summary refs log tree commit diff stats
path: root/gitlab/issues/target_missing/host_missing/accel_missing/2345.toml
diff options
context:
space:
mode:
authorChristian Krinitsin <mail@krinitsin.com>2025-05-21 21:21:26 +0200
committerChristian Krinitsin <mail@krinitsin.com>2025-05-21 21:21:26 +0200
commit4b927bc37359dec23f67d3427fc982945f24f404 (patch)
tree245449ef9146942dc7fffd0235b48b7e70a00bf2 /gitlab/issues/target_missing/host_missing/accel_missing/2345.toml
parentaa8bd79cec7bf6790ddb01d156c2ef2201abbaab (diff)
downloadqemu-analysis-4b927bc37359dec23f67d3427fc982945f24f404.tar.gz
qemu-analysis-4b927bc37359dec23f67d3427fc982945f24f404.zip
add gitlab issues in toml format
Diffstat (limited to 'gitlab/issues/target_missing/host_missing/accel_missing/2345.toml')
-rw-r--r--gitlab/issues/target_missing/host_missing/accel_missing/2345.toml60


1 files changed, 60 insertions, 0 deletions
diff --git a/gitlab/issues/target_missing/host_missing/accel_missing/2345.toml b/gitlab/issues/target_missing/host_missing/accel_missing/2345.toml
new file mode 100644
index 000000000..f52f981be
--- /dev/null
+++ b/gitlab/issues/target_missing/host_missing/accel_missing/2345.toml
@@ -0,0 +1,60 @@
+id = 2345
+title = "Undefined behavior error: call to function qemu_mutex_lock through pointer to incorrect function type"
+state = "opened"
+created_at = "2024-05-16T06:41:01.640Z"
+closed_at = "n/a"
+labels = ["kind::Bug"]
+url = "https://gitlab.com/qemu-project/qemu/-/issues/2345"
+host-os = "Fedora 40"
+host-arch = "x86"
+qemu-version = "master branch (commit 3d48b6b687c558a042d9)"
+guest-os = "n/a"
+guest-arch = "n/a"
+description = """When compiling QEMU with:
+
+```
+./configure --cc=clang --extra-cflags=-fsanitize=undefined --extra-cflags=-fno-sanitize-recover=undefined --target-list=x86_64-softmmu
+```
+
+on a system that has Clang v17 or newer (e.g. on Fedora 39 or Fedora 40), the QEMU binary abort with an undefined behavior error:
+
+```
+$ ./qemu-system-x86_64
+include/qemu/lockable.h:95:5: runtime error: call to function qemu_mutex_lock through pointer to incorrect function type 'void (*)(void *)'
+include/qemu/thread.h:122:5: note: qemu_mutex_lock defined here
+SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior include/qemu/lockable.h:95:5 
+```
+
+Or for example when running ``make check-unit`` :
+
+```
+ 97/103 qemu:unit / test-yank                            ERROR            0.13s   killed by signal 6 SIGABRT
+>>> G_TEST_BUILDDIR=/tmp/qemu-ubsan/tests/unit ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 MALLOC_PERTURB_=201 G_TEST_SRCDIR=~/qemu/tests/unit /tmp/qemu-ubsan/tests/unit/test-yank --tap -k
+――――――――――――――――――――――――― ✀  ―――――――――――――――――――――――――――――――――――――――――
+stderr:
+include/qemu/lockable.h:95:5: runtime error: call to function qemu_mutex_lock through pointer to incorrect function type 'void (*)(void *)'
+include/qemu/thread.h:122:5: note: qemu_mutex_lock defined here
+    #0 0x55753123f8b9 in qemu_lockable_lock include/qemu/lockable.h:95:5
+    #1 0x55753123f8b9 in qemu_lockable_auto_lock include/qemu/lockable.h:105:5
+    #2 0x55753123f8b9 in qmp_query_yank util/yank.c:184:5
+    #3 0x5575311a35fe in is_yank_instance_registered tests/unit/test-yank.c:43:12
+    #4 0x5575311a35fe in char_change_test tests/unit/test-yank.c:128:5
+    #5 0x7f7f0a8cfbbf  (/lib64/libglib-2.0.so.0+0x8bbbf) (BuildId: 795136df3faa85587229ddc59d709f81d6f697df)
+    #6 0x7f7f0a8cfb2f  (/lib64/libglib-2.0.so.0+0x8bb2f) (BuildId: 795136df3faa85587229ddc59d709f81d6f697df)
+    #7 0x7f7f0a8cfb2f  (/lib64/libglib-2.0.so.0+0x8bb2f) (BuildId: 795136df3faa85587229ddc59d709f81d6f697df)
+    #8 0x7f7f0a8cfb2f  (/lib64/libglib-2.0.so.0+0x8bb2f) (BuildId: 795136df3faa85587229ddc59d709f81d6f697df)
+    #9 0x7f7f0a8d00c9 in g_test_run_suite (/lib64/libglib-2.0.so.0+0x8c0c9) (BuildId: 795136df3faa85587229ddc59d709f81d6f697df)
+    #10 0x7f7f0a8d015f in g_test_run (/lib64/libglib-2.0.so.0+0x8c15f) (BuildId: 795136df3faa85587229ddc59d709f81d6f697df)
+    #11 0x5575311a336f in main tests/unit/test-yank.c:248:12
+    #12 0x7f7f0a32d087 in __libc_start_call_main (/lib64/libc.so.6+0x2a087) (BuildId: b098f1c75a76548bb230d8f551eae07a2aeccf06)
+    #13 0x7f7f0a32d14a in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x2a14a) (BuildId: b098f1c75a76548bb230d8f551eae07a2aeccf06)
+    #14 0x557531178d64 in _start (/tmp/qemu-ubsan/tests/unit/test-yank+0x77d64) (BuildId: 0bb470b7accec26b684d1c7e941239d31396604e)
+
+SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior include/qemu/lockable.h:95:5 
+
+(test program exited with status code -6)
+```
+
+The way we abuse the (void *) parameter of QemuLockUnlockFunc seems to be undefined behavior, which could likely also trigger issues with CFI or certain compilers/architectures like emscripten, so we should try to avoid this. See also https://github.com/systemd/systemd/issues/29972 or https://github.com/python/cpython/issues/111178 for discussions in other projects."""
+reproduce = "n/a"
+additional = "n/a"