qemu: uncaught target signal 5 (Trace/breakpoint trap)
Host environment
- Architecture: X86_64
- QEMU flavor:
qemu-arm hello
qemu: uncaught target signal 5 (Trace/breakpoint trap) - core dumped - QEMU version: qemu-arm version 6.2.0 Copyright (c) 2003-2021 Fabrice Bellard and the QEMU Project developers
Description of problem
I'm getting core dumped when running the attached a.out_err binary in qemu, but when using Gdb to remote-debug the program, it exited normally. will appreciate if you can help look into this qemu issue.
And I found that QEMU's 32-bit arm linux-user mode doesn't correctly turn guest BKPT insns into SIGTRAP signal.
0xa602 <_start> movs r0, #22
0xa604 <_start+2> addw r1, pc, #186 ; 0xba
0xa608 <_start+6> bkpt 0x00ab
$readelf -h hello
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: ARM
Version: 0x1
Entry point address: 0xa603
Start of program headers: 52 (bytes into file)
Start of section headers: 144128 (bytes into file)
Flags: 0x5000200, Version5 EABI, soft-float ABI
Size of this header: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 5
Size of section headers: 40 (bytes)
Number of section headers: 16
Section header string table index: 14
And I have check that the bug(https://bugs.launchpad.net/qemu/+bug/1873898) is fixed.
But it's coredump.
I found that bkpt instruction is not recognized, the bkpt is in 0x0000a608.
host:
$qemu-arm -g 12345 hello
service:
$gdb-multiarch hello
(gdb) target remote localhost:12345
Remote debugging using localhost:12345
0x0000a602 in _start ()
(gdb) ni
0x0000a604 in _start ()
(gdb)
0x0000a608 in _start ()
(gdb)
0x0000a608 in _start ()
Another way to check:
$gdb qemu-arm
(gdb) run hello
(gdb) bt
#0 0x00007ffff79474ba in __GI___sigsuspend (set=set@entry=0x7fffffffd9d8) at ../sysdeps/unix/sysv/linux/sigsuspend.c:26
#1 0x000055555573bfff in dump_core_and_abort (target_sig=target_sig@entry=5) at ../linux-user/signal.c:772
#2 0x000055555573c3c8 in handle_pending_signal (cpu_env=cpu_env@entry=0x555555da5940, sig=sig@entry=5, k=k@entry=0x555555e60e00) at ../linux-user/signal.c:1099
#3 0x000055555573de8c in process_pending_signals (cpu_env=cpu_env@entry=0x555555da5940) at ../linux-user/signal.c:1175
#4 0x0000555555622070 in cpu_loop (env=0x555555da5940) at ../linux-user/arm/cpu_loop.c:472
#5 0x0000555555603cf4 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at ../linux-user/main.c:883
(gdb) up
#1 0x000055555573bfff in dump_core_and_abort (target_sig=target_sig@entry=5) at ../linux-user/signal.c:772
772 sigsuspend(&act.sa_mask);
(gdb)
#2 0x000055555573c3c8 in handle_pending_signal (cpu_env=cpu_env@entry=0x555555da5940, sig=sig@entry=5, k=k@entry=0x555555e60e00) at ../linux-user/signal.c:1099
1099 dump_core_and_abort(sig);
(gdb)
#3 0x000055555573de8c in process_pending_signals (cpu_env=cpu_env@entry=0x555555da5940) at ../linux-user/signal.c:1175
1175 handle_pending_signal(cpu_env, sig, &ts->sync_signal);
(gdb)
#4 0x0000555555622070 in cpu_loop (env=0x555555da5940) at ../linux-user/arm/cpu_loop.c:472
472 process_pending_signals(env);
(gdb) l
467 default:
468 error:
469 EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr);
470 abort();
471 }
472 process_pending_signals(env);
473 }
474 }
475
476 void target_cpu_copy_regs(CPUArchState *env, struct target_pt_regs *regs)
(gdb) p cpu_exec(cs)
$2 = 7
Here process_pending_signals(env) gives SIGTRAP??
Here is my binary: hello