weak symbol access makes qemu in user mode hang for mips, mips64
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
QEMU |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
A program that is statically linked and invokes a weak pointer should crash (because the weak pointer evaluates to NULL).
With qemu in user mode, for mips and mips64, it hangs. The process needs to be killed with "kill -9".
How to reproduce for mips:
- Compile the program: mips-linux-
- Set environment variables for running qemu-mips.
- ~/inst-
How to reproduce for mips64:
- Compile the program: mips64-
- Set environment variables for running qemu-mips64.
- ~/inst-
When I attach gdb to the process, I see that it is hanging inside 'gen_intermedia
$ gdb /home/bruno/
...
Reading symbols from /home/bruno/
Attaching to program: /home/bruno/
...
(gdb) info threads
Id Target Id Frame
* 1 Thread 0x7f1e7e535740 (LWP 9726) "qemu-mips" __lll_lock_wait () at ../sysdeps/
2 Thread 0x7f1e7d0ad700 (LWP 9727) "qemu-mips" syscall () at ../sysdeps/
(gdb) where
#0 __lll_lock_wait () at ../sysdeps/
#1 0x00007f1e7d6f1dbd in __GI___
#2 0x000055de1c527199 in qemu_mutex_lock (mutex=
at /media/
#3 0x000055de1c435083 in tb_lock () at /media/
#4 cpu_restore_state (cpu=cpu@
#5 0x000055de1c4658d0 in handle_cpu_signal (old_set=
at /media/
#6 cpu_mips_
at /media/
#7 0x000055de1c4803be in host_signal_handler (host_signum=11, info=0x7ffe5ffd
at /media/
#8 <signal handler called>
#9 __bswap_32 (__bsx=<optimized out>) at /usr/include/
#10 bswap32 (x=<optimized out>) at /media/
#11 ldl_be_p (ptr=<optimized out>) at /media/
#12 cpu_ldl_code (env=0x55de1e91
#13 gen_intermediat
at /media/
#14 0x000055de1c4352e6 in tb_gen_code (cpu=cpu@
cflags@entry=0) at /media/
#15 0x000055de1c436a7a in tb_find (tb_exit=0, last_tb=0x0, cpu=<optimized out>) at /media/
#16 cpu_exec (cpu=<optimized out>) at /media/
#17 0x000055de1c466278 in cpu_loop (env=0x55de1e91
#18 0x000055de1c433103 in main (argc=<optimized out>, argv=0x7ffe5ffd
at /media/
(gdb) thread 2
[Switching to thread 2 (Thread 0x7f1e7d0ad700 (LWP 9727))]
#0 syscall () at ../sysdeps/
38 ../sysdeps/
(gdb) where
#0 syscall () at ../sysdeps/
#1 0x000055de1c527605 in qemu_futex_wait (val=<optimized out>, f=<optimized out>) at /media/
#2 qemu_event_wait (ev=ev@
#3 0x000055de1c52d41e in call_rcu_thread (opaque=<optimized out>) at /media/
#4 0x00007f1e7d6ef6ba in start_thread (arg=0x7f1e7d0a
#5 0x00007f1e7d4253dd in clone () at ../sysdeps/
The behaviour in qemu-2.10 is the same as in qemu-2.9.