/bp/qemu/accel/tcg/cpu-exec.c:166
#17 0x0000559065b20bfd in cpu_loop_exec_tb (cpu=0x7f60e43cc010, tb=0x7f60e65ac5c0 <code_gen_buffer+935318>, last_tb=0x7f60e43c8678, tb_exit=0x7f60e43c8674) at /home/bp/qemu/accel/tcg/cpu-exec.c:578
#18 0x0000559065b20eed in cpu_exec (cpu=0x7f60e43cc010) at /home/bp/qemu/accel/tcg/cpu-exec.c:676
#19 0x0000559065aebc3d in tcg_cpu_exec (cpu=0x7f60e43cc010) at /home/bp/qemu/cpus.c:1270
#20 0x0000559065aebe64 in qemu_tcg_rr_cpu_thread_fn (arg=0x7f60e43cc010) at /home/bp/qemu/cpus.c:1365
#21 0x00007f60f56f06ba in start_thread (arg=0x7f60e43cb700) at pthread_create.c:333
#22 0x00007f60f542682d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Any idea what is going on?

** Affects: qemu
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1715715

Title:
  [qemu-ppc] Segfault when booting from HD after OS install

Status in QEMU:
  New

Bug description:
  I created an empty 128G qcow2 image and booted from a Mac OS 9.2.1
  Install CD, in which I was able to install the OS successfully to the
  hard drive. Upon reboot, this time from the hard drive directly, qemu-
  system-ppc segfaults. Host system is Ubuntu 16.04.2 with latest qemu
  commit.

  qemu --version reports "2.10.50 (v2.10.0-244-gb07d1c2-dirty)", but I
  used git commit b07d1c2f5607489d4d4a6a65ce36a3e896ac065e and built
  with "./configure --target-list=ppc-softmmu --enable-debug --disable-
  strip".

  Here is the command-line arguments:

  qemu-system-ppc -boot c -g 1024x768x32 -M mac99 -m 256 -prom-env
  'auto-boot?=true' -prom-env 'boot-args=-v' -prom-env 'vga-ndrv?=true'
  -drive file=../os9.img,format=raw,media=cdrom -drive
  file=MacOS9.qcow2,format=qcow2,media=disk -spice
  port=5901,password=XXX -net nic,model=rtl8139 -net user -monitor stdio

  And the GDB backtrace:

  Program terminated with signal SIGSEGV, Segmentation fault.
  #0  0x0000559065fe7d3a in timer_mod (ts=0x0, expire_time=888960717010) at util/qemu-timer.c:462
  462         timer_mod_ns(ts, expire_time * ts->scale);
  [Current thread is 1 (Thread 0x7f60e43cb700 (LWP 9853))]
  (gdb) bt
  #0  0x0000559065fe7d3a in timer_mod (ts=0x0, expire_time=888960717010) at util/qemu-timer.c:462
  #1  0x0000559065d63769 in openpic_tmr_set_tmr (tmr=0x5590676fa7e0, val=96, enabled=true) at hw/intc/openpic.c:861
  #2  0x0000559065d63995 in openpic_tmr_write (opaque=0x5590676f71f0, addr=16, val=96, len=4) at hw/intc/openpic.c:912
  #3  0x0000559065b02811 in memory_region_write_accessor (mr=0x5590676f7710, addr=32, value=0x7f60e43c7da8, size=4, shift=0, mask=4294967295, attrs=...) at /home/bp/qemu/memory.c:529
  #4  0x0000559065b02a29 in access_with_adjusted_size (addr=32, value=0x7f60e43c7da8, size=1, access_size_min=4, access_size_max=4, access=0x559065b02727 <memory_region_write_accessor>, mr=0x5590676f7710, attrs=...) at /home/bp/qemu/memory.c:595
  #5  0x0000559065b051eb in memory_region_dispatch_write (mr=0x5590676f7710, addr=32, data=96, size=1, attrs=...) at /home/bp/qemu/memory.c:1337
  #6  0x0000559065aa3a36 in address_space_write_continue (as=0x559067614d90, addr=2147750160, attrs=..., buf=0x7f60e43c7ed0 "`_'\310`\177", len=1, addr1=32, l=1, mr=0x5590676f7710) at /home/bp/qemu/exec.c:2942
  #7  0x0000559065aa3b84 in address_space_write (as=0x559067614d90, addr=2147750160, attrs=..., buf=0x7f60e43c7ed0 "`_'\310`\177", len=1) at /home/bp/qemu/exec.c:2987
  #8  0x0000559065aa2ec0 in subpage_write (opaque=0x7f60c8275fc0, addr=272, value=96, len=1, attrs=...) at /home/bp/qemu/exec.c:2565
  #9  0x0000559065b02906 in memory_region_write_with_attrs_accessor (mr=0x7f60c8275fc0, addr=272, value=0x7f60e43c7fc8, size=1, shift=0, mask=255, attrs=...) at /home/bp/qemu/memory.c:555
  #10 0x0000559065b029d3 in access_with_adjusted_size (addr=272, value=0x7f60e43c7fc8, size=1, access_size_min=1, access_size_max=8, access=0x559065b02818 <memory_region_write_with_attrs_accessor>, mr=0x7f60c8275fc0, attrs=...) at /home/bp/qemu/memory.c:590
  #11 0x0000559065b0523a in memory_region_dispatch_write (mr=0x7f60c8275fc0, addr=272, data=96, size=1, attrs=...) at /home/bp/qemu/memory.c:1344
  #12 0x0000559065b175db in io_writex (env=0x7f60e43d42a0, iotlbentry=0x7f60e43e8130, mmu_idx=3, val=96, addr=2147750160, retaddr=140054158295744, size=1) at /home/bp/qemu/accel/tcg/cputlb.c:807
  #13 0x0000559065b18055 in io_writeb (env=0x7f60e43d42a0, mmu_idx=3, index=65, val=96 '`', addr=2147750160, retaddr=140054158295744) at /home/bp/qemu/softmmu_template.h:265
  #14 0x0000559065b181ea in helper_ret_stb_mmu (env=0x7f60e43d42a0, addr=2147750160, val=96 '`', oi=3, retaddr=140054158295744) at /home/bp/qemu/softmmu_template.h:300
  #15 0x00007f60e65ac2c0 in code_gen_buffer ()
  #16 0x0000559065b1ff26 in cpu_tb_exec (cpu=0x7f60e43cc010, itb=0x7f60e65ac5c0 <code_gen_buffer+935318>) at /home/bp/qemu/accel/tcg/cpu-exec.c:166
  #17 0x0000559065b20bfd in cpu_loop_exec_tb (cpu=0x7f60e43cc010, tb=0x7f60e65ac5c0 <code_gen_buffer+935318>, last_tb=0x7f60e43c8678, tb_exit=0x7f60e43c8674) at /home/bp/qemu/accel/tcg/cpu-exec.c:578
  #18 0x0000559065b20eed in cpu_exec (cpu=0x7f60e43cc010) at /home/bp/qemu/accel/tcg/cpu-exec.c:676
  #19 0x0000559065aebc3d in tcg_cpu_exec (cpu=0x7f60e43cc010) at /home/bp/qemu/cpus.c:1270
  #20 0x0000559065aebe64 in qemu_tcg_rr_cpu_thread_fn (arg=0x7f60e43cc010) at /home/bp/qemu/cpus.c:1365
  #21 0x00007f60f56f06ba in start_thread (arg=0x7f60e43cb700) at pthread_create.c:333
  #22 0x00007f60f542682d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Any idea what is going on?

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1715715/+subscriptions

[Qemu-devel] [Bug 1715715] Re: [qemu-ppc] Segfault when booting from HD after OS install

[Brad Parker]

** Description changed:

  I created an empty 128G qcow2 image and booted from a Mac OS 9.2.1
  Install CD, in which I was able to install the OS successfully to the
  hard drive. Upon reboot, this time from the hard drive directly, qemu-
- system-ppc segfaults.
+ system-ppc segfaults. Host system is Ubuntu 16.04.2 with latest qemu
+ commit.
  
  qemu --version reports "v2.10.0-244-gb07d1c2-dirty", but I used git
  commit b07d1c2f5607489d4d4a6a65ce36a3e896ac065e and built with
  "./configure --target-list=ppc-softmmu --enable-debug --disable-strip".
  
  Here is the command-line arguments:
  
  qemu-system-ppc -boot c -g 1024x768x32 -M mac99 -m 256 -prom-env 'auto-
  boot?=true' -prom-env 'boot-args=-v' -prom-env 'vga-ndrv?=true' -drive
  file=../os9.img,format=raw,media=cdrom -drive
  file=MacOS9.qcow2,format=qcow2,media=disk -spice port=5901,password=XXX
  -net nic,model=rtl8139 -net user -monitor stdio
  
  And the GDB backtrace:
  
  Program terminated with signal SIGSEGV, Segmentation fault.
  #0  0x0000559065fe7d3a in timer_mod (ts=0x0, expire_time=888960717010) at util/qemu-timer.c:462
  462         timer_mod_ns(ts, expire_time * ts->scale);
  [Current thread is 1 (Thread 0x7f60e43cb700 (LWP 9853))]
  (gdb) bt
  #0  0x0000559065fe7d3a in timer_mod (ts=0x0, expire_time=888960717010) at util/qemu-timer.c:462
  #1  0x0000559065d63769 in openpic_tmr_set_tmr (tmr=0x5590676fa7e0, val=96, enabled=true) at hw/intc/openpic.c:861
  #2  0x0000559065d63995 in openpic_tmr_write (opaque=0x5590676f71f0, addr=16, val=96, len=4) at hw/intc/openpic.c:912
  #3  0x0000559065b02811 in memory_region_write_accessor (mr=0x5590676f7710, addr=32, value=0x7f60e43c7da8, size=4, shift=0, mask=4294967295, attrs=...) at /home/bp/qemu/memory.c:529
  #4  0x0000559065b02a29 in access_with_adjusted_size (addr=32, value=0x7f60e43c7da8, size=1, access_size_min=4, access_size_max=4, access=0x559065b02727 <memory_region_write_accessor>, mr=0x5590676f7710, attrs=...) at /home/bp/qemu/memory.c:595
  #5  0x0000559065b051eb in memory_region_dispatch_write (mr=0x5590676f7710, addr=32, data=96, size=1, attrs=...) at /home/bp/qemu/memory.c:1337
  #6  0x0000559065aa3a36 in address_space_write_continue (as=0x559067614d90, addr=2147750160, attrs=..., buf=0x7f60e43c7ed0 "`_'\310`\177", len=1, addr1=32, l=1, mr=0x5590676f7710) at /home/bp/qemu/exec.c:2942
  #7  0x0000559065aa3b84 in address_space_write (as=0x559067614d90, addr=2147750160, attrs=..., buf=0x7f60e43c7ed0 "`_'\310`\177", len=1) at /home/bp/qemu/exec.c:2987
  #8  0x0000559065aa2ec0 in subpage_write (opaque=0x7f60c8275fc0, addr=272, value=96, len=1, attrs=...) at /home/bp/qemu/exec.c:2565
  #9  0x0000559065b02906 in memory_region_write_with_attrs_accessor (mr=0x7f60c8275fc0, addr=272, value=0x7f60e43c7fc8, size=1, shift=0, mask=255, attrs=...) at /home/bp/qemu/memory.c:555
  #10 0x0000559065b029d3 in access_with_adjusted_size (addr=272, value=0x7f60e43c7fc8, size=1, access_size_min=1, access_size_max=8, access=0x559065b02818 <memory_region_write_with_attrs_accessor>, mr=0x7f60c8275fc0, attrs=...) at /home/bp/qemu/memory.c:590
  #11 0x0000559065b0523a in memory_region_dispatch_write (mr=0x7f60c8275fc0, addr=272, data=96, size=1, attrs=...) at /home/bp/qemu/memory.c:1344
  #12 0x0000559065b175db in io_writex (env=0x7f60e43d42a0, iotlbentry=0x7f60e43e8130, mmu_idx=3, val=96, addr=2147750160, retaddr=140054158295744, size=1) at /home/bp/qemu/accel/tcg/cputlb.c:807
  #13 0x0000559065b18055 in io_writeb (env=0x7f60e43d42a0, mmu_idx=3, index=65, val=96 '`', addr=2147750160, retaddr=140054158295744) at /home/bp/qemu/softmmu_template.h:265
  #14 0x0000559065b181ea in helper_ret_stb_mmu (env=0x7f60e43d42a0, addr=2147750160, val=96 '`', oi=3, retaddr=140054158295744) at /home/bp/qemu/softmmu_template.h:300
  #15 0x00007f60e65ac2c0 in code_gen_buffer ()
  #16 0x0000559065b1ff26 in cpu_tb_exec (cpu=0x7f60e43cc010, itb=0x7f60e65ac5c0 <code_gen_buffer+935318>) at /home/bp/qemu/accel/tcg/cpu-exec.c:166
  #17 0x0000559065b20bfd in cpu_loop_exec_tb (cpu=0x7f60e43cc010, tb=0x7f60e65ac5c0 <code_gen_buffer+935318>, last_tb=0x7f60e43c8678, tb_exit=0x7f60e43c8674) at /home/bp/qemu/accel/tcg/cpu-exec.c:578
  #18 0x0000559065b20eed in cpu_exec (cpu=0x7f60e43cc010) at /home/bp/qemu/accel/tcg/cpu-exec.c:676
  #19 0x0000559065aebc3d in tcg_cpu_exec (cpu=0x7f60e43cc010) at /home/bp/qemu/cpus.c:1270
  #20 0x0000559065aebe64 in qemu_tcg_rr_cpu_thread_fn (arg=0x7f60e43cc010) at /home/bp/qemu/cpus.c:1365
  #21 0x00007f60f56f06ba in start_thread (arg=0x7f60e43cb700) at pthread_create.c:333
  #22 0x00007f60f542682d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
  
- 
  Any idea what is going on?

** Description changed:

  I created an empty 128G qcow2 image and booted from a Mac OS 9.2.1
  Install CD, in which I was able to install the OS successfully to the
  hard drive. Upon reboot, this time from the hard drive directly, qemu-
  system-ppc segfaults. Host system is Ubuntu 16.04.2 with latest qemu
  commit.
  
- qemu --version reports "v2.10.0-244-gb07d1c2-dirty", but I used git
- commit b07d1c2f5607489d4d4a6a65ce36a3e896ac065e and built with
+ qemu --version reports "2.10.50 (v2.10.0-244-gb07d1c2-dirty)", but I
+ used git commit b07d1c2f5607489d4d4a6a65ce36a3e896ac065e and built with
  "./configure --target-list=ppc-softmmu --enable-debug --disable-strip".
  
  Here is the command-line arguments:
  
  qemu-system-ppc -boot c -g 1024x768x32 -M mac99 -m 256 -prom-env 'auto-
  boot?=true' -prom-env 'boot-args=-v' -prom-env 'vga-ndrv?=true' -drive
  file=../os9.img,format=raw,media=cdrom -drive
  file=MacOS9.qcow2,format=qcow2,media=disk -spice port=5901,password=XXX
  -net nic,model=rtl8139 -net user -monitor stdio
  
  And the GDB backtrace:
  
  Program terminated with signal SIGSEGV, Segmentation fault.
  #0  0x0000559065fe7d3a in timer_mod (ts=0x0, expire_time=888960717010) at util/qemu-timer.c:462
  462         timer_mod_ns(ts, expire_time * ts->scale);
  [Current thread is 1 (Thread 0x7f60e43cb700 (LWP 9853))]
  (gdb) bt
  #0  0x0000559065fe7d3a in timer_mod (ts=0x0, expire_time=888960717010) at util/qemu-timer.c:462
  #1  0x0000559065d63769 in openpic_tmr_set_tmr (tmr=0x5590676fa7e0, val=96, enabled=true) at hw/intc/openpic.c:861
  #2  0x0000559065d63995 in openpic_tmr_write (opaque=0x5590676f71f0, addr=16, val=96, len=4) at hw/intc/openpic.c:912
  #3  0x0000559065b02811 in memory_region_write_accessor (mr=0x5590676f7710, addr=32, value=0x7f60e43c7da8, size=4, shift=0, mask=4294967295, attrs=...) at /home/bp/qemu/memory.c:529
  #4  0x0000559065b02a29 in access_with_adjusted_size (addr=32, value=0x7f60e43c7da8, size=1, access_size_min=4, access_size_max=4, access=0x559065b02727 <memory_region_write_accessor>, mr=0x5590676f7710, attrs=...) at /home/bp/qemu/memory.c:595
  #5  0x0000559065b051eb in memory_region_dispatch_write (mr=0x5590676f7710, addr=32, data=96, size=1, attrs=...) at /home/bp/qemu/memory.c:1337
  #6  0x0000559065aa3a36 in address_space_write_continue (as=0x559067614d90, addr=2147750160, attrs=..., buf=0x7f60e43c7ed0 "`_'\310`\177", len=1, addr1=32, l=1, mr=0x5590676f7710) at /home/bp/qemu/exec.c:2942
  #7  0x0000559065aa3b84 in address_space_write (as=0x559067614d90, addr=2147750160, attrs=..., buf=0x7f60e43c7ed0 "`_'\310`\177", len=1) at /home/bp/qemu/exec.c:2987
  #8  0x0000559065aa2ec0 in subpage_write (opaque=0x7f60c8275fc0, addr=272, value=96, len=1, attrs=...) at /home/bp/qemu/exec.c:2565
  #9  0x0000559065b02906 in memory_region_write_with_attrs_accessor (mr=0x7f60c8275fc0, addr=272, value=0x7f60e43c7fc8, size=1, shift=0, mask=255, attrs=...) at /home/bp/qemu/memory.c:555
  #10 0x0000559065b029d3 in access_with_adjusted_size (addr=272, value=0x7f60e43c7fc8, size=1, access_size_min=1, access_size_max=8, access=0x559065b02818 <memory_region_write_with_attrs_accessor>, mr=0x7f60c8275fc0, attrs=...) at /home/bp/qemu/memory.c:590
  #11 0x0000559065b0523a in memory_region_dispatch_write (mr=0x7f60c8275fc0, addr=272, data=96, size=1, attrs=...) at /home/bp/qemu/memory.c:1344
  #12 0x0000559065b175db in io_writex (env=0x7f60e43d42a0, iotlbentry=0x7f60e43e8130, mmu_idx=3, val=96, addr=2147750160, retaddr=140054158295744, size=1) at /home/bp/qemu/accel/tcg/cputlb.c:807
  #13 0x0000559065b18055 in io_writeb (env=0x7f60e43d42a0, mmu_idx=3, index=65, val=96 '`', addr=2147750160, retaddr=140054158295744) at /home/bp/qemu/softmmu_template.h:265
  #14 0x0000559065b181ea in helper_ret_stb_mmu (env=0x7f60e43d42a0, addr=2147750160, val=96 '`', oi=3, retaddr=140054158295744) at /home/bp/qemu/softmmu_template.h:300
  #15 0x00007f60e65ac2c0 in code_gen_buffer ()
  #16 0x0000559065b1ff26 in cpu_tb_exec (cpu=0x7f60e43cc010, itb=0x7f60e65ac5c0 <code_gen_buffer+935318>) at /home/bp/qemu/accel/tcg/cpu-exec.c:166
  #17 0x0000559065b20bfd in cpu_loop_exec_tb (cpu=0x7f60e43cc010, tb=0x7f60e65ac5c0 <code_gen_buffer+935318>, last_tb=0x7f60e43c8678, tb_exit=0x7f60e43c8674) at /home/bp/qemu/accel/tcg/cpu-exec.c:578
  #18 0x0000559065b20eed in cpu_exec (cpu=0x7f60e43cc010) at /home/bp/qemu/accel/tcg/cpu-exec.c:676
  #19 0x0000559065aebc3d in tcg_cpu_exec (cpu=0x7f60e43cc010) at /home/bp/qemu/cpus.c:1270
  #20 0x0000559065aebe64 in qemu_tcg_rr_cpu_thread_fn (arg=0x7f60e43cc010) at /home/bp/qemu/cpus.c:1365
  #21 0x00007f60f56f06ba in start_thread (arg=0x7f60e43cb700) at pthread_create.c:333
  #22 0x00007f60f542682d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
  
  Any idea what is going on?

** Summary changed:

- [qemu-ppc] Segfault when booting from HD after OS install
+ [qemu-ppc] Segfault when booting from HD after MacOS9 install

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1715715

Title:
  [qemu-ppc] Segfault when booting from HD after MacOS9 install

Status in QEMU:
  New

Bug description:
  I created an empty 128G qcow2 image and booted from a Mac OS 9.2.1
  Install CD, in which I was able to install the OS successfully to the
  hard drive. Upon reboot, this time from the hard drive directly, qemu-
  system-ppc segfaults. Host system is Ubuntu 16.04.2 with latest qemu
  commit.

  qemu --version reports "2.10.50 (v2.10.0-244-gb07d1c2-dirty)", but I
  used git commit b07d1c2f5607489d4d4a6a65ce36a3e896ac065e and built
  with "./configure --target-list=ppc-softmmu --enable-debug --disable-
  strip".

  Here is the command-line arguments:

  qemu-system-ppc -boot c -g 1024x768x32 -M mac99 -m 256 -prom-env
  'auto-boot?=true' -prom-env 'boot-args=-v' -prom-env 'vga-ndrv?=true'
  -drive file=../os9.img,format=raw,media=cdrom -drive
  file=MacOS9.qcow2,format=qcow2,media=disk -spice
  port=5901,password=XXX -net nic,model=rtl8139 -net user -monitor stdio

  And the GDB backtrace:

  Program terminated with signal SIGSEGV, Segmentation fault.
  #0  0x0000559065fe7d3a in timer_mod (ts=0x0, expire_time=888960717010) at util/qemu-timer.c:462
  462         timer_mod_ns(ts, expire_time * ts->scale);
  [Current thread is 1 (Thread 0x7f60e43cb700 (LWP 9853))]
  (gdb) bt
  #0  0x0000559065fe7d3a in timer_mod (ts=0x0, expire_time=888960717010) at util/qemu-timer.c:462
  #1  0x0000559065d63769 in openpic_tmr_set_tmr (tmr=0x5590676fa7e0, val=96, enabled=true) at hw/intc/openpic.c:861
  #2  0x0000559065d63995 in openpic_tmr_write (opaque=0x5590676f71f0, addr=16, val=96, len=4) at hw/intc/openpic.c:912
  #3  0x0000559065b02811 in memory_region_write_accessor (mr=0x5590676f7710, addr=32, value=0x7f60e43c7da8, size=4, shift=0, mask=4294967295, attrs=...) at /home/bp/qemu/memory.c:529
  #4  0x0000559065b02a29 in access_with_adjusted_size (addr=32, value=0x7f60e43c7da8, size=1, access_size_min=4, access_size_max=4, access=0x559065b02727 <memory_region_write_accessor>, mr=0x5590676f7710, attrs=...) at /home/bp/qemu/memory.c:595
  #5  0x0000559065b051eb in memory_region_dispatch_write (mr=0x5590676f7710, addr=32, data=96, size=1, attrs=...) at /home/bp/qemu/memory.c:1337
  #6  0x0000559065aa3a36 in address_space_write_continue (as=0x559067614d90, addr=2147750160, attrs=..., buf=0x7f60e43c7ed0 "`_'\310`\177", len=1, addr1=32, l=1, mr=0x5590676f7710) at /home/bp/qemu/exec.c:2942
  #7  0x0000559065aa3b84 in address_space_write (as=0x559067614d90, addr=2147750160, attrs=..., buf=0x7f60e43c7ed0 "`_'\310`\177", len=1) at /home/bp/qemu/exec.c:2987
  #8  0x0000559065aa2ec0 in subpage_write (opaque=0x7f60c8275fc0, addr=272, value=96, len=1, attrs=...) at /home/bp/qemu/exec.c:2565
  #9  0x0000559065b02906 in memory_region_write_with_attrs_accessor (mr=0x7f60c8275fc0, addr=272, value=0x7f60e43c7fc8, size=1, shift=0, mask=255, attrs=...) at /home/bp/qemu/memory.c:555
  #10 0x0000559065b029d3 in access_with_adjusted_size (addr=272, value=0x7f60e43c7fc8, size=1, access_size_min=1, access_size_max=8, access=0x559065b02818 <memory_region_write_with_attrs_accessor>, mr=0x7f60c8275fc0, attrs=...) at /home/bp/qemu/memory.c:590
  #11 0x0000559065b0523a in memory_region_dispatch_write (mr=0x7f60c8275fc0, addr=272, data=96, size=1, attrs=...) at /home/bp/qemu/memory.c:1344
  #12 0x0000559065b175db in io_writex (env=0x7f60e43d42a0, iotlbentry=0x7f60e43e8130, mmu_idx=3, val=96, addr=2147750160, retaddr=140054158295744, size=1) at /home/bp/qemu/accel/tcg/cputlb.c:807
  #13 0x0000559065b18055 in io_writeb (env=0x7f60e43d42a0, mmu_idx=3, index=65, val=96 '`', addr=2147750160, retaddr=140054158295744) at /home/bp/qemu/softmmu_template.h:265
  #14 0x0000559065b181ea in helper_ret_stb_mmu (env=0x7f60e43d42a0, addr=2147750160, val=96 '`', oi=3, retaddr=140054158295744) at /home/bp/qemu/softmmu_template.h:300
  #15 0x00007f60e65ac2c0 in code_gen_buffer ()
  #16 0x0000559065b1ff26 in cpu_tb_exec (cpu=0x7f60e43cc010, itb=0x7f60e65ac5c0 <code_gen_buffer+935318>) at /home/bp/qemu/accel/tcg/cpu-exec.c:166
  #17 0x0000559065b20bfd in cpu_loop_exec_tb (cpu=0x7f60e43cc010, tb=0x7f60e65ac5c0 <code_gen_buffer+935318>, last_tb=0x7f60e43c8678, tb_exit=0x7f60e43c8674) at /home/bp/qemu/accel/tcg/cpu-exec.c:578
  #18 0x0000559065b20eed in cpu_exec (cpu=0x7f60e43cc010) at /home/bp/qemu/accel/tcg/cpu-exec.c:676
  #19 0x0000559065aebc3d in tcg_cpu_exec (cpu=0x7f60e43cc010) at /home/bp/qemu/cpus.c:1270
  #20 0x0000559065aebe64 in qemu_tcg_rr_cpu_thread_fn (arg=0x7f60e43cc010) at /home/bp/qemu/cpus.c:1365
  #21 0x00007f60f56f06ba in start_thread (arg=0x7f60e43cb700) at pthread_create.c:333
  #22 0x00007f60f542682d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Any idea what is going on?

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1715715/+subscriptions

[Qemu-devel] [Bug 1715715] Re: [qemu-ppc] Segfault when booting from HD after MacOS9 install

[Mark Cave-Ayland]

I've just tested MacOS 9.2.1 as part of my QEMU pre-release testing and
it works fine for me with latest QEMU git and the following command
line:

qemu-system-ppc -M mac99 -m 256 -drive
file=os921.qcow2,format=qcow2,media=disk -net nic,model=rtl8139 -net
user

Note that the QEMU mac99 machine now defaults to using the sungem device
which should give out-of-the-box networking for supported OS 9 and OS X
versions, including 9.2.1 as you mention, if you simply specify "-net
nic,model=sungem -net user" instead. Otherwise you will need to make
sure that the rtl8139 MacOS 9 drivers have been installed inside the
guest.

If that doesn't help then does it work if you disable spice and/or
reduce the size of the disk image? Many older OSs will struggle to read
disks that are 128G in size so you may find that your image is corrupted
- perhaps try using something around 4G instead?

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1715715

Title:
  [qemu-ppc] Segfault when booting from HD after MacOS9 install

Status in QEMU:
  New

Bug description:
  I created an empty 128G qcow2 image and booted from a Mac OS 9.2.1
  Install CD, in which I was able to install the OS successfully to the
  hard drive. Upon reboot, this time from the hard drive directly, qemu-
  system-ppc segfaults. Host system is Ubuntu 16.04.2 with latest qemu
  commit.

  qemu --version reports "2.10.50 (v2.10.0-244-gb07d1c2-dirty)", but I
  used git commit b07d1c2f5607489d4d4a6a65ce36a3e896ac065e and built
  with "./configure --target-list=ppc-softmmu --enable-debug --disable-
  strip".

  Here is the command-line arguments:

  qemu-system-ppc -boot c -g 1024x768x32 -M mac99 -m 256 -prom-env
  'auto-boot?=true' -prom-env 'boot-args=-v' -prom-env 'vga-ndrv?=true'
  -drive file=../os9.img,format=raw,media=cdrom -drive
  file=MacOS9.qcow2,format=qcow2,media=disk -spice
  port=5901,password=XXX -net nic,model=rtl8139 -net user -monitor stdio

  And the GDB backtrace:

  Program terminated with signal SIGSEGV, Segmentation fault.
  #0  0x0000559065fe7d3a in timer_mod (ts=0x0, expire_time=888960717010) at util/qemu-timer.c:462
  462         timer_mod_ns(ts, expire_time * ts->scale);
  [Current thread is 1 (Thread 0x7f60e43cb700 (LWP 9853))]
  (gdb) bt
  #0  0x0000559065fe7d3a in timer_mod (ts=0x0, expire_time=888960717010) at util/qemu-timer.c:462
  #1  0x0000559065d63769 in openpic_tmr_set_tmr (tmr=0x5590676fa7e0, val=96, enabled=true) at hw/intc/openpic.c:861
  #2  0x0000559065d63995 in openpic_tmr_write (opaque=0x5590676f71f0, addr=16, val=96, len=4) at hw/intc/openpic.c:912
  #3  0x0000559065b02811 in memory_region_write_accessor (mr=0x5590676f7710, addr=32, value=0x7f60e43c7da8, size=4, shift=0, mask=4294967295, attrs=...) at /home/bp/qemu/memory.c:529
  #4  0x0000559065b02a29 in access_with_adjusted_size (addr=32, value=0x7f60e43c7da8, size=1, access_size_min=4, access_size_max=4, access=0x559065b02727 <memory_region_write_accessor>, mr=0x5590676f7710, attrs=...) at /home/bp/qemu/memory.c:595
  #5  0x0000559065b051eb in memory_region_dispatch_write (mr=0x5590676f7710, addr=32, data=96, size=1, attrs=...) at /home/bp/qemu/memory.c:1337
  #6  0x0000559065aa3a36 in address_space_write_continue (as=0x559067614d90, addr=2147750160, attrs=..., buf=0x7f60e43c7ed0 "`_'\310`\177", len=1, addr1=32, l=1, mr=0x5590676f7710) at /home/bp/qemu/exec.c:2942
  #7  0x0000559065aa3b84 in address_space_write (as=0x559067614d90, addr=2147750160, attrs=..., buf=0x7f60e43c7ed0 "`_'\310`\177", len=1) at /home/bp/qemu/exec.c:2987
  #8  0x0000559065aa2ec0 in subpage_write (opaque=0x7f60c8275fc0, addr=272, value=96, len=1, attrs=...) at /home/bp/qemu/exec.c:2565
  #9  0x0000559065b02906 in memory_region_write_with_attrs_accessor (mr=0x7f60c8275fc0, addr=272, value=0x7f60e43c7fc8, size=1, shift=0, mask=255, attrs=...) at /home/bp/qemu/memory.c:555
  #10 0x0000559065b029d3 in access_with_adjusted_size (addr=272, value=0x7f60e43c7fc8, size=1, access_size_min=1, access_size_max=8, access=0x559065b02818 <memory_region_write_with_attrs_accessor>, mr=0x7f60c8275fc0, attrs=...) at /home/bp/qemu/memory.c:590
  #11 0x0000559065b0523a in memory_region_dispatch_write (mr=0x7f60c8275fc0, addr=272, data=96, size=1, attrs=...) at /home/bp/qemu/memory.c:1344
  #12 0x0000559065b175db in io_writex (env=0x7f60e43d42a0, iotlbentry=0x7f60e43e8130, mmu_idx=3, val=96, addr=2147750160, retaddr=140054158295744, size=1) at /home/bp/qemu/accel/tcg/cputlb.c:807
  #13 0x0000559065b18055 in io_writeb (env=0x7f60e43d42a0, mmu_idx=3, index=65, val=96 '`', addr=2147750160, retaddr=140054158295744) at /home/bp/qemu/softmmu_template.h:265
  #14 0x0000559065b181ea in helper_ret_stb_mmu (env=0x7f60e43d42a0, addr=2147750160, val=96 '`', oi=3, retaddr=140054158295744) at /home/bp/qemu/softmmu_template.h:300
  #15 0x00007f60e65ac2c0 in code_gen_buffer ()
  #16 0x0000559065b1ff26 in cpu_tb_exec (cpu=0x7f60e43cc010, itb=0x7f60e65ac5c0 <code_gen_buffer+935318>) at /home/bp/qemu/accel/tcg/cpu-exec.c:166
  #17 0x0000559065b20bfd in cpu_loop_exec_tb (cpu=0x7f60e43cc010, tb=0x7f60e65ac5c0 <code_gen_buffer+935318>, last_tb=0x7f60e43c8678, tb_exit=0x7f60e43c8674) at /home/bp/qemu/accel/tcg/cpu-exec.c:578
  #18 0x0000559065b20eed in cpu_exec (cpu=0x7f60e43cc010) at /home/bp/qemu/accel/tcg/cpu-exec.c:676
  #19 0x0000559065aebc3d in tcg_cpu_exec (cpu=0x7f60e43cc010) at /home/bp/qemu/cpus.c:1270
  #20 0x0000559065aebe64 in qemu_tcg_rr_cpu_thread_fn (arg=0x7f60e43cc010) at /home/bp/qemu/cpus.c:1365
  #21 0x00007f60f56f06ba in start_thread (arg=0x7f60e43cb700) at pthread_create.c:333
  #22 0x00007f60f542682d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Any idea what is going on?

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1715715/+subscriptions

[Qemu-devel] [Bug 1715715] Re: [qemu-ppc] Segfault when booting from HD after MacOS9 install

[Brad Parker]

I just tried the latest git and it actually boots fine with your
command... so I guess whatever issue I was having (the null dereference
in the timer code I pasted above) must have been fixed... however I've
noticed another issue with a different command that causes the bootup to
hang:

qemu-system-ppc -boot c -g 1024x768x32 -M mac99 -m 256 -prom-env 'auto-
boot?=true' -prom-env 'boot-args=-v' -prom-env 'vga-ndrv?=true' -drive
file=os9.2.1.iso,format=raw,media=cdrom -drive
file=os921.qcow2,format=qcow2,media=disk -spice port=5901,password=XXX
-net nic,model=sungem -net user -monitor stdio

This hangs at bootup at "Trying hd:,\\:tbxi" and never progresses any
further. If I remove the cdrom then it boots fine... however, simply
adding the cdrom to your working command, it still works there... not
sure what's going on, but thanks for the help. I have something that
works now.

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1715715

Title:
  [qemu-ppc] Segfault when booting from HD after MacOS9 install

Status in QEMU:
  New

Bug description:
  I created an empty 128G qcow2 image and booted from a Mac OS 9.2.1
  Install CD, in which I was able to install the OS successfully to the
  hard drive. Upon reboot, this time from the hard drive directly, qemu-
  system-ppc segfaults. Host system is Ubuntu 16.04.2 with latest qemu
  commit.

  qemu --version reports "2.10.50 (v2.10.0-244-gb07d1c2-dirty)", but I
  used git commit b07d1c2f5607489d4d4a6a65ce36a3e896ac065e and built
  with "./configure --target-list=ppc-softmmu --enable-debug --disable-
  strip".

  Here is the command-line arguments:

  qemu-system-ppc -boot c -g 1024x768x32 -M mac99 -m 256 -prom-env
  'auto-boot?=true' -prom-env 'boot-args=-v' -prom-env 'vga-ndrv?=true'
  -drive file=../os9.img,format=raw,media=cdrom -drive
  file=MacOS9.qcow2,format=qcow2,media=disk -spice
  port=5901,password=XXX -net nic,model=rtl8139 -net user -monitor stdio

  And the GDB backtrace:

  Program terminated with signal SIGSEGV, Segmentation fault.
  #0  0x0000559065fe7d3a in timer_mod (ts=0x0, expire_time=888960717010) at util/qemu-timer.c:462
  462         timer_mod_ns(ts, expire_time * ts->scale);
  [Current thread is 1 (Thread 0x7f60e43cb700 (LWP 9853))]
  (gdb) bt
  #0  0x0000559065fe7d3a in timer_mod (ts=0x0, expire_time=888960717010) at util/qemu-timer.c:462
  #1  0x0000559065d63769 in openpic_tmr_set_tmr (tmr=0x5590676fa7e0, val=96, enabled=true) at hw/intc/openpic.c:861
  #2  0x0000559065d63995 in openpic_tmr_write (opaque=0x5590676f71f0, addr=16, val=96, len=4) at hw/intc/openpic.c:912
  #3  0x0000559065b02811 in memory_region_write_accessor (mr=0x5590676f7710, addr=32, value=0x7f60e43c7da8, size=4, shift=0, mask=4294967295, attrs=...) at /home/bp/qemu/memory.c:529
  #4  0x0000559065b02a29 in access_with_adjusted_size (addr=32, value=0x7f60e43c7da8, size=1, access_size_min=4, access_size_max=4, access=0x559065b02727 <memory_region_write_accessor>, mr=0x5590676f7710, attrs=...) at /home/bp/qemu/memory.c:595
  #5  0x0000559065b051eb in memory_region_dispatch_write (mr=0x5590676f7710, addr=32, data=96, size=1, attrs=...) at /home/bp/qemu/memory.c:1337
  #6  0x0000559065aa3a36 in address_space_write_continue (as=0x559067614d90, addr=2147750160, attrs=..., buf=0x7f60e43c7ed0 "`_'\310`\177", len=1, addr1=32, l=1, mr=0x5590676f7710) at /home/bp/qemu/exec.c:2942
  #7  0x0000559065aa3b84 in address_space_write (as=0x559067614d90, addr=2147750160, attrs=..., buf=0x7f60e43c7ed0 "`_'\310`\177", len=1) at /home/bp/qemu/exec.c:2987
  #8  0x0000559065aa2ec0 in subpage_write (opaque=0x7f60c8275fc0, addr=272, value=96, len=1, attrs=...) at /home/bp/qemu/exec.c:2565
  #9  0x0000559065b02906 in memory_region_write_with_attrs_accessor (mr=0x7f60c8275fc0, addr=272, value=0x7f60e43c7fc8, size=1, shift=0, mask=255, attrs=...) at /home/bp/qemu/memory.c:555
  #10 0x0000559065b029d3 in access_with_adjusted_size (addr=272, value=0x7f60e43c7fc8, size=1, access_size_min=1, access_size_max=8, access=0x559065b02818 <memory_region_write_with_attrs_accessor>, mr=0x7f60c8275fc0, attrs=...) at /home/bp/qemu/memory.c:590
  #11 0x0000559065b0523a in memory_region_dispatch_write (mr=0x7f60c8275fc0, addr=272, data=96, size=1, attrs=...) at /home/bp/qemu/memory.c:1344
  #12 0x0000559065b175db in io_writex (env=0x7f60e43d42a0, iotlbentry=0x7f60e43e8130, mmu_idx=3, val=96, addr=2147750160, retaddr=140054158295744, size=1) at /home/bp/qemu/accel/tcg/cputlb.c:807
  #13 0x0000559065b18055 in io_writeb (env=0x7f60e43d42a0, mmu_idx=3, index=65, val=96 '`', addr=2147750160, retaddr=140054158295744) at /home/bp/qemu/softmmu_template.h:265
  #14 0x0000559065b181ea in helper_ret_stb_mmu (env=0x7f60e43d42a0, addr=2147750160, val=96 '`', oi=3, retaddr=140054158295744) at /home/bp/qemu/softmmu_template.h:300
  #15 0x00007f60e65ac2c0 in code_gen_buffer ()
  #16 0x0000559065b1ff26 in cpu_tb_exec (cpu=0x7f60e43cc010, itb=0x7f60e65ac5c0 <code_gen_buffer+935318>) at /home/bp/qemu/accel/tcg/cpu-exec.c:166
  #17 0x0000559065b20bfd in cpu_loop_exec_tb (cpu=0x7f60e43cc010, tb=0x7f60e65ac5c0 <code_gen_buffer+935318>, last_tb=0x7f60e43c8678, tb_exit=0x7f60e43c8674) at /home/bp/qemu/accel/tcg/cpu-exec.c:578
  #18 0x0000559065b20eed in cpu_exec (cpu=0x7f60e43cc010) at /home/bp/qemu/accel/tcg/cpu-exec.c:676
  #19 0x0000559065aebc3d in tcg_cpu_exec (cpu=0x7f60e43cc010) at /home/bp/qemu/cpus.c:1270
  #20 0x0000559065aebe64 in qemu_tcg_rr_cpu_thread_fn (arg=0x7f60e43cc010) at /home/bp/qemu/cpus.c:1365
  #21 0x00007f60f56f06ba in start_thread (arg=0x7f60e43cb700) at pthread_create.c:333
  #22 0x00007f60f542682d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Any idea what is going on?

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1715715/+subscriptions

[Bug 1715715] Re: [qemu-ppc] Segfault when booting from HD after MacOS9 install

[Thomas Huth]

Looking through old bug tickets ... can you still reproduce the segfault
with the latest version of QEMU?

** Changed in: qemu
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1715715

Title:
  [qemu-ppc] Segfault when booting from HD after MacOS9 install

Status in QEMU:
  Incomplete

Bug description:
  I created an empty 128G qcow2 image and booted from a Mac OS 9.2.1
  Install CD, in which I was able to install the OS successfully to the
  hard drive. Upon reboot, this time from the hard drive directly, qemu-
  system-ppc segfaults. Host system is Ubuntu 16.04.2 with latest qemu
  commit.

  qemu --version reports "2.10.50 (v2.10.0-244-gb07d1c2-dirty)", but I
  used git commit b07d1c2f5607489d4d4a6a65ce36a3e896ac065e and built
  with "./configure --target-list=ppc-softmmu --enable-debug --disable-
  strip".

  Here is the command-line arguments:

  qemu-system-ppc -boot c -g 1024x768x32 -M mac99 -m 256 -prom-env
  'auto-boot?=true' -prom-env 'boot-args=-v' -prom-env 'vga-ndrv?=true'
  -drive file=../os9.img,format=raw,media=cdrom -drive
  file=MacOS9.qcow2,format=qcow2,media=disk -spice
  port=5901,password=XXX -net nic,model=rtl8139 -net user -monitor stdio

  And the GDB backtrace:

  Program terminated with signal SIGSEGV, Segmentation fault.
  #0  0x0000559065fe7d3a in timer_mod (ts=0x0, expire_time=888960717010) at util/qemu-timer.c:462
  462         timer_mod_ns(ts, expire_time * ts->scale);
  [Current thread is 1 (Thread 0x7f60e43cb700 (LWP 9853))]
  (gdb) bt
  #0  0x0000559065fe7d3a in timer_mod (ts=0x0, expire_time=888960717010) at util/qemu-timer.c:462
  #1  0x0000559065d63769 in openpic_tmr_set_tmr (tmr=0x5590676fa7e0, val=96, enabled=true) at hw/intc/openpic.c:861
  #2  0x0000559065d63995 in openpic_tmr_write (opaque=0x5590676f71f0, addr=16, val=96, len=4) at hw/intc/openpic.c:912
  #3  0x0000559065b02811 in memory_region_write_accessor (mr=0x5590676f7710, addr=32, value=0x7f60e43c7da8, size=4, shift=0, mask=4294967295, attrs=...) at /home/bp/qemu/memory.c:529
  #4  0x0000559065b02a29 in access_with_adjusted_size (addr=32, value=0x7f60e43c7da8, size=1, access_size_min=4, access_size_max=4, access=0x559065b02727 <memory_region_write_accessor>, mr=0x5590676f7710, attrs=...) at /home/bp/qemu/memory.c:595
  #5  0x0000559065b051eb in memory_region_dispatch_write (mr=0x5590676f7710, addr=32, data=96, size=1, attrs=...) at /home/bp/qemu/memory.c:1337
  #6  0x0000559065aa3a36 in address_space_write_continue (as=0x559067614d90, addr=2147750160, attrs=..., buf=0x7f60e43c7ed0 "`_'\310`\177", len=1, addr1=32, l=1, mr=0x5590676f7710) at /home/bp/qemu/exec.c:2942
  #7  0x0000559065aa3b84 in address_space_write (as=0x559067614d90, addr=2147750160, attrs=..., buf=0x7f60e43c7ed0 "`_'\310`\177", len=1) at /home/bp/qemu/exec.c:2987
  #8  0x0000559065aa2ec0 in subpage_write (opaque=0x7f60c8275fc0, addr=272, value=96, len=1, attrs=...) at /home/bp/qemu/exec.c:2565
  #9  0x0000559065b02906 in memory_region_write_with_attrs_accessor (mr=0x7f60c8275fc0, addr=272, value=0x7f60e43c7fc8, size=1, shift=0, mask=255, attrs=...) at /home/bp/qemu/memory.c:555
  #10 0x0000559065b029d3 in access_with_adjusted_size (addr=272, value=0x7f60e43c7fc8, size=1, access_size_min=1, access_size_max=8, access=0x559065b02818 <memory_region_write_with_attrs_accessor>, mr=0x7f60c8275fc0, attrs=...) at /home/bp/qemu/memory.c:590
  #11 0x0000559065b0523a in memory_region_dispatch_write (mr=0x7f60c8275fc0, addr=272, data=96, size=1, attrs=...) at /home/bp/qemu/memory.c:1344
  #12 0x0000559065b175db in io_writex (env=0x7f60e43d42a0, iotlbentry=0x7f60e43e8130, mmu_idx=3, val=96, addr=2147750160, retaddr=140054158295744, size=1) at /home/bp/qemu/accel/tcg/cputlb.c:807
  #13 0x0000559065b18055 in io_writeb (env=0x7f60e43d42a0, mmu_idx=3, index=65, val=96 '`', addr=2147750160, retaddr=140054158295744) at /home/bp/qemu/softmmu_template.h:265
  #14 0x0000559065b181ea in helper_ret_stb_mmu (env=0x7f60e43d42a0, addr=2147750160, val=96 '`', oi=3, retaddr=140054158295744) at /home/bp/qemu/softmmu_template.h:300
  #15 0x00007f60e65ac2c0 in code_gen_buffer ()
  #16 0x0000559065b1ff26 in cpu_tb_exec (cpu=0x7f60e43cc010, itb=0x7f60e65ac5c0 <code_gen_buffer+935318>) at /home/bp/qemu/accel/tcg/cpu-exec.c:166
  #17 0x0000559065b20bfd in cpu_loop_exec_tb (cpu=0x7f60e43cc010, tb=0x7f60e65ac5c0 <code_gen_buffer+935318>, last_tb=0x7f60e43c8678, tb_exit=0x7f60e43c8674) at /home/bp/qemu/accel/tcg/cpu-exec.c:578
  #18 0x0000559065b20eed in cpu_exec (cpu=0x7f60e43cc010) at /home/bp/qemu/accel/tcg/cpu-exec.c:676
  #19 0x0000559065aebc3d in tcg_cpu_exec (cpu=0x7f60e43cc010) at /home/bp/qemu/cpus.c:1270
  #20 0x0000559065aebe64 in qemu_tcg_rr_cpu_thread_fn (arg=0x7f60e43cc010) at /home/bp/qemu/cpus.c:1365
  #21 0x00007f60f56f06ba in start_thread (arg=0x7f60e43cb700) at pthread_create.c:333
  #22 0x00007f60f542682d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Any idea what is going on?

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1715715/+subscriptions

[Bug 1715715] Re: [qemu-ppc] Segfault when booting from HD after MacOS9 install

[Launchpad Bug Tracker]

[Expired for QEMU because there has been no activity for 60 days.]

** Changed in: qemu
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1715715

Title:
  [qemu-ppc] Segfault when booting from HD after MacOS9 install

Status in QEMU:
  Expired

Bug description:
  I created an empty 128G qcow2 image and booted from a Mac OS 9.2.1
  Install CD, in which I was able to install the OS successfully to the
  hard drive. Upon reboot, this time from the hard drive directly, qemu-
  system-ppc segfaults. Host system is Ubuntu 16.04.2 with latest qemu
  commit.

  qemu --version reports "2.10.50 (v2.10.0-244-gb07d1c2-dirty)", but I
  used git commit b07d1c2f5607489d4d4a6a65ce36a3e896ac065e and built
  with "./configure --target-list=ppc-softmmu --enable-debug --disable-
  strip".

  Here is the command-line arguments:

  qemu-system-ppc -boot c -g 1024x768x32 -M mac99 -m 256 -prom-env
  'auto-boot?=true' -prom-env 'boot-args=-v' -prom-env 'vga-ndrv?=true'
  -drive file=../os9.img,format=raw,media=cdrom -drive
  file=MacOS9.qcow2,format=qcow2,media=disk -spice
  port=5901,password=XXX -net nic,model=rtl8139 -net user -monitor stdio

  And the GDB backtrace:

  Program terminated with signal SIGSEGV, Segmentation fault.
  #0  0x0000559065fe7d3a in timer_mod (ts=0x0, expire_time=888960717010) at util/qemu-timer.c:462
  462         timer_mod_ns(ts, expire_time * ts->scale);
  [Current thread is 1 (Thread 0x7f60e43cb700 (LWP 9853))]
  (gdb) bt
  #0  0x0000559065fe7d3a in timer_mod (ts=0x0, expire_time=888960717010) at util/qemu-timer.c:462
  #1  0x0000559065d63769 in openpic_tmr_set_tmr (tmr=0x5590676fa7e0, val=96, enabled=true) at hw/intc/openpic.c:861
  #2  0x0000559065d63995 in openpic_tmr_write (opaque=0x5590676f71f0, addr=16, val=96, len=4) at hw/intc/openpic.c:912
  #3  0x0000559065b02811 in memory_region_write_accessor (mr=0x5590676f7710, addr=32, value=0x7f60e43c7da8, size=4, shift=0, mask=4294967295, attrs=...) at /home/bp/qemu/memory.c:529
  #4  0x0000559065b02a29 in access_with_adjusted_size (addr=32, value=0x7f60e43c7da8, size=1, access_size_min=4, access_size_max=4, access=0x559065b02727 <memory_region_write_accessor>, mr=0x5590676f7710, attrs=...) at /home/bp/qemu/memory.c:595
  #5  0x0000559065b051eb in memory_region_dispatch_write (mr=0x5590676f7710, addr=32, data=96, size=1, attrs=...) at /home/bp/qemu/memory.c:1337
  #6  0x0000559065aa3a36 in address_space_write_continue (as=0x559067614d90, addr=2147750160, attrs=..., buf=0x7f60e43c7ed0 "`_'\310`\177", len=1, addr1=32, l=1, mr=0x5590676f7710) at /home/bp/qemu/exec.c:2942
  #7  0x0000559065aa3b84 in address_space_write (as=0x559067614d90, addr=2147750160, attrs=..., buf=0x7f60e43c7ed0 "`_'\310`\177", len=1) at /home/bp/qemu/exec.c:2987
  #8  0x0000559065aa2ec0 in subpage_write (opaque=0x7f60c8275fc0, addr=272, value=96, len=1, attrs=...) at /home/bp/qemu/exec.c:2565
  #9  0x0000559065b02906 in memory_region_write_with_attrs_accessor (mr=0x7f60c8275fc0, addr=272, value=0x7f60e43c7fc8, size=1, shift=0, mask=255, attrs=...) at /home/bp/qemu/memory.c:555
  #10 0x0000559065b029d3 in access_with_adjusted_size (addr=272, value=0x7f60e43c7fc8, size=1, access_size_min=1, access_size_max=8, access=0x559065b02818 <memory_region_write_with_attrs_accessor>, mr=0x7f60c8275fc0, attrs=...) at /home/bp/qemu/memory.c:590
  #11 0x0000559065b0523a in memory_region_dispatch_write (mr=0x7f60c8275fc0, addr=272, data=96, size=1, attrs=...) at /home/bp/qemu/memory.c:1344
  #12 0x0000559065b175db in io_writex (env=0x7f60e43d42a0, iotlbentry=0x7f60e43e8130, mmu_idx=3, val=96, addr=2147750160, retaddr=140054158295744, size=1) at /home/bp/qemu/accel/tcg/cputlb.c:807
  #13 0x0000559065b18055 in io_writeb (env=0x7f60e43d42a0, mmu_idx=3, index=65, val=96 '`', addr=2147750160, retaddr=140054158295744) at /home/bp/qemu/softmmu_template.h:265
  #14 0x0000559065b181ea in helper_ret_stb_mmu (env=0x7f60e43d42a0, addr=2147750160, val=96 '`', oi=3, retaddr=140054158295744) at /home/bp/qemu/softmmu_template.h:300
  #15 0x00007f60e65ac2c0 in code_gen_buffer ()
  #16 0x0000559065b1ff26 in cpu_tb_exec (cpu=0x7f60e43cc010, itb=0x7f60e65ac5c0 <code_gen_buffer+935318>) at /home/bp/qemu/accel/tcg/cpu-exec.c:166
  #17 0x0000559065b20bfd in cpu_loop_exec_tb (cpu=0x7f60e43cc010, tb=0x7f60e65ac5c0 <code_gen_buffer+935318>, last_tb=0x7f60e43c8678, tb_exit=0x7f60e43c8674) at /home/bp/qemu/accel/tcg/cpu-exec.c:578
  #18 0x0000559065b20eed in cpu_exec (cpu=0x7f60e43cc010) at /home/bp/qemu/accel/tcg/cpu-exec.c:676
  #19 0x0000559065aebc3d in tcg_cpu_exec (cpu=0x7f60e43cc010) at /home/bp/qemu/cpus.c:1270
  #20 0x0000559065aebe64 in qemu_tcg_rr_cpu_thread_fn (arg=0x7f60e43cc010) at /home/bp/qemu/cpus.c:1365
  #21 0x00007f60f56f06ba in start_thread (arg=0x7f60e43cb700) at pthread_create.c:333
  #22 0x00007f60f542682d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

  Any idea what is going on?

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1715715/+subscriptions