qemu-ios icon indicating copy to clipboard operation
qemu-ios copied to clipboard

Published 20 hours ago verified publisher icon devos50

Segmentation fault (core dumped)

Open raymbartlett opened this issue 1 year ago • 18 comments

I'm attempting to run after a successful build and make, but am getting this error:

./arm-softmmu/qemu-system-arm -M iPod-Touch,bootrom=../reqs/bootrom_240_4,nand=../reqs/nand,nor=../reqs/nor_n72ap.bin -serial mon:stdio -cpu max -m 2G -d unimp
Segmentation fault (core dumped)

I've verified the filepaths and tried them in multiple locations, but get the same error every time. I'm running it on Pop!_OS 22.04 LTS.

raymbartlett avatar Nov 09 '23 18:11 raymbartlett

also have this problem

SuperErnD avatar Nov 10 '23 10:11 SuperErnD

same here, even with absolute paths

jeppojeps avatar Nov 17 '23 16:11 jeppojeps

OK so found some issues,

with the actual commit in the init_machine I get to this point

jezz@thaboss:~/Documents/qemu-ios/build$ ./qemu-system-arm -M iPod-Touch,bootrom=/home/jezz/Documents/ipodutils/bootrom_240_4,nand=/home/jezz/Documents/ipodutils/nand/,nor=/home/jezz/Documents/ipodutils/qemu-ios-generate-nor/data -serial mon:stdio -cpu max -m 2G -d unimp

static inline qemu_irq s5l8900_get_irq(IPodTouchMachineState *s, int n)
fprintf(stderr, "%p state, val %d\n",s,n);

0x56515d748860 state, val 7 0x56515d748860 state, val 33 0x56515d748860 state, val 32 0x56515d748860 state, val 31 0x56515d748860 state, val 3 0x56515d748860 state, val 2 0x56515d748860 state, val 0 0x56515d748860 state, val 540701477 Segmentation fault (core dumped)

it seems there's an off-by-one or sth alike here

busdev = SYS_BUS_DEVICE(dev); for(int grp = 0; grp < GPIO_NUMINTGROUPS-1; grp++) { sysbus_connect_irq(busdev, grp, s5l8900_get_irq(nms, S5L8900_GPIO_IRQS[grp])); } EDITED ------ the error after the patch was due to a wrong NOR, so the patch seems to work

~~with the patch I put above I get somehow to an initial screen bump but it dies immediately~~ s5l8900_gpio_read: read from location 0x00000164~~ s5l8900_gpio_read: read from location 0x00000184 s5l8900_gpio_read: read from location 0x00000064 s5l8900_gpio_read: read from location 0x00000064 s5l8900_gpio_read: read from location 0x00000064 s5l8900_gpio_read: read from location 0x00000064 s5l8900_gpio_read: read from location 0x00000064 s5l8900_gpio_read: read from location 0x00000064 Segmentation fault (core dumped)

~~It seems there's a missing GPIO or sth alike~~

jeppojeps avatar Nov 17 '23 17:11 jeppojeps

@jeppojeps that's a great find, thanks for reporting! This could be one of the reasons for the emulator crashing so much on Linux.

Unfortunately, I won't have the time this, or next week to look into it. If you can figure out where it goes wrong, I'll gladly merge a PR! 👍

devos50 avatar Nov 17 '23 17:11 devos50

I am taking a look, I want to try to repro on Apple so I can get an idea. So it seems it crashes too on my M1, figuring out something maybe wrong with the boot files

jeppojeps avatar Nov 17 '23 17:11 jeppojeps

I solved it image

up and running in Linux, though it does not seem super stable

jeppojeps avatar Nov 18 '23 10:11 jeppojeps

will try to get back to the error above and see if I can make a decent PR, cause what I have it's a whack

jeppojeps avatar Nov 18 '23 10:11 jeppojeps

OK so found some inconsistencies/compiler optimisations which make weirdly the emulator work on M1. The following function in hw/arm/ipod_touch_2g.c

153 static inline qemu_irq s5l8900_get_irq(IPodTouchMachineState *s, int n)
154 {
155     //fprintf(stderr, "%p state %d \n", s, n);
156     return s->irq[n / S5L8720_VIC_SIZE][n % S5L8720_VIC_SIZE];
157 }

if you put the debug print it is going to crash as it does on Linux, I went a bit further and discovered an inconsistency in the loop of yesterday pointed above

270     for(int grp = 0; grp < GPIO_NUMINTGROUPS; grp++) {
271         sysbus_connect_irq(busdev, grp, s5l8900_get_irq(nms, S5L8900_GPIO_IRQS[grp]));
272     }

The size of GPIO_NUMINTGROUPS is 7, defined in include/hw/arm/ipod_touch_sysic.h though the size of this vector S5L8900_GPIO_IRQS is only 5, though if I redefine GPIO_NUMINTGROUPS to be 5 it crashes.

jeppojeps avatar Nov 19 '23 07:11 jeppojeps

can u publish the source?

SuperErnD avatar Nov 20 '23 14:11 SuperErnD

sure the fix I made on Linux which for now I can't confirm why it makes it work, as I said it seems a compiler optimization Apple side....

diff --git a/hw/arm/ipod_touch_2g.c b/hw/arm/ipod_touch_2g.c
index bf0476642a..91b58dacd9 100644
--- a/hw/arm/ipod_touch_2g.c
+++ b/hw/arm/ipod_touch_2g.c
@@ -152,6 +152,7 @@ static void ipod_touch_instance_init(Object *obj)
 
 static inline qemu_irq s5l8900_get_irq(IPodTouchMachineState *s, int n)
 {
+    fprintf(stderr, "%p state, val %d\n",s,n);
     return s->irq[n / S5L8720_VIC_SIZE][n % S5L8720_VIC_SIZE];
 }
 
@@ -266,7 +267,7 @@ static void ipod_touch_machine_init(MachineState *machine)
     nms->sysic = (IPodTouchSYSICState *) g_malloc0(sizeof(struct IPodTouchSYSICState));
     memory_region_add_subregion(sysmem, SYSIC_MEM_BASE, &sysic_state->iomem);
     busdev = SYS_BUS_DEVICE(dev);
-    for(int grp = 0; grp < GPIO_NUMINTGROUPS; grp++) {
+    for(int grp = 0; grp < GPIO_NUMINTGROUPS-1; grp++) {
         sysbus_connect_irq(busdev, grp, s5l8900_get_irq(nms, S5L8900_GPIO_IRQS[grp]));
     }
 
@@ -513,4 +514,4 @@ static void ipod_touch_machine_types(void)
     type_register_static(&ipod_touch_machine_info);
 }
 
-type_init(ipod_touch_machine_types)
\ No newline at end of file
+type_init(ipod_touch_machine_types)

jeppojeps avatar Nov 20 '23 14:11 jeppojeps

The printf is purely optional but funny enough if you enable it on the M1 it makes it crash. So I assume clang is doing some inlining of the loop function and it just skip the last element... 🤔

jeppojeps avatar Nov 20 '23 14:11 jeppojeps

so just apply this patch and build?

SuperErnD avatar Nov 20 '23 16:11 SuperErnD

yes, on Linux Ubuntu it should make it work, but again, I disregard the issue for the moment, the printf() of course is optional

GPIO_NUMINTGROUPS-1

jeppojeps avatar Nov 20 '23 16:11 jeppojeps

Running postconf script '/usr/bin/python3 /home/diman/Документи/ios/qemu-ios/scripts/symlink-install-tree.py' --- stdout ---

--- stderr --- /usr/bin/python3: can't open file "/home/diman/Документи/ios/qemu-ios/build/'/home/diman/Документи/ios/qemu-ios/meson/meson.py'": [Errno 2] No such file or directory Traceback (most recent call last): File "/home/diman/Документи/ios/qemu-ios/scripts/symlink-install-tree.py", line 17, in out = subprocess.run([*introspect.split(' '), '--installed'], ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib64/python3.12/subprocess.py", line 571, in run raise CalledProcessError(retcode, process.args, subprocess.CalledProcessError: Command '['/usr/bin/python3', "'/home/diman/Документи/ios/qemu-ios/meson/meson.py'", 'introspect', '--installed']' returned non-zero exit status 2.

fails with it problem

SuperErnD avatar Nov 21 '23 08:11 SuperErnD

i fix it, i have a question what key press to press power button H for home

SuperErnD avatar Nov 21 '23 12:11 SuperErnD

H, P there are a few more, check on YouTube or amongst other issues.

Il giorno mar 21 nov 2023 alle ore 13:20 Diman @.***> ha scritto:

i fix it, i have a question what key press to press power button H for home

— Reply to this email directly, view it on GitHub https://github.com/devos50/qemu-ios/issues/75#issuecomment-1820819293, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB325SX3DWTZAI7BVTQDKWDYFSL7PAVCNFSM6AAAAAA7E7Q7O2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMRQHAYTSMRZGM . You are receiving this because you were mentioned.Message ID: @.***>

jeppojeps avatar Nov 21 '23 13:11 jeppojeps

its works good (i think), so i think this patch can be applied to repo

SuperErnD avatar Nov 24 '23 13:11 SuperErnD

Yeah, though I need to understand the deal, why on Apple Silicon it does not happen....

jeppojeps avatar Dec 04 '23 11:12 jeppojeps