Subject: Re: sh core dumps
To: None <port-sparc@NetBSD.org>
From: John D. Baker <jdbaker@mylinuxisp.com>
List: port-sparc
Date: 10/20/2005 19:06:43
Valeriy E. Ushakov <uwe@ptc.spbu.ru> wrote:

> [Starting a new thread to disentangle this from the -mcpu discussion]
>
> It seem that I can reliably reproduce the problem with devel/gmake
> after running make there I can cd to work/make-3.80 and trigger the
> bug by running ./config.status.  That gives me one or sometimes two sh
> core files (i run with kern.defcorename=%n.%p.core).  Both are from
> backticked invocation of sed.  As we get sh.core, not sed.core that
> should happen in the vforked child before exec.

I have seen something similar.  I get very reproducible behavior when
attempting to build devel/gmake.  Mine stops a little earlier than the
sessions posted so far.

I also got an sh.core while building x11/rxvt which bore some similarities
to the devel/gmake logs posted by Uwe, primarily in the loading of %g1.

This machine:

    SS5-110

    cpu0 at mainbus0: MB86904 @ 110 MHz, on-chip FPU
    cpu0: 16K instruction (32 b/l), 8K data (16 b/l): cache enabled

Built with:

    mk.conf:

        CPUFLAGS+=-mcpu=v8 -mtune=supersparc

    /usr/src/sys/arch/sparc/conf/JEAN:

        makeoptions     CPUFLAGS="-mcpu=v8 -mtune=supersparc"

Debugging '/bin/sh' built with:

    DBG="-g -O2 -pipe"

Log of gdb sessions on sh.core files  (kern.defcorename=/var/tmp/%n.%p.core):

Building x11/rxvt:

creating librxvt.la
(cd .libs && rm -f librxvt.la && ln -s ../librxvt.la librxvt.la)
/bin/sh ../libtool --mode=link cc -O2 -I/usr/pkg/include -I/usr/X11R6/include -L/usr/pkg/lib -L/usr/X11R6/lib -Wl,-R/usr/X11R6/lib -Wl,-R/usr/pkg/lib rxvt.o librxvt.la  -L/usr/X11R6/lib -Wl,-rpath -Wl,/usr/X11R6/lib -L/usr/X11R6/lib -Wl,-rpath -Wl,/usr/X11R6/lib -lXpm -lX11  -o rxvt
cc -O2 -I/usr/pkg/include -I/usr/X11R6/include -Wl,-R/usr/X11R6/lib -Wl,-R/usr/pkg/lib rxvt.o -Wl,-rpath -Wl,/usr/X11R6/lib -Wl,-rpath -Wl,/usr/X11R6/lib -o rxvt  -L/usr/pkg/lib -L/usr/X11R6/lib ./.libs/librxvt.a -lXpm -lX11
[1]   Segmentation fault (core dumped) (cd ${I}; /usr/b...
*** Error code 1



sudo gdb /bin/sh /var/tmp/sh.28167.core
Password:
GNU gdb 5.3nb1
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "sparc--netbsdelf"...
Core was generated by `sh'.
Program terminated with signal 11, Segmentation fault.

warning: current_sos: Can't read pathname for load map: Input/output error

Reading symbols from /lib/libedit.so.2...done.
Loaded symbols for /lib/libedit.so.2
Reading symbols from /lib/libtermcap.so.0...done.
Loaded symbols for /lib/libtermcap.so.0
Reading symbols from /lib/libsparc_v8.so.0...done.
Loaded symbols for /lib/libsparc_v8.so.0
Reading symbols from /lib/libc.so.12...done.
Loaded symbols for /lib/libc.so.12
#0  hash_special_builtins () at exec.c:658
658                     cmdp->param.bltin = bp->builtin;
(gdb) x/7i $pc-20
0x16628 <hash_special_builtins+32>:     call  0x169d4 <cmdlookup>
0x1662c <hash_special_builtins+36>:     mov  1, %o1
0x16630 <hash_special_builtins+40>:     sth  %l1, [ %o0 + 8 ]
0x16634 <hash_special_builtins+44>:     ld  [ %l0 + 4 ], %g1
0x16638 <hash_special_builtins+48>:     add  %l0, 8, %l0
0x1663c <hash_special_builtins+52>:     st  %g1, [ %o0 + 4 ]
0x16640 <hash_special_builtins+56>:     ld  [ %l0 ], %g1
(gdb) bt
#0  hash_special_builtins () at exec.c:658
#1  0x00012604 in docd (dest=0x312c8 "doc", print=0) at cd.c:203
#2  0x00012380 in cdcmd (argc=201416, argv=0x312b8) at cd.c:137
#3  0x00014a0c in evalcommand (cmd=0x311b8, flags=2, backcmd=0x0)
    at eval.c:1009
#4  0x0001396c in evaltree (n=0x311b8, flags=2) at eval.c:294
#5  0x00013904 in evaltree (n=0x31210, flags=3) at eval.c:231
#6  0x00013ef0 in evalsubshell (n=0x31178, flags=2) at eval.c:435
#7  0x000139c0 in evaltree (n=0x31178, flags=2) at eval.c:258
#8  0x000139fc in evaltree (n=0x31260, flags=0) at eval.c:243
#9  0x00013cc0 in evalfor (n=0x31128, flags=0) at eval.c:366
#10 0x00013a90 in evaltree (n=0x31128, flags=0) at eval.c:277
#11 0x00013894 in evalstring (s=0x31364 "", flag=0) at eval.c:202
#12 0x0001eb48 in main (argc=3, argv=0xefffdc64) at main.c:213
#13 0x00011954 in ___start ()
(gdb) i r
g0             0x0      0
g1             0x40c    1036
g2             0x43800  276480
g3             0x81c06000       -2118098944
g4             0x3000000        50331648
g5             0x0      0
g6             0x0      0
g7             0x0      0
o0             0x400    1024
o1             0xf3343fb0       -214679632
o2             0x20129828       538089512
o3             0xf3343fb0       -214679632
o4             0xf3343f28       -214679768
o5             0x20129820       538089504
sp             0xefffd458       4026520664
o7             0x127dc  75740
l0             0x4400086        71303302
l1             0x125e4  75236
l2             0x125e8  75240
l3             0xfc1    4033
l4             0x80     128
l5             0x2      2
l6             0xf3342000       -214687744
---Type <return> to continue, or q <return> to quit---
l7             0x4c0    1216
i0             0x312c8  201416
i1             0xefffd520       -268446432
i2             0x0      0
i3             0x1      1
i4             0x31000  200704
i5             0x30800  198656
fp             0xefffd4c0       4026520768
i7             0x125fc  75260
y              0x0      0
psr            0x4400085        71303301        icc:-Z--, pil:0, s:1, ps:0, et:0, cwp:5
wim            0x0      0
tbr            0x0      0
pc             0x1663c  91708
npc            0x16640  91712
fpsr           0x0      0       rd:N, tem:0, ns:0, ver:0, ftt:0, qne:0, fcc:=, aexc:0, cexc:0
cpsr           0x0      0
(gdb) p/x $l0+4
$1 = 0x440008a
(gdb) x/x $l0+4
0x440008a:      Cannot access memory at address 0x440008a
(gdb)



Building devel/gmake:

config.status: creating config.h
config.status: executing depfiles commands
[1]   Segmentation fault (core dumped) sed -n -e "/^DEP...
config.status: executing default-1 commands
config.status: creating po/POTFILES


sudo gdb /bin/sh /var/tmp/sh.20294.core
Password:
GNU gdb 5.3nb1
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "sparc--netbsdelf"...
Core was generated by `sh'.
Program terminated with signal 11, Segmentation fault.

warning: current_sos: Can't read pathname for load map: Input/output error

Reading symbols from /lib/libedit.so.2...done.
Loaded symbols for /lib/libedit.so.2
Reading symbols from /lib/libtermcap.so.0...done.
Loaded symbols for /lib/libtermcap.so.0
Reading symbols from /lib/libsparc_v8.so.0...done.
Loaded symbols for /lib/libsparc_v8.so.0
Reading symbols from /lib/libc.so.12...done.
Loaded symbols for /lib/libc.so.12
#0  argstr (p=0x3b526 "/^DEPDIR \201= \201/ s\201/\201/\201/p", flag=3)
    at expand.c:214
214                             if (quotes)
(gdb) x/7i $pc-20
0x173ec <argstr+304>:   mov  %i0, %o0
0x173f0 <argstr+308>:   call  0x18300 <evalvar>
0x173f4 <argstr+312>:   and  %i1, %o1, %o1
0x173f8 <argstr+316>:   b  0x17394 <argstr+216>
0x173fc <argstr+320>:   mov  %o0, %i0
0x17400 <argstr+324>:   cmp  %l6, 0
0x17404 <argstr+328>:   sethi  %hi(0x31000), %l3
(gdb) bt
#0  argstr (p=0x3b526 "/^DEPDIR \201= \201/ s\201/\201/\201/p", flag=3)
    at expand.c:214
#1  0x000171c4 in expandarg (arg=0x3b544, arglist=0xefffd1d0, flag=3)
    at expand.c:144
#2  0x0001461c in evalcommand (cmd=0x3b584, flags=1, backcmd=0x0) at eval.c:716
#3  0x0001396c in evaltree (n=0x3b584, flags=1) at eval.c:294
#4  0x000142ec in evalbackcmd (n=0x3b584, result=0xefffd3d0) at eval.c:589
#5  0x00017c70 in expbackq (cmd=0x3b584, quoted=0, flag=0) at expand.c:436
#6  0x000174ac in argstr (p=0x3b59c "", flag=4) at expand.c:224
#7  0x000171c4 in expandarg (arg=0x3b5a4, arglist=0xefffd5a8, flag=4)
    at expand.c:144
#8  0x00014738 in evalcommand (cmd=0x3b5b4, flags=0, backcmd=0x0) at eval.c:734
#9  0x0001396c in evaltree (n=0x3b5b4, flags=0) at eval.c:294
#10 0x00013954 in evaltree (n=0x3b5c4, flags=0) at eval.c:267
#11 0x00013904 in evaltree (n=0x3b684, flags=0) at eval.c:231
#12 0x00013904 in evaltree (n=0x3b79c, flags=0) at eval.c:231
#13 0x00013904 in evaltree (n=0x3b884, flags=0) at eval.c:231
#14 0x00013904 in evaltree (n=0x3cf5c, flags=0) at eval.c:231
#15 0x00013cc0 in evalfor (n=0x3a964, flags=0) at eval.c:366
#16 0x00013a90 in evaltree (n=0x3a964, flags=0) at eval.c:277
#17 0x00013954 in evaltree (n=0x3cf74, flags=0) at eval.c:267
#18 0x00013e20 in evalcase (n=0x3a8cc, flags=0) at eval.c:402
#19 0x00013aa4 in evaltree (n=0x3a874, flags=0) at eval.c:280
---Type <return> to continue, or q <return> to quit---
#20 0x00013954 in evaltree (n=0x3f36c, flags=0) at eval.c:267
#21 0x00013cc0 in evalfor (n=0x31128, flags=0) at eval.c:366
#22 0x00013a90 in evaltree (n=0x31128, flags=0) at eval.c:277
#23 0x0001edb8 in cmdloop (top=1) at main.c:266
#24 0x0001eaa4 in main (argc=2, argv=0xefffddbc) at main.c:217
#25 0x00011954 in ___start ()
(gdb) i r
g0             0x0      0
g1             0xffffff81       -127
g2             0x3f4bc  259260
g3             0x140    320
g4             0x0      0
g5             0x0      0
g6             0x0      0
g7             0x0      0
o0             0x3f4af  259247
o1             0x17178  94584
o2             0x0      0
o3             0x1      1
o4             0x44     68
o5             0x0      0
sp             0xefffd008       4026519560
o7             0x196e0  104160
l0             0x81000000       -2130706432
l1             0x81     129
l2             0x81     129
l3             0x31000  200704
l4             0x0      0
l5             0x0      0
l6             0x1      1
---Type <return> to continue, or q <return> to quit---
l7             0x30c00  199680
i0             0x3b526  242982
i1             0x3      3
i2             0x17178  94584
i3             0xf3119fb0       -216948816
i4             0x0      0
i5             0x1      1
fp             0xefffd070       4026519664
i7             0x171bc  94652
y              0x0      0
psr            0x4900087        76546183        icc:N--C, pil:0, s:1, ps:0, et:0, cwp:7
wim            0x0      0
tbr            0x0      0
pc             0x17400  95232
npc            0x17404  95236
fpsr           0x0      0       rd:N, tem:0, ns:0, ver:0, ftt:0, qne:0, fcc:=, aexc:0, cexc:0
cpsr           0x0      0
(gdb) sudo gdb /bin/sh /var/tmp/sh.20294.core
Password:
GNU gdb 5.3nb1
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "sparc--netbsdelf"...
Core was generated by `sh'.
Program terminated with signal 11, Segmentation fault.

warning: current_sos: Can't read pathname for load map: Input/output error

Reading symbols from /lib/libedit.so.2...done.
Loaded symbols for /lib/libedit.so.2
Reading symbols from /lib/libtermcap.so.0...done.
Loaded symbols for /lib/libtermcap.so.0
Reading symbols from /lib/libsparc_v8.so.0...done.
Loaded symbols for /lib/libsparc_v8.so.0
Reading symbols from /lib/libc.so.12...done.
Loaded symbols for /lib/libc.so.12
#0  argstr (p=0x3b526 "/^DEPDIR \201= \201/ s\201/\201/\201/p", flag=3)
    at expand.c:214
214                             if (quotes)
(gdb) x/7i $pc-20
0x173ec <argstr+304>:   mov  %i0, %o0
0x173f0 <argstr+308>:   call  0x18300 <evalvar>
0x173f4 <argstr+312>:   and  %i1, %o1, %o1
0x173f8 <argstr+316>:   b  0x17394 <argstr+216>
0x173fc <argstr+320>:   mov  %o0, %i0
0x17400 <argstr+324>:   cmp  %l6, 0
0x17404 <argstr+328>:   sethi  %hi(0x31000), %l3
(gdb) bt
#0  argstr (p=0x3b526 "/^DEPDIR \201= \201/ s\201/\201/\201/p", flag=3)
    at expand.c:214
#1  0x000171c4 in expandarg (arg=0x3b544, arglist=0xefffd1d0, flag=3)
    at expand.c:144
#2  0x0001461c in evalcommand (cmd=0x3b584, flags=1, backcmd=0x0) at eval.c:716
#3  0x0001396c in evaltree (n=0x3b584, flags=1) at eval.c:294
#4  0x000142ec in evalbackcmd (n=0x3b584, result=0xefffd3d0) at eval.c:589
#5  0x00017c70 in expbackq (cmd=0x3b584, quoted=0, flag=0) at expand.c:436
#6  0x000174ac in argstr (p=0x3b59c "", flag=4) at expand.c:224
#7  0x000171c4 in expandarg (arg=0x3b5a4, arglist=0xefffd5a8, flag=4)
    at expand.c:144
#8  0x00014738 in evalcommand (cmd=0x3b5b4, flags=0, backcmd=0x0) at eval.c:734
#9  0x0001396c in evaltree (n=0x3b5b4, flags=0) at eval.c:294
#10 0x00013954 in evaltree (n=0x3b5c4, flags=0) at eval.c:267
#11 0x00013904 in evaltree (n=0x3b684, flags=0) at eval.c:231
#12 0x00013904 in evaltree (n=0x3b79c, flags=0) at eval.c:231
#13 0x00013904 in evaltree (n=0x3b884, flags=0) at eval.c:231
#14 0x00013904 in evaltree (n=0x3cf5c, flags=0) at eval.c:231
#15 0x00013cc0 in evalfor (n=0x3a964, flags=0) at eval.c:366
#16 0x00013a90 in evaltree (n=0x3a964, flags=0) at eval.c:277
#17 0x00013954 in evaltree (n=0x3cf74, flags=0) at eval.c:267
#18 0x00013e20 in evalcase (n=0x3a8cc, flags=0) at eval.c:402
#19 0x00013aa4 in evaltree (n=0x3a874, flags=0) at eval.c:280
#20 0x00013954 in evaltree (n=0x3f36c, flags=0) at eval.c:267
#21 0x00013cc0 in evalfor (n=0x31128, flags=0) at eval.c:366
#22 0x00013a90 in evaltree (n=0x31128, flags=0) at eval.c:277
#23 0x0001edb8 in cmdloop (top=1) at main.c:266
#24 0x0001eaa4 in main (argc=2, argv=0xefffddbc) at main.c:217
#25 0x00011954 in ___start ()
(gdb) i r
g0             0x0      0
g1             0xffffff81       -127
g2             0x3f4bc  259260
g3             0x140    320
g4             0x0      0
g5             0x0      0
g6             0x0      0
g7             0x0      0
o0             0x3f4af  259247
o1             0x17178  94584
o2             0x0      0
o3             0x1      1
o4             0x44     68
o5             0x0      0
sp             0xefffd008       4026519560
o7             0x196e0  104160
l0             0x81000000       -2130706432
l1             0x81     129
l2             0x81     129
l3             0x31000  200704
l4             0x0      0
l5             0x0      0
l6             0x1      1
l7             0x30c00  199680
i0             0x3b526  242982
i1             0x3      3
i2             0x17178  94584
i3             0xf3119fb0       -216948816
i4             0x0      0
i5             0x1      1
fp             0xefffd070       4026519664
i7             0x171bc  94652
y              0x0      0
psr            0x4900087        76546183        icc:N--C, pil:0, s:1, ps:0, et:0, cwp:7
wim            0x0      0
tbr            0x0      0
pc             0x17400  95232
npc            0x17404  95236
fpsr           0x0      0       rd:N, tem:0, ns:0, ver:0, ftt:0, qne:0, fcc:=, aexc:0, cexc:0
cpsr           0x0      0
(gdb)


Repeating build of devel/gmake yields identical results except:

i3             0xf315efb0       -216666192


Repeat (2) of devel/gmake:

config.status: creating config.h
config.status: executing depfiles commands
[1]   Segmentation fault (core dumped) sed -n -e "/^DEP...
[1]   Segmentation fault (core dumped) sed -n -e "/^DEP...
config.status: executing default-1 commands
config.status: creating po/POTFILES
config.status: creating po/Makefile

Differences from previous, 1st core dump:
o3             0x0      0
i3             0xf3341fb0       -214687824

Differences from previous, 2nd core dump:
o1             0x344    836
o2             0x192a8  103080
o3             0xf3341fb0       -214687824
i2             0x2019ad94       538553748
i3             0xf3341fb0       -214687824



Building devel/gmake directly (instead of nested dependency of fluxbox):

config.status: executing depfiles commands
[1]   Segmentation fault (core dumped) sed -n -e "/^DEP...
config.status: executing default-1 commands

Differences from initial gdb session above:

o3             0x0      0
sp             0xefffd050       4026519632
i3             0xf4126fb0       -200118352
fp             0xefffd0b8       4026519736


Repeating, same as above, except,

o3             0x1      1
i3             0xf3151fb0       -216719440



-- 
John D. Baker, KN5UKS                    NetBSD     Darwin/MacOS X
jdbaker(at)mylinuxisp(dot)com                 OpenBSD            FreeBSD
BSD -- It just sits there and _works_!