[Bug 279901] glibc-2.39-2 and above on the host segfault
- In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 279901] glibc-2.39-2 and above on the host segfault"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 21 Jul 2024 16:22:56 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279901
bugzilla@tunedal.net changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bugzilla@tunedal.net
--- Comment #11 from bugzilla@tunedal.net ---
Is this the kind of thing you need? "disas" didn't work, so I tried dumping the
instructions near the program counter instead. (I have no idea what I'm doing
when it comes to gdb.)
root@localhost:~# gdb --core=python3.core
GNU gdb (Debian 13.2-1+b2) 13.2
...
Core was generated by `python3'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0000000000553914 in ?? ()
(gdb) bt
#0 0x0000000000553914 in ?? ()
#1 0x0000000000000000 in ?? ()
(gdb) disas
No function contains program counter for selected frame.
(gdb) x/50i ($pc - 100)
0x5538b0: test %eax,%eax
0x5538b2: je 0x554064
0x5538b8: test %eax,%eax
0x5538ba: jns 0x55406d
0x5538c0: mov %r14,%r12
0x5538c3: cmp %r14,%r15
0x5538c6: jae 0x553f1d
0x5538cc: mov %ebp,%r14d
0x5538cf: shr $0x6,%bpl
0x5538d3: lea 0x28(%r13),%rax
0x5538d7: mov %r13,0x28(%rsp)
0x5538dc: and $0x1,%ebp
0x5538df: shr $0x5,%r14b
0x5538e3: mov %rax,0x10(%rsp)
0x5538e8: mov %r12,%r13
0x5538eb: mov %bpl,0x8(%rsp)
0x5538f0: and $0x1,%r14d
0x5538f4: mov %rbx,0x30(%rsp)
0x5538f9: mov %r14d,%ebx
0x5538fc: mov %r8,%r14
0x5538ff: mov %r13,%rax
0x553902: mov %r14,%rdx
0x553905: sub %r15,%rax
0x553908: sar $0x4,%rax
0x55390c: lea (%r15,%rax,8),%rbp
0x553910: mov 0x0(%rbp),%rsi
=> 0x553914: mov 0x10(%rsi),%r12
0x553918: movzbl 0x20(%rsi),%eax
0x55391c: cmp %r14,%r12
0x55391f: cmovle %r12,%rdx
0x553923: test $0x20,%al
0x553925: je 0x451a14
0x55392b: test $0x40,%al
0x55392d: je 0x554dfc
0x553933: add $0x28,%rsi
0x553937: test %bl,%bl
0x553939: je 0x555085
0x55393f: cmpb $0x0,0x8(%rsp)
0x553944: je 0x554018
0x55394a: mov 0x10(%rsp),%rdi
0x55394f: call 0x4217f0
0x553954: test %eax,%eax
0x553956: je 0x554030
0x55395c: test %eax,%eax
0x55395e: jns 0x554040
0x553964: cmp %rbp,%r15
0x553967: jae 0x55404d
0x55396d: mov %rbp,%r13
0x553970: jmp 0x5538ff
0x553972: nopw 0x0(%rax,%rax,1)
And for vim:
root@localhost:~# gdb --core=vim.core
GNU gdb (Debian 13.2-1+b2) 13.2
...
Core was generated by `vim'.
Program terminated with signal SIGABRT, Aborted.
#0 0x00007fee03ec47a7 in ?? ()
(gdb) bt
#0 0x00007fee03ec47a7 in ?? ()
#1 0x0000559fc8dc4831 in ?? ()
#2 0x00007fffc3822820 in ?? ()
#3 0x00000000000001a6 in ?? ()
#4 0x00007fee03de9440 in ?? ()
#5 <signal handler called>
#6 0x00007fee03f1339c in ?? ()
#7 0x00007fffc3822860 in ?? ()
#8 0x2c0d8adf099bf900 in ?? ()
#9 0x0000000000000006 in ?? ()
#10 0x00007fee03de9440 in ?? ()
#11 0x00007fffc3822820 in ?? ()
#12 0x00007fffc3822820 in ?? ()
#13 0x00007fffc3822820 in ?? ()
#14 0x00007fee03ec44f2 in ?? ()
#15 0x00007fee04060b50 in ?? ()
#16 0x00007fee03ead4ed in ?? ()
#17 0x0000000000000020 in ?? ()
#18 0x0000000000000000 in ?? ()
(gdb) x/50i ($pc - 100)
0x7fee03ec4743: jne 0x7fee03ec4652
0x7fee03ec4749: xor %edx,%edx
0x7fee03ec474b: xor %esi,%esi
0x7fee03ec474d: jmp 0x7fee03ec4652
0x7fee03ec4752: nopw 0x0(%rax,%rax,1)
0x7fee03ec4758: mov 0x19a699(%rip),%rdx # 0x7fee0405edf8
0x7fee03ec475f: neg %eax
0x7fee03ec4761: mov %eax,%fs:(%rdx)
0x7fee03ec4764: mov $0xffffffff,%edx
0x7fee03ec4769: jmp 0x7fee03ec4717
0x7fee03ec476b: call 0x7fee03f98b20
0x7fee03ec4770: sub $0x8,%rsp
0x7fee03ec4774: call 0x7fee03f18220
0x7fee03ec4779: test %eax,%eax
0x7fee03ec477b: jne 0x7fee03ec4788
0x7fee03ec477d: add $0x8,%rsp
0x7fee03ec4781: ret
0x7fee03ec4782: nopw 0x0(%rax,%rax,1)
0x7fee03ec4788: mov 0x19a669(%rip),%rdx # 0x7fee0405edf8
0x7fee03ec478f: mov %eax,%fs:(%rdx)
0x7fee03ec4792: mov $0xffffffff,%eax
0x7fee03ec4797: jmp 0x7fee03ec477d
0x7fee03ec4799: nopl 0x0(%rax)
0x7fee03ec47a0: mov $0x3e,%eax
0x7fee03ec47a5: syscall
=> 0x7fee03ec47a7: cmp $0xfffffffffffff001,%rax
0x7fee03ec47ad: jae 0x7fee03ec47b0
0x7fee03ec47af: ret
0x7fee03ec47b0: mov 0x19a641(%rip),%rcx # 0x7fee0405edf8
0x7fee03ec47b7: neg %eax
0x7fee03ec47b9: mov %eax,%fs:(%rcx)
0x7fee03ec47bc: or $0xffffffffffffffff,%rax
0x7fee03ec47c0: ret
0x7fee03ec47c1: cs nopw 0x0(%rax,%rax,1)
0x7fee03ec47cb: nopl 0x0(%rax,%rax,1)
0x7fee03ec47d0: mov $0x8,%esi
0x7fee03ec47d5: mov $0x7f,%eax
0x7fee03ec47da: syscall
0x7fee03ec47dc: cmp $0xfffffffffffff000,%rax
0x7fee03ec47e2: ja 0x7fee03ec47e8
0x7fee03ec47e4: ret
0x7fee03ec47e5: nopl (%rax)
0x7fee03ec47e8: mov 0x19a609(%rip),%rdx # 0x7fee0405edf8
0x7fee03ec47ef: neg %eax
0x7fee03ec47f1: mov %eax,%fs:(%rdx)
0x7fee03ec47f4: mov $0xffffffff,%eax
0x7fee03ec47f9: ret
0x7fee03ec47fa: nopw 0x0(%rax,%rax,1)
0x7fee03ec4800: cmpb $0x0,0x1a2839(%rip) # 0x7fee04067040
0x7fee03ec4807: je 0x7fee03ec4820
To get the above output, I used the latest Debian Sid nocloud image:
https://cloud.debian.org/cdimage/cloud/sid/daily/20240721-1815/debian-sid-nocloud-amd64-daily-20240721-1815.tar.xz
I ran it on Bhyve on AMD to get the core dump and on KVM on Intel to debug it.
The debug version of Python (python3-dbg) doesn't crash, so I don't know how to
get debug symbols.
--
You are receiving this mail because:
You are the assignee for the bug.