1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
QEMU 6.2.0: Random segfaults when access register eax using qemu-system-x86_64
Description of problem:
coredump info:
```
(gdb) bt
#0 0x0000152016187387 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:55
#1 0x0000152016188a78 in __GI_abort () at abort.c:90
#2 0x00001520159f2439 in os::abort (dump_core=<optimized out>)
at /usr/src/debug/java-1.8.0-openjdk-1.8.0.262.b10-0.el7_8.x86_64/openjdk/hotspot/src/os/linux/vm/os_linux.cpp:1572
#3 0x0000152015c0e64a in VMError::report_and_die (this=this@entry=0x151fe009c4d0)
at /usr/src/debug/java-1.8.0-openjdk-1.8.0.262.b10-0.el7_8.x86_64/openjdk/hotspot/src/share/vm/utilities/vmError.cpp:1112
#4 0x00001520159fc5e5 in JVM_handle_linux_signal (sig=11, info=0x151fe009c770, ucVoid=0x151fe009c640,
abort_if_unrecognized=<optimized out>)
at /usr/src/debug/java-1.8.0-openjdk-1.8.0.262.b10-0.el7_8.x86_64/openjdk/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp:541
#5 0x00001520159ef5f8 in signalHandler (sig=11, info=0x151fe009c770, uc=0x151fe009c640)
at /usr/src/debug/java-1.8.0-openjdk-1.8.0.262.b10-0.el7_8.x86_64/openjdk/hotspot/src/os/linux/vm/os_linux.cpp:4591
#6 <signal handler called>
#7 do_clone (pd=pd@entry=0x151fc7cfe700, attr=attr@entry=0x151fe009d410, stackaddr=<optimized out>,
stopped=<optimized out>, fct=0x152016b4fde0 <start_thread>, clone_flags=4001536)
at ../nptl/sysdeps/pthread/createthread.c:77
#8 0x0000152016b5056a in create_thread (stackaddr=<optimized out>, attr=0x151fe009d410, pd=0x151fc7cfe700)
at ../nptl/sysdeps/pthread/createthread.c:244
#9 __pthread_create_2_1 (newthread=<optimized out>, attr=<optimized out>, start_routine=<optimized out>,
arg=<optimized out>) at pthread_create.c:553
#10 0x00001520159fb9b8 in os::create_thread (thread=0x561592f7f000, thr_type=<optimized out>,
---Type <return> to continue, or q <return> to quit---f 7
stack_size=<optimized out>)
at /usr/src/debug/java-1.8.0-openjdk-1.8.0.262.b10-0.el7_8.x86_64/openjdk/hotspot/src/os/linux/vm/os_linux.cpp:921
#11 0x00001520157eea78 in JVM_StartThread (env=<optimized out>, jthread=0x151fe009d4d0)
at /usr/src/debug/java-1.8.0-openjdk-1.8.0.262.b10-0.el7_8.x86_64/openjdk/hotspot/src/share/vm/prims/jvm.cpp:3128
#12 0x0000152001ef0c26 in ?? ()
#13 0x00000006e100f538 in ?? ()
#14 0x00000000de00bfff in ?? ()
#15 0x0000151fe009d530 in ?? ()
#16 0x0000152001915328 in ?? ()
#17 0x00000006e100f538 in ?? ()
#18 0x0000152010062550 in ?? ()
#19 0x00000006f1450200 in ?? ()
#20 0x00001520de280104 in ?? ()
#21 0x0000000000000000 in ?? ()
(gdb) f 7
#7 do_clone (pd=pd@entry=0x151fc7cfe700, attr=attr@entry=0x151fe009d410, stackaddr=<optimized out>,
stopped=<optimized out>, fct=0x152016b4fde0 <start_thread>, clone_flags=4001536)
at ../nptl/sysdeps/pthread/createthread.c:77
77 if (__builtin_expect (rc == -1, 0))
(gdb) disas
Dump of assembler code for function do_clone:
0x0000152016b4f010 <+0>: push %r12
0x0000152016b4f012 <+2>: xor %r12d,%r12d
0x0000152016b4f015 <+5>: mov %rdx,%r10
0x0000152016b4f018 <+8>: push %rbp
0x0000152016b4f019 <+9>: mov %rsi,%rbp
0x0000152016b4f01c <+12>: push %rbx
0x0000152016b4f01d <+13>: mov %rdi,%rbx
0x0000152016b4f020 <+16>: sub $0x10,%rsp
0x0000152016b4f024 <+20>: test %ecx,%ecx
0x0000152016b4f026 <+22>: setne %r12b
0x0000152016b4f02a <+26>: jne 0x152016b4f07f <do_clone+111>
0x0000152016b4f02c <+28>: lock incl 0x21022d(%rip) # 0x152016d5f260 <__nptl_nthreads>
0x0000152016b4f033 <+35>: lea 0x2d0(%rbx),%r8
0x0000152016b4f03a <+42>: lea 0xd9f(%rip),%rdi # 0x152016b4fde0 <start_thread>
0x0000152016b4f041 <+49>: xor %eax,%eax
0x0000152016b4f043 <+51>: mov %rbx,%r9
0x0000152016b4f046 <+54>: mov %rbx,%rcx
0x0000152016b4f049 <+57>: mov $0x3d0f00,%edx
0x0000152016b4f04e <+62>: mov %r8,(%rsp)
0x0000152016b4f052 <+66>: mov %r10,%rsi
0x0000152016b4f055 <+69>: callq 0x152016b4d470 <__clone@plt>
=> 0x0000152016b4f05a <+74>: cmp $0xffffffff,%eax
0x0000152016b4f05d <+77>: je 0x152016b4f118 <do_clone+264>
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) p rc
$1 = 223935
(gdb) i r rax
rax 0x36abf 223935
(gdb) i r eax
eax 0x0 0
(gdb) l
72 atomic_increment (&__nptl_nthreads);
73
74 int rc = ARCH_CLONE (fct, STACK_VARIABLES_ARGS, clone_flags,
75 pd, &pd->tid, TLS_VALUE, &pd->tid);
76
77 if (__builtin_expect (rc == -1, 0))
78 {
79 atomic_decrement (&__nptl_nthreads); /* Oops, we lied for a second. */
80
81 /* Perhaps a thread wants to change the IDs and if waiting
(gdb)
```
Additional information:
```
# cat test.c
#include <stdlib.h>
int main() {
int rc = test1();
if(__builtin_expect (rc == -1, 0)) {
return rc;
}
return 0;
}
# cat test_asm.s
global test1
section .text
test1:
mov rax, 223935
ret
(gdb) disas main
Dump of assembler code for function main:
0x00000000004004f6 <+0>: sub $0x8,%rsp
0x00000000004004fa <+4>: mov $0x0,%eax
0x00000000004004ff <+9>: callq 0x4004f0 <test1>
0x0000000000400504 <+14>: cmp $0xffffffff,%eax
0x0000000000400507 <+17>: sete %al
0x000000000040050a <+20>: movzbl %al,%eax
0x000000000040050d <+23>: neg %eax
0x000000000040050f <+25>: add $0x8,%rsp
0x0000000000400513 <+29>: retq
End of assembler dump.
...
# set breakpoint at 0x0000000000400504
(gdb) i r eax
eax 0x36abf 223935
(gdb) i r rax
rax 0x36abf 223935
```
|