From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-lf1-x133.google.com (mail-lf1-x133.google.com [IPv6:2a00:1450:4864:20::133]) by sourceware.org (Postfix) with ESMTPS id 4B8DD3858D20 for ; Fri, 4 Feb 2022 16:53:32 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 4B8DD3858D20 Received: by mail-lf1-x133.google.com with SMTP id z4so13847001lft.3 for ; Fri, 04 Feb 2022 08:53:32 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=y9y/Z1pTMfDLhSwLnix/M7LkRt49VtXUc/AsccX6BgA=; b=mDO0GYwvNLHswU1sTsgtVtUHe4YAtYvsWj+/9W1l46BJNbJJr0wOPf9AGSfsIAif96 qDw3Brjvgosh5nR+OMcsyY1HK+yX7UQtBiMdTlAAev5alMH9AmLW/iXMBcsYL3aJPQAQ eGZDoaqC8H0EpKeVXkHDSNgf4tDCwRKLZybCmoNIwV4n2se+qx0OWu3oXdKm5kT9u992 GrqPPqKy6SKyPGjMo4oDKT8ZkfxBQTSiZxg2u4molOG+d2TgLvvC5qBBNmxSWIqmj26e hQJSAUbttgJBWCNroHIoBDbBwwTtOaMSkWTrl3hUKbv7lEdRhIfzXLYVOLjjFPv50PhL xUVQ== X-Gm-Message-State: AOAM531/jSuCvFWmZspI8NWptze2zyZfzGLu5F5QiNl0yDT/FkKFntWa tEf7tBiusIUjxSwIUmEyV92EJa+C9NA= X-Google-Smtp-Source: ABdhPJxMak1iAk9o3+TWY4ltOqHx6i4mzy6hfgACQ+aQO1E/9WpKQwmlToO8gHETuyIkyFMqnGn0NQ== X-Received: by 2002:a05:6512:1394:: with SMTP id p20mr113396lfa.395.1643993609154; Fri, 04 Feb 2022 08:53:29 -0800 (PST) Received: from [192.168.10.175] (37-247-29-68.customers.ownit.se. [37.247.29.68]) by smtp.gmail.com with ESMTPSA id b20sm383903lfb.51.2022.02.04.08.53.28 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 04 Feb 2022 08:53:28 -0800 (PST) Message-ID: Date: Fri, 4 Feb 2022 17:53:27 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0 Subject: Re: Debugging ld.so in gdb Content-Language: en-US To: Florian Weimer Cc: Jacob Kroon via Gdb References: <29e0ef71-4706-9b0f-2a68-e12c54120d8e@gmail.com> <8735kypwcd.fsf@oldenburg.str.redhat.com> <87y22qognw.fsf@oldenburg.str.redhat.com> <87h79eobq1.fsf@oldenburg.str.redhat.com> From: Jacob Kroon In-Reply-To: <87h79eobq1.fsf@oldenburg.str.redhat.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, NICE_REPLY_A, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: gdb@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Feb 2022 16:53:35 -0000 On 2/4/22 17:09, Florian Weimer wrote: > * Jacob Kroon: > >> On 2/4/22 15:22, Florian Weimer wrote: >>> * Jacob Kroon: >>> >>>> This is what I get, following the instructions above: >>>> >>>>> 171966 0x00007ffff7fd85a0 : mov 0x0(%r13),%rax >>>>> 171967 0x00007ffff7fd85a4 : lea -0x8(%rax),%rdx >>>>> 171968 0x00007ffff7fd85a8 : mov %rdx,0x0(%r13) >>>>> 171969 0x00007ffff7fd85ac : mov %rbp,-0x8(%rax) >>>>> 171970 0x00007ffff7fd85b0 : add $0x8,%rsp >>>>> 171971 0x00007ffff7fd85b4 : pop %rbx >>>>> 171972 0x00007ffff7fd85b5 : pop %rbp >>>>> 171973 0x00007ffff7fd85b6 : pop %r12 >>>>> 171974 0x00007ffff7fd85b8 : pop %r13 >>>>> 171975 0x00007ffff7fd85ba : ret >>>> >>>> Does that make sense ? Any other information I can provide. This is with >>>> glibc-2.34-24.fc35.x86_64, Fedora 35. >>> >>> This doesn't really make sense. There's probably some GDB option to get >>> a longer trace. >>> >>> If it is crashing at the RET, it means that either code has been mapped >>> over, or the stack has been corrupted. At the crash site, what does >>> >>> print *(void**)$rsp >>> >>> print? >>> >> >> $2 = (void *) 0x7ffff7d31b70 >> >>> disassemble *(void**)$rsp >>> >>> could also be interesting. >>> >> >> "No function contains specified address" >> >> Let me see if I can find some gdb option to get a longer trace. > > Looks like the code at that address has been unmapped (or the link map > is at least gone from a GDB perspective). Maybe you can see what was at > the address before using “info files”? > > Thanks, > Florian > I couldn't see that address anywhere in the output of "show files". But I did "full" recording, and found a place where just stepping a single instruction broke gdb interpreting the backtrace, if that is of any help. This is what I do: 1. goto instruction 225037 2. print backtrace (looks sane) 3. do "disas" 4. step one instruction with "stepi" 5. print backtrace (looks garbled) 6. do "disas" > (gdb) record goto 225037 > Go backward to insn number 225037 > #0 dfs_traversal (rpo=rpo@entry=0x7fffffffd3b0, map=0x7ffff7fad590, do_reldeps=do_reldeps@entry=0x0) at dl-sort-maps.c:175 > 175 **rpo = map; > (gdb) bt > #0 dfs_traversal (rpo=rpo@entry=0x7fffffffd3b0, map=0x7ffff7fad590, do_reldeps=do_reldeps@entry=0x0) at dl-sort-maps.c:175 > #1 0x00007ffff7fd85d4 in dfs_traversal (do_reldeps=0x0, map=, rpo=0x7fffffffd3b0) at dl-sort-maps.c:143 > #2 dfs_traversal (rpo=rpo@entry=0x7fffffffd3b0, map=0x7ffff7fadb70, do_reldeps=do_reldeps@entry=0x0) at dl-sort-maps.c:155 > #3 0x00007ffff7fd89cd in dfs_traversal (do_reldeps=0x0, map=, rpo=0x7fffffffd3b0) at dl-sort-maps.c:143 > #4 _dl_sort_maps_dfs (skip=, for_fini=, nmaps=15, maps=0x7ffff7953de0) at dl-sort-maps.c:233 > #5 _dl_sort_maps (maps=maps@entry=0x7ffff7953de0, nmaps=nmaps@entry=15, skip=, for_fini=for_fini@entry=false) at dl-sort-maps.c:299 > #6 0x00007ffff7fcaf0f in _dl_map_object_deps (map=, preloads=, npreloads=, trace_mode=, open_mode=) > at dl-deps.c:616 > #7 0x00007ffff7fe6970 in dl_main (phdr=, phnum=, user_entry=, auxv=) at rtld.c:1968 > #8 0x00007ffff7fe2c7c in _dl_sysdep_start (start_argptr=, dl_main=0x7ffff7fe4bb0 ) at ../elf/dl-sysdep.c:264 > #9 0x00007ffff7fe4678 in _dl_start_final (arg=0x7fffffffdf50) at rtld.c:493 > #10 _dl_start (arg=0x7fffffffdf50) at rtld.c:587 > #11 0x00007ffff7fe36a8 in _start () > (gdb) disas > Dump of assembler code for function dfs_traversal: > 0x00007ffff7fd8550 <+0>: push %r13 > 0x00007ffff7fd8552 <+2>: mov %rdi,%r13 > 0x00007ffff7fd8555 <+5>: push %r12 > 0x00007ffff7fd8557 <+7>: mov %rdx,%r12 > 0x00007ffff7fd855a <+10>: push %rbp > 0x00007ffff7fd855b <+11>: mov %rsi,%rbp > 0x00007ffff7fd855e <+14>: push %rbx > 0x00007ffff7fd855f <+15>: sub $0x8,%rsp > 0x00007ffff7fd8563 <+19>: mov 0x3d0(%rsi),%rax > 0x00007ffff7fd856a <+26>: orb $0x1,0x31d(%rsi) > 0x00007ffff7fd8571 <+33>: test %rax,%rax > 0x00007ffff7fd8574 <+36>: je 0x7ffff7fd859b > 0x00007ffff7fd8576 <+38>: mov (%rax),%rsi > 0x00007ffff7fd8579 <+41>: test %rsi,%rsi > 0x00007ffff7fd857c <+44>: je 0x7ffff7fd859b > 0x00007ffff7fd857e <+46>: mov $0x8,%ebx > 0x00007ffff7fd8583 <+51>: testw $0x180,0x31c(%rsi) > 0x00007ffff7fd858c <+60>: je 0x7ffff7fd85c0 > 0x00007ffff7fd858e <+62>: mov (%rax,%rbx,1),%rsi > 0x00007ffff7fd8592 <+66>: add $0x8,%rbx > 0x00007ffff7fd8596 <+70>: test %rsi,%rsi > 0x00007ffff7fd8599 <+73>: jne 0x7ffff7fd8583 > 0x00007ffff7fd859b <+75>: test %r12,%r12 > 0x00007ffff7fd859e <+78>: jne 0x7ffff7fd85e0 > 0x00007ffff7fd85a0 <+80>: mov 0x0(%r13),%rax > 0x00007ffff7fd85a4 <+84>: lea -0x8(%rax),%rdx > 0x00007ffff7fd85a8 <+88>: mov %rdx,0x0(%r13) > => 0x00007ffff7fd85ac <+92>: mov %rbp,-0x8(%rax) > 0x00007ffff7fd85b0 <+96>: add $0x8,%rsp > 0x00007ffff7fd85b4 <+100>: pop %rbx > 0x00007ffff7fd85b5 <+101>: pop %rbp > 0x00007ffff7fd85b6 <+102>: pop %r12 > 0x00007ffff7fd85b8 <+104>: pop %r13 > 0x00007ffff7fd85ba <+106>: ret > 0x00007ffff7fd85bb <+107>: nopl 0x0(%rax,%rax,1) > 0x00007ffff7fd85c0 <+112>: testb $0x1,0x31d(%rsi) > 0x00007ffff7fd85c7 <+119>: jne 0x7ffff7fd858e > 0x00007ffff7fd85c9 <+121>: mov %r12,%rdx > 0x00007ffff7fd85cc <+124>: mov %r13,%rdi > 0x00007ffff7fd85cf <+127>: call 0x7ffff7fd8550 > 0x00007ffff7fd85d4 <+132>: mov 0x3d0(%rbp),%rax > 0x00007ffff7fd85db <+139>: jmp 0x7ffff7fd858e > 0x00007ffff7fd85dd <+141>: nopl (%rax) > 0x00007ffff7fd85e0 <+144>: mov 0x3d8(%rbp),%rax > 0x00007ffff7fd85e7 <+151>: test %rax,%rax > 0x00007ffff7fd85ea <+154>: je 0x7ffff7fd85a0 > 0x00007ffff7fd85ec <+156>: mov (%rax),%ebx > 0x00007ffff7fd85ee <+158>: movb $0x1,(%r12) > 0x00007ffff7fd85f3 <+163>: sub $0x1,%ebx > 0x00007ffff7fd85f6 <+166>: js 0x7ffff7fd85a0 > 0x00007ffff7fd85f8 <+168>: movslq %ebx,%rdx > 0x00007ffff7fd85fb <+171>: mov 0x8(%rax,%rdx,8),%rsi > 0x00007ffff7fd8600 <+176>: testw $0x180,0x31c(%rsi) > 0x00007ffff7fd8609 <+185>: je 0x7ffff7fd8619 > 0x00007ffff7fd860b <+187>: sub $0x1,%ebx > 0x00007ffff7fd860e <+190>: jb 0x7ffff7fd85a0 > 0x00007ffff7fd8610 <+192>: mov 0x3d8(%rbp),%rax > 0x00007ffff7fd8617 <+199>: jmp 0x7ffff7fd85f8 > 0x00007ffff7fd8619 <+201>: testb $0x1,0x31d(%rsi) > 0x00007ffff7fd8620 <+208>: jne 0x7ffff7fd860b > 0x00007ffff7fd8622 <+210>: mov %r12,%rdx > 0x00007ffff7fd8625 <+213>: mov %r13,%rdi > 0x00007ffff7fd8628 <+216>: call 0x7ffff7fd8550 > 0x00007ffff7fd862d <+221>: jmp 0x7ffff7fd860b > End of assembler dump. > (gdb) stepi > 0x00007ffff7fd85b0 176 } > (gdb) bt > #0 0x00007ffff7fd85b0 in dfs_traversal (rpo=rpo@entry=0x7fffffffd3b0, map=0x7ffff7fad590, do_reldeps=do_reldeps@entry=0x0) at dl-sort-maps.c:176 > #1 0x00007ffff7fd85d4 in dfs_traversal (do_reldeps=0x0, map=, rpo=0x7fffffffd3b0) at dl-sort-maps.c:143 > #2 dfs_traversal (rpo=0x7fffffffd3b0, map=0x7ffff7fadb70, do_reldeps=0x0) at dl-sort-maps.c:155 > #3 0x00007ffff7fad590 in ?? () > #4 0x00007ffff7d31b70 in ?? () > #5 0x00007ffff7d32830 in ?? () > #6 0x00007ffff7fae150 in ?? () > #7 0x00007ffff7fae730 in ?? () > #8 0x00007ffff7d32160 in ?? () > #9 0x00007ffff7952d30 in ?? () > #10 0x00007ffff79d1920 in ?? () > #11 0x00007ffff7d31000 in ?? () > #12 0x00007ffff79d1ef0 in ?? () > #13 0x00007ffff79d24c0 in ?? () > #14 0x00007ffff7952000 in ?? () > #15 0x00007ffff7952660 in ?? () > #16 0x00007ffff79537a0 in ?? () > #17 0x00007ffff7d31570 in ?? () > #18 0x00007ffff7ffda30 in _rtld_local () > #19 0x0000000000000001 in ?? () > #20 0xffffffffa5c00000 in ?? () > #21 0xffffeffc0b0e0000 in ?? () > #22 0x00007ffff795a409 in ?? () > #23 0x0000000000000000 in ?? () > (gdb) disas > Dump of assembler code for function dfs_traversal: > 0x00007ffff7fd8550 <+0>: push %r13 > 0x00007ffff7fd8552 <+2>: mov %rdi,%r13 > 0x00007ffff7fd8555 <+5>: push %r12 > 0x00007ffff7fd8557 <+7>: mov %rdx,%r12 > 0x00007ffff7fd855a <+10>: push %rbp > 0x00007ffff7fd855b <+11>: mov %rsi,%rbp > 0x00007ffff7fd855e <+14>: push %rbx > 0x00007ffff7fd855f <+15>: sub $0x8,%rsp > 0x00007ffff7fd8563 <+19>: mov 0x3d0(%rsi),%rax > 0x00007ffff7fd856a <+26>: orb $0x1,0x31d(%rsi) > 0x00007ffff7fd8571 <+33>: test %rax,%rax > 0x00007ffff7fd8574 <+36>: je 0x7ffff7fd859b > 0x00007ffff7fd8576 <+38>: mov (%rax),%rsi > 0x00007ffff7fd8579 <+41>: test %rsi,%rsi > 0x00007ffff7fd857c <+44>: je 0x7ffff7fd859b > 0x00007ffff7fd857e <+46>: mov $0x8,%ebx > 0x00007ffff7fd8583 <+51>: testw $0x180,0x31c(%rsi) > 0x00007ffff7fd858c <+60>: je 0x7ffff7fd85c0 > 0x00007ffff7fd858e <+62>: mov (%rax,%rbx,1),%rsi > 0x00007ffff7fd8592 <+66>: add $0x8,%rbx > 0x00007ffff7fd8596 <+70>: test %rsi,%rsi > 0x00007ffff7fd8599 <+73>: jne 0x7ffff7fd8583 > 0x00007ffff7fd859b <+75>: test %r12,%r12 > 0x00007ffff7fd859e <+78>: jne 0x7ffff7fd85e0 > 0x00007ffff7fd85a0 <+80>: mov 0x0(%r13),%rax > 0x00007ffff7fd85a4 <+84>: lea -0x8(%rax),%rdx > 0x00007ffff7fd85a8 <+88>: mov %rdx,0x0(%r13) > 0x00007ffff7fd85ac <+92>: mov %rbp,-0x8(%rax) > => 0x00007ffff7fd85b0 <+96>: add $0x8,%rsp > 0x00007ffff7fd85b4 <+100>: pop %rbx > 0x00007ffff7fd85b5 <+101>: pop %rbp > 0x00007ffff7fd85b6 <+102>: pop %r12 > 0x00007ffff7fd85b8 <+104>: pop %r13 > 0x00007ffff7fd85ba <+106>: ret > 0x00007ffff7fd85bb <+107>: nopl 0x0(%rax,%rax,1) > 0x00007ffff7fd85c0 <+112>: testb $0x1,0x31d(%rsi) > 0x00007ffff7fd85c7 <+119>: jne 0x7ffff7fd858e > 0x00007ffff7fd85c9 <+121>: mov %r12,%rdx > 0x00007ffff7fd85cc <+124>: mov %r13,%rdi > 0x00007ffff7fd85cf <+127>: call 0x7ffff7fd8550 > 0x00007ffff7fd85d4 <+132>: mov 0x3d0(%rbp),%rax > 0x00007ffff7fd85db <+139>: jmp 0x7ffff7fd858e > 0x00007ffff7fd85dd <+141>: nopl (%rax) > 0x00007ffff7fd85e0 <+144>: mov 0x3d8(%rbp),%rax > 0x00007ffff7fd85e7 <+151>: test %rax,%rax > 0x00007ffff7fd85ea <+154>: je 0x7ffff7fd85a0 > 0x00007ffff7fd85ec <+156>: mov (%rax),%ebx > 0x00007ffff7fd85ee <+158>: movb $0x1,(%r12) > 0x00007ffff7fd85f3 <+163>: sub $0x1,%ebx > 0x00007ffff7fd85f6 <+166>: js 0x7ffff7fd85a0 > 0x00007ffff7fd85f8 <+168>: movslq %ebx,%rdx > 0x00007ffff7fd85fb <+171>: mov 0x8(%rax,%rdx,8),%rsi > 0x00007ffff7fd8600 <+176>: testw $0x180,0x31c(%rsi) > 0x00007ffff7fd8609 <+185>: je 0x7ffff7fd8619 > 0x00007ffff7fd860b <+187>: sub $0x1,%ebx > 0x00007ffff7fd860e <+190>: jb 0x7ffff7fd85a0 > 0x00007ffff7fd8610 <+192>: mov 0x3d8(%rbp),%rax > 0x00007ffff7fd8617 <+199>: jmp 0x7ffff7fd85f8 > 0x00007ffff7fd8619 <+201>: testb $0x1,0x31d(%rsi) > 0x00007ffff7fd8620 <+208>: jne 0x7ffff7fd860b > 0x00007ffff7fd8622 <+210>: mov %r12,%rdx > 0x00007ffff7fd8625 <+213>: mov %r13,%rdi > 0x00007ffff7fd8628 <+216>: call 0x7ffff7fd8550 > 0x00007ffff7fd862d <+221>: jmp 0x7ffff7fd860b > End of assembler dump. /Jacob