Bug#212048: [ahu@ds9a.nl: reassign]
At Mon, 22 Sep 2003 13:44:54 +0200,
bert hubert wrote:
> After comparing notes and retrying on g++-2.95.2, g++-3.2 and g++-3.3 and
> seeing the bug in all places, Wichert Akkerman suggested reassigning the bug
> to libc6 and changing its severity to 'serious'.
>
> The problem shows on stock debian sid.
>
> The problem does not show on SuSE or Red Hat, but does plague Debian with
> very very new glibc + nptl, suggesting either something rotten with recent
> glibc's or problems on a more fundamental level.
>
> Christian Leber narrowed it down to:
>
> works: * this is glibc as of 2003-07-02T11:06:49-0700 and nptl 0.52
> crash: * this is glibc as of 2003-07-15T01:00:00-0700 and nptl 0.53
>
> So something happened in between. Many thanks to Christian Leber for
> providing the above dates!
I think there is no relation with NPTL. 2003-07-08 glibc placed at:
http://people.debian.org/~gotom/glibc/2.3.2-1.test.20030708/
works well. (This bug may be introduced in 2003-07-15 Uli's
modification for misc/syslog.c. I guess it's modified for one of libc
cancelation works. But no confidence.)
BTW, using nm -C:
gotom@celesta:~/debian/custom/glibc/bugs/212048> ./static
Smells like a 10
gotom@celesta:~/debian/custom/glibc/bugs/212048> nm -C static | grep func
08048304 t global constructors keyed to func()
It's same result with the crashed version. Actually this
__libc_lock_define_initialized(CLASS,NAME) is pthread mutex
initializer with CLASS == static.
I started to track down with gdb, but I don't know good way to chase
these CIE/FDE. Some result is attached. If you know the good
introduction to learn about them, please let me know :)
(gdb) b get_cie_encoding
Breakpoint 1 at 0x808c7c6
(gdb) run
Starting program: /home/data/gotom/debian/custom/glibc/bugs/212048/static.0715
c
Breakpoint 1, 0x0808c7c6 in get_cie_encoding ()
(gdb) c
Continuing.
Breakpoint 1, 0x0808c7c6 in get_cie_encoding ()
... (continue * 14)
(gdb) disas
Dump of assembler code for function get_cie_encoding:
0x0808c7c0 <get_cie_encoding+0>: push %ebp
0x0808c7c1 <get_cie_encoding+1>: mov %esp,%ebp
0x0808c7c3 <get_cie_encoding+3>: sub $0x38,%esp
0x0808c7c6 <get_cie_encoding+6>: mov %esi,0xfffffff8(%ebp)
0x0808c7c9 <get_cie_encoding+9>: mov 0x8(%ebp),%esi
0x0808c7cc <get_cie_encoding+12>: mov %ebx,0xfffffff4(%ebp)
0x0808c7cf <get_cie_encoding+15>: mov %edi,0xfffffffc(%ebp)
0x0808c7d2 <get_cie_encoding+18>: lea 0x9(%esi),%edi
0x0808c7d5 <get_cie_encoding+21>: call 0x807c6ba <__i686.get_pc_thunk.bx>
0x0808c7da <get_cie_encoding+26>: add $0x858ae,%ebx
0x0808c7e0 <get_cie_encoding+32>: cmpb $0x7a,0x9(%esi)
...
(gdb) stepi
0x0808c7d2 in get_cie_encoding ()
(gdb)
0x0808c7d5 in get_cie_encoding ()
(gdb)
0x0807c6ba in __i686.get_pc_thunk.bx () <- movl (%esp), %ebx
(gdb)
0x0807c6bd in __i686.get_pc_thunk.bx ()
(gdb)
0x0808c7da in get_cie_encoding ()
(gdb)
0x0808c7e0 in get_cie_encoding ()
(gdb)
Program received signal SIGSEGV, Segmentation fault.
0x0808c7e0 in get_cie_encoding ()
(gdb) p/x $esi
$1 = 0x7a0e4ea
(gdb) p/x *($esi + 9)
Cannot access memory at address 0x7a0e4f3
(gdb) p/x *($esi)
Cannot access memory at address 0x7a0e4ea
Regards,
-- gotom
Reply to: