On Mon, Jun 12, 2023 at 08:00:10PM +0200, Sebastien Marie wrote: > firefox (and thunderbird) has devel/nasm in BUILD_DEPENDS, so they should > have > asm functions which might need correction, or they might using a library in > this > case. > > Could you get a egdb backtrace (and a disassemble) of the SIGILL ?
Certainly. Here is the one for thunderbird: [Mon Jun 12 20:05:36] peter@zaida:~$ egdb /usr/local/bin/thunderbird thunderbird.core GNU gdb (GDB) 9.2 Copyright (C) 2020 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-unknown-openbsd7.3". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /usr/local/bin/thunderbird... (No debugging symbols found in /usr/local/bin/thunderbird) [New process 370202] Core was generated by `thunderbird'. Program terminated with signal SIGILL, Illegal instruction. #0 0x00000b3333b99bf0 in Gecko_StartBulkWriteString () from /usr/local/lib/thunderbird/libxul.so.37.0 (gdb) bt #0 0x00000b3333b99bf0 in Gecko_StartBulkWriteString () from /usr/local/lib/thunderbird/libxul.so.37.0 #1 0x00000b3338bf9504 in nsstring::conversions::<impl nsstring::nsAString>::fallible_append_utf8_impl () from /usr/local/lib/thunderbird/libxul.so.37.0 #2 0x00000b3338bf7ffd in nsstring_fallible_append_utf8_impl () from /usr/local/lib/thunderbird/libxul.so.37.0 #3 0x00000b3333c20940 in NS_CopyNativeToUnicode(nsTSubstring<char> const&, nsTSubstring<char16_t>&) () from /usr/local/lib/thunderbird/libxul.so.37.0 #4 0x00000b3337a85051 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) () from /usr/local/lib/thunderbird/libxul.so.37.0 #5 0x00000b3337a85595 in XRE_main(int, char**, mozilla::BootstrapConfig const&) () from /usr/local/lib/thunderbird/libxul.so.37.0 #6 0x00000b3030764db2 in main () (gdb) disassemble Dump of assembler code for function Gecko_StartBulkWriteString: => 0x00000b3333b99bf0 <+0>: mov 0x5ddcb21(%rip),%r11 # 0xb3339976718 <__retguard_781> 0x00000b3333b99bf7 <+7>: xor (%rsp),%r11 0x00000b3333b99bfb <+11>: push %r11 0x00000b3333b99bfd <+13>: sub $0x20,%rsp 0x00000b3333b99c01 <+17>: mov %ecx,%r8d 0x00000b3333b99c04 <+20>: mov %rdi,%rax 0x00000b3333b99c07 <+23>: mov %esi,%r9d 0x00000b3333b99c0a <+26>: mov %edx,%ecx 0x00000b3333b99c0c <+28>: xorps %xmm0,%xmm0 0x00000b3333b99c0f <+31>: movups %xmm0,(%rsp) 0x00000b3333b99c13 <+35>: lea 0x10(%rsp),%rdi 0x00000b3333b99c18 <+40>: mov %rax,%rsi 0x00000b3333b99c1b <+43>: mov %r9,%rdx 0x00000b3333b99c1e <+46>: xor %r9d,%r9d 0x00000b3333b99c21 <+49>: callq 0xb3333b99c60 <_ZN12nsTSubstringIDsE18StartBulkWriteImplEmmbmmm> 0x00000b3333b99c26 <+54>: cmpl $0x0,0x18(%rsp) 0x00000b3333b99c2b <+59>: jne 0xb3333b99c50 <Gecko_StartBulkWriteString+96> 0x00000b3333b99c2d <+61>: mov 0x10(%rsp),%eax 0x00000b3333b99c31 <+65>: add $0x20,%rsp 0x00000b3333b99c35 <+69>: pop %r11 0x00000b3333b99c37 <+71>: xor (%rsp),%r11 0x00000b3333b99c3b <+75>: cmp 0x5ddcad6(%rip),%r11 # 0xb3339976718 <__retguard_781> 0x00000b3333b99c42 <+82>: je 0xb3333b99c4f <Gecko_StartBulkWriteString+95> 0x00000b3333b99c44 <+84>: int3 0x00000b3333b99c45 <+85>: int3 0x00000b3333b99c46 <+86>: int3 0x00000b3333b99c47 <+87>: int3 0x00000b3333b99c48 <+88>: int3 0x00000b3333b99c49 <+89>: int3 0x00000b3333b99c4a <+90>: int3 0x00000b3333b99c4b <+91>: int3 0x00000b3333b99c4c <+92>: int3 0x00000b3333b99c4d <+93>: int3 0x00000b3333b99c4e <+94>: int3 0x00000b3333b99c4f <+95>: retq 0x00000b3333b99c50 <+96>: mov $0xffffffff,%eax 0x00000b3333b99c55 <+101>: jmp 0xb3333b99c31 <Gecko_StartBulkWriteString+65> End of assembler dump. (gdb) quit Next up we do firefox [Mon Jun 12 20:08:27] peter@zaida:~$ egdb /usr/local/bin/firefox firefox.core GNU gdb (GDB) 9.2 Copyright (C) 2020 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-unknown-openbsd7.3". Type "show configuration" for configuration details. For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. Find the GDB manual and other documentation resources online at: <http://www.gnu.org/software/gdb/documentation/>. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from /usr/local/bin/firefox... (No debugging symbols found in /usr/local/bin/firefox) [New process 310451] Core was generated by `firefox'. Program terminated with signal SIGILL, Illegal instruction. #0 0x00000c3183c571c0 in Gecko_StartBulkWriteString () from /usr/local/lib/firefox/libxul.so.127.0 (gdb) bt #0 0x00000c3183c571c0 in Gecko_StartBulkWriteString () from /usr/local/lib/firefox/libxul.so.127.0 #1 0x00000c3182e58f64 in nsstring::conversions::<impl nsstring::nsAString>::fallible_append_utf8_impl () from /usr/local/lib/firefox/libxul.so.127.0 #2 0x00000c317fbd7b4d in nsstring_fallible_append_utf8_impl () from /usr/local/lib/firefox/libxul.so.127.0 #3 0x00000c317fff84d0 in NS_CopyNativeToUnicode(nsTSubstring<char> const&, nsTSubstring<char16_t>&) () from /usr/local/lib/firefox/libxul.so.127.0 #4 0x00000c31808ed5a0 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) () from /usr/local/lib/firefox/libxul.so.127.0 #5 0x00000c31808ec411 in XRE_main(int, char**, mozilla::BootstrapConfig const&) () from /usr/local/lib/firefox/libxul.so.127.0 #6 0x00000c2e7d978287 in main () (gdb) disassemble Dump of assembler code for function Gecko_StartBulkWriteString: => 0x00000c3183c571c0 <+0>: mov 0x202cef1(%rip),%r11 # 0xc3185c840b8 <__retguard_2646> 0x00000c3183c571c7 <+7>: xor (%rsp),%r11 0x00000c3183c571cb <+11>: push %r11 0x00000c3183c571cd <+13>: push %rbp 0x00000c3183c571ce <+14>: push %r15 0x00000c3183c571d0 <+16>: push %r14 0x00000c3183c571d2 <+18>: push %r13 0x00000c3183c571d4 <+20>: push %r12 0x00000c3183c571d6 <+22>: push %rbx 0x00000c3183c571d7 <+23>: sub $0x10,%rsp 0x00000c3183c571db <+27>: mov %rdi,%r14 0x00000c3183c571de <+30>: test %esi,%esi 0x00000c3183c571e0 <+32>: je 0xc3183c573a6 <Gecko_StartBulkWriteString+486> 0x00000c3183c571e6 <+38>: mov %esi,%ebx 0x00000c3183c571e8 <+40>: movzwl 0xc(%r14),%ebp 0x00000c3183c571ed <+45>: test $0x4,%bpl 0x00000c3183c571f1 <+49>: jne 0xc3183c57209 <Gecko_StartBulkWriteString+73> 0x00000c3183c571f3 <+51>: test $0x10,%bpl 0x00000c3183c571f7 <+55>: jne 0xc3183c5729b <Gecko_StartBulkWriteString+219> 0x00000c3183c571fd <+61>: test $0x8,%bpl 0x00000c3183c57201 <+65>: je 0xc3183c57218 <Gecko_StartBulkWriteString+88> 0x00000c3183c57203 <+67>: mov 0x8(%r14),%r12d 0x00000c3183c57207 <+71>: jmp 0xc3183c5721b <Gecko_StartBulkWriteString+91> 0x00000c3183c57209 <+73>: mov (%r14),%rax 0x00000c3183c5720c <+76>: mov -0x8(%rax),%edi 0x00000c3183c5720f <+79>: cmp $0x1,%edi 0x00000c3183c57212 <+82>: jbe 0xc3183c572a4 <Gecko_StartBulkWriteString+228> 0x00000c3183c57218 <+88>: xor %r12d,%r12d 0x00000c3183c5721b <+91>: mov (%r14),%r8 0x00000c3183c5721e <+94>: cmp %rbx,%r12 0x00000c3183c57221 <+97>: jb 0xc3183c57250 <Gecko_StartBulkWriteString+144> 0x00000c3183c57223 <+99>: test %cl,%cl 0x00000c3183c57225 <+101>: jne 0xc3183c57250 <Gecko_StartBulkWriteString+144> 0x00000c3183c57227 <+103>: mov %r12d,%r13d 0x00000c3183c5722a <+106>: mov %r13d,%eax 0x00000c3183c5722d <+109>: add $0x10,%rsp 0x00000c3183c57231 <+113>: pop %rbx 0x00000c3183c57232 <+114>: pop %r12 0x00000c3183c57234 <+116>: pop %r13 0x00000c3183c57236 <+118>: pop %r14 0x00000c3183c57238 <+120>: pop %r15 0x00000c3183c5723a <+122>: pop %rbp 0x00000c3183c5723b <+123>: pop %r11 0x00000c3183c5723d <+125>: xor (%rsp),%r11 0x00000c3183c57241 <+129>: cmp 0x202ce70(%rip),%r11 # 0xc3185c840b8 <__retguard_2646> 0x00000c3183c57248 <+136>: je 0xc3183c5724f <Gecko_StartBulkWriteString+143> 0x00000c3183c5724a <+138>: int3 0x00000c3183c5724b <+139>: int3 0x00000c3183c5724c <+140>: int3 0x00000c3183c5724d <+141>: int3 0x00000c3183c5724e <+142>: int3 0x00000c3183c5724f <+143>: retq 0x00000c3183c57250 <+144>: testb $0x1,0xe(%r14) 0x00000c3183c57255 <+149>: je 0xc3183c57264 <Gecko_StartBulkWriteString+164> 0x00000c3183c57257 <+151>: mov 0x10(%r14),%r15d 0x00000c3183c5725b <+155>: cmp %esi,%r15d 0x00000c3183c5725e <+158>: jae 0xc3183c57343 <Gecko_StartBulkWriteString+387> 0x00000c3183c57264 <+164>: mov $0xffffffff,%r13d 0x00000c3183c5726a <+170>: cmp $0x3ffffffe,%esi 0x00000c3183c57270 <+176>: ja 0xc3183c5722a <Gecko_StartBulkWriteString+106> 0x00000c3183c57272 <+178>: cmp $0x800000,%esi 0x00000c3183c57278 <+184>: jb 0xc3183c572b3 <Gecko_StartBulkWriteString+243> 0x00000c3183c5727a <+186>: mov %r12,%r15 0x00000c3183c5727d <+189>: shr $0x3,%r15 0x00000c3183c57281 <+193>: add %r12,%r15 0x00000c3183c57284 <+196>: cmp %rbx,%r15 0x00000c3183c57287 <+199>: cmovb %rbx,%r15 0x00000c3183c5728b <+203>: add $0x100004,%r15 0x00000c3183c57292 <+210>: and $0xfffffffffff00000,%r15 0x00000c3183c57299 <+217>: jmp 0xc3183c572c9 <Gecko_StartBulkWriteString+265> 0x00000c3183c5729b <+219>: mov 0x10(%r14),%r12d --Type <RET> for more, q to quit, c to continue without paging-- 0x00000c3183c5729f <+223>: jmpq 0xc3183c5721b <Gecko_StartBulkWriteString+91> 0x00000c3183c572a4 <+228>: mov -0x4(%rax),%r12d 0x00000c3183c572a8 <+232>: shr %r12 0x00000c3183c572ab <+235>: dec %r12 0x00000c3183c572ae <+238>: jmpq 0xc3183c5721b <Gecko_StartBulkWriteString+91> 0x00000c3183c572b3 <+243>: lea 0x4(%rbx),%rax 0x00000c3183c572b7 <+247>: bsr %rax,%rcx 0x00000c3183c572bb <+251>: xor $0x3f,%ecx 0x00000c3183c572be <+254>: neg %cl 0x00000c3183c572c0 <+256>: mov $0x1,%r15d 0x00000c3183c572c6 <+262>: shl %cl,%r15 0x00000c3183c572c9 <+265>: add $0xfffffffffffffffb,%r15 0x00000c3183c572cd <+269>: mov $0x3ffffffe,%eax 0x00000c3183c572d2 <+274>: cmp %rax,%r15 0x00000c3183c572d5 <+277>: cmovae %rax,%r15 0x00000c3183c572d9 <+281>: mov %r12,%rax 0x00000c3183c572dc <+284>: sub %r15,%rax 0x00000c3183c572df <+287>: cmp $0x180,%rax 0x00000c3183c572e5 <+293>: ja 0xc3183c57300 <Gecko_StartBulkWriteString+320> 0x00000c3183c572e7 <+295>: mov %ebp,%eax 0x00000c3183c572e9 <+297>: and $0x4,%eax 0x00000c3183c572ec <+300>: test %ax,%ax 0x00000c3183c572ef <+303>: je 0xc3183c57300 <Gecko_StartBulkWriteString+320> 0x00000c3183c572f1 <+305>: mov %r8,(%r14) 0x00000c3183c572f4 <+308>: movw $0x5,0xc(%r14) 0x00000c3183c572fb <+315>: jmpq 0xc3183c57227 <Gecko_StartBulkWriteString+103> 0x00000c3183c57300 <+320>: mov %ebp,0x8(%rsp) 0x00000c3183c57304 <+324>: mov %r8,%rbp 0x00000c3183c57307 <+327>: mov %edx,0xc(%rsp) 0x00000c3183c5730b <+331>: lea (%r15,%r15,1),%rdi 0x00000c3183c5730f <+335>: add $0xa,%rdi 0x00000c3183c57313 <+339>: callq 0xc3185c6c2c0 0x00000c3183c57318 <+344>: test %rax,%rax 0x00000c3183c5731b <+347>: je 0xc3183c5737d <Gecko_StartBulkWriteString+445> 0x00000c3183c5731d <+349>: lea (%r15,%r15,1),%rcx 0x00000c3183c57321 <+353>: mov $0x1,%edx 0x00000c3183c57326 <+358>: xchg %edx,(%rax) 0x00000c3183c57328 <+360>: add $0x2,%ecx 0x00000c3183c5732b <+363>: mov %ecx,0x4(%rax) 0x00000c3183c5732e <+366>: add $0x8,%rax 0x00000c3183c57332 <+370>: mov $0x5,%cx 0x00000c3183c57336 <+374>: mov 0xc(%rsp),%edx 0x00000c3183c5733a <+378>: mov %rbp,%r8 0x00000c3183c5733d <+381>: mov 0x8(%rsp),%ebp 0x00000c3183c57341 <+385>: jmp 0xc3183c5734b <Gecko_StartBulkWriteString+395> 0x00000c3183c57343 <+387>: lea 0x14(%r14),%rax 0x00000c3183c57347 <+391>: mov $0x11,%cx 0x00000c3183c5734b <+395>: mov %rax,(%r14) 0x00000c3183c5734e <+398>: mov %cx,0xc(%r14) 0x00000c3183c57353 <+403>: cmp %rax,%r8 0x00000c3183c57356 <+406>: je 0xc3183c57375 <Gecko_StartBulkWriteString+437> 0x00000c3183c57358 <+408>: mov %edx,%edx 0x00000c3183c5735a <+410>: add %rdx,%rdx 0x00000c3183c5735d <+413>: mov %rax,%rdi 0x00000c3183c57360 <+416>: mov %r8,%r14 0x00000c3183c57363 <+419>: mov %r8,%rsi 0x00000c3183c57366 <+422>: callq 0xc3185c6bfc0 0x00000c3183c5736b <+427>: mov %ebp,%eax 0x00000c3183c5736d <+429>: test $0x4,%al 0x00000c3183c5736f <+431>: jne 0xc3183c5738e <Gecko_StartBulkWriteString+462> 0x00000c3183c57371 <+433>: test $0x8,%al 0x00000c3183c57373 <+435>: jne 0xc3183c5739c <Gecko_StartBulkWriteString+476> 0x00000c3183c57375 <+437>: mov %r15,%r12 0x00000c3183c57378 <+440>: jmpq 0xc3183c57227 <Gecko_StartBulkWriteString+103> 0x00000c3183c5737d <+445>: cmp %rbx,%r12 0x00000c3183c57380 <+448>: mov %rbp,%r8 0x00000c3183c57383 <+451>: jb 0xc3183c5722a <Gecko_StartBulkWriteString+106> 0x00000c3183c57389 <+457>: jmpq 0xc3183c572f1 <Gecko_StartBulkWriteString+305> 0x00000c3183c5738e <+462>: lock decl -0x8(%r14) 0x00000c3183c57393 <+467>: jne 0xc3183c57375 <Gecko_StartBulkWriteString+437> 0x00000c3183c57395 <+469>: add $0xfffffffffffffff8,%r14 0x00000c3183c57399 <+473>: mov (%r14),%eax --Type <RET> for more, q to quit, c to continue without paging-- 0x00000c3183c5739c <+476>: mov %r14,%rdi 0x00000c3183c5739f <+479>: callq 0xc3185c6bf40 0x00000c3183c573a4 <+484>: jmp 0xc3183c57375 <Gecko_StartBulkWriteString+437> 0x00000c3183c573a6 <+486>: mov (%r14),%rdi 0x00000c3183c573a9 <+489>: movzwl 0xc(%r14),%eax 0x00000c3183c573ae <+494>: test $0x4,%al 0x00000c3183c573b0 <+496>: jne 0xc3183c573d7 <Gecko_StartBulkWriteString+535> 0x00000c3183c573b2 <+498>: test $0x8,%al 0x00000c3183c573b4 <+500>: jne 0xc3183c573e3 <Gecko_StartBulkWriteString+547> 0x00000c3183c573b6 <+502>: lea -0x53ddd47(%rip),%rax # 0xc317e879676 <_ZL9gNullChar.llvm.9787528076955096302> 0x00000c3183c573bd <+509>: mov %rax,(%r14) 0x00000c3183c573c0 <+512>: movl $0x0,0x8(%r14) 0x00000c3183c573c8 <+520>: movw $0x1,0xc(%r14) 0x00000c3183c573cf <+527>: xor %r12d,%r12d 0x00000c3183c573d2 <+530>: jmpq 0xc3183c57227 <Gecko_StartBulkWriteString+103> 0x00000c3183c573d7 <+535>: lock decl -0x8(%rdi) 0x00000c3183c573db <+539>: jne 0xc3183c573b6 <Gecko_StartBulkWriteString+502> 0x00000c3183c573dd <+541>: add $0xfffffffffffffff8,%rdi 0x00000c3183c573e1 <+545>: mov (%rdi),%eax 0x00000c3183c573e3 <+547>: callq 0xc3185c6bf40 0x00000c3183c573e8 <+552>: jmp 0xc3183c573b6 <Gecko_StartBulkWriteString+502> End of assembler dump. (gdb) I've also put the typescripts of those sessions in https://nxdomain.no/~peter/sigill/ for reference (and a handy place to stuff things if there are other items that need to be dumped) All the best, Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
