amd64/119772: troubles w/ -m32 executables on both amd64 and i386
Isupov A.Yu.
isupov at moonhe.jinr.ru
Fri Jan 18 02:20:02 PST 2008
>Number: 119772
>Category: amd64
>Synopsis: troubles w/ -m32 executables on both amd64 and i386
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-amd64
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Jan 18 10:20:02 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Isupov A.Yu.
>Release: FreeBSD 6.2-RELEASE amd64
>Organization:
LHE, JINR
>Environment:
Binaries produced under:
FreeBSD tempor.jinr.ru 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Thu Jan 3 21:11:58
MSK 2008 isupov at tempor.jinr.ru:/usr/src/sys/amd64/compile/MOONHE amd64
with three library sets:
/usr/lib32 - 1) originally distributed w/ amd64 6.2-RELEASE
2) distributed w/ i386 6.2-RELEASE as /usr/lib
3) distributed w/ i386 6.0-RELEASE as /usr/lib
Binaries executed under:
1)
FreeBSD tempor.jinr.ru 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Thu Jan 3 21:11:58
MSK 2008 isupov at tempor.jinr.ru:/usr/src/sys/amd64/compile/TEMPOR amd64
2)
FreeBSD tempor.jinr.ru 6.2-RELEASE FreeBSD 6.2-RELEASE #1: Sat Jan 5 19:01:25
MSK 2008 isupov at tempor.jinr.ru:/usr/src/sys/i386/compile/TEMPOR i386
3)
FreeBSD moonhe.jinr.ru 6.0-RELEASE FreeBSD 6.0-RELEASE #2: Thu Oct 5 10:23:22
MSD 2006 isupov at moonhe.jinr.ru:/usr/sys/i386/compile/MOONHE i386
amd64 and i386 6.2-RELEASE: Athlon64 X2 5600+ based
m/b ECS C51PVGM-M Socket AM2 (nVIDIA C51PVG+MCP51/G) mkATX
i386 6.0-RELEASE: Athlon XP 2500+ based
m/b Abit KX7-333R SocketA (VIA KT333) ATX
>Description:
Code mentioned in How-To-Repeat: obtains SIGSEGV:
6.0-RELEASE i386> ./ddd
f=0
cur=-1 max=2.14748e+09
Segmentation fault (core dumped)
due to stack frames damage, as we can see:
6.0-RELEASE i386> gdb ./ddd ddd.core
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
Core was generated by `ddd'.
Program terminated with signal 11, Segmentation fault.
#0 0x7fffffff in ?? ()
(gdb) bt
#0 0x7fffffff in ?? ()
#1 0xbfbfdeb4 in ?? ()
#2 0x00000000 in ?? ()
#3 0x00000000 in ?? ()
#4 0x00000001 in ?? ()
#5 0xbfbfdf10 in ?? ()
#6 0x00000000 in ?? ()
#7 0xbfbfdec8 in ?? ()
#8 0x080515b5 in atexit ()
Cannot access memory at address 0x3
(gdb) q
Step-by-steping under debugger shows, that SIGSEGV generated during ret
from bbb() to main(), while really stack frames damaged after
return from getrlimit(2):
6.0-RELEASE i386> gdb ./ddd
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
(gdb) break main
Breakpoint 1 at 0x804825c: file ddd.c, line 41.
(gdb) run
Starting program: /home/users/alis/misc/F/F+C/ddd
Breakpoint 1, main () at ddd.c:41
41 float f=0.0;
(gdb) step
43 printf("f=%g\n", f);
(gdb)
f=0
44 bbb(&f);
(gdb)
bbb (f=0xbfbfde84) at ddd.c:18
18 if (!flag)
(gdb)
21 if (!getrlimit(RLIMIT_CPU, &rlim)) {
(gdb) info frame 0
Stack frame at 0xbfbfde60:
eip = 0x80481d1 in bbb (ddd.c:21); saved eip 0x8048282
called by frame at 0xbfbfde90
source language c.
Arglist at 0xbfbfde58, args: f=0xbfbfde84
Locals at 0xbfbfde58, Previous frame's sp is 0xbfbfde60
Saved registers:
ebp at 0xbfbfde58, eip at 0xbfbfde5c
(gdb) info frame 1
Stack frame at 0xbfbfde90:
eip = 0x8048282 in main (ddd.c:44); saved eip 0x8048106
caller of frame at 0xbfbfde60
source language c.
Arglist at 0xbfbfde88, args:
Locals at 0xbfbfde88, Previous frame's sp is 0xbfbfde90
Saved registers:
ebp at 0xbfbfde88, eip at 0xbfbfde8c
(gdb) step
22 printf("cur=%g max=%g\n",
(gdb) info frame 0
Stack frame at 0xbfbfde60:
eip = 0x80481e8 in bbb (ddd.c:22); saved eip 0x7fffffff
called by frame at 0xbfbfde64
source language c.
Arglist at 0xbfbfde58, args: f=0xbfbfde84
Locals at 0xbfbfde58, Previous frame's sp is 0xbfbfde60
Saved registers:
ebp at 0xbfbfde58, eip at 0xbfbfde5c
(gdb) info frame 1
Stack frame at 0xbfbfde64:
eip = 0x7fffffff; saved eip 0xbfbfde84
called by frame at 0xbfbfde68, caller of frame at 0xbfbfde60
Arglist at 0xbfbfde5c, args:
Locals at 0xbfbfde5c, Previous frame's sp is 0xbfbfde64
Saved registers:
ebp at 0xbfbfde58, eip at 0xbfbfde60
(gdb) info frame 2
Stack frame at 0xbfbfde68:
eip = 0xbfbfde84; saved eip 0x0
called by frame at 0xbfbfde6c, caller of frame at 0xbfbfde64
Arglist at 0xbfbfde60, args:
Locals at 0xbfbfde60, Previous frame's sp is 0xbfbfde68
Saved registers:
ebp at 0xbfbfde58, eip at 0xbfbfde64
(gdb) info frame 3
Stack frame at 0xbfbfde6c:
eip = 0x0; saved eip 0x0
called by frame at 0xbfbfde70, caller of frame at 0xbfbfde68
Arglist at 0xbfbfde64, args:
Locals at 0xbfbfde64, Previous frame's sp is 0xbfbfde6c
Saved registers:
ebp at 0xbfbfde58, eip at 0xbfbfde68
(gdb) step
cur=-1 max=2.14748e+09
25 if (rlim.rlim_cur != RLIM_INFINITY)
(gdb)
28 *f = (float)rlim.rlim_max;
(gdb)
36 flag = 0;
(gdb)
37 }
(gdb)
Program received signal SIGSEGV, Segmentation fault.
0x7fffffff in ?? ()
(gdb) c
Continuing.
Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
(gdb) q
Some another syscalls, for example getpid(2) or getpriority(2),
does not produce such effect.
Picture under i386 and amd64 6.2-RELEASE very similar:
6.2-RELEASE amd64> ./ddd
f=0
cur=-1 max=2.14748e+09
Segmentation fault (core dumped)
6.2-RELEASE amd64> gdb ./ddd ddd.core
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...
Core was generated by `ddd'.
Program terminated with signal 11, Segmentation fault.
#0 0x7fffffff in ?? ()
(gdb) bt
#0 0x7fffffff in ?? ()
#1 0xffffced4 in ?? ()
#2 0x00000000 in ?? ()
#3 0x00000000 in ?? ()
#4 0x00000001 in ?? ()
#5 0xffffcf28 in ?? ()
#6 0x00000000 in ?? ()
#7 0xffffcee8 in ?? ()
#8 0x080515b5 in atexit ()
Cannot access memory at address 0x3
(gdb) q
6.2-RELEASE amd64> gdb ./ddd
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...
(gdb) break main
Breakpoint 1 at 0x804825c: file ddd.c, line 41.
(gdb) run
Starting program: /home/users/alis/misc/F/F+C/ddd
Breakpoint 1, main () at ddd.c:41
41 float f=0.0;
(gdb) step
43 printf("f=%g\n", f);
(gdb)
f=0
44 bbb(&f);
(gdb)
bbb (f=0xffffcea4) at ddd.c:18
18 if (!flag)
(gdb)
21 if (!getrlimit(RLIMIT_CPU, &rlim)) {
(gdb) info frame 0
Stack frame at 0xffffce80:
eip = 0x80481d1 in bbb (ddd.c:21); saved eip 0x8048282
called by frame at 0xffffceb0
source language c.
Arglist at 0xffffce78, args: f=0xffffcea4
Locals at 0xffffce78, Previous frame's sp is 0xffffce80
Saved registers:
ebp at 0xffffce78, eip at 0xffffce7c
(gdb) info frame 1
Stack frame at 0xffffceb0:
eip = 0x8048282 in main (ddd.c:44); saved eip 0x8048106
caller of frame at 0xffffce80
source language c.
Arglist at 0xffffcea8, args:
Locals at 0xffffcea8, Previous frame's sp is 0xffffceb0
Saved registers:
ebp at 0xffffcea8, eip at 0xffffceac
(gdb) step
22 printf("cur=%g max=%g\n",
(gdb) info frame 0
Stack frame at 0xffffce80:
eip = 0x80481e8 in bbb (ddd.c:22); saved eip 0x7fffffff
called by frame at 0xffffce84
source language c.
Arglist at 0xffffce78, args: f=0xffffcea4
Locals at 0xffffce78, Previous frame's sp is 0xffffce80
Saved registers:
ebp at 0xffffce78, eip at 0xffffce7c
(gdb) info frame 1
Stack frame at 0xffffce84:
eip = 0x7fffffff; saved eip 0xffffcea4
called by frame at 0xffffce88, caller of frame at 0xffffce80
Arglist at 0xffffce7c, args:
Locals at 0xffffce7c, Previous frame's sp is 0xffffce84
Saved registers:
ebp at 0xffffce78, eip at 0xffffce80
(gdb) info frame 2
Stack frame at 0xffffce88:
eip = 0xffffcea4; saved eip 0x0
called by frame at 0xffffce8c, caller of frame at 0xffffce84
Arglist at 0xffffce80, args:
Locals at 0xffffce80, Previous frame's sp is 0xffffce88
Saved registers:
ebp at 0xffffce78, eip at 0xffffce84
(gdb) info frame 3
Stack frame at 0xffffce8c:
eip = 0x0; saved eip 0x0
called by frame at 0xffffce90, caller of frame at 0xffffce88
Arglist at 0xffffce84, args:
Locals at 0xffffce84, Previous frame's sp is 0xffffce8c
Saved registers:
ebp at 0xffffce78, eip at 0xffffce88
(gdb) step
cur=-1 max=2.14748e+09
25 if (rlim.rlim_cur != RLIM_INFINITY)
(gdb)
28 *f = (float)rlim.rlim_max;
(gdb)
36 flag = 0;
(gdb)
37 }
(gdb)
Program received signal SIGSEGV, Segmentation fault.
0x7fffffff in ?? ()
(gdb) c
Continuing.
Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
(gdb) q
I think, this problem similar or connected with one in the
amd64/110655 bug report ?
>How-To-Repeat:
Following very simple code ddd.c
---------cut here---------
#include <sys/types.h>
#include <sys/time.h>
#include <sys/resource.h>
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
static int flag = 1;
void bbb(float *);
void bbb(float *f)
{
struct rlimit rlim;
if (!flag)
return;
if (!getrlimit(RLIMIT_CPU, &rlim)) {
printf("cur=%g max=%g\n",
(float)rlim.rlim_cur, (float)rlim.rlim_max);
if (rlim.rlim_cur != RLIM_INFINITY)
*f = (float)rlim.rlim_cur;
else
*f = (float)rlim.rlim_max;
} else {
#ifdef CURE
printf("errno=%i (%s)\n", errno, strerror(errno));
#else
printf("errno=%i\n", errno);
#endif
}
flag = 0;
}
int main()
{
float f=0.0;
printf("f=%g\n", f);
bbb(&f);
printf("f=%g\n", f);
f = 0.0;
printf("f=%g\n", f);
bbb(&f);
printf("f=%g\n", f);
exit(0);
}
---------cut here---------
compiled by following command line
cc -g -W -Wall -m32 -static -B/usr/lib32 -o ddd ddd.c
with 2) and 3) library sets ( mentioned in Environment: )
produces SIGSEGV during execution under each of
1) 6.2-RELEASE amd64
2) 6.2-RELEASE i386
3) 6.0-RELEASE i386
Another trouble with 1) library set that the same code
produces SIGILL under both i386 systems while still produce SIGSEGV
under amd64. However we can see damaged stack frames in the ./ddd and
normal in the ./ddd.CURE (compiled w/ -DCURE, see Fix: )
6.0-RELEASE i386> ./ddd.CURE
f=0
Illegal instruction (core dumped)
6.0-RELEASE i386> gdb ./ddd.CURE ddd.CURE.core
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
Core was generated by `ddd.CURE'.
Program terminated with signal 4, Illegal instruction.
#0 0x0804e258 in __dtoa ()
(gdb) bt
#0 0x0804e258 in __dtoa ()
#1 0x0804c710 in __vfprintf ()
#2 0x0804dc3e in vfprintf ()
#3 0x08049b81 in printf ()
#4 0x08048216 in bbb (f=0xbfbfded4) at ddd.c:22
#5 0x080482b2 in main () at ddd.c:44
(gdb) q
6.0-RELEASE i386> ./ddd
f=0
Illegal instruction (core dumped)
6.0-RELEASE i386> gdb ./ddd ddd.core
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
Core was generated by `ddd'.
Program terminated with signal 4, Illegal instruction.
#0 0x0804e038 in __dtoa ()
(gdb) bt
#0 0x0804e038 in __dtoa ()
#1 0x0804c4f0 in __vfprintf ()
#2 0x0804da1e in vfprintf ()
#3 0x08049a31 in printf ()
#4 0x08048212 in bbb (f=0xbfbfded4) at ddd.c:22
#5 0x7fffffff in ?? ()
#6 0xbfbfded4 in ?? ()
#7 0x00000000 in ?? ()
#8 0x00000000 in ?? ()
#9 0x080520c9 in atexit ()
Cannot access memory at address 0x3
(gdb) q
>Fix:
Unknown for both SIGSEGV and SIGILL.
SIGSEGV effect too subtle, because as workaround we can use, for
example, #ifdef CURE cludge (see ddd.c text), which produces
workable binary with -DCURE and 2) or 3) library sets.
SIGILL with 1) library set effect possibly requires more accurate
building of the /usr/lib32 under amd64.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-amd64
mailing list