This is an automated cleanup. This bug report has been moved to QEMU's new bug tracker on gitlab.com and thus gets marked as 'expired' now. Please continue with the discussion here:
https://gitlab.com/qemu-project/qemu/-/issues/63 ** Changed in: qemu Status: Confirmed => Expired ** Changed in: qemu Assignee: Philippe Mathieu-Daudé (philmd) => (unassigned) ** Bug watch added: gitlab.com/qemu-project/qemu/-/issues #63 https://gitlab.com/qemu-project/qemu/-/issues/63 -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1663287 Title: Illegal delay slot code causes abort on mips64 Status in QEMU: Expired Bug description: During some randomised testing of an experimental MIPS implementation I found an instruction sequence that also causes aborts on mainline qemu's MIPS support. The problem is triggered by an MSA branch instruction appearing in a delay slot when emulating a processor without MSA support. For example, with the current repository HEAD (f073cd3a2bf1054135271b837c58a7da650dd84b) configured for mips64-softmmu, if I run the attached binary using mips64-softmmu/qemu-system-mips64 -bios ../abort2.bin -machine mipssim -nographic it will report unknown branch 0x13000 Aborted (core dumped) The binary contains the following two instructions: 00200008 jr at 47081e61 bz.b w8,0xffffffffbfc0798c The jr sets up a jump, and hflags is set accordingly in gen_compute_branch (in target/mips/translate.c). When processing the bz.b, check_insn generates an exception because the instruction isn't support, but gen_msa_branch skips the usual delay slot check for the same reason, and sets more bits in hflags, leading to an abort in gen_branch because the hflags are now invalid. I suspect the best fix is to remove the instruction set condition from the delay slot check in gen_msa_branch. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1663287/+subscriptions