instruction: 0.361
runtime: 0.359
syscall: 0.281



qemu-mipsn32: Illegal Instruction at `exts` instruction
Description of problem:
Run with the command above, I got this error:

```
qemu-mipsn32 run
qemu: uncaught target signal 4 (Illegal instruction) - core dumped
Illegal instruction (core dumped)
```

I then tried to debug the program with qemu option `-g 1234` and know that 

```
$ gdb-multiarch run
...

pwndbg> target remote 0:1234
...

pwndbg> c
Continuing.

Program received signal SIGILL, Illegal instruction.
0x3f7d2434 in ?? () from /lib32/ld.so.1
warning: GDB can't find the start of the function at 0x3f7d2434.
x/10i

pwndbg> x/10i $pc
=> 0x3f7d2434:	0x7047f03a
   0x3f7d2438:	lui	a3,0x7000
   0x3f7d243c:	ori	a3,a3,0x5e
   0x3f7d2440:	b	0x3f7d241c
   0x3f7d2444:	subu	v0,a3,v0
   0x3f7d2448:	sltiu	a7,a3,-3
   0x3f7d244c:	bnezl	a7,0x3f7d246c
   0x3f7d2450:	subu	a3,a4,v0
   0x3f7d2454:	addiu	a3,a3,1
   0x3f7d2458:	li	v0,-4
```

So I know the problem is in libc32/ld.so.1. When I dissasemble that file and look at offset 0x4434, it's an `exts` instruction as below:

```
$ file /lib32/ld.so.1
/lib32/ld-2.15.so: ELF 32-bit MSB shared object, MIPS, N32 MIPS64 rel2 version 1 (SYSV), dynamically linked, stripped

$ ./mips64-n32--glibc--stable-2022.08-1/bin/mips64-buildroot-linux-gnu-objdump -d /lib32/ld.so.1 | less
    ...
    4434:       7047f03a        exts    a3,v0,0x0,0x1e
    4438:       3c077000        lui     a3,0x7000
    443c:       34e7005e        ori     a3,a3,0x5e
    4440:       1000fff6        b       441c <GLIBC_2.0@@GLIBC_2.0+0x441c>
    4444:       00e21023        subu    v0,a3,v0
    4448:       2cebfffd        sltiu   a7,a3,-3
    444c:       55600007        bnezl   a7,446c <GLIBC_2.0@@GLIBC_2.0+0x446c>
    4450:       01023823        subu    a3,a4,v0
    4454:       24e70001        addiu   a3,a3,1
    4458:       2402fffc        li      v0,-4
```
Steps to reproduce:
1. Download toolchain of mips64-n32 on toolchains.bootlin.com [here](https://toolchains.bootlin.com/releases_mips64-n32.html)
2. Write this c code to file `run.c`:

```c
#include <stdio.h>

int main(){
	puts("hello world");
	while (1);
}
```

3. Compile file run.c with downloaded toolchain:

```
mips64-n32--glibc--stable-2022.08-1/bin/mips64-buildroot-linux-gnu-gcc run.c -o run
```

> Step 1, 2 and 3 can be skip if you download the attached `run` file.

4. Download the attached ld
5. Make new dir at `/lib32` and move the file ld to `/lib32`
6. Run command `qemu-mipsn32 run`
Additional information:
[ld-2.15.so](/uploads/95f4da26e42d43d39aa2350670134bb5/ld-2.15.so)

[run](/uploads/01be57442009a75cf2f59cbcf53474f4/run)