Bug#979343: sddm: general protection fault in libQt5Qml.so.5.15.2
Hello everyone,
I added it, and now I got one:
Tue 2021-03-23 20:20:40 CET 2000 109 115 11 present /usr/bin/sddm-greeter
If I extract it, I get:
Executable: /usr/bin/sddm-greeter
...
#9 0x00007fe7b41f5def __clone (libc.so.6 + 0xfddef)
With this "coredumpctl gdb 2000", and when you have gdb installed,
you should get a prompt "(gdb) ".
There a command "bt" should get a better backtrace than the automatic one.
You can get the core file, if you like, at
https://www.helgefjell.de/data/sddm.core
I tried to have a look at this one in the hope I have the same
package versions installed as you, and have received a backtrace
showing we are inside the __run_exit_handlers.
This might explain why you get no issue with it except the logging,
because this process has already done its main work
and is about to end itself.
What I further see is some object destruction going on
with mentioning QV4 - which I believe is tightly related to
Qts javascript engine.
And finally it is in a method QMetaType::destruct, which is
unfortunately about to call a function pointer m_destructor
that consists of some string data.
Getting a traps instead of a segfault might be because of
the function pointer using more than the lower 48 bits, to
which address space is currently limited?
At least a short test with the value 0x0070006d006f0063
leads to such a traps message, using 0x0000006d006f0063
shows a "segfault at" message in dmesg.
But having this string at this position might just be coincidence,
a few debugging details might be found in attached file.
Kind regards,
Bernhard
Core was generated by `/usr/bin/sddm-greeter --socket /tmp/sddm-:0-aSeIQL --theme /usr/share/sddm/them'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 QMetaType::destruct (data=0x563464af9d00, this=0x5634649ea3b8) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qmetatype.h:2375
2375 m_destructor(data);
[Current thread is 1 (Thread 0x7fe7b49fb840 (LWP 2000))]
(gdb) bt
#0 QMetaType::destruct (data=0x563464af9d00, this=0x5634649ea3b8) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qmetatype.h:2375
#1 QV4::Heap::QQmlValueTypeWrapper::destroy (this=0x7fe79833d460) at qml/qqmlvaluetypewrapper.cpp:100
#2 0x00007fe7b52fa55f in QV4::Chunk::sweep (this=0x7fe798330000, engine=0x56346475ffe0) at memory/qv4mm.cpp:349
#3 0x00007fe7b52fa7f3 in operator() (c=<optimized out>, __closure=<synthetic pointer>) at memory/qv4mm.cpp:630
#4 std::__partition<__gnu_cxx::__normal_iterator<QV4::Chunk**, std::vector<QV4::Chunk*> >, QV4::BlockAllocator::sweep()::<lambda(QV4::Chunk*)> > (__pred=..., __last=0x2, __first=0x7fe798330000) at /usr/include/c++/10/bits/stl_algo.h:1515
#5 std::partition<__gnu_cxx::__normal_iterator<QV4::Chunk**, std::vector<QV4::Chunk*> >, QV4::BlockAllocator::sweep()::<lambda(QV4::Chunk*)> > (__pred=..., __last=..., __first=...) at /usr/include/c++/10/bits/stl_algo.h:4673
#6 QV4::BlockAllocator::sweep (this=this@entry=0x56346442fa60) at memory/qv4mm.cpp:631
#7 0x00007fe7b52fb415 in QV4::MemoryManager::sweep (this=this@entry=0x56346442fa50, lastSweep=lastSweep@entry=false, classCountPtr=classCountPtr@entry=0x0) at memory/qv4mm.cpp:994
#8 0x00007fe7b52fbf2d in QV4::MemoryManager::runGC (this=0x56346442fa50) at memory/qv4mm.cpp:1054
#9 0x00007fe7b52fddb5 in QV4::MemoryManager::allocate (size=32, allocator=0x56346442fa60, this=0x56346442fa50) at ../../include/QtQml/5.15.2/QtQml/private/../../../../../src/qml/memory/qv4mm_p.h:307
#10 QV4::MemoryManager::allocString (this=this@entry=0x56346442fa50, unmanagedSize=<optimized out>) at memory/qv4mm.cpp:791
#11 0x00007fe7b536418e in QV4::MemoryManager::allocWithStringData<QV4::String, QString> (arg1=..., unmanagedSize=<optimized out>, this=0x56346442fa50) at ../../include/QtQml/5.15.2/QtQml/private/../../../../../src/qml/memory/qv4mm_p.h:217
#12 QV4::ExecutionEngine::newString (this=this@entry=0x56346475ffe0, s=...) at jsruntime/qv4engine.cpp:894
#13 0x00007fe7b539f688 in QV4::ErrorPrototype::method_toString (b=<optimized out>, thisObject=0x7fe7986b9508) at jsruntime/qv4errorobject.cpp:352
#14 0x00007fe7b541706f in QV4::FunctionObject::call (argc=0, argv=0x0, thisObject=0x7fe7986b9508, this=0x7fe7986b9530) at jsruntime/qv4functionobject_p.h:172
#15 QV4::RuntimeHelpers::ordinaryToPrimitive (engine=engine@entry=0x56346475ffe0, object=object@entry=0x7fe7986b9508, typeHint=typeHint@entry=0x7fe7986b9310) at jsruntime/qv4runtime.cpp:517
#16 0x00007fe7b5417394 in QV4::RuntimeHelpers::objectDefaultValue (object=0x7fe7986b9508, object@entry=0x7fe7986b9518, typeHint=typeHint@entry=2) at jsruntime/qv4runtime.cpp:495
#17 0x00007fe7b541bd75 in QV4::RuntimeHelpers::toPrimitive (typeHint=QV4::STRING_HINT, value=...) at jsruntime/qv4runtime_p.h:123
#18 QV4::Value::toQStringNoThrow (this=this@entry=0x7fe7986b9508) at jsruntime/qv4value.cpp:150
#19 0x00007fe7b536d5de in QV4::ExecutionEngine::catchExceptionAsQmlError (this=this@entry=0x56346475ffe0) at ../../include/QtQml/5.15.2/QtQml/private/../../../../../src/qml/jsruntime/qv4scopedvalue_p.h:234
#20 0x00007fe7b5518412 in QQmlDelayedError::catchJavaScriptException (engine=0x56346475ffe0, this=0x5634647b3860) at qml/qqmljavascriptexpression.cpp:92
#21 QQmlJavaScriptExpression::evaluate (this=this@entry=0x563464a7ac30, callData=<optimized out>, isUndefined=isUndefined@entry=0x7ffe703c9b8f) at qml/qqmljavascriptexpression.cpp:223
#22 0x00007fe7b551d4c4 in QQmlBinding::evaluate (this=this@entry=0x563464a7ac30, isUndefined=isUndefined@entry=0x7ffe703c9b8f) at ../../include/QtQml/5.15.2/QtQml/private/../../../../../src/qml/jsruntime/qv4jscall_p.h:95
#23 0x00007fe7b5521367 in QQmlNonbindingBinding::doUpdate (this=0x563464a7ac30, watcher=..., flags=..., scope=...) at qml/qqmlbinding.cpp:254
#24 0x00007fe7b551f144 in QQmlBinding::update (this=0x563464a7ac30, flags=...) at qml/qqmlbinding.cpp:194
#25 0x00007fe7b54fc1ad in QQmlNotifier::emitNotify (endpoint=<optimized out>, a=0x0) at qml/qqmlnotifier.cpp:104
#26 0x00007fe7b47940d5 in doActivate<false> (sender=0x563464767570, signal_index=12, argv=0x0) at kernel/qobject.cpp:3778
#27 0x00007fe7b4794546 in QtPrivate::QSlotObjectBase::call (a=0x7ffe703cb730, r=0x563464767570, this=0x56346479ddf0) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#28 doActivate<false> (sender=0x7fe798240140, signal_index=0, argv=argv@entry=0x7ffe703cb730) at kernel/qobject.cpp:3886
#29 0x00007fe7b478d8a0 in QMetaObject::activate (sender=sender@entry=0x7fe798240140, m=m@entry=0x7fe7b49ea100 <QObject::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffe703cb730) at kernel/qobject.cpp:3946
#30 0x00007fe7b478d94f in QObject::destroyed (this=this@entry=0x7fe798240140, _t1=<optimized out>, _t1@entry=0x7fe798240140) at .moc/moc_qobject.cpp:219
#31 0x00007fe7b47928cd in QObject::~QObject (this=<optimized out>, __in_chrg=<optimized out>) at kernel/qobject.cpp:992
#32 0x00007fe7b41364d7 in __run_exit_handlers (status=0, listp=0x7fe7b42b6718 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true) at exit.c:108
#33 0x00007fe7b413667a in __GI_exit (status=<optimized out>) at exit.c:139
#34 0x00007fe7b411ed11 in __libc_start_main (main=0x56346320d860 <main(int, char**)>, argc=5, argv=0x7ffe703cb948, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffe703cb938) at ../csu/libc-start.c:342
#35 0x000056346320e04a in _start ()
=> 0x00007fe7b5523ec7 <+23>: call *0x60(%rax)
(gdb) print/x $rax + 0x60
$7 = 0x5634649ea3e0
(gdb) x/1xg $rax + 0x60
0x5634649ea3e0: 0x0070006d006f0063
(gdb) print this->m_destructor
$10 = (QMetaType::Destructor) 0x70006d006f0063
(gdb) x/sh 0x5634649ea3e0-72
0x5634649ea398: u"/usr/share/sddm/themes/debian-theme/components/UserDelegate.qml"
# Bullseye/testing amd64 qemu VM 2021-03-24
echo "set enable-bracketed-paste off" >> /etc/inputrc; bash
apt update
# to speedup testing
mv /etc/manpath.config /etc/manpath.config.renamed
apt install libeatmydata1
export LD_PRELOAD=/usr/lib/$(uname -m)-linux-gnu/libeatmydata.so
apt dist-upgrade
apt install systemd-coredump mc psmisc build-essential qtbase5-dev gdb sddm qml-module-qtquick-layouts qml-module-qtquick-controls plasma-framework plasma-workspace qt5-image-formats-plugins \
sddm-dbgsym libqt5qml5-dbgsym libqt5core5a-dbgsym coreutils-dbgsym
wget https://www.helgefjell.de/data/sddm.core
gdb --core sddm.core
gdb --core sddm.core /usr/bin/sddm-greeter
set width 0
set pagination off
bt
disassemble
(gdb) bt
#0 0x00007fe7b5523ec7 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5
#1 0x00007fe7b52fa55f in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5
#2 0x00007fe7b52fa7f3 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5
#3 0x00007fe7b52fb415 in QV4::MemoryManager::sweep(bool, void (*)(char const*)) () from /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5
#4 0x00007fe7b52fbf2d in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5
#5 0x00007fe7b52fddb5 in QV4::MemoryManager::allocString(unsigned long) () from /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5
#6 0x00007fe7b536418e in QV4::ExecutionEngine::newString(QString const&) () from /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5
#7 0x00007fe7b539f688 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5
#8 0x00007fe7b541706f in QV4::RuntimeHelpers::ordinaryToPrimitive(QV4::ExecutionEngine*, QV4::Object const*, QV4::String*) () from /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5
#9 0x00007fe7b5417394 in QV4::RuntimeHelpers::objectDefaultValue(QV4::Object const*, int) () from /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5
#10 0x00007fe7b541bd75 in QV4::Value::toQStringNoThrow() const () from /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5
#11 0x00007fe7b536d5de in QV4::ExecutionEngine::catchExceptionAsQmlError() () from /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5
#12 0x00007fe7b5518412 in QQmlJavaScriptExpression::evaluate(QV4::CallData*, bool*) () from /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5
#13 0x00007fe7b551d4c4 in QQmlBinding::evaluate(bool*) () from /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5
#14 0x00007fe7b5521367 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5
#15 0x00007fe7b551f144 in QQmlBinding::update(QFlags<QQmlPropertyData::WriteFlag>) () from /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5
#16 0x00007fe7b54fc1ad in QQmlNotifier::emitNotify(QQmlNotifierEndpoint*, void**) () from /usr/lib/x86_64-linux-gnu/libQt5Qml.so.5
#17 0x00007fe7b47940d5 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#18 0x00007fe7b4794546 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#19 0x00007fe7b478d94f in QObject::destroyed(QObject*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#20 0x00007fe7b47928cd in QObject::~QObject() () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#21 0x00007fe7b41364d7 in __run_exit_handlers (status=0, listp=0x7fe7b42b6718 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true) at exit.c:108
#22 0x00007fe7b413667a in __GI_exit (status=<optimized out>) at exit.c:139
#23 0x00007fe7b411ed11 in __libc_start_main (main=0x56346320d860 <main>, argc=5, argv=0x7ffe703cb948, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffe703cb938) at ../csu/libc-start.c:342
#24 0x000056346320e04a in _start ()
Core was generated by `/usr/bin/sddm-greeter --socket /tmp/sddm-:0-aSeIQL --theme /usr/share/sddm/them'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 QMetaType::destruct (data=0x563464af9d00, this=0x5634649ea3b8) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qmetatype.h:2375
2375 m_destructor(data);
[Current thread is 1 (Thread 0x7fe7b49fb840 (LWP 2000))]
(gdb) set width 0
(gdb) set pagination off
(gdb) bt
#0 QMetaType::destruct (data=0x563464af9d00, this=0x5634649ea3b8) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qmetatype.h:2375
#1 QV4::Heap::QQmlValueTypeWrapper::destroy (this=0x7fe79833d460) at qml/qqmlvaluetypewrapper.cpp:100
#2 0x00007fe7b52fa55f in QV4::Chunk::sweep (this=0x7fe798330000, engine=0x56346475ffe0) at memory/qv4mm.cpp:349
#3 0x00007fe7b52fa7f3 in operator() (c=<optimized out>, __closure=<synthetic pointer>) at memory/qv4mm.cpp:630
#4 std::__partition<__gnu_cxx::__normal_iterator<QV4::Chunk**, std::vector<QV4::Chunk*> >, QV4::BlockAllocator::sweep()::<lambda(QV4::Chunk*)> > (__pred=..., __last=0x2, __first=0x7fe798330000) at /usr/include/c++/10/bits/stl_algo.h:1515
#5 std::partition<__gnu_cxx::__normal_iterator<QV4::Chunk**, std::vector<QV4::Chunk*> >, QV4::BlockAllocator::sweep()::<lambda(QV4::Chunk*)> > (__pred=..., __last=..., __first=...) at /usr/include/c++/10/bits/stl_algo.h:4673
#6 QV4::BlockAllocator::sweep (this=this@entry=0x56346442fa60) at memory/qv4mm.cpp:631
#7 0x00007fe7b52fb415 in QV4::MemoryManager::sweep (this=this@entry=0x56346442fa50, lastSweep=lastSweep@entry=false, classCountPtr=classCountPtr@entry=0x0) at memory/qv4mm.cpp:994
#8 0x00007fe7b52fbf2d in QV4::MemoryManager::runGC (this=0x56346442fa50) at memory/qv4mm.cpp:1054
#9 0x00007fe7b52fddb5 in QV4::MemoryManager::allocate (size=32, allocator=0x56346442fa60, this=0x56346442fa50) at ../../include/QtQml/5.15.2/QtQml/private/../../../../../src/qml/memory/qv4mm_p.h:307
#10 QV4::MemoryManager::allocString (this=this@entry=0x56346442fa50, unmanagedSize=<optimized out>) at memory/qv4mm.cpp:791
#11 0x00007fe7b536418e in QV4::MemoryManager::allocWithStringData<QV4::String, QString> (arg1=..., unmanagedSize=<optimized out>, this=0x56346442fa50) at ../../include/QtQml/5.15.2/QtQml/private/../../../../../src/qml/memory/qv4mm_p.h:217
#12 QV4::ExecutionEngine::newString (this=this@entry=0x56346475ffe0, s=...) at jsruntime/qv4engine.cpp:894
#13 0x00007fe7b539f688 in QV4::ErrorPrototype::method_toString (b=<optimized out>, thisObject=0x7fe7986b9508) at jsruntime/qv4errorobject.cpp:352
#14 0x00007fe7b541706f in QV4::FunctionObject::call (argc=0, argv=0x0, thisObject=0x7fe7986b9508, this=0x7fe7986b9530) at jsruntime/qv4functionobject_p.h:172
#15 QV4::RuntimeHelpers::ordinaryToPrimitive (engine=engine@entry=0x56346475ffe0, object=object@entry=0x7fe7986b9508, typeHint=typeHint@entry=0x7fe7986b9310) at jsruntime/qv4runtime.cpp:517
#16 0x00007fe7b5417394 in QV4::RuntimeHelpers::objectDefaultValue (object=0x7fe7986b9508, object@entry=0x7fe7986b9518, typeHint=typeHint@entry=2) at jsruntime/qv4runtime.cpp:495
#17 0x00007fe7b541bd75 in QV4::RuntimeHelpers::toPrimitive (typeHint=QV4::STRING_HINT, value=...) at jsruntime/qv4runtime_p.h:123
#18 QV4::Value::toQStringNoThrow (this=this@entry=0x7fe7986b9508) at jsruntime/qv4value.cpp:150
#19 0x00007fe7b536d5de in QV4::ExecutionEngine::catchExceptionAsQmlError (this=this@entry=0x56346475ffe0) at ../../include/QtQml/5.15.2/QtQml/private/../../../../../src/qml/jsruntime/qv4scopedvalue_p.h:234
#20 0x00007fe7b5518412 in QQmlDelayedError::catchJavaScriptException (engine=0x56346475ffe0, this=0x5634647b3860) at qml/qqmljavascriptexpression.cpp:92
#21 QQmlJavaScriptExpression::evaluate (this=this@entry=0x563464a7ac30, callData=<optimized out>, isUndefined=isUndefined@entry=0x7ffe703c9b8f) at qml/qqmljavascriptexpression.cpp:223
#22 0x00007fe7b551d4c4 in QQmlBinding::evaluate (this=this@entry=0x563464a7ac30, isUndefined=isUndefined@entry=0x7ffe703c9b8f) at ../../include/QtQml/5.15.2/QtQml/private/../../../../../src/qml/jsruntime/qv4jscall_p.h:95
#23 0x00007fe7b5521367 in QQmlNonbindingBinding::doUpdate (this=0x563464a7ac30, watcher=..., flags=..., scope=...) at qml/qqmlbinding.cpp:254
#24 0x00007fe7b551f144 in QQmlBinding::update (this=0x563464a7ac30, flags=...) at qml/qqmlbinding.cpp:194
#25 0x00007fe7b54fc1ad in QQmlNotifier::emitNotify (endpoint=<optimized out>, a=0x0) at qml/qqmlnotifier.cpp:104
#26 0x00007fe7b47940d5 in doActivate<false> (sender=0x563464767570, signal_index=12, argv=0x0) at kernel/qobject.cpp:3778
#27 0x00007fe7b4794546 in QtPrivate::QSlotObjectBase::call (a=0x7ffe703cb730, r=0x563464767570, this=0x56346479ddf0) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#28 doActivate<false> (sender=0x7fe798240140, signal_index=0, argv=argv@entry=0x7ffe703cb730) at kernel/qobject.cpp:3886
#29 0x00007fe7b478d8a0 in QMetaObject::activate (sender=sender@entry=0x7fe798240140, m=m@entry=0x7fe7b49ea100 <QObject::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffe703cb730) at kernel/qobject.cpp:3946
#30 0x00007fe7b478d94f in QObject::destroyed (this=this@entry=0x7fe798240140, _t1=<optimized out>, _t1@entry=0x7fe798240140) at .moc/moc_qobject.cpp:219
#31 0x00007fe7b47928cd in QObject::~QObject (this=<optimized out>, __in_chrg=<optimized out>) at kernel/qobject.cpp:992
#32 0x00007fe7b41364d7 in __run_exit_handlers (status=0, listp=0x7fe7b42b6718 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true) at exit.c:108
#33 0x00007fe7b413667a in __GI_exit (status=<optimized out>) at exit.c:139
#34 0x00007fe7b411ed11 in __libc_start_main (main=0x56346320d860 <main(int, char**)>, argc=5, argv=0x7ffe703cb948, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffe703cb938) at ../csu/libc-start.c:342
#35 0x000056346320e04a in _start ()
(gdb) disassemble
Dump of assembler code for function _ZN3QV44Heap20QQmlValueTypeWrapper7destroyEv:
0x00007fe7b5523eb0 <+0>: push %rbx
0x00007fe7b5523eb1 <+1>: mov %rdi,%rbx
0x00007fe7b5523eb4 <+4>: mov 0x18(%rdi),%rdi
0x00007fe7b5523eb8 <+8>: test %rdi,%rdi
0x00007fe7b5523ebb <+11>: je 0x7fe7b5523ed3 <_ZN3QV44Heap20QQmlValueTypeWrapper7destroyEv+35>
0x00007fe7b5523ebd <+13>: mov 0x20(%rbx),%rax
0x00007fe7b5523ec1 <+17>: testb $0x8,0x78(%rax)
0x00007fe7b5523ec5 <+21>: jne 0x7fe7b5523f10 <_ZN3QV44Heap20QQmlValueTypeWrapper7destroyEv+96>
=> 0x00007fe7b5523ec7 <+23>: call *0x60(%rax)
0x00007fe7b5523eca <+26>: mov 0x18(%rbx),%rdi
0x00007fe7b5523ece <+30>: call 0x7fe7b52f14c0 <_ZdlPv@plt>
0x00007fe7b5523ed3 <+35>: mov 0x28(%rbx),%rdi
0x00007fe7b5523ed7 <+39>: test %rdi,%rdi
0x00007fe7b5523eda <+42>: je 0x7fe7b5523f08 <_ZN3QV44Heap20QQmlValueTypeWrapper7destroyEv+88>
0x00007fe7b5523edc <+44>: lock subl $0x1,0x8(%rdi)
0x00007fe7b5523ee1 <+49>: jne 0x7fe7b5523f08 <_ZN3QV44Heap20QQmlValueTypeWrapper7destroyEv+88>
0x00007fe7b5523ee3 <+51>: mov (%rdi),%rax
0x00007fe7b5523ee6 <+54>: lea -0x1c59fd(%rip),%rdx # 0x7fe7b535e4f0 <_ZN12QQmlRefCountD0Ev>
0x00007fe7b5523eed <+61>: mov 0x8(%rax),%rax
0x00007fe7b5523ef1 <+65>: cmp %rdx,%rax
0x00007fe7b5523ef4 <+68>: jne 0x7fe7b5523f28 <_ZN3QV44Heap20QQmlValueTypeWrapper7destroyEv+120>
0x00007fe7b5523ef6 <+70>: mov $0x10,%esi
0x00007fe7b5523efb <+75>: pop %rbx
0x00007fe7b5523efc <+76>: jmp 0x7fe7b52f03e0 <_ZdlPvm@plt>
0x00007fe7b5523f01 <+81>: nopl 0x0(%rax)
0x00007fe7b5523f08 <+88>: pop %rbx
0x00007fe7b5523f09 <+89>: ret
0x00007fe7b5523f0a <+90>: nopw 0x0(%rax,%rax,1)
0x00007fe7b5523f10 <+96>: lea 0x38(%rax),%r8
0x00007fe7b5523f14 <+100>: mov %rdi,%rsi
0x00007fe7b5523f17 <+103>: mov %r8,%rdi
0x00007fe7b5523f1a <+106>: call 0x7fe7b52f0ce0 <_ZNK9QMetaType16destructExtendedEPv@plt>
0x00007fe7b5523f1f <+111>: jmp 0x7fe7b5523eca <_ZN3QV44Heap20QQmlValueTypeWrapper7destroyEv+26>
0x00007fe7b5523f21 <+113>: nopl 0x0(%rax)
0x00007fe7b5523f28 <+120>: pop %rbx
0x00007fe7b5523f29 <+121>: jmp *%rax
End of assembler dump.
(gdb) print/x $sp
$1 = 0x7ffe703c94d0
(gdb) x/64xb 0x7ffe703c94d0-32
0x7ffe703c94b0: 0xd0 0x00 0x33 0x98 0xe7 0x7f 0x00 0x00
0x7ffe703c94b8: 0x00 0x00 0x00 0x00 0xaa 0x02 0x00 0x00
0x7ffe703c94c0: 0x00 0x00 0x00 0x00 0x02 0x00 0x00 0x00
0x7ffe703c94c8: 0x00 0x00 0x00 0x00 0xa8 0x02 0x00 0x00
0x7ffe703c94d0: 0x00 0xd0 0x33 0x98 0xe7 0x7f 0x00 0x00
0x7ffe703c94d8: 0x5f 0xa5 0x2f 0xb5 0xe7 0x7f 0x00 0x00
0x7ffe703c94e0: 0x79 0x00 0x00 0x00 0xfe 0x7f 0x00 0x00
0x7ffe703c94e8: 0x13 0x10 0x00 0x00 0x00 0x00 0x00 0x01
(gdb) info frame 35
Stack frame at 0x0:
rip = 0x56346320e04a in _start; saved rip = <not saved>
Outermost frame: outermost
caller of frame at 0x7ffe703cb930
Arglist at 0x7ffe703cb928, args:
Locals at 0x7ffe703cb928, Previous frame's sp is 0x7ffe703cb938
(gdb) info frame 0
Stack frame at 0x7ffe703c94e0:
rip = 0x7fe7b5523ec7 in QMetaType::destruct (/usr/include/x86_64-linux-gnu/qt5/QtCore/qmetatype.h:2375); saved rip = 0x7fe7b52fa55f
inlined into frame 1
source language c++.
Arglist at unknown address.
Locals at unknown address, Previous frame's sp in rsp
(gdb) print/x $rsp
$4 = 0x7ffe703c94d0
(gdb) print/x $rsp
$4 = 0x7ffe703c94d0
(gdb) print/x 0x7ffe703cb938 - 0x7ffe703c94d0
$5 = 0x2468
(gdb) print 0x7ffe703cb938 - 0x7ffe703c94d0
$6 = 9320
(gdb) print/x $rax + 0x60
$7 = 0x5634649ea3e0
(gdb) x/1xg $rax + 0x60
0x5634649ea3e0: 0x0070006d006f0063
(gdb) disassemble 0x5634649ea3e0, 0x5634649ea3e0+50
Dump of assembler code from 0x5634649ea3e0 to 0x5634649ea412:
0x00005634649ea3e0: movsxd (%rax),%eax
0x00005634649ea3e2: outsl %ds:(%rsi),(%dx)
0x00005634649ea3e3: add %ch,0x0(%rbp)
0x00005634649ea3e6: jo 0x5634649ea3e8
0x00005634649ea3e8: outsl %ds:(%rsi),(%dx)
0x00005634649ea3e9: add %ch,0x0(%rsi)
0x00005634649ea3ec: add %ch,%gs:0x0(%rsi)
0x00005634649ea3f0: je 0x5634649ea3f2
0x00005634649ea3f2: jae 0x5634649ea3f4
0x00005634649ea3f4: (bad)
0x00005634649ea3f5: add %dl,0x0(%rbp)
0x00005634649ea3f8: jae 0x5634649ea3fa
0x00005634649ea3fa: add %dh,%gs:0x0(%rdx)
0x00005634649ea3fe: add %r12b,0x0(%rbp)
0x00005634649ea402: insb (%dx),%es:(%rdi)
0x00005634649ea403: add %ah,0x0(%rbp)
0x00005634649ea406: add %ah,0x0(%ecx)
0x00005634649ea40a: je 0x5634649ea40c
0x00005634649ea40c: add %ch,%gs:(%rsi)
0x00005634649ea40f: add %dh,0x0(%rcx)
End of assembler dump.
(gdb) print this
$8 = (const QMetaType * const) 0x5634649ea3b8
(gdb) print *this
$9 = {m_typedConstructor = 0x6d006500680074, m_typedDestructor = 0x64002f00730065, m_saveOp = 0x61006900620065, m_loadOp = 0x680074002d006e, m_constructor = 0x2f0065006d0065, m_destructor = 0x70006d006f0063, m_extension = 0x6e0065006e006f, m_size = 7536756, m_typeFlags = 5570607, m_extensionFlags = 6619251, m_typeId = 4456562, m_metaObject = 0x670065006c0065}
(gdb) print this->m_destructor
$10 = (QMetaType::Destructor) 0x70006d006f0063
(gdb) x/64xb 0x5634649ea3e0-32
0x5634649ea3c0: 0x65 0x00 0x73 0x00 0x2f 0x00 0x64 0x00
0x5634649ea3c8: 0x65 0x00 0x62 0x00 0x69 0x00 0x61 0x00
0x5634649ea3d0: 0x6e 0x00 0x2d 0x00 0x74 0x00 0x68 0x00
0x5634649ea3d8: 0x65 0x00 0x6d 0x00 0x65 0x00 0x2f 0x00
0x5634649ea3e0: 0x63 0x00 0x6f 0x00 0x6d 0x00 0x70 0x00
0x5634649ea3e8: 0x6f 0x00 0x6e 0x00 0x65 0x00 0x6e 0x00
0x5634649ea3f0: 0x74 0x00 0x73 0x00 0x2f 0x00 0x55 0x00
0x5634649ea3f8: 0x73 0x00 0x65 0x00 0x72 0x00 0x44 0x00
(gdb) x/64xc 0x5634649ea3e0-32
0x5634649ea3c0: 101 'e' 0 '\000' 115 's' 0 '\000' 47 '/' 0 '\000' 100 'd' 0 '\000'
0x5634649ea3c8: 101 'e' 0 '\000' 98 'b' 0 '\000' 105 'i' 0 '\000' 97 'a' 0 '\000'
0x5634649ea3d0: 110 'n' 0 '\000' 45 '-' 0 '\000' 116 't' 0 '\000' 104 'h' 0 '\000'
0x5634649ea3d8: 101 'e' 0 '\000' 109 'm' 0 '\000' 101 'e' 0 '\000' 47 '/' 0 '\000'
0x5634649ea3e0: 99 'c' 0 '\000' 111 'o' 0 '\000' 109 'm' 0 '\000' 112 'p' 0 '\000'
0x5634649ea3e8: 111 'o' 0 '\000' 110 'n' 0 '\000' 101 'e' 0 '\000' 110 'n' 0 '\000'
0x5634649ea3f0: 116 't' 0 '\000' 115 's' 0 '\000' 47 '/' 0 '\000' 85 'U' 0 '\000'
0x5634649ea3f8: 115 's' 0 '\000' 101 'e' 0 '\000' 114 'r' 0 '\000' 68 'D' 0 '\000'
(gdb) x/sh 0x5634649ea3e0-72
0x5634649ea398: u"/usr/share/sddm/themes/debian-theme/components/UserDelegate.qml"
benutzer@debian:~$ cat test.cpp
/* g++ -O0 -g test.cpp*/
int main() {
struct a {
char b[0x60];
int (*testfunc)(void);
} c;
c.testfunc = (int(*)())0x0070006d006f0063;
return c.testfunc();
}
benutzer@debian:~$ g++ -O0 -g test.cpp
benutzer@debian:~$ ./a.out
Speicherzugriffsfehler (Speicherabzug geschrieben)
dmesg
[ 4702.708067] traps: a.out[33726] general protection fault ip:55ee427e213f sp:7ffcdecda8a0 error:0 in a.out[55ee427e2000+1000]
root@debian:~# coredumpctl list
TIME PID UID GID SIG COREFILE EXE
Thu 2021-03-25 00:18:58 CET 33704 1000 1000 11 present /home/benutzer/a.out
Thu 2021-03-25 00:19:38 CET 33726 1000 1000 11 present /home/benutzer/a.out
coredumpctl gdb 33726
(gdb) display/i $pc
1: x/i $pc
=> 0x55ee427e213f <main()+26>: call *%rax
Reply to: