amd64/119771: troubles w/ -m32 executables on both amd64 and i386

Isupov A.Yu. isupov at moonhe.jinr.ru
Fri Jan 18 02:20:02 PST 2008


>Number:         119771
>Category:       amd64
>Synopsis:       troubles w/ -m32 executables on both amd64 and i386
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-amd64
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 18 10:20:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Isupov A.Yu.
>Release:        FreeBSD 6.2-RELEASE amd64
>Organization:
LHE, JINR
>Environment:
	Binaries produced under:
	(uname -a)
FreeBSD tempor.jinr.ru 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Thu Jan  3 21:11:58
MSK 2008     isupov at tempor.jinr.ru:/usr/src/sys/amd64/compile/MOONHE  amd64

	with three library sets:
	/usr/lib32 -	1) originally distributed w/ amd64 6.2-RELEASE
			2) distributed w/ i386 6.2-RELEASE as /usr/lib
			3) distributed w/ i386 6.0-RELEASE as /usr/lib

	Binaries executed under:
	1)
FreeBSD tempor.jinr.ru 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Thu Jan  3 21:11:58
MSK 2008     isupov at tempor.jinr.ru:/usr/src/sys/amd64/compile/TEMPOR  amd64

	2)
FreeBSD tempor.jinr.ru 6.2-RELEASE FreeBSD 6.2-RELEASE #1: Sat Jan  5 19:01:25
MSK 2008     isupov at tempor.jinr.ru:/usr/src/sys/i386/compile/TEMPOR  i386

	3)
FreeBSD moonhe.jinr.ru 6.0-RELEASE FreeBSD 6.0-RELEASE #2: Thu Oct  5 10:23:22
MSD 2006     isupov at moonhe.jinr.ru:/usr/sys/i386/compile/MOONHE  i386

	amd64 and i386 6.2-RELEASE: Athlon64 X2 5600+ based
		m/b ECS C51PVGM-M Socket AM2 (nVIDIA C51PVG+MCP51/G) mkATX
	i386 6.0-RELEASE: Athlon XP 2500+ based
		m/b Abit KX7-333R SocketA (VIA KT333) ATX

>Description:

	Code mentioned in How-To-Repeat: obtains SIGSEGV:
6.0-RELEASE i386> ./ddd
f=0
cur=-1 max=2.14748e+09
Segmentation fault (core dumped)

	due to stack frames damage, as we can see:

6.0-RELEASE i386> gdb ./ddd ddd.core
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
Core was generated by `ddd'.
Program terminated with signal 11, Segmentation fault.
#0  0x7fffffff in ?? ()
(gdb) bt
#0  0x7fffffff in ?? ()
#1  0xbfbfdeb4 in ?? ()
#2  0x00000000 in ?? ()
#3  0x00000000 in ?? ()
#4  0x00000001 in ?? ()
#5  0xbfbfdf10 in ?? ()
#6  0x00000000 in ?? ()
#7  0xbfbfdec8 in ?? ()
#8  0x080515b5 in atexit ()
Cannot access memory at address 0x3
(gdb) q

	Step-by-steping under debugger shows, that SIGSEGV generated during return
	from bbb() to main(), while really stack frames damaged after
	return from getrlimit(2):

6.0-RELEASE i386> gdb ./ddd 
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
(gdb) break main
Breakpoint 1 at 0x804825c: file ddd.c, line 41.
(gdb) run
Starting program: /home/users/alis/misc/F/F+C/ddd 

Breakpoint 1, main () at ddd.c:41
41              float f=0.0;
(gdb) step
43              printf("f=%g\n", f);
(gdb) 
f=0
44              bbb(&f);
(gdb) 
bbb (f=0xbfbfde84) at ddd.c:18
18              if (!flag)
(gdb) 
21              if (!getrlimit(RLIMIT_CPU, &rlim)) {
(gdb) info frame 0
Stack frame at 0xbfbfde60:
 eip = 0x80481d1 in bbb (ddd.c:21); saved eip 0x8048282
 called by frame at 0xbfbfde90
 source language c.
 Arglist at 0xbfbfde58, args: f=0xbfbfde84
 Locals at 0xbfbfde58, Previous frame's sp is 0xbfbfde60
 Saved registers:
  ebp at 0xbfbfde58, eip at 0xbfbfde5c
(gdb) info frame 1
Stack frame at 0xbfbfde90:
 eip = 0x8048282 in main (ddd.c:44); saved eip 0x8048106
 caller of frame at 0xbfbfde60
 source language c.
 Arglist at 0xbfbfde88, args: 
 Locals at 0xbfbfde88, Previous frame's sp is 0xbfbfde90
 Saved registers:
  ebp at 0xbfbfde88, eip at 0xbfbfde8c
(gdb) step
22                      printf("cur=%g max=%g\n",
(gdb) info frame 0
Stack frame at 0xbfbfde60:
 eip = 0x80481e8 in bbb (ddd.c:22); saved eip 0x7fffffff
 called by frame at 0xbfbfde64
 source language c.
 Arglist at 0xbfbfde58, args: f=0xbfbfde84
 Locals at 0xbfbfde58, Previous frame's sp is 0xbfbfde60
 Saved registers:
  ebp at 0xbfbfde58, eip at 0xbfbfde5c
(gdb) info frame 1
Stack frame at 0xbfbfde64:
 eip = 0x7fffffff; saved eip 0xbfbfde84
 called by frame at 0xbfbfde68, caller of frame at 0xbfbfde60
 Arglist at 0xbfbfde5c, args: 
 Locals at 0xbfbfde5c, Previous frame's sp is 0xbfbfde64
 Saved registers:
  ebp at 0xbfbfde58, eip at 0xbfbfde60
(gdb) info frame 2
Stack frame at 0xbfbfde68:
 eip = 0xbfbfde84; saved eip 0x0
 called by frame at 0xbfbfde6c, caller of frame at 0xbfbfde64
 Arglist at 0xbfbfde60, args: 
 Locals at 0xbfbfde60, Previous frame's sp is 0xbfbfde68
 Saved registers:
  ebp at 0xbfbfde58, eip at 0xbfbfde64
(gdb) info frame 3
Stack frame at 0xbfbfde6c:
 eip = 0x0; saved eip 0x0
 called by frame at 0xbfbfde70, caller of frame at 0xbfbfde68
 Arglist at 0xbfbfde64, args: 
 Locals at 0xbfbfde64, Previous frame's sp is 0xbfbfde6c
 Saved registers:
  ebp at 0xbfbfde58, eip at 0xbfbfde68
(gdb) step
cur=-1 max=2.14748e+09
25                      if (rlim.rlim_cur != RLIM_INFINITY)
(gdb) 
28                              *f = (float)rlim.rlim_max;
(gdb) 
36              flag = 0;
(gdb) 
37      }
(gdb) 

Program received signal SIGSEGV, Segmentation fault.
0x7fffffff in ?? ()
(gdb) c
Continuing.

Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
(gdb) q

	Some another syscalls, for example getpid(2) or getpriority(2),
	does not produce such effect.

	Picture under i386 and amd64 6.2-RELEASE very similar:

6.2-RELEASE amd64> ./ddd
f=0
cur=-1 max=2.14748e+09
Segmentation fault (core dumped)

6.2-RELEASE amd64> gdb ./ddd ddd.core
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...
Core was generated by `ddd'.
Program terminated with signal 11, Segmentation fault.
#0  0x7fffffff in ?? ()
(gdb) bt
#0  0x7fffffff in ?? ()
#1  0xffffced4 in ?? ()
#2  0x00000000 in ?? ()
#3  0x00000000 in ?? ()
#4  0x00000001 in ?? ()
#5  0xffffcf28 in ?? ()
#6  0x00000000 in ?? ()
#7  0xffffcee8 in ?? ()
#8  0x080515b5 in atexit ()
Cannot access memory at address 0x3
(gdb) q

6.2-RELEASE amd64> gdb ./ddd 
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...
(gdb) break main
Breakpoint 1 at 0x804825c: file ddd.c, line 41.
(gdb) run
Starting program: /home/users/alis/misc/F/F+C/ddd 

Breakpoint 1, main () at ddd.c:41
41              float f=0.0;
(gdb) step
43              printf("f=%g\n", f);
(gdb) 
f=0
44              bbb(&f);
(gdb) 
bbb (f=0xffffcea4) at ddd.c:18
18              if (!flag)
(gdb) 
21              if (!getrlimit(RLIMIT_CPU, &rlim)) {
(gdb) info frame 0
Stack frame at 0xffffce80:
 eip = 0x80481d1 in bbb (ddd.c:21); saved eip 0x8048282
 called by frame at 0xffffceb0
 source language c.
 Arglist at 0xffffce78, args: f=0xffffcea4
 Locals at 0xffffce78, Previous frame's sp is 0xffffce80
 Saved registers:
  ebp at 0xffffce78, eip at 0xffffce7c
(gdb) info frame 1
Stack frame at 0xffffceb0:
 eip = 0x8048282 in main (ddd.c:44); saved eip 0x8048106
 caller of frame at 0xffffce80
 source language c.
 Arglist at 0xffffcea8, args: 
 Locals at 0xffffcea8, Previous frame's sp is 0xffffceb0
 Saved registers:
  ebp at 0xffffcea8, eip at 0xffffceac
(gdb) step
22                      printf("cur=%g max=%g\n",
(gdb) info frame 0
Stack frame at 0xffffce80:
 eip = 0x80481e8 in bbb (ddd.c:22); saved eip 0x7fffffff
 called by frame at 0xffffce84
 source language c.
 Arglist at 0xffffce78, args: f=0xffffcea4
 Locals at 0xffffce78, Previous frame's sp is 0xffffce80
 Saved registers:
  ebp at 0xffffce78, eip at 0xffffce7c
(gdb) info frame 1
Stack frame at 0xffffce84:
 eip = 0x7fffffff; saved eip 0xffffcea4
 called by frame at 0xffffce88, caller of frame at 0xffffce80
 Arglist at 0xffffce7c, args: 
 Locals at 0xffffce7c, Previous frame's sp is 0xffffce84
 Saved registers:
  ebp at 0xffffce78, eip at 0xffffce80
(gdb) info frame 2
Stack frame at 0xffffce88:
 eip = 0xffffcea4; saved eip 0x0
 called by frame at 0xffffce8c, caller of frame at 0xffffce84
 Arglist at 0xffffce80, args: 
 Locals at 0xffffce80, Previous frame's sp is 0xffffce88
 Saved registers:
  ebp at 0xffffce78, eip at 0xffffce84
(gdb) info frame 3
Stack frame at 0xffffce8c:
 eip = 0x0; saved eip 0x0
 called by frame at 0xffffce90, caller of frame at 0xffffce88
 Arglist at 0xffffce84, args: 
 Locals at 0xffffce84, Previous frame's sp is 0xffffce8c
 Saved registers:
  ebp at 0xffffce78, eip at 0xffffce88
(gdb) step
cur=-1 max=2.14748e+09
25                      if (rlim.rlim_cur != RLIM_INFINITY)
(gdb) 
28                              *f = (float)rlim.rlim_max;
(gdb) 
36              flag = 0;
(gdb) 
37      }
(gdb) 

Program received signal SIGSEGV, Segmentation fault.
0x7fffffff in ?? ()
(gdb) c
Continuing.

Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
(gdb) q

	I think, this problem similar or connected with one in the
	amd64/110655 bug report ?

>How-To-Repeat:
	Following very simple code ddd.c
	---------cut here---------
#include <sys/types.h>
#include <sys/time.h>
#include <sys/resource.h>

#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>

static int flag = 1;

void bbb(float *);

void bbb(float *f)
{
	struct rlimit rlim;

	if (!flag)
		return;

	if (!getrlimit(RLIMIT_CPU, &rlim)) {
		printf("cur=%g max=%g\n",
			(float)rlim.rlim_cur, (float)rlim.rlim_max);

		if (rlim.rlim_cur != RLIM_INFINITY)
			*f = (float)rlim.rlim_cur;
		else
			*f = (float)rlim.rlim_max;
	} else {
#ifdef CURE
		printf("errno=%i (%s)\n", errno, strerror(errno));
#else
		printf("errno=%i\n", errno);
#endif
	}
	flag = 0;
}

int main()
{
	float f=0.0;

	printf("f=%g\n", f);
	bbb(&f);
	printf("f=%g\n", f);

	f = 0.0;

	printf("f=%g\n", f);
	bbb(&f);
	printf("f=%g\n", f);

	exit(0);
}

	---------cut here---------
	compiled by following command line

	cc -g -W -Wall -m32 -static -B/usr/lib32 -o ddd ddd.c

	with 2) and 3) library sets ( mentioned in Environment: )
	produces SIGSEGV during execution under each of
	1) 6.2-RELEASE amd64
	2) 6.2-RELEASE i386
	3) 6.0-RELEASE i386

	Another trouble with 1) library set that the same code
	produces SIGILL under both i386 systems while still produce SIGSEGV
	under amd64. However we can see damaged stack frames in the ./ddd and
	normal in the ./ddd.CURE (compiled w/ -DCURE, see Fix: )

6.0-RELEASE i386> ./ddd.CURE
f=0
Illegal instruction (core dumped)

6.0-RELEASE i386> gdb ./ddd.CURE ddd.CURE.core
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
Core was generated by `ddd.CURE'.
Program terminated with signal 4, Illegal instruction.
#0  0x0804e258 in __dtoa ()
(gdb) bt
#0  0x0804e258 in __dtoa ()
#1  0x0804c710 in __vfprintf ()
#2  0x0804dc3e in vfprintf ()
#3  0x08049b81 in printf ()
#4  0x08048216 in bbb (f=0xbfbfded4) at ddd.c:22
#5  0x080482b2 in main () at ddd.c:44
(gdb) q

6.0-RELEASE i386> ./ddd
f=0
Illegal instruction (core dumped)

6.0-RELEASE i386> gdb ./ddd ddd.core
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
Core was generated by `ddd'.
Program terminated with signal 4, Illegal instruction.
#0  0x0804e038 in __dtoa ()
(gdb) bt
#0  0x0804e038 in __dtoa ()
#1  0x0804c4f0 in __vfprintf ()
#2  0x0804da1e in vfprintf ()
#3  0x08049a31 in printf ()
#4  0x08048212 in bbb (f=0xbfbfded4) at ddd.c:22
#5  0x7fffffff in ?? ()
#6  0xbfbfded4 in ?? ()
#7  0x00000000 in ?? ()
#8  0x00000000 in ?? ()
#9  0x080520c9 in atexit ()
Cannot access memory at address 0x3
(gdb) q

>Fix:
	Unknown for both SIGSEGV and SIGILL.

	SIGSEGV effect too subtle, because as workaround we can use, for
	example, #ifdef CURE cludge (see ddd.c text), which produces
	workable binary with -DCURE and 2) or 3) library sets.

	SIGILL with 1) library set effect possibly requires more accurate
	building of the /usr/lib32 under amd64.

>Release-Note:
>Audit-Trail:
>Unformatted:
 


More information about the freebsd-amd64 mailing list