Bug#916678: systemd: Caught <SEGV>, dumped core as pid 2097

Bernhard Übelacker bernhardu at mailbox.org
Mon Dec 17 22:18:44 GMT 2018 

Hello Cristian Ionescu-Idbohrn,
following is what I get from a buster amd64 qemu VM,
with explicitly downgraded systemd packages to 239-13:

It has quite a similarity to upstream bug [1].
And upstream received a fix for that just a few days ago,
and is therefore not yet contained in an upstream release.

Kind regards,
Bernhard


[1] https://github.com/systemd/systemd/issues/10716

(gdb) bt
#0  0x00007f2d9386bb37 in kill () at ../sysdeps/unix/syscall-template.S:78
#1  0x0000561672b85436 in crash (sig=11) at ../src/core/main.c:183
#2  <signal handler called>
#3  __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:93
#4  0x00007f2d93680cb7 in message_append_basic (m=m at entry=0x561674c79870, type=<optimized out>, p=0xffffffffffffffff, stored=stored at entry=0x0) at ../src/basic/string-util.h:36
#5  0x00007f2d936812ab in sd_bus_message_append_basic (m=m at entry=0x561674c79870, type=<optimized out>, p=<optimized out>) at ../src/libsystemd/sd-bus/bus-message.c:1565
#6  0x00007f2d93681719 in sd_bus_message_appendv (m=0x561674c79870, types=<optimized out>, ap=ap at entry=0x7ffcabd85950) at ../src/libsystemd/sd-bus/bus-message.c:2358
#7  0x00007f2d93681cf9 in sd_bus_message_append (m=<optimized out>, types=<optimized out>) at ../src/libsystemd/sd-bus/bus-message.c:2473
#8  0x0000561672b01daf in send_removed_signal (bus=0x561674bb3130, userdata=0x561674c144f0) at ../src/core/job.c:1565
#9  0x0000561672b71dbf in bus_foreach_bus (m=0x561674ab5830, subscribed2=0x0, send_message=0x561672b01d00 <send_removed_signal>, userdata=0x561674c144f0) at ../src/core/dbus.c:1187
#10 0x0000561672b03f78 in bus_job_send_removed_signal (j=<optimized out>, j=<optimized out>) at ../src/core/dbus-job.c:225
#11 0x0000561672b8300e in manager_flush_finished_jobs (m=<optimized out>) at ../src/core/manager.c:3359
#12 manager_reload (m=0x561674ab5830) at ../src/core/manager.c:3477
#13 invoke_main_loop (m=0x561674ab5830, ret_reexecute=0x7ffcabd85c2a, ret_retval=0x7ffcabd85c2c, ret_shutdown_verb=<optimized out>, ret_fds=0x7ffcabd85c30, ret_switch_root_dir=0x7ffcabd85c58, ret_switch_root_init=0x7ffcabd85c50, ret_error_message=0x7ffcabd85c40) at ../src/core/main.c:1661
#14 0x0000561672ae4620 in main (argc=<optimized out>, argv=0x7ffcabd85f08) at ../src/core/main.c:2415

-------------- next part --------------

# buster amd64 qemu VM



apt update
apt dist-upgrade

apt install gdb 




root at debian:~# gdb -q --pid 1
Attaching to process 1
...
(gdb) generate-core-file 
Saved corefile core.1
(gdb) detach
Detaching from program: /lib/systemd/systemd, process 1
[Inferior 1 (process 1) detached]
(gdb) q




root at debian:~# gdb -q -ex "set pagination off" -ex "info share" -ex quit /sbin/init --core core.1 2>&1 | grep libc.so.6
0x00007f5a8f5a8320  0x00007f5a8f6ee7ab  Yes         /lib/x86_64-linux-gnu/libc.so.6





root at debian:~# gdb -q -ex "set pagination off" -ex "disassemble 0x00007f5a8f5a8320,0x00007f5a8f6ee7ab" -ex quit /sbin/init --core core.1 2>&1 | grep 0x.............647
# 64 possible locations ...




root at debian:~# gdb -q -ex "set pagination off" -ex "find /b 0x00007f5a8f5a8320, 0x00007f5a8f6ee7ab, 0xc5,0xfd,0x74,0x0f,0xc5,0xfd,0xd7,0xc1,0xd3,0xf8,0x85,0xc0,0x74,0x1b,0xf3,0x0f,0xbc,0xc0,0x48,0x01,0xf8,0x48" -ex quit /sbin/init --core core.1
Reading symbols from /sbin/init...(no debugging symbols found)...done.

warning: core file may not match specified executable file.
[New LWP 1]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/sbin/init'.
#0  0x00007f5a8f67fb77 in epoll_wait (epfd=4, events=0x7ffc0f899920, maxevents=52, timeout=-1) at ../sysdeps/unix/sysv/linux/epoll_wait.c:30
30      ../sysdeps/unix/sysv/linux/epoll_wait.c: Datei oder Verzeichnis nicht gefunden.
0x7f5a8f6de7a7 <__rawmemchr_avx2+55>
0x7f5a8f6e2647 <__strlen_avx2+55>
warning: Unable to access 1487 bytes of target memory at 0x7f5a8f6ee1dd, halting search.
2 patterns found.




root at debian:~# gdb -q -ex "set pagination off" -ex "x/64bx 0x7f5a8f6e2647-42" -ex "disassemble 0x7f5a8f6e2647-42,0x7f5a8f6e2647+22" /sbin/init --core core.1
Reading symbols from /sbin/init...(no debugging symbols found)...done.

warning: core file may not match specified executable file.
[New LWP 1]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/sbin/init'.
#0  0x00007f5a8f67fb77 in epoll_wait (epfd=4, events=0x7ffc0f899920, maxevents=52, timeout=-1) at ../sysdeps/unix/sysv/linux/epoll_wait.c:30
30      ../sysdeps/unix/sysv/linux/epoll_wait.c: Datei oder Verzeichnis nicht gefunden.
0x7f5a8f6e261d <__strlen_avx2+13>:      0xf9    0x20    0x77    0x1f    0xc5    0xfd    0x74    0x0f
0x7f5a8f6e2625 <__strlen_avx2+21>:      0xc5    0xfd    0xd7    0xc1    0x85    0xc0    0x0f    0x85
0x7f5a8f6e262d <__strlen_avx2+29>:      0xdf    0x00    0x00    0x00    0x48    0x83    0xc7    0x20
0x7f5a8f6e2635 <__strlen_avx2+37>:      0x83    0xe1    0x1f    0x48    0x83    0xe7    0xe0    0xeb
0x7f5a8f6e263d <__strlen_avx2+45>:      0x36    0x66    0x90    0x83    0xe1    0x1f    0x48    0x83
0x7f5a8f6e2645 <__strlen_avx2+53>:      0xe7    0xe0    0xc5    0xfd    0x74    0x0f    0xc5    0xfd
0x7f5a8f6e264d <__strlen_avx2+61>:      0xd7    0xc1    0xd3    0xf8    0x85    0xc0    0x74    0x1b
0x7f5a8f6e2655 <__strlen_avx2+69>:      0xf3    0x0f    0xbc    0xc0    0x48    0x01    0xf8    0x48
Dump of assembler code from 0x7f5a8f6e261d to 0x7f5a8f6e265d:
   0x00007f5a8f6e261d <__strlen_avx2+13>:       stc    
   0x00007f5a8f6e261e <__strlen_avx2+14>:       and    %dh,0x1f(%rdi)
   0x00007f5a8f6e2621 <__strlen_avx2+17>:       vpcmpeqb (%rdi),%ymm0,%ymm1
   0x00007f5a8f6e2625 <__strlen_avx2+21>:       vpmovmskb %ymm1,%eax
   0x00007f5a8f6e2629 <__strlen_avx2+25>:       test   %eax,%eax
   0x00007f5a8f6e262b <__strlen_avx2+27>:       jne    0x7f5a8f6e2710 <__strlen_avx2+256>
   0x00007f5a8f6e2631 <__strlen_avx2+33>:       add    $0x20,%rdi
   0x00007f5a8f6e2635 <__strlen_avx2+37>:       and    $0x1f,%ecx
   0x00007f5a8f6e2638 <__strlen_avx2+40>:       and    $0xffffffffffffffe0,%rdi
   0x00007f5a8f6e263c <__strlen_avx2+44>:       jmp    0x7f5a8f6e2674 <__strlen_avx2+100>
   0x00007f5a8f6e263e <__strlen_avx2+46>:       xchg   %ax,%ax
   0x00007f5a8f6e2640 <__strlen_avx2+48>:       and    $0x1f,%ecx
   0x00007f5a8f6e2643 <__strlen_avx2+51>:       and    $0xffffffffffffffe0,%rdi
   0x00007f5a8f6e2647 <__strlen_avx2+55>:       vpcmpeqb (%rdi),%ymm0,%ymm1                   <<<<<<
   0x00007f5a8f6e264b <__strlen_avx2+59>:       vpmovmskb %ymm1,%eax
   0x00007f5a8f6e264f <__strlen_avx2+63>:       sar    %cl,%eax
   0x00007f5a8f6e2651 <__strlen_avx2+65>:       test   %eax,%eax
   0x00007f5a8f6e2653 <__strlen_avx2+67>:       je     0x7f5a8f6e2670 <__strlen_avx2+96>
   0x00007f5a8f6e2655 <__strlen_avx2+69>:       tzcnt  %eax,%eax
   0x00007f5a8f6e2659 <__strlen_avx2+73>:       add    %rdi,%rax
   0x00007f5a8f6e265c <__strlen_avx2+76>:       add    %rcx,%rax
End of assembler dump.

More information about the Pkg-systemd-maintainers mailing list