pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: pkg/59017: ruby32 crashes in asciidoctor
The following reply was made to PR pkg/59017; it has been noted by GNATS.
From: Taylor R Campbell <riastradh%NetBSD.org@localhost>
To: Takahiro Kambe <taca%NetBSD.org@localhost>
Cc: gnats-bugs%NetBSD.org@localhost, netbsd-bugs%NetBSD.org@localhost
Subject: Re: pkg/59017: ruby32 crashes in asciidoctor
Date: Tue, 21 Jan 2025 19:16:43 +0000
OK, I spoke too soon: the crash still happens sometimes with the
patch, but it's stochastic; I guess I just got lucky with the first
few trials.
However, with the patch to enable sigaltstack -- and, more
importantly, to enable SA_SIGINFO -- I have more information now.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007a007667b701 in uleb128 (p=3D0x7a007623dca0) at addr2line.c:206
206 addr2line.c: No such file or directory.
(gdb) bt
#0 0x00007a007667b701 in uleb128 (p=3D0x7a007623dca0) at addr2line.c:206
#1 di_read_debug_abbrev_cu (reader=3D0x7a007623dce0) at addr2line.c:1048
#2 di_read_cu (reader=3D0x7a007623dce0) at addr2line.c:1737
#3 fill_lines (num_traces=3Dnum_traces@entry=3D5,
traces=3Dtraces@entry=3D0x7a0076b26680 <trace>,
check_debuglink=3Dcheck_debuglink@entry=3D1, objp=3Dobjp@entry=3D0x7a00=
7623e658,
lines=3Dlines@entry=3D0x7a0075eb6a00, offset=3Doffset@entry=3D0)
at addr2line.c:2167
#4 0x00007a007667d4f1 in rb_dump_backtrace_with_lines (
num_traces=3D<optimized out>, traces=3Dtraces@entry=3D0x7a0076b26680 <t=
race>)
at addr2line.c:2611
#5 0x00007a00766716d0 in rb_print_backtrace () at vm_dump.c:787
#6 0x00007a00766717cc in rb_vm_bugreport (ctx=3Dctx@entry=3D0x7a007623ea20)
at vm_dump.c:1080
#7 0x00007a00764e9f98 in rb_bug_for_fatal_signal (default_sighandler=3D0x0,
sig=3Dsig@entry=3D11, ctx=3Dctx@entry=3D0x7a007623ea20,
fmt=3Dfmt@entry=3D0x7a00767bb52e "Segmentation fault at %p") at error.c=
:813
#8 0x00007a00765f0084 in sigsegv (sig=3D11, info=3D0x7a007623e9a0,
ctx=3D0x7a007623ea20) at signal.c:964
#9 0x00007a00746a1da0 in _opendir (name=3D<optimized out>)
at /usr/src/9/lib/libc/gen/opendir.c:72
#10 0x000000010000000b in ?? ()
#11 0x0000000000000000 in ?? ()
(gdb) fr 8
#8 0x00007a00765f0084 in sigsegv (sig=3D11, info=3D0x7a007623e9a0,
ctx=3D0x7a007623ea20) at signal.c:964
964 rb_bug_for_fatal_signal(default_sigsegv_handler, sig, SIGINFO_C=
TX, "Segmentation fault" MESSAGE_FAULT_ADDRESS);
(gdb) print *info
$1 =3D {
si_pad =3D "\v\000\000\000\001", '\000' <repeats 12 times>, "\240\000\377=
\177\177\000\000\006", '\000' <repeats 102 times>, _info =3D {_signo =3D 11=
, _code =3D 1,
_errno =3D 0, _pad =3D 0, _reason =3D {_rt =3D {_pid =3D -16736256, _ui=
d =3D 32639,
_value =3D {sival_int =3D 6, sival_ptr =3D 0x6}}, _child =3D {
_pid =3D -16736256, _uid =3D 32639, _status =3D 6, _utime =3D 0, _s=
time =3D 0},
_fault =3D {_addr =3D 0x7f7fff00a000, _trap =3D 6, _trap2 =3D 0, _tra=
p3 =3D 0},
_poll =3D {_band =3D 140187715805184, _fd =3D 6}, _syscall =3D {
_sysnum =3D -16736256, _retval =3D {32639, 6}, _error =3D 0, _args =
=3D {0, 0,
0, 0, 0, 0, 0, 0}}, _ptrace_state =3D {_pe_report_event =3D -1673=
6256,
_option =3D {_pe_other_pid =3D 32639, _pe_lwp =3D 32639}}}}}
(gdb) print *(ucontext_t *)ctx
$2 =3D {uc_flags =3D 655373, uc_link =3D 0x0, uc_sigmask =3D {__bits =3D {0=
, 0, 0, 0}},
uc_stack =3D {ss_sp =3D 0x0, ss_size =3D 0, ss_flags =3D 0}, uc_mcontext =
=3D {
__gregs =3D {134142411075584, 118, 3353560262451, 22, 134142403527024, =
32,
1, 514, 134142411075584, 140187715785200, 134142403577003,
134142411075624, 349634, 2498, 134142410498040, 0, 0, 35, 35, 6, 4,
134142403527117, 71, 66054, 140187715785152, 63},
_mc_tlsbase =3D 134142411307248,
__fpregs =3D "\177\003", '\000' <repeats 22 times>, "\240\037\000\000\3=
77\377", '\000' <repeats 130 times>, "\\\217\302\365(\\oA", '\000' <repeats=
14 times>, "\340C", '\000' <repeats 327 times>}}
Instruction pointer (rip) of the signal ucontext:
(gdb) print (void *)((ucontext_t *)ctx)->uc_mcontext.__gregs[21]
$4 =3D (void *) 0x7a00764fc1cd <each_location+27>
(gdb) info line *(each_location+27)
Line 6512 of "gc.c" starts at address 0x7a00764fc1cd <each_location+27>
and ends at 0x7a00764fc1dc <each_location+42>.
Stack pointer (rsp) of the signal ucontext:
(gdb) print (void *)((ucontext_t *)ctx)->uc_mcontext.__gregs[24]
$5 =3D (void *) 0x7f7fff0051c0
If I have understood this correctly, it might correspond to this
frame;
(gdb) frame view 0x7f7fff0051c0 0x7a00764fc1cd
#0 each_location (objspace=3D0x7a006e052000, x=3D0x44a0427a1af34, n=3D-123=
985769,
cb=3D0x3) at gc.c:6512
6512 cb(objspace, v);
(gdb) info frame
Stack level 0, frame at 0x7f7fff0051c0:
rip =3D 0x7a00764fc1cd in each_location (gc.c:6512); saved rip =3D <not sa=
ved>
Outermost frame: previous frame identical to this frame (corrupt stack?)
source language c.
Arglist at 0x7a007623dae8, args: objspace=3D0x7a006e052000, x=3D0x44a0427a=
1af34,
n=3D-123985769, cb=3D0x3
Locals at 0x7a007623dae8, Previous frame's sp is 0x7a007623db20
Saved registers:
rbx at 0x7a007623daf0, rbp at 0x7a007623daf8, r12 at 0x7a007623db00,
r13 at 0x7a007623db08, r14 at 0x7a007623db10, rip at 0x7a007623db18
However, the frame pointer rbp looks wrong:
(gdb) print (void *)((ucontext_t *)ctx)->uc_mcontext.__gregs[12]
$11 =3D (void *) 0x555c2
And the candidate value for objspace shown above isn't mapped:
(gdb) print *objspace
Cannot access memory at address 0x7a006e052000
Plus the value of n looks wrong, so maybe I misunderstood the mcontext
and led gdb astray with `frame view'.
Disassembly of each_location:
(gdb) disas each_location+27
Dump of assembler code for function each_location:
0x00007a00764fc1b2 <+0>: test %rdx,%rdx
0x00007a00764fc1b5 <+3>: je 0x7a00764fc1ea <each_location+56>
0x00007a00764fc1b7 <+5>: push %r14
0x00007a00764fc1b9 <+7>: push %r13
0x00007a00764fc1bb <+9>: push %r12
0x00007a00764fc1bd <+11>: push %rbp
0x00007a00764fc1be <+12>: push %rbx
0x00007a00764fc1bf <+13>: mov %rcx,%r14
0x00007a00764fc1c2 <+16>: mov %rdx,%rbp
0x00007a00764fc1c5 <+19>: mov %rsi,%r13
0x00007a00764fc1c8 <+22>: mov %rdi,%r12
0x00007a00764fc1cb <+25>: xor %ebx,%ebx
=3D> 0x00007a00764fc1cd <+27>: mov 0x0(%r13,%rbx,8),%rsi
0x00007a00764fc1d2 <+32>: mov %r12,%rdi
0x00007a00764fc1d5 <+35>: callq *%r14
0x00007a00764fc1d8 <+38>: add $0x1,%rbx
0x00007a00764fc1dc <+42>: cmp %rbx,%rbp
0x00007a00764fc1df <+45>: jne 0x7a00764fc1cd <each_location+27>
0x00007a00764fc1e1 <+47>: pop %rbx
0x00007a00764fc1e2 <+48>: pop %rbp
0x00007a00764fc1e3 <+49>: pop %r12
0x00007a00764fc1e5 <+51>: pop %r13
0x00007a00764fc1e7 <+53>: pop %r14
0x00007a00764fc1e9 <+55>: retq =20
0x00007a00764fc1ea <+56>: retq =20
End of assembler dump.
r13 (__gregs[9]) and rbx (__gregs[13]):
(gdb) fr 8
#8 0x00007a00765f0084 in sigsegv (sig=3D11, info=3D0x7a007623e9a0,=20
ctx=3D0x7a007623ea20) at signal.c:964
964 rb_bug_for_fatal_signal(default_sigsegv_handler, sig, SIGINFO_C=
TX, "Segmentation fault" MESSAGE_FAULT_ADDRESS);
(gdb) print (void *)((ucontext_t *)ctx)->uc_mcontext.__gregs[9]
$9 =3D (void *) 0x7f7fff0051f0
(gdb) print (void *)((ucontext_t *)ctx)->uc_mcontext.__gregs[13]
$10 =3D (void *) 0x9c2
The base pointer (r13=3D0x7f7fff0051f0) is OK but adding the index
(rbx*8=3D0x9c2*8) is not -- this obviously ran just past the end of a
mapped region:
(gdb) x/xg 0x7f7fff0051f0
0x7f7fff0051f0: 0x00007a0076c2f000
(gdb) x/xg 0x7f7fff0051f0 + 0x9c2*8
0x7f7fff00a000: Cannot access memory at address 0x7f7fff00a000
(gdb) x/xg 0x7f7fff0051f0 + 0x9c2*8 - 8
0x7f7fff009ff8: 0x0000000000000076
Home |
Main Index |
Thread Index |
Old Index