QEMU

weak symbol access makes qemu in user mode hang for mips, mips64

Bug #1704638 reported by Bruno Haible
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
QEMU
Fix Released
Undecided
Unassigned

Bug Description

A program that is statically linked and invokes a weak pointer should crash (because the weak pointer evaluates to NULL).

With qemu in user mode, for mips and mips64, it hangs. The process needs to be killed with "kill -9".

How to reproduce for mips:
- Compile the program: mips-linux-gnu-gcc-5 -O -Wall -static -o testpthsigmask-mips testpthsigmask.c -pthread
- Set environment variables for running qemu-mips.
- ~/inst-qemu/2.9.0/bin/qemu-mips testpthsigmask-mips

How to reproduce for mips64:
- Compile the program: mips64-linux-gnuabi64-gcc-5 -O -Wall -static -o testpthsigmask-mips64 testpthsigmask.c -lpthread
- Set environment variables for running qemu-mips64.
- ~/inst-qemu/2.9.0/bin/qemu-mips64 testpthsigmask-mips64

When I attach gdb to the process, I see that it is hanging inside 'gen_intermediate_code':

$ gdb /home/bruno/inst-qemu/2.9.0/bin/qemu-mips 9726
...
Reading symbols from /home/bruno/inst-qemu/2.9.0/bin/qemu-mips...done.
Attaching to program: /home/bruno/inst-qemu/2.9.0/bin/qemu-mips, process 9726
...
(gdb) info threads
  Id Target Id Frame
* 1 Thread 0x7f1e7e535740 (LWP 9726) "qemu-mips" __lll_lock_wait () at ../sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:135
  2 Thread 0x7f1e7d0ad700 (LWP 9727) "qemu-mips" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
(gdb) where
#0 __lll_lock_wait () at ../sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:135
#1 0x00007f1e7d6f1dbd in __GI___pthread_mutex_lock (mutex=mutex@entry=0x55de1c7ff830 <tcg_ctx+272>) at ../nptl/pthread_mutex_lock.c:80
#2 0x000055de1c527199 in qemu_mutex_lock (mutex=mutex@entry=0x55de1c7ff830 <tcg_ctx+272>)
    at /media/develdata/devel/build/qemu-2.9.0/util/qemu-thread-posix.c:60
#3 0x000055de1c435083 in tb_lock () at /media/develdata/devel/build/qemu-2.9.0/translate-all.c:167
#4 cpu_restore_state (cpu=cpu@entry=0x55de1e915cb0, retaddr=retaddr@entry=94412445741769) at /media/develdata/devel/build/qemu-2.9.0/translate-all.c:350
#5 0x000055de1c4658d0 in handle_cpu_signal (old_set=0x7ffe5ffd8ea8, is_write=0, address=0, pc=94412445741767)
    at /media/develdata/devel/build/qemu-2.9.0/user-exec.c:124
#6 cpu_mips_signal_handler (host_signum=host_signum@entry=11, pinfo=pinfo@entry=0x7ffe5ffd8eb0, puc=puc@entry=0x7ffe5ffd8d80)
    at /media/develdata/devel/build/qemu-2.9.0/user-exec.c:229
#7 0x000055de1c4803be in host_signal_handler (host_signum=11, info=0x7ffe5ffd8eb0, puc=0x7ffe5ffd8d80)
    at /media/develdata/devel/build/qemu-2.9.0/linux-user/signal.c:646
#8 <signal handler called>
#9 __bswap_32 (__bsx=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/byteswap.h:47
#10 bswap32 (x=<optimized out>) at /media/develdata/devel/build/qemu-2.9.0/include/qemu/bswap.h:21
#11 ldl_be_p (ptr=<optimized out>) at /media/develdata/devel/build/qemu-2.9.0/include/qemu/bswap.h:434
#12 cpu_ldl_code (env=0x55de1e91df48, ptr=0) at /media/develdata/devel/build/qemu-2.9.0/include/exec/cpu_ldst_useronly_template.h:68
#13 gen_intermediate_code (env=env@entry=0x55de1e91df48, tb=tb@entry=0x7f1e7b288e58)
    at /media/develdata/devel/build/qemu-2.9.0/target/mips/translate.c:19962
#14 0x000055de1c4352e6 in tb_gen_code (cpu=cpu@entry=0x55de1e915cb0, pc=pc@entry=0, cs_base=cs_base@entry=0, flags=flags@entry=162, cflags=<optimized out>,
    cflags@entry=0) at /media/develdata/devel/build/qemu-2.9.0/translate-all.c:1295
#15 0x000055de1c436a7a in tb_find (tb_exit=0, last_tb=0x0, cpu=<optimized out>) at /media/develdata/devel/build/qemu-2.9.0/cpu-exec.c:365
#16 cpu_exec (cpu=<optimized out>) at /media/develdata/devel/build/qemu-2.9.0/cpu-exec.c:673
#17 0x000055de1c466278 in cpu_loop (env=0x55de1e91df48) at /media/develdata/devel/build/qemu-2.9.0/linux-user/main.c:2236
#18 0x000055de1c433103 in main (argc=<optimized out>, argv=0x7ffe5ffd9de8, envp=<optimized out>)
    at /media/develdata/devel/build/qemu-2.9.0/linux-user/main.c:4860
(gdb) thread 2
[Switching to thread 2 (Thread 0x7f1e7d0ad700 (LWP 9727))]
#0 syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
38 ../sysdeps/unix/sysv/linux/x86_64/syscall.S: Datei oder Verzeichnis nicht gefunden.
(gdb) where
#0 syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
#1 0x000055de1c527605 in qemu_futex_wait (val=<optimized out>, f=<optimized out>) at /media/develdata/devel/build/qemu-2.9.0/include/qemu/futex.h:26
#2 qemu_event_wait (ev=ev@entry=0x55de1e82c124 <rcu_call_ready_event>) at /media/develdata/devel/build/qemu-2.9.0/util/qemu-thread-posix.c:399
#3 0x000055de1c52d41e in call_rcu_thread (opaque=<optimized out>) at /media/develdata/devel/build/qemu-2.9.0/util/rcu.c:249
#4 0x00007f1e7d6ef6ba in start_thread (arg=0x7f1e7d0ad700) at pthread_create.c:333
#5 0x00007f1e7d4253dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Revision history for this message
Bruno Haible (bruno-clisp) wrote :
Revision history for this message
Bruno Haible (bruno-clisp) wrote :
Revision history for this message
Bruno Haible (bruno-clisp) wrote :
Revision history for this message
Bruno Haible (bruno-clisp) wrote :

The behaviour in qemu-2.10 is the same as in qemu-2.9.

Revision history for this message
Bruno Haible (bruno-clisp) wrote :

This is fixed in qemu-2.11:
$ ~/inst-qemu/2.11.0/bin/qemu-mips testpthsigmask-mips
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault (core dumped)
$ ~/inst-qemu/2.11.0/bin/qemu-mips64 testpthsigmask-mips64
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault (core dumped)

Changed in qemu:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.