* [Qemu-devel] [Bug 1594394] [NEW] Using setreuid / setegid crashes x86_64 user-mode target
@ 2016-06-20 14:01 Timothy Pearson
2016-06-20 14:21 ` [Qemu-devel] [Bug 1594394] " Peter Maydell
` (16 more replies)
0 siblings, 17 replies; 18+ messages in thread
From: Timothy Pearson @ 2016-06-20 14:01 UTC (permalink / raw)
To: qemu-devel
Public bug reported:
When setreuid() or setegid() are called from x86_64 target code in user
mode, qemu crashes inside the NPTL signal handlers. x86 targets do not
directly use a syscall to handle setreuid() / setegid(); instead the x86
NPTL implementation sets up a temporary data region in memory (__xidcmd)
and issues a signal (SIGRT1) to all threads, allowing the handler for
that signal to issue the syscall. Under qemu, __xidcmd remains null
(see variable display below backtrace).
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x3fff85c74fc0 (LWP 74517)]
0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
263 nptl-init.c: No such file or directory.
(gdb) thread apply all bt
Thread 3 (Thread 0x3fff87e8efc0 (LWP 74515)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060109080 in futex_wait (val=<optimized out>, ev=<optimized out>) at /build/qemu/util/qemu-thread-posix.c:292
#2 qemu_event_wait (ev=0x62367bb0 <rcu_call_ready_event>) at /build/qemu/util/qemu-thread-posix.c:399
#3 0x000000006010f73c in call_rcu_thread (opaque=<optimized out>) at /build/qemu/util/rcu.c:250
#4 0x0000000060176f8c in start_thread (arg=0x3fff87e8efc0) at pthread_create.c:336
#5 0x00000000601cebf4 in clone ()
Thread 2 (Thread 0x3fff85c74fc0 (LWP 74517)):
#0 0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
#1 <signal handler called>
#2 0x00000000601cc42c in syscall ()
#3 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#4 do_futex (val3=<optimized out>, uaddr2=275186650880, timeout=0, val=1129, op=128, uaddr=275186651116) at /build/qemu/linux-user/syscall.c:6201
#5 do_syscall (cpu_env=0x1000abfd350, num=<optimized out>, arg1=275186651116, arg2=<optimized out>, arg3=1129, arg4=0, arg5=275186650880, arg6=<optimized out>, arg7=0, arg8=0)
at /build/qemu/linux-user/syscall.c:10651
#6 0x00000000600347b8 in cpu_loop (env=0x1000abfd350) at /build/qemu/linux-user/main.c:317
#7 0x0000000060036ae0 in clone_func (arg=0x3fffc4c2ca38) at /build/qemu/linux-user/syscall.c:5445
#8 0x0000000060176f8c in start_thread (arg=0x3fff85c74fc0) at pthread_create.c:336
#9 0x00000000601cebf4 in clone ()
Thread 1 (Thread 0x1000aa05000 (LWP 74511)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#2 do_futex (val3=<optimized out>, uaddr2=1, timeout=0, val=1, op=128, uaddr=275078324992) at /build/qemu/linux-user/syscall.c:6201
#3 do_syscall (cpu_env=0x1000aa23890, num=<optimized out>, arg1=275078324992, arg2=<optimized out>, arg3=1, arg4=0, arg5=1, arg6=<optimized out>, arg7=0, arg8=0) at /build/qemu/linux-user/syscall.c:10651
#4 0x00000000600347b8 in cpu_loop (env=0x1000aa23890) at /build/qemu/linux-user/main.c:317
#5 0x00000000600020e4 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /build/qemu/linux-user/main.c:4779
(gdb) p __xidcmd
$1 = (struct xid_command *) 0x0
** Affects: qemu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1594394
Title:
Using setreuid / setegid crashes x86_64 user-mode target
Status in QEMU:
New
Bug description:
When setreuid() or setegid() are called from x86_64 target code in
user mode, qemu crashes inside the NPTL signal handlers. x86 targets
do not directly use a syscall to handle setreuid() / setegid();
instead the x86 NPTL implementation sets up a temporary data region in
memory (__xidcmd) and issues a signal (SIGRT1) to all threads,
allowing the handler for that signal to issue the syscall. Under
qemu, __xidcmd remains null (see variable display below backtrace).
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x3fff85c74fc0 (LWP 74517)]
0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
263 nptl-init.c: No such file or directory.
(gdb) thread apply all bt
Thread 3 (Thread 0x3fff87e8efc0 (LWP 74515)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060109080 in futex_wait (val=<optimized out>, ev=<optimized out>) at /build/qemu/util/qemu-thread-posix.c:292
#2 qemu_event_wait (ev=0x62367bb0 <rcu_call_ready_event>) at /build/qemu/util/qemu-thread-posix.c:399
#3 0x000000006010f73c in call_rcu_thread (opaque=<optimized out>) at /build/qemu/util/rcu.c:250
#4 0x0000000060176f8c in start_thread (arg=0x3fff87e8efc0) at pthread_create.c:336
#5 0x00000000601cebf4 in clone ()
Thread 2 (Thread 0x3fff85c74fc0 (LWP 74517)):
#0 0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
#1 <signal handler called>
#2 0x00000000601cc42c in syscall ()
#3 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#4 do_futex (val3=<optimized out>, uaddr2=275186650880, timeout=0, val=1129, op=128, uaddr=275186651116) at /build/qemu/linux-user/syscall.c:6201
#5 do_syscall (cpu_env=0x1000abfd350, num=<optimized out>, arg1=275186651116, arg2=<optimized out>, arg3=1129, arg4=0, arg5=275186650880, arg6=<optimized out>, arg7=0, arg8=0)
at /build/qemu/linux-user/syscall.c:10651
#6 0x00000000600347b8 in cpu_loop (env=0x1000abfd350) at /build/qemu/linux-user/main.c:317
#7 0x0000000060036ae0 in clone_func (arg=0x3fffc4c2ca38) at /build/qemu/linux-user/syscall.c:5445
#8 0x0000000060176f8c in start_thread (arg=0x3fff85c74fc0) at pthread_create.c:336
#9 0x00000000601cebf4 in clone ()
Thread 1 (Thread 0x1000aa05000 (LWP 74511)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#2 do_futex (val3=<optimized out>, uaddr2=1, timeout=0, val=1, op=128, uaddr=275078324992) at /build/qemu/linux-user/syscall.c:6201
#3 do_syscall (cpu_env=0x1000aa23890, num=<optimized out>, arg1=275078324992, arg2=<optimized out>, arg3=1, arg4=0, arg5=1, arg6=<optimized out>, arg7=0, arg8=0) at /build/qemu/linux-user/syscall.c:10651
#4 0x00000000600347b8 in cpu_loop (env=0x1000aa23890) at /build/qemu/linux-user/main.c:317
#5 0x00000000600020e4 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /build/qemu/linux-user/main.c:4779
(gdb) p __xidcmd
$1 = (struct xid_command *) 0x0
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1594394/+subscriptions
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Qemu-devel] [Bug 1594394] Re: Using setreuid / setegid crashes x86_64 user-mode target
2016-06-20 14:01 [Qemu-devel] [Bug 1594394] [NEW] Using setreuid / setegid crashes x86_64 user-mode target Timothy Pearson
@ 2016-06-20 14:21 ` Peter Maydell
2016-06-20 14:22 ` Peter Maydell
` (15 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Peter Maydell @ 2016-06-20 14:21 UTC (permalink / raw)
To: qemu-devel
https://patches.linaro.org/patch/63313/ may be relevant here.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1594394
Title:
Using setreuid / setegid crashes x86_64 user-mode target
Status in QEMU:
New
Bug description:
When setreuid() or setegid() are called from x86_64 target code in
user mode, qemu crashes inside the NPTL signal handlers. x86 targets
do not directly use a syscall to handle setreuid() / setegid();
instead the x86 NPTL implementation sets up a temporary data region in
memory (__xidcmd) and issues a signal (SIGRT1) to all threads,
allowing the handler for that signal to issue the syscall. Under
qemu, __xidcmd remains null (see variable display below backtrace).
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x3fff85c74fc0 (LWP 74517)]
0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
263 nptl-init.c: No such file or directory.
(gdb) thread apply all bt
Thread 3 (Thread 0x3fff87e8efc0 (LWP 74515)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060109080 in futex_wait (val=<optimized out>, ev=<optimized out>) at /build/qemu/util/qemu-thread-posix.c:292
#2 qemu_event_wait (ev=0x62367bb0 <rcu_call_ready_event>) at /build/qemu/util/qemu-thread-posix.c:399
#3 0x000000006010f73c in call_rcu_thread (opaque=<optimized out>) at /build/qemu/util/rcu.c:250
#4 0x0000000060176f8c in start_thread (arg=0x3fff87e8efc0) at pthread_create.c:336
#5 0x00000000601cebf4 in clone ()
Thread 2 (Thread 0x3fff85c74fc0 (LWP 74517)):
#0 0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
#1 <signal handler called>
#2 0x00000000601cc42c in syscall ()
#3 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#4 do_futex (val3=<optimized out>, uaddr2=275186650880, timeout=0, val=1129, op=128, uaddr=275186651116) at /build/qemu/linux-user/syscall.c:6201
#5 do_syscall (cpu_env=0x1000abfd350, num=<optimized out>, arg1=275186651116, arg2=<optimized out>, arg3=1129, arg4=0, arg5=275186650880, arg6=<optimized out>, arg7=0, arg8=0)
at /build/qemu/linux-user/syscall.c:10651
#6 0x00000000600347b8 in cpu_loop (env=0x1000abfd350) at /build/qemu/linux-user/main.c:317
#7 0x0000000060036ae0 in clone_func (arg=0x3fffc4c2ca38) at /build/qemu/linux-user/syscall.c:5445
#8 0x0000000060176f8c in start_thread (arg=0x3fff85c74fc0) at pthread_create.c:336
#9 0x00000000601cebf4 in clone ()
Thread 1 (Thread 0x1000aa05000 (LWP 74511)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#2 do_futex (val3=<optimized out>, uaddr2=1, timeout=0, val=1, op=128, uaddr=275078324992) at /build/qemu/linux-user/syscall.c:6201
#3 do_syscall (cpu_env=0x1000aa23890, num=<optimized out>, arg1=275078324992, arg2=<optimized out>, arg3=1, arg4=0, arg5=1, arg6=<optimized out>, arg7=0, arg8=0) at /build/qemu/linux-user/syscall.c:10651
#4 0x00000000600347b8 in cpu_loop (env=0x1000aa23890) at /build/qemu/linux-user/main.c:317
#5 0x00000000600020e4 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /build/qemu/linux-user/main.c:4779
(gdb) p __xidcmd
$1 = (struct xid_command *) 0x0
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1594394/+subscriptions
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Qemu-devel] [Bug 1594394] Re: Using setreuid / setegid crashes x86_64 user-mode target
2016-06-20 14:01 [Qemu-devel] [Bug 1594394] [NEW] Using setreuid / setegid crashes x86_64 user-mode target Timothy Pearson
2016-06-20 14:21 ` [Qemu-devel] [Bug 1594394] " Peter Maydell
@ 2016-06-20 14:22 ` Peter Maydell
2016-06-20 15:41 ` Timothy Pearson
` (14 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Peter Maydell @ 2016-06-20 14:22 UTC (permalink / raw)
To: qemu-devel
Whoops, I meant http://patchwork.ozlabs.org/patch/590640/.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1594394
Title:
Using setreuid / setegid crashes x86_64 user-mode target
Status in QEMU:
New
Bug description:
When setreuid() or setegid() are called from x86_64 target code in
user mode, qemu crashes inside the NPTL signal handlers. x86 targets
do not directly use a syscall to handle setreuid() / setegid();
instead the x86 NPTL implementation sets up a temporary data region in
memory (__xidcmd) and issues a signal (SIGRT1) to all threads,
allowing the handler for that signal to issue the syscall. Under
qemu, __xidcmd remains null (see variable display below backtrace).
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x3fff85c74fc0 (LWP 74517)]
0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
263 nptl-init.c: No such file or directory.
(gdb) thread apply all bt
Thread 3 (Thread 0x3fff87e8efc0 (LWP 74515)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060109080 in futex_wait (val=<optimized out>, ev=<optimized out>) at /build/qemu/util/qemu-thread-posix.c:292
#2 qemu_event_wait (ev=0x62367bb0 <rcu_call_ready_event>) at /build/qemu/util/qemu-thread-posix.c:399
#3 0x000000006010f73c in call_rcu_thread (opaque=<optimized out>) at /build/qemu/util/rcu.c:250
#4 0x0000000060176f8c in start_thread (arg=0x3fff87e8efc0) at pthread_create.c:336
#5 0x00000000601cebf4 in clone ()
Thread 2 (Thread 0x3fff85c74fc0 (LWP 74517)):
#0 0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
#1 <signal handler called>
#2 0x00000000601cc42c in syscall ()
#3 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#4 do_futex (val3=<optimized out>, uaddr2=275186650880, timeout=0, val=1129, op=128, uaddr=275186651116) at /build/qemu/linux-user/syscall.c:6201
#5 do_syscall (cpu_env=0x1000abfd350, num=<optimized out>, arg1=275186651116, arg2=<optimized out>, arg3=1129, arg4=0, arg5=275186650880, arg6=<optimized out>, arg7=0, arg8=0)
at /build/qemu/linux-user/syscall.c:10651
#6 0x00000000600347b8 in cpu_loop (env=0x1000abfd350) at /build/qemu/linux-user/main.c:317
#7 0x0000000060036ae0 in clone_func (arg=0x3fffc4c2ca38) at /build/qemu/linux-user/syscall.c:5445
#8 0x0000000060176f8c in start_thread (arg=0x3fff85c74fc0) at pthread_create.c:336
#9 0x00000000601cebf4 in clone ()
Thread 1 (Thread 0x1000aa05000 (LWP 74511)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#2 do_futex (val3=<optimized out>, uaddr2=1, timeout=0, val=1, op=128, uaddr=275078324992) at /build/qemu/linux-user/syscall.c:6201
#3 do_syscall (cpu_env=0x1000aa23890, num=<optimized out>, arg1=275078324992, arg2=<optimized out>, arg3=1, arg4=0, arg5=1, arg6=<optimized out>, arg7=0, arg8=0) at /build/qemu/linux-user/syscall.c:10651
#4 0x00000000600347b8 in cpu_loop (env=0x1000aa23890) at /build/qemu/linux-user/main.c:317
#5 0x00000000600020e4 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /build/qemu/linux-user/main.c:4779
(gdb) p __xidcmd
$1 = (struct xid_command *) 0x0
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1594394/+subscriptions
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Qemu-devel] [Bug 1594394] Re: Using setreuid / setegid crashes x86_64 user-mode target
2016-06-20 14:01 [Qemu-devel] [Bug 1594394] [NEW] Using setreuid / setegid crashes x86_64 user-mode target Timothy Pearson
2016-06-20 14:21 ` [Qemu-devel] [Bug 1594394] " Peter Maydell
2016-06-20 14:22 ` Peter Maydell
@ 2016-06-20 15:41 ` Timothy Pearson
2017-09-15 23:02 ` James Clarke
` (13 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Timothy Pearson @ 2016-06-20 15:41 UTC (permalink / raw)
To: qemu-devel
Sounds very relevant, yes. Thanks for the link!
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1594394
Title:
Using setreuid / setegid crashes x86_64 user-mode target
Status in QEMU:
New
Bug description:
When setreuid() or setegid() are called from x86_64 target code in
user mode, qemu crashes inside the NPTL signal handlers. x86 targets
do not directly use a syscall to handle setreuid() / setegid();
instead the x86 NPTL implementation sets up a temporary data region in
memory (__xidcmd) and issues a signal (SIGRT1) to all threads,
allowing the handler for that signal to issue the syscall. Under
qemu, __xidcmd remains null (see variable display below backtrace).
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x3fff85c74fc0 (LWP 74517)]
0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
263 nptl-init.c: No such file or directory.
(gdb) thread apply all bt
Thread 3 (Thread 0x3fff87e8efc0 (LWP 74515)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060109080 in futex_wait (val=<optimized out>, ev=<optimized out>) at /build/qemu/util/qemu-thread-posix.c:292
#2 qemu_event_wait (ev=0x62367bb0 <rcu_call_ready_event>) at /build/qemu/util/qemu-thread-posix.c:399
#3 0x000000006010f73c in call_rcu_thread (opaque=<optimized out>) at /build/qemu/util/rcu.c:250
#4 0x0000000060176f8c in start_thread (arg=0x3fff87e8efc0) at pthread_create.c:336
#5 0x00000000601cebf4 in clone ()
Thread 2 (Thread 0x3fff85c74fc0 (LWP 74517)):
#0 0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
#1 <signal handler called>
#2 0x00000000601cc42c in syscall ()
#3 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#4 do_futex (val3=<optimized out>, uaddr2=275186650880, timeout=0, val=1129, op=128, uaddr=275186651116) at /build/qemu/linux-user/syscall.c:6201
#5 do_syscall (cpu_env=0x1000abfd350, num=<optimized out>, arg1=275186651116, arg2=<optimized out>, arg3=1129, arg4=0, arg5=275186650880, arg6=<optimized out>, arg7=0, arg8=0)
at /build/qemu/linux-user/syscall.c:10651
#6 0x00000000600347b8 in cpu_loop (env=0x1000abfd350) at /build/qemu/linux-user/main.c:317
#7 0x0000000060036ae0 in clone_func (arg=0x3fffc4c2ca38) at /build/qemu/linux-user/syscall.c:5445
#8 0x0000000060176f8c in start_thread (arg=0x3fff85c74fc0) at pthread_create.c:336
#9 0x00000000601cebf4 in clone ()
Thread 1 (Thread 0x1000aa05000 (LWP 74511)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#2 do_futex (val3=<optimized out>, uaddr2=1, timeout=0, val=1, op=128, uaddr=275078324992) at /build/qemu/linux-user/syscall.c:6201
#3 do_syscall (cpu_env=0x1000aa23890, num=<optimized out>, arg1=275078324992, arg2=<optimized out>, arg3=1, arg4=0, arg5=1, arg6=<optimized out>, arg7=0, arg8=0) at /build/qemu/linux-user/syscall.c:10651
#4 0x00000000600347b8 in cpu_loop (env=0x1000aa23890) at /build/qemu/linux-user/main.c:317
#5 0x00000000600020e4 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /build/qemu/linux-user/main.c:4779
(gdb) p __xidcmd
$1 = (struct xid_command *) 0x0
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1594394/+subscriptions
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Qemu-devel] [Bug 1594394] Re: Using setreuid / setegid crashes x86_64 user-mode target
2016-06-20 14:01 [Qemu-devel] [Bug 1594394] [NEW] Using setreuid / setegid crashes x86_64 user-mode target Timothy Pearson
` (2 preceding siblings ...)
2016-06-20 15:41 ` Timothy Pearson
@ 2017-09-15 23:02 ` James Clarke
2017-09-15 23:08 ` James Clarke
` (12 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: James Clarke @ 2017-09-15 23:02 UTC (permalink / raw)
To: qemu-devel
What's the status of this? This is causing aptitude in Debian chroots to
reliably segfault under qemu-arm-user.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1594394
Title:
Using setreuid / setegid crashes x86_64 user-mode target
Status in QEMU:
New
Bug description:
When setreuid() or setegid() are called from x86_64 target code in
user mode, qemu crashes inside the NPTL signal handlers. x86 targets
do not directly use a syscall to handle setreuid() / setegid();
instead the x86 NPTL implementation sets up a temporary data region in
memory (__xidcmd) and issues a signal (SIGRT1) to all threads,
allowing the handler for that signal to issue the syscall. Under
qemu, __xidcmd remains null (see variable display below backtrace).
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x3fff85c74fc0 (LWP 74517)]
0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
263 nptl-init.c: No such file or directory.
(gdb) thread apply all bt
Thread 3 (Thread 0x3fff87e8efc0 (LWP 74515)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060109080 in futex_wait (val=<optimized out>, ev=<optimized out>) at /build/qemu/util/qemu-thread-posix.c:292
#2 qemu_event_wait (ev=0x62367bb0 <rcu_call_ready_event>) at /build/qemu/util/qemu-thread-posix.c:399
#3 0x000000006010f73c in call_rcu_thread (opaque=<optimized out>) at /build/qemu/util/rcu.c:250
#4 0x0000000060176f8c in start_thread (arg=0x3fff87e8efc0) at pthread_create.c:336
#5 0x00000000601cebf4 in clone ()
Thread 2 (Thread 0x3fff85c74fc0 (LWP 74517)):
#0 0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
#1 <signal handler called>
#2 0x00000000601cc42c in syscall ()
#3 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#4 do_futex (val3=<optimized out>, uaddr2=275186650880, timeout=0, val=1129, op=128, uaddr=275186651116) at /build/qemu/linux-user/syscall.c:6201
#5 do_syscall (cpu_env=0x1000abfd350, num=<optimized out>, arg1=275186651116, arg2=<optimized out>, arg3=1129, arg4=0, arg5=275186650880, arg6=<optimized out>, arg7=0, arg8=0)
at /build/qemu/linux-user/syscall.c:10651
#6 0x00000000600347b8 in cpu_loop (env=0x1000abfd350) at /build/qemu/linux-user/main.c:317
#7 0x0000000060036ae0 in clone_func (arg=0x3fffc4c2ca38) at /build/qemu/linux-user/syscall.c:5445
#8 0x0000000060176f8c in start_thread (arg=0x3fff85c74fc0) at pthread_create.c:336
#9 0x00000000601cebf4 in clone ()
Thread 1 (Thread 0x1000aa05000 (LWP 74511)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#2 do_futex (val3=<optimized out>, uaddr2=1, timeout=0, val=1, op=128, uaddr=275078324992) at /build/qemu/linux-user/syscall.c:6201
#3 do_syscall (cpu_env=0x1000aa23890, num=<optimized out>, arg1=275078324992, arg2=<optimized out>, arg3=1, arg4=0, arg5=1, arg6=<optimized out>, arg7=0, arg8=0) at /build/qemu/linux-user/syscall.c:10651
#4 0x00000000600347b8 in cpu_loop (env=0x1000aa23890) at /build/qemu/linux-user/main.c:317
#5 0x00000000600020e4 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /build/qemu/linux-user/main.c:4779
(gdb) p __xidcmd
$1 = (struct xid_command *) 0x0
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1594394/+subscriptions
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Qemu-devel] [Bug 1594394] Re: Using setreuid / setegid crashes x86_64 user-mode target
2016-06-20 14:01 [Qemu-devel] [Bug 1594394] [NEW] Using setreuid / setegid crashes x86_64 user-mode target Timothy Pearson
` (3 preceding siblings ...)
2017-09-15 23:02 ` James Clarke
@ 2017-09-15 23:08 ` James Clarke
2017-12-20 17:02 ` VinceLe
` (11 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: James Clarke @ 2017-09-15 23:08 UTC (permalink / raw)
To: qemu-devel
And to confirm, while somewhat of a hack, that patch does indeed fix
aptitude as expected (as well as my minimal test case I wrote when
debugging this before stumbling upon this bug report).
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1594394
Title:
Using setreuid / setegid crashes x86_64 user-mode target
Status in QEMU:
New
Bug description:
When setreuid() or setegid() are called from x86_64 target code in
user mode, qemu crashes inside the NPTL signal handlers. x86 targets
do not directly use a syscall to handle setreuid() / setegid();
instead the x86 NPTL implementation sets up a temporary data region in
memory (__xidcmd) and issues a signal (SIGRT1) to all threads,
allowing the handler for that signal to issue the syscall. Under
qemu, __xidcmd remains null (see variable display below backtrace).
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x3fff85c74fc0 (LWP 74517)]
0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
263 nptl-init.c: No such file or directory.
(gdb) thread apply all bt
Thread 3 (Thread 0x3fff87e8efc0 (LWP 74515)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060109080 in futex_wait (val=<optimized out>, ev=<optimized out>) at /build/qemu/util/qemu-thread-posix.c:292
#2 qemu_event_wait (ev=0x62367bb0 <rcu_call_ready_event>) at /build/qemu/util/qemu-thread-posix.c:399
#3 0x000000006010f73c in call_rcu_thread (opaque=<optimized out>) at /build/qemu/util/rcu.c:250
#4 0x0000000060176f8c in start_thread (arg=0x3fff87e8efc0) at pthread_create.c:336
#5 0x00000000601cebf4 in clone ()
Thread 2 (Thread 0x3fff85c74fc0 (LWP 74517)):
#0 0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
#1 <signal handler called>
#2 0x00000000601cc42c in syscall ()
#3 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#4 do_futex (val3=<optimized out>, uaddr2=275186650880, timeout=0, val=1129, op=128, uaddr=275186651116) at /build/qemu/linux-user/syscall.c:6201
#5 do_syscall (cpu_env=0x1000abfd350, num=<optimized out>, arg1=275186651116, arg2=<optimized out>, arg3=1129, arg4=0, arg5=275186650880, arg6=<optimized out>, arg7=0, arg8=0)
at /build/qemu/linux-user/syscall.c:10651
#6 0x00000000600347b8 in cpu_loop (env=0x1000abfd350) at /build/qemu/linux-user/main.c:317
#7 0x0000000060036ae0 in clone_func (arg=0x3fffc4c2ca38) at /build/qemu/linux-user/syscall.c:5445
#8 0x0000000060176f8c in start_thread (arg=0x3fff85c74fc0) at pthread_create.c:336
#9 0x00000000601cebf4 in clone ()
Thread 1 (Thread 0x1000aa05000 (LWP 74511)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#2 do_futex (val3=<optimized out>, uaddr2=1, timeout=0, val=1, op=128, uaddr=275078324992) at /build/qemu/linux-user/syscall.c:6201
#3 do_syscall (cpu_env=0x1000aa23890, num=<optimized out>, arg1=275078324992, arg2=<optimized out>, arg3=1, arg4=0, arg5=1, arg6=<optimized out>, arg7=0, arg8=0) at /build/qemu/linux-user/syscall.c:10651
#4 0x00000000600347b8 in cpu_loop (env=0x1000aa23890) at /build/qemu/linux-user/main.c:317
#5 0x00000000600020e4 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /build/qemu/linux-user/main.c:4779
(gdb) p __xidcmd
$1 = (struct xid_command *) 0x0
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1594394/+subscriptions
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Qemu-devel] [Bug 1594394] Re: Using setreuid / setegid crashes x86_64 user-mode target
2016-06-20 14:01 [Qemu-devel] [Bug 1594394] [NEW] Using setreuid / setegid crashes x86_64 user-mode target Timothy Pearson
` (4 preceding siblings ...)
2017-09-15 23:08 ` James Clarke
@ 2017-12-20 17:02 ` VinceLe
2020-06-11 15:12 ` Steve Dodd
` (10 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: VinceLe @ 2017-12-20 17:02 UTC (permalink / raw)
To: qemu-devel
I guess this is happening to my attempts to use pbuilder for cross-
building armel / mipsel packages
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1594394
Title:
Using setreuid / setegid crashes x86_64 user-mode target
Status in QEMU:
New
Bug description:
When setreuid() or setegid() are called from x86_64 target code in
user mode, qemu crashes inside the NPTL signal handlers. x86 targets
do not directly use a syscall to handle setreuid() / setegid();
instead the x86 NPTL implementation sets up a temporary data region in
memory (__xidcmd) and issues a signal (SIGRT1) to all threads,
allowing the handler for that signal to issue the syscall. Under
qemu, __xidcmd remains null (see variable display below backtrace).
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x3fff85c74fc0 (LWP 74517)]
0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
263 nptl-init.c: No such file or directory.
(gdb) thread apply all bt
Thread 3 (Thread 0x3fff87e8efc0 (LWP 74515)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060109080 in futex_wait (val=<optimized out>, ev=<optimized out>) at /build/qemu/util/qemu-thread-posix.c:292
#2 qemu_event_wait (ev=0x62367bb0 <rcu_call_ready_event>) at /build/qemu/util/qemu-thread-posix.c:399
#3 0x000000006010f73c in call_rcu_thread (opaque=<optimized out>) at /build/qemu/util/rcu.c:250
#4 0x0000000060176f8c in start_thread (arg=0x3fff87e8efc0) at pthread_create.c:336
#5 0x00000000601cebf4 in clone ()
Thread 2 (Thread 0x3fff85c74fc0 (LWP 74517)):
#0 0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
#1 <signal handler called>
#2 0x00000000601cc42c in syscall ()
#3 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#4 do_futex (val3=<optimized out>, uaddr2=275186650880, timeout=0, val=1129, op=128, uaddr=275186651116) at /build/qemu/linux-user/syscall.c:6201
#5 do_syscall (cpu_env=0x1000abfd350, num=<optimized out>, arg1=275186651116, arg2=<optimized out>, arg3=1129, arg4=0, arg5=275186650880, arg6=<optimized out>, arg7=0, arg8=0)
at /build/qemu/linux-user/syscall.c:10651
#6 0x00000000600347b8 in cpu_loop (env=0x1000abfd350) at /build/qemu/linux-user/main.c:317
#7 0x0000000060036ae0 in clone_func (arg=0x3fffc4c2ca38) at /build/qemu/linux-user/syscall.c:5445
#8 0x0000000060176f8c in start_thread (arg=0x3fff85c74fc0) at pthread_create.c:336
#9 0x00000000601cebf4 in clone ()
Thread 1 (Thread 0x1000aa05000 (LWP 74511)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#2 do_futex (val3=<optimized out>, uaddr2=1, timeout=0, val=1, op=128, uaddr=275078324992) at /build/qemu/linux-user/syscall.c:6201
#3 do_syscall (cpu_env=0x1000aa23890, num=<optimized out>, arg1=275078324992, arg2=<optimized out>, arg3=1, arg4=0, arg5=1, arg6=<optimized out>, arg7=0, arg8=0) at /build/qemu/linux-user/syscall.c:10651
#4 0x00000000600347b8 in cpu_loop (env=0x1000aa23890) at /build/qemu/linux-user/main.c:317
#5 0x00000000600020e4 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /build/qemu/linux-user/main.c:4779
(gdb) p __xidcmd
$1 = (struct xid_command *) 0x0
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1594394/+subscriptions
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug 1594394] Re: Using setreuid / setegid crashes x86_64 user-mode target
2016-06-20 14:01 [Qemu-devel] [Bug 1594394] [NEW] Using setreuid / setegid crashes x86_64 user-mode target Timothy Pearson
` (5 preceding siblings ...)
2017-12-20 17:02 ` VinceLe
@ 2020-06-11 15:12 ` Steve Dodd
2020-06-11 16:47 ` Laurent Vivier
` (9 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Steve Dodd @ 2020-06-11 15:12 UTC (permalink / raw)
To: qemu-devel
Did anything ever happen here? Trying to upgrade Ubuntu ARM container
images using qemu-user on x86-64 from bionic to focal..
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1594394
Title:
Using setreuid / setegid crashes x86_64 user-mode target
Status in QEMU:
New
Bug description:
When setreuid() or setegid() are called from x86_64 target code in
user mode, qemu crashes inside the NPTL signal handlers. x86 targets
do not directly use a syscall to handle setreuid() / setegid();
instead the x86 NPTL implementation sets up a temporary data region in
memory (__xidcmd) and issues a signal (SIGRT1) to all threads,
allowing the handler for that signal to issue the syscall. Under
qemu, __xidcmd remains null (see variable display below backtrace).
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x3fff85c74fc0 (LWP 74517)]
0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
263 nptl-init.c: No such file or directory.
(gdb) thread apply all bt
Thread 3 (Thread 0x3fff87e8efc0 (LWP 74515)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060109080 in futex_wait (val=<optimized out>, ev=<optimized out>) at /build/qemu/util/qemu-thread-posix.c:292
#2 qemu_event_wait (ev=0x62367bb0 <rcu_call_ready_event>) at /build/qemu/util/qemu-thread-posix.c:399
#3 0x000000006010f73c in call_rcu_thread (opaque=<optimized out>) at /build/qemu/util/rcu.c:250
#4 0x0000000060176f8c in start_thread (arg=0x3fff87e8efc0) at pthread_create.c:336
#5 0x00000000601cebf4 in clone ()
Thread 2 (Thread 0x3fff85c74fc0 (LWP 74517)):
#0 0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
#1 <signal handler called>
#2 0x00000000601cc42c in syscall ()
#3 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#4 do_futex (val3=<optimized out>, uaddr2=275186650880, timeout=0, val=1129, op=128, uaddr=275186651116) at /build/qemu/linux-user/syscall.c:6201
#5 do_syscall (cpu_env=0x1000abfd350, num=<optimized out>, arg1=275186651116, arg2=<optimized out>, arg3=1129, arg4=0, arg5=275186650880, arg6=<optimized out>, arg7=0, arg8=0)
at /build/qemu/linux-user/syscall.c:10651
#6 0x00000000600347b8 in cpu_loop (env=0x1000abfd350) at /build/qemu/linux-user/main.c:317
#7 0x0000000060036ae0 in clone_func (arg=0x3fffc4c2ca38) at /build/qemu/linux-user/syscall.c:5445
#8 0x0000000060176f8c in start_thread (arg=0x3fff85c74fc0) at pthread_create.c:336
#9 0x00000000601cebf4 in clone ()
Thread 1 (Thread 0x1000aa05000 (LWP 74511)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#2 do_futex (val3=<optimized out>, uaddr2=1, timeout=0, val=1, op=128, uaddr=275078324992) at /build/qemu/linux-user/syscall.c:6201
#3 do_syscall (cpu_env=0x1000aa23890, num=<optimized out>, arg1=275078324992, arg2=<optimized out>, arg3=1, arg4=0, arg5=1, arg6=<optimized out>, arg7=0, arg8=0) at /build/qemu/linux-user/syscall.c:10651
#4 0x00000000600347b8 in cpu_loop (env=0x1000aa23890) at /build/qemu/linux-user/main.c:317
#5 0x00000000600020e4 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /build/qemu/linux-user/main.c:4779
(gdb) p __xidcmd
$1 = (struct xid_command *) 0x0
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1594394/+subscriptions
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug 1594394] Re: Using setreuid / setegid crashes x86_64 user-mode target
2016-06-20 14:01 [Qemu-devel] [Bug 1594394] [NEW] Using setreuid / setegid crashes x86_64 user-mode target Timothy Pearson
` (6 preceding siblings ...)
2020-06-11 15:12 ` Steve Dodd
@ 2020-06-11 16:47 ` Laurent Vivier
2020-08-06 20:53 ` Steve Dodd
` (8 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Laurent Vivier @ 2020-06-11 16:47 UTC (permalink / raw)
To: qemu-devel
Steve, could you describe your problem with more details?
What is the version of qemu you are using?
** Tags added: linux-user
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1594394
Title:
Using setreuid / setegid crashes x86_64 user-mode target
Status in QEMU:
New
Bug description:
When setreuid() or setegid() are called from x86_64 target code in
user mode, qemu crashes inside the NPTL signal handlers. x86 targets
do not directly use a syscall to handle setreuid() / setegid();
instead the x86 NPTL implementation sets up a temporary data region in
memory (__xidcmd) and issues a signal (SIGRT1) to all threads,
allowing the handler for that signal to issue the syscall. Under
qemu, __xidcmd remains null (see variable display below backtrace).
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x3fff85c74fc0 (LWP 74517)]
0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
263 nptl-init.c: No such file or directory.
(gdb) thread apply all bt
Thread 3 (Thread 0x3fff87e8efc0 (LWP 74515)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060109080 in futex_wait (val=<optimized out>, ev=<optimized out>) at /build/qemu/util/qemu-thread-posix.c:292
#2 qemu_event_wait (ev=0x62367bb0 <rcu_call_ready_event>) at /build/qemu/util/qemu-thread-posix.c:399
#3 0x000000006010f73c in call_rcu_thread (opaque=<optimized out>) at /build/qemu/util/rcu.c:250
#4 0x0000000060176f8c in start_thread (arg=0x3fff87e8efc0) at pthread_create.c:336
#5 0x00000000601cebf4 in clone ()
Thread 2 (Thread 0x3fff85c74fc0 (LWP 74517)):
#0 0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
#1 <signal handler called>
#2 0x00000000601cc42c in syscall ()
#3 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#4 do_futex (val3=<optimized out>, uaddr2=275186650880, timeout=0, val=1129, op=128, uaddr=275186651116) at /build/qemu/linux-user/syscall.c:6201
#5 do_syscall (cpu_env=0x1000abfd350, num=<optimized out>, arg1=275186651116, arg2=<optimized out>, arg3=1129, arg4=0, arg5=275186650880, arg6=<optimized out>, arg7=0, arg8=0)
at /build/qemu/linux-user/syscall.c:10651
#6 0x00000000600347b8 in cpu_loop (env=0x1000abfd350) at /build/qemu/linux-user/main.c:317
#7 0x0000000060036ae0 in clone_func (arg=0x3fffc4c2ca38) at /build/qemu/linux-user/syscall.c:5445
#8 0x0000000060176f8c in start_thread (arg=0x3fff85c74fc0) at pthread_create.c:336
#9 0x00000000601cebf4 in clone ()
Thread 1 (Thread 0x1000aa05000 (LWP 74511)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#2 do_futex (val3=<optimized out>, uaddr2=1, timeout=0, val=1, op=128, uaddr=275078324992) at /build/qemu/linux-user/syscall.c:6201
#3 do_syscall (cpu_env=0x1000aa23890, num=<optimized out>, arg1=275078324992, arg2=<optimized out>, arg3=1, arg4=0, arg5=1, arg6=<optimized out>, arg7=0, arg8=0) at /build/qemu/linux-user/syscall.c:10651
#4 0x00000000600347b8 in cpu_loop (env=0x1000aa23890) at /build/qemu/linux-user/main.c:317
#5 0x00000000600020e4 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /build/qemu/linux-user/main.c:4779
(gdb) p __xidcmd
$1 = (struct xid_command *) 0x0
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1594394/+subscriptions
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug 1594394] Re: Using setreuid / setegid crashes x86_64 user-mode target
2016-06-20 14:01 [Qemu-devel] [Bug 1594394] [NEW] Using setreuid / setegid crashes x86_64 user-mode target Timothy Pearson
` (7 preceding siblings ...)
2020-06-11 16:47 ` Laurent Vivier
@ 2020-08-06 20:53 ` Steve Dodd
2020-08-06 20:54 ` Steve Dodd
` (7 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Steve Dodd @ 2020-08-06 20:53 UTC (permalink / raw)
To: qemu-devel
Sorry, lost your reply in amongst the chaos of my life! OK, quick test
case (type at command line, don't run as script!), host arch is x86-64,
you need qemu-user-static installed..
wget https://cloud-images.ubuntu.com/bionic/current/bionic-server-cloudimg-armhf-root.tar.xz
sudo -s
mkdir armcont
cd armcont
tar xf ../bionic-server-cloudimg-armhf-root.tar.xz
cp /usr/bin/qemu-arm-static armcont/usr/bin/
rm armcont/etc/resolv.conf; cp /etc/resolv.conf armcont/etc/
systemd-nspawn -D armcont/
do-release-upgrade -d # may need to drop the "-d" once 20.04.1 is released
Yields:
qemu:handle_cpu_signal received signal outside vCPU context @
pc=0x601540af
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1594394
Title:
Using setreuid / setegid crashes x86_64 user-mode target
Status in QEMU:
New
Bug description:
When setreuid() or setegid() are called from x86_64 target code in
user mode, qemu crashes inside the NPTL signal handlers. x86 targets
do not directly use a syscall to handle setreuid() / setegid();
instead the x86 NPTL implementation sets up a temporary data region in
memory (__xidcmd) and issues a signal (SIGRT1) to all threads,
allowing the handler for that signal to issue the syscall. Under
qemu, __xidcmd remains null (see variable display below backtrace).
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x3fff85c74fc0 (LWP 74517)]
0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
263 nptl-init.c: No such file or directory.
(gdb) thread apply all bt
Thread 3 (Thread 0x3fff87e8efc0 (LWP 74515)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060109080 in futex_wait (val=<optimized out>, ev=<optimized out>) at /build/qemu/util/qemu-thread-posix.c:292
#2 qemu_event_wait (ev=0x62367bb0 <rcu_call_ready_event>) at /build/qemu/util/qemu-thread-posix.c:399
#3 0x000000006010f73c in call_rcu_thread (opaque=<optimized out>) at /build/qemu/util/rcu.c:250
#4 0x0000000060176f8c in start_thread (arg=0x3fff87e8efc0) at pthread_create.c:336
#5 0x00000000601cebf4 in clone ()
Thread 2 (Thread 0x3fff85c74fc0 (LWP 74517)):
#0 0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
#1 <signal handler called>
#2 0x00000000601cc42c in syscall ()
#3 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#4 do_futex (val3=<optimized out>, uaddr2=275186650880, timeout=0, val=1129, op=128, uaddr=275186651116) at /build/qemu/linux-user/syscall.c:6201
#5 do_syscall (cpu_env=0x1000abfd350, num=<optimized out>, arg1=275186651116, arg2=<optimized out>, arg3=1129, arg4=0, arg5=275186650880, arg6=<optimized out>, arg7=0, arg8=0)
at /build/qemu/linux-user/syscall.c:10651
#6 0x00000000600347b8 in cpu_loop (env=0x1000abfd350) at /build/qemu/linux-user/main.c:317
#7 0x0000000060036ae0 in clone_func (arg=0x3fffc4c2ca38) at /build/qemu/linux-user/syscall.c:5445
#8 0x0000000060176f8c in start_thread (arg=0x3fff85c74fc0) at pthread_create.c:336
#9 0x00000000601cebf4 in clone ()
Thread 1 (Thread 0x1000aa05000 (LWP 74511)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#2 do_futex (val3=<optimized out>, uaddr2=1, timeout=0, val=1, op=128, uaddr=275078324992) at /build/qemu/linux-user/syscall.c:6201
#3 do_syscall (cpu_env=0x1000aa23890, num=<optimized out>, arg1=275078324992, arg2=<optimized out>, arg3=1, arg4=0, arg5=1, arg6=<optimized out>, arg7=0, arg8=0) at /build/qemu/linux-user/syscall.c:10651
#4 0x00000000600347b8 in cpu_loop (env=0x1000aa23890) at /build/qemu/linux-user/main.c:317
#5 0x00000000600020e4 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /build/qemu/linux-user/main.c:4779
(gdb) p __xidcmd
$1 = (struct xid_command *) 0x0
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1594394/+subscriptions
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug 1594394] Re: Using setreuid / setegid crashes x86_64 user-mode target
2016-06-20 14:01 [Qemu-devel] [Bug 1594394] [NEW] Using setreuid / setegid crashes x86_64 user-mode target Timothy Pearson
` (8 preceding siblings ...)
2020-08-06 20:53 ` Steve Dodd
@ 2020-08-06 20:54 ` Steve Dodd
2020-08-06 20:56 ` Steve Dodd
` (6 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Steve Dodd @ 2020-08-06 20:54 UTC (permalink / raw)
To: qemu-devel
(Need a "cd .." after the tar, doh.)
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1594394
Title:
Using setreuid / setegid crashes x86_64 user-mode target
Status in QEMU:
New
Bug description:
When setreuid() or setegid() are called from x86_64 target code in
user mode, qemu crashes inside the NPTL signal handlers. x86 targets
do not directly use a syscall to handle setreuid() / setegid();
instead the x86 NPTL implementation sets up a temporary data region in
memory (__xidcmd) and issues a signal (SIGRT1) to all threads,
allowing the handler for that signal to issue the syscall. Under
qemu, __xidcmd remains null (see variable display below backtrace).
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x3fff85c74fc0 (LWP 74517)]
0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
263 nptl-init.c: No such file or directory.
(gdb) thread apply all bt
Thread 3 (Thread 0x3fff87e8efc0 (LWP 74515)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060109080 in futex_wait (val=<optimized out>, ev=<optimized out>) at /build/qemu/util/qemu-thread-posix.c:292
#2 qemu_event_wait (ev=0x62367bb0 <rcu_call_ready_event>) at /build/qemu/util/qemu-thread-posix.c:399
#3 0x000000006010f73c in call_rcu_thread (opaque=<optimized out>) at /build/qemu/util/rcu.c:250
#4 0x0000000060176f8c in start_thread (arg=0x3fff87e8efc0) at pthread_create.c:336
#5 0x00000000601cebf4 in clone ()
Thread 2 (Thread 0x3fff85c74fc0 (LWP 74517)):
#0 0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
#1 <signal handler called>
#2 0x00000000601cc42c in syscall ()
#3 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#4 do_futex (val3=<optimized out>, uaddr2=275186650880, timeout=0, val=1129, op=128, uaddr=275186651116) at /build/qemu/linux-user/syscall.c:6201
#5 do_syscall (cpu_env=0x1000abfd350, num=<optimized out>, arg1=275186651116, arg2=<optimized out>, arg3=1129, arg4=0, arg5=275186650880, arg6=<optimized out>, arg7=0, arg8=0)
at /build/qemu/linux-user/syscall.c:10651
#6 0x00000000600347b8 in cpu_loop (env=0x1000abfd350) at /build/qemu/linux-user/main.c:317
#7 0x0000000060036ae0 in clone_func (arg=0x3fffc4c2ca38) at /build/qemu/linux-user/syscall.c:5445
#8 0x0000000060176f8c in start_thread (arg=0x3fff85c74fc0) at pthread_create.c:336
#9 0x00000000601cebf4 in clone ()
Thread 1 (Thread 0x1000aa05000 (LWP 74511)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#2 do_futex (val3=<optimized out>, uaddr2=1, timeout=0, val=1, op=128, uaddr=275078324992) at /build/qemu/linux-user/syscall.c:6201
#3 do_syscall (cpu_env=0x1000aa23890, num=<optimized out>, arg1=275078324992, arg2=<optimized out>, arg3=1, arg4=0, arg5=1, arg6=<optimized out>, arg7=0, arg8=0) at /build/qemu/linux-user/syscall.c:10651
#4 0x00000000600347b8 in cpu_loop (env=0x1000aa23890) at /build/qemu/linux-user/main.c:317
#5 0x00000000600020e4 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /build/qemu/linux-user/main.c:4779
(gdb) p __xidcmd
$1 = (struct xid_command *) 0x0
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1594394/+subscriptions
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug 1594394] Re: Using setreuid / setegid crashes x86_64 user-mode target
2016-06-20 14:01 [Qemu-devel] [Bug 1594394] [NEW] Using setreuid / setegid crashes x86_64 user-mode target Timothy Pearson
` (9 preceding siblings ...)
2020-08-06 20:54 ` Steve Dodd
@ 2020-08-06 20:56 ` Steve Dodd
2020-08-06 21:09 ` Steve Dodd
` (5 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Steve Dodd @ 2020-08-06 20:56 UTC (permalink / raw)
To: qemu-devel
Actually, this is possibly not the same bug. I will add to the list to
investigate further..
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1594394
Title:
Using setreuid / setegid crashes x86_64 user-mode target
Status in QEMU:
New
Bug description:
When setreuid() or setegid() are called from x86_64 target code in
user mode, qemu crashes inside the NPTL signal handlers. x86 targets
do not directly use a syscall to handle setreuid() / setegid();
instead the x86 NPTL implementation sets up a temporary data region in
memory (__xidcmd) and issues a signal (SIGRT1) to all threads,
allowing the handler for that signal to issue the syscall. Under
qemu, __xidcmd remains null (see variable display below backtrace).
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x3fff85c74fc0 (LWP 74517)]
0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
263 nptl-init.c: No such file or directory.
(gdb) thread apply all bt
Thread 3 (Thread 0x3fff87e8efc0 (LWP 74515)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060109080 in futex_wait (val=<optimized out>, ev=<optimized out>) at /build/qemu/util/qemu-thread-posix.c:292
#2 qemu_event_wait (ev=0x62367bb0 <rcu_call_ready_event>) at /build/qemu/util/qemu-thread-posix.c:399
#3 0x000000006010f73c in call_rcu_thread (opaque=<optimized out>) at /build/qemu/util/rcu.c:250
#4 0x0000000060176f8c in start_thread (arg=0x3fff87e8efc0) at pthread_create.c:336
#5 0x00000000601cebf4 in clone ()
Thread 2 (Thread 0x3fff85c74fc0 (LWP 74517)):
#0 0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
#1 <signal handler called>
#2 0x00000000601cc42c in syscall ()
#3 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#4 do_futex (val3=<optimized out>, uaddr2=275186650880, timeout=0, val=1129, op=128, uaddr=275186651116) at /build/qemu/linux-user/syscall.c:6201
#5 do_syscall (cpu_env=0x1000abfd350, num=<optimized out>, arg1=275186651116, arg2=<optimized out>, arg3=1129, arg4=0, arg5=275186650880, arg6=<optimized out>, arg7=0, arg8=0)
at /build/qemu/linux-user/syscall.c:10651
#6 0x00000000600347b8 in cpu_loop (env=0x1000abfd350) at /build/qemu/linux-user/main.c:317
#7 0x0000000060036ae0 in clone_func (arg=0x3fffc4c2ca38) at /build/qemu/linux-user/syscall.c:5445
#8 0x0000000060176f8c in start_thread (arg=0x3fff85c74fc0) at pthread_create.c:336
#9 0x00000000601cebf4 in clone ()
Thread 1 (Thread 0x1000aa05000 (LWP 74511)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#2 do_futex (val3=<optimized out>, uaddr2=1, timeout=0, val=1, op=128, uaddr=275078324992) at /build/qemu/linux-user/syscall.c:6201
#3 do_syscall (cpu_env=0x1000aa23890, num=<optimized out>, arg1=275078324992, arg2=<optimized out>, arg3=1, arg4=0, arg5=1, arg6=<optimized out>, arg7=0, arg8=0) at /build/qemu/linux-user/syscall.c:10651
#4 0x00000000600347b8 in cpu_loop (env=0x1000aa23890) at /build/qemu/linux-user/main.c:317
#5 0x00000000600020e4 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /build/qemu/linux-user/main.c:4779
(gdb) p __xidcmd
$1 = (struct xid_command *) 0x0
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1594394/+subscriptions
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug 1594394] Re: Using setreuid / setegid crashes x86_64 user-mode target
2016-06-20 14:01 [Qemu-devel] [Bug 1594394] [NEW] Using setreuid / setegid crashes x86_64 user-mode target Timothy Pearson
` (10 preceding siblings ...)
2020-08-06 20:56 ` Steve Dodd
@ 2020-08-06 21:09 ` Steve Dodd
2020-08-10 15:12 ` Steve Dodd
` (4 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Steve Dodd @ 2020-08-06 21:09 UTC (permalink / raw)
To: qemu-devel
Sorry, heat is definitely getting to me - just realized this is an
upstream bug, not an Ubuntu one! Ubuntu package version is 1:2.11+dfsg-
1ubuntu7.26. At some point I will look at building qemu from source, but
won't be an immediate thing. Apologies for noise .. though if anyone
knows off-hand that a fix for this did or didn't get merged that would
useful ..
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1594394
Title:
Using setreuid / setegid crashes x86_64 user-mode target
Status in QEMU:
New
Bug description:
When setreuid() or setegid() are called from x86_64 target code in
user mode, qemu crashes inside the NPTL signal handlers. x86 targets
do not directly use a syscall to handle setreuid() / setegid();
instead the x86 NPTL implementation sets up a temporary data region in
memory (__xidcmd) and issues a signal (SIGRT1) to all threads,
allowing the handler for that signal to issue the syscall. Under
qemu, __xidcmd remains null (see variable display below backtrace).
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x3fff85c74fc0 (LWP 74517)]
0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
263 nptl-init.c: No such file or directory.
(gdb) thread apply all bt
Thread 3 (Thread 0x3fff87e8efc0 (LWP 74515)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060109080 in futex_wait (val=<optimized out>, ev=<optimized out>) at /build/qemu/util/qemu-thread-posix.c:292
#2 qemu_event_wait (ev=0x62367bb0 <rcu_call_ready_event>) at /build/qemu/util/qemu-thread-posix.c:399
#3 0x000000006010f73c in call_rcu_thread (opaque=<optimized out>) at /build/qemu/util/rcu.c:250
#4 0x0000000060176f8c in start_thread (arg=0x3fff87e8efc0) at pthread_create.c:336
#5 0x00000000601cebf4 in clone ()
Thread 2 (Thread 0x3fff85c74fc0 (LWP 74517)):
#0 0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
#1 <signal handler called>
#2 0x00000000601cc42c in syscall ()
#3 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#4 do_futex (val3=<optimized out>, uaddr2=275186650880, timeout=0, val=1129, op=128, uaddr=275186651116) at /build/qemu/linux-user/syscall.c:6201
#5 do_syscall (cpu_env=0x1000abfd350, num=<optimized out>, arg1=275186651116, arg2=<optimized out>, arg3=1129, arg4=0, arg5=275186650880, arg6=<optimized out>, arg7=0, arg8=0)
at /build/qemu/linux-user/syscall.c:10651
#6 0x00000000600347b8 in cpu_loop (env=0x1000abfd350) at /build/qemu/linux-user/main.c:317
#7 0x0000000060036ae0 in clone_func (arg=0x3fffc4c2ca38) at /build/qemu/linux-user/syscall.c:5445
#8 0x0000000060176f8c in start_thread (arg=0x3fff85c74fc0) at pthread_create.c:336
#9 0x00000000601cebf4 in clone ()
Thread 1 (Thread 0x1000aa05000 (LWP 74511)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#2 do_futex (val3=<optimized out>, uaddr2=1, timeout=0, val=1, op=128, uaddr=275078324992) at /build/qemu/linux-user/syscall.c:6201
#3 do_syscall (cpu_env=0x1000aa23890, num=<optimized out>, arg1=275078324992, arg2=<optimized out>, arg3=1, arg4=0, arg5=1, arg6=<optimized out>, arg7=0, arg8=0) at /build/qemu/linux-user/syscall.c:10651
#4 0x00000000600347b8 in cpu_loop (env=0x1000aa23890) at /build/qemu/linux-user/main.c:317
#5 0x00000000600020e4 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /build/qemu/linux-user/main.c:4779
(gdb) p __xidcmd
$1 = (struct xid_command *) 0x0
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1594394/+subscriptions
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug 1594394] Re: Using setreuid / setegid crashes x86_64 user-mode target
2016-06-20 14:01 [Qemu-devel] [Bug 1594394] [NEW] Using setreuid / setegid crashes x86_64 user-mode target Timothy Pearson
` (11 preceding siblings ...)
2020-08-06 21:09 ` Steve Dodd
@ 2020-08-10 15:12 ` Steve Dodd
2020-08-10 15:19 ` Steve Dodd
` (3 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Steve Dodd @ 2020-08-10 15:12 UTC (permalink / raw)
To: qemu-devel
OK, messing around with https://hub.docker.com/r/multiarch/ubuntu-core
for quick testing, it looks like modern versions of qemu do not have
this bug - I used the test case from Bug #1815911 (which I think is
probably a duplicate) and cannot reproduce with:
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/multiarch/ubuntu-core armhf-bionic 78064abebdab 41 minutes ago 52 MB
Which seems to use "qemu-arm version 5.0.0 (qemu-5.0.0-2.fc33)"
If copy in the ancient qemu-arm-static that ships with Bionic by default
the error returns.
So I guess this can be closed, but would be nice to know which commit
fixed this, for cherrypicking ..
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1594394
Title:
Using setreuid / setegid crashes x86_64 user-mode target
Status in QEMU:
New
Bug description:
When setreuid() or setegid() are called from x86_64 target code in
user mode, qemu crashes inside the NPTL signal handlers. x86 targets
do not directly use a syscall to handle setreuid() / setegid();
instead the x86 NPTL implementation sets up a temporary data region in
memory (__xidcmd) and issues a signal (SIGRT1) to all threads,
allowing the handler for that signal to issue the syscall. Under
qemu, __xidcmd remains null (see variable display below backtrace).
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x3fff85c74fc0 (LWP 74517)]
0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
263 nptl-init.c: No such file or directory.
(gdb) thread apply all bt
Thread 3 (Thread 0x3fff87e8efc0 (LWP 74515)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060109080 in futex_wait (val=<optimized out>, ev=<optimized out>) at /build/qemu/util/qemu-thread-posix.c:292
#2 qemu_event_wait (ev=0x62367bb0 <rcu_call_ready_event>) at /build/qemu/util/qemu-thread-posix.c:399
#3 0x000000006010f73c in call_rcu_thread (opaque=<optimized out>) at /build/qemu/util/rcu.c:250
#4 0x0000000060176f8c in start_thread (arg=0x3fff87e8efc0) at pthread_create.c:336
#5 0x00000000601cebf4 in clone ()
Thread 2 (Thread 0x3fff85c74fc0 (LWP 74517)):
#0 0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
#1 <signal handler called>
#2 0x00000000601cc42c in syscall ()
#3 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#4 do_futex (val3=<optimized out>, uaddr2=275186650880, timeout=0, val=1129, op=128, uaddr=275186651116) at /build/qemu/linux-user/syscall.c:6201
#5 do_syscall (cpu_env=0x1000abfd350, num=<optimized out>, arg1=275186651116, arg2=<optimized out>, arg3=1129, arg4=0, arg5=275186650880, arg6=<optimized out>, arg7=0, arg8=0)
at /build/qemu/linux-user/syscall.c:10651
#6 0x00000000600347b8 in cpu_loop (env=0x1000abfd350) at /build/qemu/linux-user/main.c:317
#7 0x0000000060036ae0 in clone_func (arg=0x3fffc4c2ca38) at /build/qemu/linux-user/syscall.c:5445
#8 0x0000000060176f8c in start_thread (arg=0x3fff85c74fc0) at pthread_create.c:336
#9 0x00000000601cebf4 in clone ()
Thread 1 (Thread 0x1000aa05000 (LWP 74511)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#2 do_futex (val3=<optimized out>, uaddr2=1, timeout=0, val=1, op=128, uaddr=275078324992) at /build/qemu/linux-user/syscall.c:6201
#3 do_syscall (cpu_env=0x1000aa23890, num=<optimized out>, arg1=275078324992, arg2=<optimized out>, arg3=1, arg4=0, arg5=1, arg6=<optimized out>, arg7=0, arg8=0) at /build/qemu/linux-user/syscall.c:10651
#4 0x00000000600347b8 in cpu_loop (env=0x1000aa23890) at /build/qemu/linux-user/main.c:317
#5 0x00000000600020e4 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /build/qemu/linux-user/main.c:4779
(gdb) p __xidcmd
$1 = (struct xid_command *) 0x0
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1594394/+subscriptions
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug 1594394] Re: Using setreuid / setegid crashes x86_64 user-mode target
2016-06-20 14:01 [Qemu-devel] [Bug 1594394] [NEW] Using setreuid / setegid crashes x86_64 user-mode target Timothy Pearson
` (12 preceding siblings ...)
2020-08-10 15:12 ` Steve Dodd
@ 2020-08-10 15:19 ` Steve Dodd
2020-08-10 15:33 ` Peter Maydell
` (2 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: Steve Dodd @ 2020-08-10 15:19 UTC (permalink / raw)
To: qemu-devel
Possibly
https://github.com/qemu/qemu/commit/6bc024e713fd35eb5fddbe16acd8dc92d27872a9
#diff-6389d258c2de2f974953be12cab45851 ?
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1594394
Title:
Using setreuid / setegid crashes x86_64 user-mode target
Status in QEMU:
New
Bug description:
When setreuid() or setegid() are called from x86_64 target code in
user mode, qemu crashes inside the NPTL signal handlers. x86 targets
do not directly use a syscall to handle setreuid() / setegid();
instead the x86 NPTL implementation sets up a temporary data region in
memory (__xidcmd) and issues a signal (SIGRT1) to all threads,
allowing the handler for that signal to issue the syscall. Under
qemu, __xidcmd remains null (see variable display below backtrace).
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x3fff85c74fc0 (LWP 74517)]
0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
263 nptl-init.c: No such file or directory.
(gdb) thread apply all bt
Thread 3 (Thread 0x3fff87e8efc0 (LWP 74515)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060109080 in futex_wait (val=<optimized out>, ev=<optimized out>) at /build/qemu/util/qemu-thread-posix.c:292
#2 qemu_event_wait (ev=0x62367bb0 <rcu_call_ready_event>) at /build/qemu/util/qemu-thread-posix.c:399
#3 0x000000006010f73c in call_rcu_thread (opaque=<optimized out>) at /build/qemu/util/rcu.c:250
#4 0x0000000060176f8c in start_thread (arg=0x3fff87e8efc0) at pthread_create.c:336
#5 0x00000000601cebf4 in clone ()
Thread 2 (Thread 0x3fff85c74fc0 (LWP 74517)):
#0 0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
#1 <signal handler called>
#2 0x00000000601cc42c in syscall ()
#3 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#4 do_futex (val3=<optimized out>, uaddr2=275186650880, timeout=0, val=1129, op=128, uaddr=275186651116) at /build/qemu/linux-user/syscall.c:6201
#5 do_syscall (cpu_env=0x1000abfd350, num=<optimized out>, arg1=275186651116, arg2=<optimized out>, arg3=1129, arg4=0, arg5=275186650880, arg6=<optimized out>, arg7=0, arg8=0)
at /build/qemu/linux-user/syscall.c:10651
#6 0x00000000600347b8 in cpu_loop (env=0x1000abfd350) at /build/qemu/linux-user/main.c:317
#7 0x0000000060036ae0 in clone_func (arg=0x3fffc4c2ca38) at /build/qemu/linux-user/syscall.c:5445
#8 0x0000000060176f8c in start_thread (arg=0x3fff85c74fc0) at pthread_create.c:336
#9 0x00000000601cebf4 in clone ()
Thread 1 (Thread 0x1000aa05000 (LWP 74511)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#2 do_futex (val3=<optimized out>, uaddr2=1, timeout=0, val=1, op=128, uaddr=275078324992) at /build/qemu/linux-user/syscall.c:6201
#3 do_syscall (cpu_env=0x1000aa23890, num=<optimized out>, arg1=275078324992, arg2=<optimized out>, arg3=1, arg4=0, arg5=1, arg6=<optimized out>, arg7=0, arg8=0) at /build/qemu/linux-user/syscall.c:10651
#4 0x00000000600347b8 in cpu_loop (env=0x1000aa23890) at /build/qemu/linux-user/main.c:317
#5 0x00000000600020e4 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /build/qemu/linux-user/main.c:4779
(gdb) p __xidcmd
$1 = (struct xid_command *) 0x0
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1594394/+subscriptions
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug 1594394] Re: Using setreuid / setegid crashes x86_64 user-mode target
2016-06-20 14:01 [Qemu-devel] [Bug 1594394] [NEW] Using setreuid / setegid crashes x86_64 user-mode target Timothy Pearson
` (13 preceding siblings ...)
2020-08-10 15:19 ` Steve Dodd
@ 2020-08-10 15:33 ` Peter Maydell
2021-04-22 5:13 ` Thomas Huth
2021-06-22 4:17 ` Launchpad Bug Tracker
16 siblings, 0 replies; 18+ messages in thread
From: Peter Maydell @ 2020-08-10 15:33 UTC (permalink / raw)
To: qemu-devel
Bionic's QEMU is 2.11. There were a lot of fixes to the linux-user
handling and in particular to various race conditions in its handling of
multi-threaded guest programs and also to the guest signal handling code
-- I'm not sure it'd be feasible to identify and cherry-pick them all at
this point... My stock advice for "any linux-user guest bug" plus "QEMU
prior to 4.0" is "try again with a newer QEMU".
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1594394
Title:
Using setreuid / setegid crashes x86_64 user-mode target
Status in QEMU:
New
Bug description:
When setreuid() or setegid() are called from x86_64 target code in
user mode, qemu crashes inside the NPTL signal handlers. x86 targets
do not directly use a syscall to handle setreuid() / setegid();
instead the x86 NPTL implementation sets up a temporary data region in
memory (__xidcmd) and issues a signal (SIGRT1) to all threads,
allowing the handler for that signal to issue the syscall. Under
qemu, __xidcmd remains null (see variable display below backtrace).
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x3fff85c74fc0 (LWP 74517)]
0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
263 nptl-init.c: No such file or directory.
(gdb) thread apply all bt
Thread 3 (Thread 0x3fff87e8efc0 (LWP 74515)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060109080 in futex_wait (val=<optimized out>, ev=<optimized out>) at /build/qemu/util/qemu-thread-posix.c:292
#2 qemu_event_wait (ev=0x62367bb0 <rcu_call_ready_event>) at /build/qemu/util/qemu-thread-posix.c:399
#3 0x000000006010f73c in call_rcu_thread (opaque=<optimized out>) at /build/qemu/util/rcu.c:250
#4 0x0000000060176f8c in start_thread (arg=0x3fff87e8efc0) at pthread_create.c:336
#5 0x00000000601cebf4 in clone ()
Thread 2 (Thread 0x3fff85c74fc0 (LWP 74517)):
#0 0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
#1 <signal handler called>
#2 0x00000000601cc42c in syscall ()
#3 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#4 do_futex (val3=<optimized out>, uaddr2=275186650880, timeout=0, val=1129, op=128, uaddr=275186651116) at /build/qemu/linux-user/syscall.c:6201
#5 do_syscall (cpu_env=0x1000abfd350, num=<optimized out>, arg1=275186651116, arg2=<optimized out>, arg3=1129, arg4=0, arg5=275186650880, arg6=<optimized out>, arg7=0, arg8=0)
at /build/qemu/linux-user/syscall.c:10651
#6 0x00000000600347b8 in cpu_loop (env=0x1000abfd350) at /build/qemu/linux-user/main.c:317
#7 0x0000000060036ae0 in clone_func (arg=0x3fffc4c2ca38) at /build/qemu/linux-user/syscall.c:5445
#8 0x0000000060176f8c in start_thread (arg=0x3fff85c74fc0) at pthread_create.c:336
#9 0x00000000601cebf4 in clone ()
Thread 1 (Thread 0x1000aa05000 (LWP 74511)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#2 do_futex (val3=<optimized out>, uaddr2=1, timeout=0, val=1, op=128, uaddr=275078324992) at /build/qemu/linux-user/syscall.c:6201
#3 do_syscall (cpu_env=0x1000aa23890, num=<optimized out>, arg1=275078324992, arg2=<optimized out>, arg3=1, arg4=0, arg5=1, arg6=<optimized out>, arg7=0, arg8=0) at /build/qemu/linux-user/syscall.c:10651
#4 0x00000000600347b8 in cpu_loop (env=0x1000aa23890) at /build/qemu/linux-user/main.c:317
#5 0x00000000600020e4 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /build/qemu/linux-user/main.c:4779
(gdb) p __xidcmd
$1 = (struct xid_command *) 0x0
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1594394/+subscriptions
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug 1594394] Re: Using setreuid / setegid crashes x86_64 user-mode target
2016-06-20 14:01 [Qemu-devel] [Bug 1594394] [NEW] Using setreuid / setegid crashes x86_64 user-mode target Timothy Pearson
` (14 preceding siblings ...)
2020-08-10 15:33 ` Peter Maydell
@ 2021-04-22 5:13 ` Thomas Huth
2021-06-22 4:17 ` Launchpad Bug Tracker
16 siblings, 0 replies; 18+ messages in thread
From: Thomas Huth @ 2021-04-22 5:13 UTC (permalink / raw)
To: qemu-devel
The QEMU project is currently considering to move its bug tracking to
another system. For this we need to know which bugs are still valid
and which could be closed already. Thus we are setting older bugs to
"Incomplete" now.
If you still think this bug report here is valid, then please switch
the state back to "New" within the next 60 days, otherwise this report
will be marked as "Expired". Or please mark it as "Fix Released" if
the problem has been solved with a newer version of QEMU already.
Thank you and sorry for the inconvenience.
** Changed in: qemu
Status: New => Incomplete
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1594394
Title:
Using setreuid / setegid crashes x86_64 user-mode target
Status in QEMU:
Incomplete
Bug description:
When setreuid() or setegid() are called from x86_64 target code in
user mode, qemu crashes inside the NPTL signal handlers. x86 targets
do not directly use a syscall to handle setreuid() / setegid();
instead the x86 NPTL implementation sets up a temporary data region in
memory (__xidcmd) and issues a signal (SIGRT1) to all threads,
allowing the handler for that signal to issue the syscall. Under
qemu, __xidcmd remains null (see variable display below backtrace).
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x3fff85c74fc0 (LWP 74517)]
0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
263 nptl-init.c: No such file or directory.
(gdb) thread apply all bt
Thread 3 (Thread 0x3fff87e8efc0 (LWP 74515)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060109080 in futex_wait (val=<optimized out>, ev=<optimized out>) at /build/qemu/util/qemu-thread-posix.c:292
#2 qemu_event_wait (ev=0x62367bb0 <rcu_call_ready_event>) at /build/qemu/util/qemu-thread-posix.c:399
#3 0x000000006010f73c in call_rcu_thread (opaque=<optimized out>) at /build/qemu/util/rcu.c:250
#4 0x0000000060176f8c in start_thread (arg=0x3fff87e8efc0) at pthread_create.c:336
#5 0x00000000601cebf4 in clone ()
Thread 2 (Thread 0x3fff85c74fc0 (LWP 74517)):
#0 0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
#1 <signal handler called>
#2 0x00000000601cc42c in syscall ()
#3 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#4 do_futex (val3=<optimized out>, uaddr2=275186650880, timeout=0, val=1129, op=128, uaddr=275186651116) at /build/qemu/linux-user/syscall.c:6201
#5 do_syscall (cpu_env=0x1000abfd350, num=<optimized out>, arg1=275186651116, arg2=<optimized out>, arg3=1129, arg4=0, arg5=275186650880, arg6=<optimized out>, arg7=0, arg8=0)
at /build/qemu/linux-user/syscall.c:10651
#6 0x00000000600347b8 in cpu_loop (env=0x1000abfd350) at /build/qemu/linux-user/main.c:317
#7 0x0000000060036ae0 in clone_func (arg=0x3fffc4c2ca38) at /build/qemu/linux-user/syscall.c:5445
#8 0x0000000060176f8c in start_thread (arg=0x3fff85c74fc0) at pthread_create.c:336
#9 0x00000000601cebf4 in clone ()
Thread 1 (Thread 0x1000aa05000 (LWP 74511)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#2 do_futex (val3=<optimized out>, uaddr2=1, timeout=0, val=1, op=128, uaddr=275078324992) at /build/qemu/linux-user/syscall.c:6201
#3 do_syscall (cpu_env=0x1000aa23890, num=<optimized out>, arg1=275078324992, arg2=<optimized out>, arg3=1, arg4=0, arg5=1, arg6=<optimized out>, arg7=0, arg8=0) at /build/qemu/linux-user/syscall.c:10651
#4 0x00000000600347b8 in cpu_loop (env=0x1000aa23890) at /build/qemu/linux-user/main.c:317
#5 0x00000000600020e4 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /build/qemu/linux-user/main.c:4779
(gdb) p __xidcmd
$1 = (struct xid_command *) 0x0
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1594394/+subscriptions
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug 1594394] Re: Using setreuid / setegid crashes x86_64 user-mode target
2016-06-20 14:01 [Qemu-devel] [Bug 1594394] [NEW] Using setreuid / setegid crashes x86_64 user-mode target Timothy Pearson
` (15 preceding siblings ...)
2021-04-22 5:13 ` Thomas Huth
@ 2021-06-22 4:17 ` Launchpad Bug Tracker
16 siblings, 0 replies; 18+ messages in thread
From: Launchpad Bug Tracker @ 2021-06-22 4:17 UTC (permalink / raw)
To: qemu-devel
[Expired for QEMU because there has been no activity for 60 days.]
** Changed in: qemu
Status: Incomplete => Expired
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1594394
Title:
Using setreuid / setegid crashes x86_64 user-mode target
Status in QEMU:
Expired
Bug description:
When setreuid() or setegid() are called from x86_64 target code in
user mode, qemu crashes inside the NPTL signal handlers. x86 targets
do not directly use a syscall to handle setreuid() / setegid();
instead the x86 NPTL implementation sets up a temporary data region in
memory (__xidcmd) and issues a signal (SIGRT1) to all threads,
allowing the handler for that signal to issue the syscall. Under
qemu, __xidcmd remains null (see variable display below backtrace).
Backtrace:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x3fff85c74fc0 (LWP 74517)]
0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
263 nptl-init.c: No such file or directory.
(gdb) thread apply all bt
Thread 3 (Thread 0x3fff87e8efc0 (LWP 74515)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060109080 in futex_wait (val=<optimized out>, ev=<optimized out>) at /build/qemu/util/qemu-thread-posix.c:292
#2 qemu_event_wait (ev=0x62367bb0 <rcu_call_ready_event>) at /build/qemu/util/qemu-thread-posix.c:399
#3 0x000000006010f73c in call_rcu_thread (opaque=<optimized out>) at /build/qemu/util/rcu.c:250
#4 0x0000000060176f8c in start_thread (arg=0x3fff87e8efc0) at pthread_create.c:336
#5 0x00000000601cebf4 in clone ()
Thread 2 (Thread 0x3fff85c74fc0 (LWP 74517)):
#0 0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263
#1 <signal handler called>
#2 0x00000000601cc42c in syscall ()
#3 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#4 do_futex (val3=<optimized out>, uaddr2=275186650880, timeout=0, val=1129, op=128, uaddr=275186651116) at /build/qemu/linux-user/syscall.c:6201
#5 do_syscall (cpu_env=0x1000abfd350, num=<optimized out>, arg1=275186651116, arg2=<optimized out>, arg3=1129, arg4=0, arg5=275186650880, arg6=<optimized out>, arg7=0, arg8=0)
at /build/qemu/linux-user/syscall.c:10651
#6 0x00000000600347b8 in cpu_loop (env=0x1000abfd350) at /build/qemu/linux-user/main.c:317
#7 0x0000000060036ae0 in clone_func (arg=0x3fffc4c2ca38) at /build/qemu/linux-user/syscall.c:5445
#8 0x0000000060176f8c in start_thread (arg=0x3fff85c74fc0) at pthread_create.c:336
#9 0x00000000601cebf4 in clone ()
Thread 1 (Thread 0x1000aa05000 (LWP 74511)):
#0 0x00000000601cc430 in syscall ()
#1 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748
#2 do_futex (val3=<optimized out>, uaddr2=1, timeout=0, val=1, op=128, uaddr=275078324992) at /build/qemu/linux-user/syscall.c:6201
#3 do_syscall (cpu_env=0x1000aa23890, num=<optimized out>, arg1=275078324992, arg2=<optimized out>, arg3=1, arg4=0, arg5=1, arg6=<optimized out>, arg7=0, arg8=0) at /build/qemu/linux-user/syscall.c:10651
#4 0x00000000600347b8 in cpu_loop (env=0x1000aa23890) at /build/qemu/linux-user/main.c:317
#5 0x00000000600020e4 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /build/qemu/linux-user/main.c:4779
(gdb) p __xidcmd
$1 = (struct xid_command *) 0x0
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1594394/+subscriptions
^ permalink raw reply [flat|nested] 18+ messages in thread
end of thread, other threads:[~2021-06-22 5:45 UTC | newest]
Thread overview: 18+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-06-20 14:01 [Qemu-devel] [Bug 1594394] [NEW] Using setreuid / setegid crashes x86_64 user-mode target Timothy Pearson
2016-06-20 14:21 ` [Qemu-devel] [Bug 1594394] " Peter Maydell
2016-06-20 14:22 ` Peter Maydell
2016-06-20 15:41 ` Timothy Pearson
2017-09-15 23:02 ` James Clarke
2017-09-15 23:08 ` James Clarke
2017-12-20 17:02 ` VinceLe
2020-06-11 15:12 ` Steve Dodd
2020-06-11 16:47 ` Laurent Vivier
2020-08-06 20:53 ` Steve Dodd
2020-08-06 20:54 ` Steve Dodd
2020-08-06 20:56 ` Steve Dodd
2020-08-06 21:09 ` Steve Dodd
2020-08-10 15:12 ` Steve Dodd
2020-08-10 15:19 ` Steve Dodd
2020-08-10 15:33 ` Peter Maydell
2021-04-22 5:13 ` Thomas Huth
2021-06-22 4:17 ` Launchpad Bug Tracker
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.