qemu-i386-static segfault on armel
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Linaro QEMU |
New
|
Undecided
|
Unassigned | ||
qemu-linaro (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Running nspluginwrapper under qemu on armel yields a segfault. This is after rebuilding locally with -U_FORTIFY_SOURCE, because when the default FORTIFY_SOURCE settings are used, it instead aborts with "*** longjmp causes uninitialized stack frame ***"; I was hoping this was a false positive but it seems it might not be.
Program received signal SIGSEGV, Segmentation fault.
[Switching to LWP 16563]
0x600942f8 in __pthread_
54 pthread_
in pthread_
(gdb) thread apply all bt full
Thread 2 (LWP 16563):
#0 0x600942f8 in __pthread_
at pthread_
type = 0
id = <value optimized out>
#1 0x60029564 in cpu_x86_exec (env1=0x6225dff4)
at /builddir/
ret = -1
next_tb = 0
#2 0x60000324 in cpu_loop (env=0x63a67600)
at /builddir/
trapnr = 0
info = {si_signo = 0, si_errno = 0, si_code = 0, _sifields = {_pad = {
0 <repeats 29 times>}, _kill = {_pid = 0, _uid = 0}, _timer = {
_pid = 0, _uid = 0, _status = 0, _utime = 0, _stime = 0},
#3 0x600043d4 in clone_func (arg=0x6225dff4)
at /builddir/
No locals.
#4 0x600cf718 in clone ()
No symbol table info available.
#5 0x600cf718 in clone ()
No symbol table info available.
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
Thread 1 (LWP 16560):
#0 tcg_temp_
at /builddir/
No locals.
#1 tcg_temp_
at /builddir/
idx = 1
#2 0x6007320c in tcg_temp_new_i32 (env=0x63a58e28, tb=0x40208d00)
at /builddir/
No locals.
#3 gen_intermediat
at /builddir/
dc1 = {override = 1646841484, prefix = 41347, aflag = 1646650108,
dflag = 1611106976, pc = 0, is_jmp = 3, cs_base = 0, pe = 1,
code32 = 1, ss32 = 1, cc_op = 0, addseg = 0, f_st = 0, vm86 = 0,
cpl = 3, iopl = 0, tf = 0, singlestep_enabled = 0, jmp_opt = 1,
mem_index = 0, flags = 4194483, tb = 0x40208d00, popl_esp_hack = 0,
bp = 0x0
flags = 4194483
num_insns = 4194483
max_insns = 0
cs_base = 0
#4 gen_intermediat
at /builddir/
No locals.
#5 0x600291d8 in cpu_x86_gen_code (env=0x63a58e28, tb=0x40208d00,
gen_
at /builddir/
#6 0x60028498 in tb_gen_code (env=0x63a58e28, pc=1134487336, cs_base=0,
flags=4194483, cflags=0)
at /builddir/
tb = 0x40208d00
virt_page2 = 1
#7 0x600297dc in tb_find_slow (env1=0x0)
at /builddir/
ptb1 = 0x62271810
h = 14794
phys_page1 = 1134485504
#8 tb_find_fast (env1=0x0)
at /builddir/
No locals.
#9 cpu_x86_exec (env1=0x0)
at /builddir/
ret = 628
next_tb = 0
#10 0x60000324 in cpu_loop (env=0x63a58e28)
at /builddir/
trapnr = 1615849440
info = {si_signo = -1, si_errno = -1, si_code = 1646664384,
_sifields = {_pad = {-1 <repeats 20 times>, 255, 255, 0, 71,
_pid = -1, _uid = 4294967295}, _timer = {_timer1 = 4294967295,
#11 0x60000ee4 in main (argc=5, argv=0x47, envp=0x1)
at /builddir/
cpu_model = 0x63a58e28 "\263@"
regs1 = {ebx = 0, ecx = 0, edx = 0, esi = 0, edi = 0, ebp = 0,
eax = 0, xds = 0, xes = 0, orig_eax = 0, eip = 1122375760, xcs = 0,
eflags = 0, esp = 1121272152, xss = 0}
info1 = {load_bias = 0, load_addr = 1122373632,
brk = 134692840, start_mmap = 2147483648, mmap = 0, rss = 1,
entry = 1122375760, code_offset = 0, data_offset = 0,
arg_end = 1121272618, personality = 0}
bprm = {
buf = "\177ELF\
0x0 <repeats 32 times>, 0x63a5f5f0}, p = 1121272152, fd = 6,
e_uid = 1000, e_gid = 1000, argc = 5, envc = 29, argv = 0x63a57968,
envp = 0x63a5e880,
filename = 0xbe8e5298 "/usr/lib/
ts = 0x604fe7e0
env = 0x63a58e28
r = 0xbe8e5298 "/usr/lib/
wrk = 0x0
target_argc = 5
envlist = 0x63a57968
argv0 = 0x0
ret = 0
(gdb)
I've rebuilt again without -U_FORTIFY_SOURCE and it fails the same way. I'm not sure what triggered the earlier aborts then.