[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [Bug 1803160] [NEW] qemu-3.1.0-rc0: tcg.c crash in temp_loa
From: |
Alberto Ortega |
Subject: |
[Qemu-devel] [Bug 1803160] [NEW] qemu-3.1.0-rc0: tcg.c crash in temp_load |
Date: |
Tue, 13 Nov 2018 17:04:19 -0000 |
Public bug reported:
QEMU version:
-------------
qemu-3.1.0-rc0 compiled from sources (earlier versions also affected)
Summary:
--------
TCG crashes in i386 and x86_64 when it tries to execute some specific
illegal instructions. When running full OS emulation, both the guest
system and QEMU crash.
The issue has been reproduced in two scenarios:
Ubuntu x64 host running Debian x86 guest with the following command
line: qemu-system-x86_64 -m 4G debian.qcow
When the attached ELF file is executed inside the guest, QEMU crashes.
It can also be reproduced from the command line:
$ qemu-i386 tcg_crash.elf
/home/alberto/Documents/qemu-3.1.0-rc0/tcg/tcg.c:2863: tcg fatal error
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
zsh: segmentation fault (core dumped)
../qemu-3.1.0-rc0/build/i386-linux-user/qemu-i386 tcg_crash.elf
GDB backtrace:
(gdb) bt
#0 0x0000000060206488 in raise ()
#1 0x0000000060206b8a in abort ()
#2 0x0000000060007016 in temp_load (address@hidden <tcg_init_ctx>,
address@hidden <tcg_init_ctx+2552>, desired_regs=<optimized out>,
address@hidden)
at /home/alberto/Documents/qemu-3.1.0-rc0/tcg/tcg.c:2863
#3 0x000000006000a4d9 in tcg_reg_alloc_op (op=0x62808c20, s=<optimized out>)
at /home/alberto/Documents/qemu-3.1.0-rc0/tcg/tcg.c:3070
#4 tcg_gen_code (s=<optimized out>, address@hidden
<static_code_gen_buffer+4144>) at
/home/alberto/Documents/qemu-3.1.0-rc0/tcg/tcg.c:3598
#5 0x000000006003ef9a in tb_gen_code (address@hidden, address@hidden,
address@hidden, address@hidden, address@hidden)
at /home/alberto/Documents/qemu-3.1.0-rc0/accel/tcg/translate-all.c:1752
#6 0x000000006003d979 in tb_find (cf_mask=0, tb_exit=0, last_tb=0x0, cpu=0x0)
at /home/alberto/Documents/qemu-3.1.0-rc0/accel/tcg/cpu-exec.c:404
#7 cpu_exec (address@hidden) at
/home/alberto/Documents/qemu-3.1.0-rc0/accel/tcg/cpu-exec.c:724
#8 0x000000006006e1a0 in cpu_loop (address@hidden) at
/home/alberto/Documents/qemu-3.1.0-rc0/linux-user/i386/cpu_loop.c:93
#9 0x00000000600037c5 in main (argc=2, argv=0x7fffffffdd28, envp=<optimized
out>) at /home/alberto/Documents/qemu-3.1.0-rc0/linux-user/main.c:819
(gdb)
Testcase:
---------
Find ELF file attached.
** Affects: qemu
Importance: Undecided
Status: New
** Attachment added: "tcg_crash.elf"
https://bugs.launchpad.net/bugs/1803160/+attachment/5212335/+files/tcg_crash.elf
** Description changed:
QEMU version:
-------------
qemu-3.1.0-rc0 compiled from sources (earlier versions also affected)
Summary:
--------
TCG crashes in i386 and x86_64 when it tries to execute some specific
illegal instructions. When running full OS emulation, both the guest
system and QEMU crash.
The issue has been reproduced in two scenarios:
Ubuntu x64 host running Debian x86 guest with the following command
line: qemu-system-x86_64 -m 4G debian.qcow
When the attached ELF file is executed inside the guest, QEMU crashes.
It can also be reproduced from the command line:
$ qemu-i386 tcg_crash.elf
/home/alberto/Documents/qemu-3.1.0-rc0/tcg/tcg.c:2863: tcg fatal error
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
zsh: segmentation fault (core dumped)
../qemu-3.1.0-rc0/build/i386-linux-user/qemu-i386 tcg_crash.elf
GDB backtrace:
(gdb) bt
#0 0x0000000060206488 in raise ()
#1 0x0000000060206b8a in abort ()
#2 0x0000000060007016 in temp_load (address@hidden <tcg_init_ctx>,
address@hidden <tcg_init_ctx+2552>, desired_regs=<optimized out>,
address@hidden)
- at /home/alberto/Documents/qemu-3.1.0-rc0/tcg/tcg.c:2863
+ at /home/alberto/Documents/qemu-3.1.0-rc0/tcg/tcg.c:2863
#3 0x000000006000a4d9 in tcg_reg_alloc_op (op=0x62808c20, s=<optimized out>)
at /home/alberto/Documents/qemu-3.1.0-rc0/tcg/tcg.c:3070
#4 tcg_gen_code (s=<optimized out>, address@hidden
<static_code_gen_buffer+4144>) at
/home/alberto/Documents/qemu-3.1.0-rc0/tcg/tcg.c:3598
#5 0x000000006003ef9a in tb_gen_code (address@hidden, address@hidden,
address@hidden, address@hidden, address@hidden)
- at /home/alberto/Documents/qemu-3.1.0-rc0/accel/tcg/translate-all.c:1752
+ at /home/alberto/Documents/qemu-3.1.0-rc0/accel/tcg/translate-all.c:1752
#6 0x000000006003d979 in tb_find (cf_mask=0, tb_exit=0, last_tb=0x0,
cpu=0x0) at /home/alberto/Documents/qemu-3.1.0-rc0/accel/tcg/cpu-exec.c:404
#7 cpu_exec (address@hidden) at
/home/alberto/Documents/qemu-3.1.0-rc0/accel/tcg/cpu-exec.c:724
#8 0x000000006006e1a0 in cpu_loop (address@hidden) at
/home/alberto/Documents/qemu-3.1.0-rc0/linux-user/i386/cpu_loop.c:93
#9 0x00000000600037c5 in main (argc=2, argv=0x7fffffffdd28, envp=<optimized
out>) at /home/alberto/Documents/qemu-3.1.0-rc0/linux-user/main.c:819
(gdb)
Testcase:
---------
- Find ELF file attached, and also in the following hexdump:
-
- $ hexdump -C tcg_crash.elf
- 00000000 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|
- 00000010 02 00 03 00 01 00 00 00 54 80 04 08 34 00 00 00 |........T...4...|
- 00000020 00 00 00 00 00 00 00 00 34 00 20 00 01 00 00 00 |........4. .....|
- 00000030 00 00 00 00 01 00 00 00 00 00 00 00 00 80 04 08 |................|
- 00000040 00 80 04 08 64 00 00 00 64 00 00 00 05 00 00 00 |....d...d.......|
- 00000050 00 10 00 00 d2 dc a8 45 31 ca f0 35 d9 4d 8f 18 |.......E1..5.M..|
- 00000060 05 2e 6f 9f |..o.|
+ Find ELF file attached.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1803160
Title:
qemu-3.1.0-rc0: tcg.c crash in temp_load
Status in QEMU:
New
Bug description:
QEMU version:
-------------
qemu-3.1.0-rc0 compiled from sources (earlier versions also affected)
Summary:
--------
TCG crashes in i386 and x86_64 when it tries to execute some specific
illegal instructions. When running full OS emulation, both the guest
system and QEMU crash.
The issue has been reproduced in two scenarios:
Ubuntu x64 host running Debian x86 guest with the following command
line: qemu-system-x86_64 -m 4G debian.qcow
When the attached ELF file is executed inside the guest, QEMU crashes.
It can also be reproduced from the command line:
$ qemu-i386 tcg_crash.elf
/home/alberto/Documents/qemu-3.1.0-rc0/tcg/tcg.c:2863: tcg fatal error
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
zsh: segmentation fault (core dumped)
../qemu-3.1.0-rc0/build/i386-linux-user/qemu-i386 tcg_crash.elf
GDB backtrace:
(gdb) bt
#0 0x0000000060206488 in raise ()
#1 0x0000000060206b8a in abort ()
#2 0x0000000060007016 in temp_load (address@hidden <tcg_init_ctx>,
address@hidden <tcg_init_ctx+2552>, desired_regs=<optimized out>,
address@hidden)
at /home/alberto/Documents/qemu-3.1.0-rc0/tcg/tcg.c:2863
#3 0x000000006000a4d9 in tcg_reg_alloc_op (op=0x62808c20, s=<optimized out>)
at /home/alberto/Documents/qemu-3.1.0-rc0/tcg/tcg.c:3070
#4 tcg_gen_code (s=<optimized out>, address@hidden
<static_code_gen_buffer+4144>) at
/home/alberto/Documents/qemu-3.1.0-rc0/tcg/tcg.c:3598
#5 0x000000006003ef9a in tb_gen_code (address@hidden, address@hidden,
address@hidden, address@hidden, address@hidden)
at /home/alberto/Documents/qemu-3.1.0-rc0/accel/tcg/translate-all.c:1752
#6 0x000000006003d979 in tb_find (cf_mask=0, tb_exit=0, last_tb=0x0,
cpu=0x0) at /home/alberto/Documents/qemu-3.1.0-rc0/accel/tcg/cpu-exec.c:404
#7 cpu_exec (address@hidden) at
/home/alberto/Documents/qemu-3.1.0-rc0/accel/tcg/cpu-exec.c:724
#8 0x000000006006e1a0 in cpu_loop (address@hidden) at
/home/alberto/Documents/qemu-3.1.0-rc0/linux-user/i386/cpu_loop.c:93
#9 0x00000000600037c5 in main (argc=2, argv=0x7fffffffdd28, envp=<optimized
out>) at /home/alberto/Documents/qemu-3.1.0-rc0/linux-user/main.c:819
(gdb)
Testcase:
---------
Find ELF file attached.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1803160/+subscriptions
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-devel] [Bug 1803160] [NEW] qemu-3.1.0-rc0: tcg.c crash in temp_load,
Alberto Ortega <=