summary refs log tree commit diff stats
path: root/results/scraper/launchpad-without-comments/1874888
diff options
context:
space:
mode:
Diffstat (limited to 'results/scraper/launchpad-without-comments/1874888')
-rw-r--r--results/scraper/launchpad-without-comments/187488843
1 files changed, 43 insertions, 0 deletions
diff --git a/results/scraper/launchpad-without-comments/1874888 b/results/scraper/launchpad-without-comments/1874888
new file mode 100644
index 00000000..52bd6c46
--- /dev/null
+++ b/results/scraper/launchpad-without-comments/1874888
@@ -0,0 +1,43 @@
+certain programs make QEMU crash with "tcg fatal error"
+
+The following code snippet crashes qemu with
+
+.../tcg/tcg.c:3279: tcg fatal error
+qemu-x86_64: /usr/local/google/home/kostik/qemu-5.0.0-rc4/accel/tcg/cpu-exec.c:701: int cpu_exec(CPUState *): Assertion `!have_mmap_lock()' failed.
+
+================
+int main() {
+  /*
+00000000 <.data>:
+   0:   2e 45 71 ff             cs rex.RB jno 0x3
+   4:   e9 00 00 f0 00          jmp    0xf00009
+   9:   c4 42 7d 31 3e          vpmovzxbd ymm15,QWORD PTR [r14]
+   e:   c4 a3 7d 08 64 82 44    vroundps ymm4,YMMWORD PTR [rdx+r8*4+0x44],0x0
+  15:   00 
+  16:   0f 1e 0a                nop    DWORD PTR [rdx]
+  19:   43 0f ec 20             rex.XB paddsb mm4,QWORD PTR [r8]
+  1d:   66 47 0f 3a 0c 3d 00    rex.RXB blendps xmm15,XMMWORD PTR [rip+0x8000],0x0        # 0x8028
+  24:   80 00 00 00 
+  28:   c4 e3 f9 df 5f 86 0d    vaeskeygenassist xmm3,XMMWORD PTR [rdi-0x7a],0xd
+  2f:   c4 e2 55 92 74 fc 0a    vgatherdps ymm6,DWORD PTR [rsp+ymm7*8+0xa],ymm5
+  36:   c4 e2 f9 17 9a 01 00    vptest xmm3,XMMWORD PTR [rdx+0x1]
+  3d:   00 00 
+*/
+  char buf[] = {
+    0x2E, 0x45, 0x71, 0xFF, 0xE9, 0x00, 0x00, 0xF0, 0x00, 0xC4, 0x42, 0x7D, 0x31, 0x3E, 0xC4, 0xA3, 0x7D, 0x08, 0x64, 0x82, 0x44, 0x00, 0x0F, 0x1E, 0x0A, 0x43, 0x0F, 0xEC, 0x20, 0x66, 0x47, 0x0F, 0x3A, 0x0C, 0x3D, 0x00, 0x80, 0x00, 0x00, 0x00, 0xC4, 0xE3, 0xF9, 0xDF, 0x5F, 0x86, 0x0D, 0xC4, 0xE2, 0x55, 0x92, 0x74, 0xFC, 0x0A, 0xC4, 0xE2, 0xF9, 0x17, 0x9A, 0x01, 0x00, 0x00, 0x00
+  };
+  void (*f)(void) = (void (*) (void))buf;
+  f();
+  return 0;
+}
+================
+Steps to reproduce:
+1) clang -static repro.c -o repro
+2) qemu-x86_64-static repro
+
+Tested with 4.2.0 and 5.0.0-rc4. Both -user and -system variants are affected.
+
+A few more snippets that cause the same sort of behavior:
+1) 0x64, 0x46, 0x7D, 0xFF, 0xDF, 0x27, 0x46, 0x0F, 0xD4, 0x83, 0x5E, 0x00, 0x00, 0x00, 0x3E, 0x0F, 0x6A, 0xEF, 0x0F, 0x05, 0xC4, 0x42, 0xFD, 0x1E, 0xCF, 0x46, 0x18, 0xE3, 0x47, 0xCD, 0x4E, 0x6E, 0x0F, 0x0F, 0x16, 0x8A
+
+2) 0x67, 0x45, 0xDB, 0xD0, 0xAA, 0xC4, 0xE2, 0xB1, 0x01, 0x57, 0x00, 0xF3, 0x6F, 0xF3, 0x42, 0x0F, 0x1E, 0xFD, 0x64, 0x2E, 0xF2, 0x45, 0xD9, 0xC4, 0x3E, 0xF3, 0x0F, 0xAE, 0xF4, 0x3E, 0x47, 0x0F, 0x1C, 0x22, 0x42, 0x73, 0xFF, 0xD9, 0xFD
\ No newline at end of file