QEMU

qemu-aarch64 MTE fails to report tag mismatch

Bug #1927530 reported by Christophe Lyon
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
QEMU
New
Undecided
Unassigned

Bug Description

Hi,

While running the GCC testsuite with qemu-6.0 as simulator, I noticed several errors in the hwasan testsuite (output pattern tests).

I am attaching:
bitfield-2.exe
ld-linux-aarch64.so.1
libc.so.6
libdl.so.2
libhwasan.so.0
libm.so.6
libpthread.so.0
librt.so.1

The testcase can be executed via:
qemu-aarch64 -L . bitfield-2.exe

it currently generates:
HWAddressSanitizer:DEADLYSIGNAL
==21137==ERROR: HWAddressSanitizer: SEGV on unknown address 0x0000000000f0 (pc 0x00550084e318 bp 0x005f01650d00 sp 0x005f01650d00 T21137)
==21137==The signal is caused by a UNKNOWN memory access.
==21137==Hint: address points to the zero page.
    #0 0x550084e318 in GetAccessInfo /home/christophe.lyon/src/GCC/sources/gcc-fsf-git/trunk/libsanitizer/hwasan/hwasan_linux.cpp:339
    #1 0x550084e318 in HwasanOnSIGTRAP /home/christophe.lyon/src/GCC/sources/gcc-fsf-git/trunk/libsanitizer/hwasan/hwasan_linux.cpp:401
    #2 0x550084e318 in __hwasan::HwasanOnDeadlySignal(int, void*, void*) /home/christophe.lyon/src/GCC/sources/gcc-fsf-git/trunk/libsanitizer/hwasan/hwasan_linux.cpp:426
    #3 0x5f01651fec (<unknown module>)
    #4 0x550084b508 in __hwasan_load2 /home/christophe.lyon/src/GCC/sources/gcc-fsf-git/trunk/libsanitizer/hwasan/hwasan.cpp:379
    #5 0x400768 in f /home/christophe.lyon/src/GCC/sources/gcc-fsf-git/trunk/gcc/testsuite/c-c++-common/hwasan/bitfield-2.c:17
    #6 0x4007d0 in main /home/christophe.lyon/src/GCC/sources/gcc-fsf-git/trunk/gcc/testsuite/c-c++-common/hwasan/bitfield-2.c:24
    #7 0x550124cee0 in __libc_start_main ../csu/libc-start.c:308
    #8 0x400688 (/home/christophe.lyon/qemu-bug-hwasan-aarch64/bitfield-2.exe+0x400688)

HWAddressSanitizer can not provide additional info.
SUMMARY: HWAddressSanitizer: SEGV /home/christophe.lyon/src/GCC/sources/gcc-fsf-git/trunk/libsanitizer/hwasan/hwasan_linux.cpp:339 in GetAccessInfo
==21146==ABORTING

while the testcase expects HWAddressSanitizer: tag-mismatch on address 0x.....

Revision history for this message
Christophe Lyon (christophe-lyon) wrote :
Revision history for this message
Richard Henderson (rth) wrote :

You missed including libstdc++.so.6.
I ran with whatever libstdc++ I had lying around.

With qemu head, this terminates with

~/qemu/bld/qemu-aarch64 -L . ./bitfield-2.exe
*** stack smashing detected ***: terminated
qemu: uncaught target signal 6 (Aborted) - core dumped
Aborted

I suspect the relevant MTE portion of this bug report
to be a duplicate of a kasan bug, the fix for which did
not make 6.0, but has since been committed as 09641ef93112.

Revision history for this message
Christophe Lyon (christophe-lyon) wrote :

Sorry, I didn't think about rpath when I tried to execute what I had extracted.
Here are the additional libstdc++.so.6 and libgcc_s.so.1.

I am using a more recent qemu version than 6.0, almost head: d45a5270d075ea589f0b0ddcf963a5fea1f500ac

Revision history for this message
Christophe Lyon (christophe-lyon) wrote :
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.