9 Regression] Segfault in glibc if compiled with -march=amdfam10 -O2 (x86)

ubizjak at gmail dot com Tue, 23 Oct 2018 10:35:32 -0700

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87702


--- Comment #3 from Uroš Bizjak <ubizjak at gmail dot com> ---
(In reply to Mihail Zenkov from comment #2)
> I'm not sure how to reproduce this regressions without rebuilding glibc. But
> I can provide prebuilded glibc for test.
> 
> http://www.knk.uwebweb.com/glibc-segfault.tar.xz
> 
> To reproduce just unpack and run ./test.sh. You should see:
> 
> ./test.sh
> Regression 1
> busybox               ld.so                 libc_regression_1.so 
> libc_regression_2.so  test.sh
> BusyBox v1.29.3 (2018-10-18 20:28:02 BY) multi-call binary.
> 
> Usage: rm [-irf] FILE...
> 
> Remove (unlink) FILEs
> 
>         -i      Always prompt before removing
>         -f      Never prompt
>         -R,-r   Recurse
> Segmentation fault

This one is unaligned access in function __run_exit_handlers:

   0xf7e2404d <+173>:   je     0xf7e24050 <__run_exit_handlers+176>
   0xf7e2404f <+175>:   lock cmpxchg %ecx,(%esi)
   0xf7e24053 <+179>:   je     0xf7e2405c <__run_exit_handlers+188>
   0xf7e24055 <+181>:   lea    (%esi),%ecx
   0xf7e24057 <+183>:   call   0xf7efd6b0 <__lll_lock_wait_private>
   0xf7e2405c <+188>:   movq   0x3720(%ebp),%xmm0
=> 0xf7e24064 <+196>:   movdqa (%esp),%xmm1
   0xf7e24069 <+201>:   pxor   %xmm0,%xmm1
   0xf7e2406d <+205>:   movdqa %xmm1,%xmm0
   0xf7e24071 <+209>:   movd   %xmm0,%ecx
   0xf7e24075 <+213>:   psrlq  $0x20,%xmm0
   0xf7e2407a <+218>:   movd   %xmm0,%eax
   0xf7e2407e <+222>:   or     %ecx,%eax
   0xf7e24080 <+224>:   jne    0xf7e23ffe <__run_exit_handlers+94>

(gdb) p $esp
$1 = (void *) 0xffffc3c8

> 
> Regression 2
> busybox               ld.so                 libc_regression_1.so 
> libc_regression_2.so  test.sh
> Segmentation fault

This one is in function _IO_vfscanf_internal:

   0xf7e6fe26 <+326>:   movaps -0x5f210(%ecx),%xmm1
   0xf7e6fe2d <+333>:   movapd -0x5f280(%ecx),%xmm2
   0xf7e6fe35 <+341>:   mov    %esi,-0x5b0(%ebp)
   0xf7e6fe3b <+347>:   movl   $0x0,-0x5b4(%ebp)
=> 0xf7e6fe45 <+357>:   movaps %xmm1,-0x5e8(%ebp)
   0xf7e6fe4c <+364>:   movl   $0x0,-0x594(%ebp)
   0xf7e6fe56 <+374>:   movl   $0x0,-0x5bc(%ebp)
   0xf7e6fe60 <+384>:   movl   $0x0,-0x5c8(%ebp)

(gdb) p $ebp
$1 = (void *) 0xffffc040

So, the best way to proceed is to isolate mentioned functions and feed them
with some test data to prepare a failing runtime testcase. Please also post
preprocessed source of failing functions, so we can see where unaligned access
comes from.

[Bug target/87702] [6/7/8/9 Regression] Segfault in glibc if compiled with -march=amdfam10 -O2 (x86)

Reply via email to