|
From: Paul F. <pj...@wa...> - 2020-02-12 16:49:08
|
Hi
Currently if I run memcheck under gd I'm gett ing a sigsegv. I don't get this when running outside of gdb. (on Linux amd64, a fairly old gdb, 7.11.1-86.fc24)
The test application just does one trivial malloc
#include
int main(void)
{
int* pi = malloc(4);
}
Judging by the scheduler output, the code being executed is in ld.so dl_main.
I set the following breakpoints
(gdb) info breakpoints
Num Type Disp Enb Address What
1 breakpoint keep y 0x00000000580694c4 in vgPlain_translate at m_translate.c:1599
stop only if bbs_done == 509
breakpoint already hit 1 time
2 breakpoint keep n 0x00000000580c3b00 in run_thread_for_a_while at m_scheduler/scheduler.c:933
The first was based on the last message that I saw, with the condition bbs_done == 509.
The second breakpoint is just to get closer to the crash site a bit more quickly.
The last code to execute in 'run_a_thread_for_a_while' is
>│1031 SCHEDSETJMP(
│1032 tid,
│1033 jumped,
│1034 VG_(disp_run_translations)(
│1035 two_words,
│1036 (volatile void*)&tst->arch.vex,
│1037 host_code_addr
│1038 )
│1039 );
It's VG_(disp_run_translations) that corrupts the stack
The input arguments are
(gdb) p two_words
$3 = (HWord *) 0x1003039eb0
(gdb) p tst->arch.vex
$4 = {host_EvC_FAILADDR = 1477127896, host_EvC_COUNTER = 99491, pad0 = 0, guest_RAX = 0, guest_RCX = 69357824, guest_RDX = 0, guest_RBX = 69357824, guest_RSP = 137422176144, guest_RBP = 137422176656, guest_RSI = 67109208,
guest_RDI = 137422180173, guest_R8 = 67235712, guest_R9 = 1, guest_R10 = 4, guest_R11 = 69359304, guest_R12 = 1, guest_R13 = 1879048225, guest_R14 = 69357872, guest_R15 = 0, guest_CC_OP = 20, guest_CC_DEP1 = 137422180173,
guest_CC_DEP2 = 0, guest_CC_NDEP = 0, guest_DFLAG = 1, guest_RIP = 67128168, guest_ACFLAG = 0, guest_IDFLAG = 0, guest_FS_CONST = 0, guest_SSEROUND = 0, guest_YMM0 = {0, 0, 0, 0, 0, 0, 0, 0}, guest_YMM1 = {1, 0, 1651076143,
1815032886, 0, 0, 0, 0}, guest_YMM2 = {0, 65793, 0, 0, 0, 0, 0, 0}, guest_YMM3 = {0, 0, 0, 0, 0, 0, 0, 0}, guest_YMM4 = {0, 0, 0, 0, 0, 0, 0, 0}, guest_YMM5 = {0, 0, 0, 0, 0, 0, 0, 0}, guest_YMM6 = {0, 0, 0, 0, 0, 0, 0, 0},
guest_YMM7 = {0, 0, 0, 0, 0, 0, 0, 0}, guest_YMM8 = {0, 0, 0, 0, 0, 0, 0, 0}, guest_YMM9 = {0, 0, 0, 0, 0, 0, 0, 0}, guest_YMM10 = {0, 0, 0, 0, 0, 0, 0, 0}, guest_YMM11 = {0, 0, 0, 0, 0, 0, 0, 0}, guest_YMM12 = {0, 0, 0, 0, 0, 0, 0,
0}, guest_YMM13 = {0, 0, 0, 0, 0, 0, 0, 0}, guest_YMM14 = {0, 0, 0, 0, 0, 0, 0, 0}, guest_YMM15 = {0, 0, 0, 0, 0, 0, 0, 0}, guest_YMM16 = {0, 0, 0, 0, 0, 0, 0, 0}, guest_FTOP = 0, pad1 = 0, guest_FPREG = {0, 0, 0, 0, 0, 0, 0, 0},
guest_FPTAG = "\000\000\000\000\000\000\000", guest_FPROUND = 0, guest_FC3210 = 0, guest_EMNOTE = 0, pad2 = 0, guest_CMSTART = 0, guest_CMLEN = 0, guest_NRADDR = 0, guest_SC_CLASS = 0, guest_GS_CONST = 0, guest_IP_AT_SYSCALL = 0,
pad3 = 0}
(gdb) p host_code_addr
$5 = 68770170016
At the end of VG_(disp_run_translations) there is
jmpq *%rdx
rdx 0x10030584a0 68770170016
and
(gdb) p/x *$rdx
$11 = 0x79084dff
gdb can't disassemble this address
stepping into the jump causes the segfault.
Going back to 'run_a_thread_for_a_while', 'host_code_addr' is coming from VG_(lookupInFastCache)
Any ideas why this address is getting into the cache?
A+
Paul
|
|
From: Paul F. <pj...@wa...> - 2020-02-12 18:50:58
|
Arrgh please ignore. I had forgotten to set the signal handlers. A+ Paul |