https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87702
--- Comment #4 from Uroš Bizjak <ubizjak at gmail dot com> --- (In reply to Uroš Bizjak from comment #3) > (In reply to Mihail Zenkov from comment #2) > > I'm not sure how to reproduce this regressions without rebuilding glibc. But > > I can provide prebuilded glibc for test. > > > > http://www.knk.uwebweb.com/glibc-segfault.tar.xz > > > > To reproduce just unpack and run ./test.sh. You should see: > > > > ./test.sh > > Regression 1 > > busybox ld.so libc_regression_1.so > > libc_regression_2.so test.sh > > BusyBox v1.29.3 (2018-10-18 20:28:02 BY) multi-call binary. > > > > Usage: rm [-irf] FILE... > > > > Remove (unlink) FILEs > > > > -i Always prompt before removing > > -f Never prompt > > -R,-r Recurse > > Segmentation fault > > This one is unaligned access in function __run_exit_handlers: > > 0xf7e2404d <+173>: je 0xf7e24050 <__run_exit_handlers+176> > 0xf7e2404f <+175>: lock cmpxchg %ecx,(%esi) > 0xf7e24053 <+179>: je 0xf7e2405c <__run_exit_handlers+188> > 0xf7e24055 <+181>: lea (%esi),%ecx > 0xf7e24057 <+183>: call 0xf7efd6b0 <__lll_lock_wait_private> > 0xf7e2405c <+188>: movq 0x3720(%ebp),%xmm0 > => 0xf7e24064 <+196>: movdqa (%esp),%xmm1 > 0xf7e24069 <+201>: pxor %xmm0,%xmm1 > 0xf7e2406d <+205>: movdqa %xmm1,%xmm0 > 0xf7e24071 <+209>: movd %xmm0,%ecx > 0xf7e24075 <+213>: psrlq $0x20,%xmm0 > 0xf7e2407a <+218>: movd %xmm0,%eax > 0xf7e2407e <+222>: or %ecx,%eax > 0xf7e24080 <+224>: jne 0xf7e23ffe <__run_exit_handlers+94> > > (gdb) p $esp > $1 = (void *) 0xffffc3c8 Program received signal SIGSEGV, Segmentation fault. 0xf7e24064 in __run_exit_handlers (status=1, listp=0xf7fca3fc <__exit_funcs>, run_list_atexit=true, run_dtors=true) at exit.c:114 warning: Source file is more recent than executable. 114 if (__glibc_unlikely (new_exitfn_called != __new_exitfn_called)) (gdb) list 109 break; 110 } 111 /* Re-lock again before looking at global state. */ 112 __libc_lock_lock (__exit_funcs_lock); 113 114 if (__glibc_unlikely (new_exitfn_called != __new_exitfn_called)) 115 /* The last exit function, or another thread, has registered 116 more exit functions. Start the loop over. */ 117 goto restart; 118 } > > > > > Regression 2 > > busybox ld.so libc_regression_1.so > > libc_regression_2.so test.sh > > Segmentation fault > > This one is in function _IO_vfscanf_internal: > > 0xf7e6fe26 <+326>: movaps -0x5f210(%ecx),%xmm1 > 0xf7e6fe2d <+333>: movapd -0x5f280(%ecx),%xmm2 > 0xf7e6fe35 <+341>: mov %esi,-0x5b0(%ebp) > 0xf7e6fe3b <+347>: movl $0x0,-0x5b4(%ebp) > => 0xf7e6fe45 <+357>: movaps %xmm1,-0x5e8(%ebp) > 0xf7e6fe4c <+364>: movl $0x0,-0x594(%ebp) > 0xf7e6fe56 <+374>: movl $0x0,-0x5bc(%ebp) > 0xf7e6fe60 <+384>: movl $0x0,-0x5c8(%ebp) > > (gdb) p $ebp > $1 = (void *) 0xffffc040 Program received signal SIGSEGV, Segmentation fault. _IO_vfscanf_internal (s=0xffffc068, format=0x80ae357 "%llu%llu%u%u%u%u%u%u%llu%llu%u%u%u%u%u%u", argptr=0xffffc140 "\354\273\v\bܻ\v\b\374\273\v\b\004\274\v\b,\274\v\b(\274\v\b\020\274\v\b\f\274\v\b\364\273\v\b\344\273\v\b", errp=0x0) at vfscanf.c:2447 warning: Source file is more recent than executable. 2447 *ARG (float *) = negative ? -d : d; (gdb) list 2442 else 2443 { 2444 float d = __strtof_internal 2445 (char_buffer_start (&charbuf), &tw, flags & GROUP); 2446 if (!(flags & SUPPRESS) && tw != char_buffer_start (&charbuf)) 2447 *ARG (float *) = negative ? -d : d; 2448 } 2449 2450 if (__glibc_unlikely (tw == char_buffer_start (&charbuf))) 2451 conv_error ();
