coredump of ryzen_segv_test
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| fujii@ubuntu $ gdb ryzen_segv_test core | |
| GNU gdb (Ubuntu 7.12.50.20170314-0ubuntu1) 7.12.50.20170314-git | |
| Copyright (C) 2017 Free Software Foundation, Inc. | |
| License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> | |
| This is free software: you are free to change and redistribute it. | |
| There is NO WARRANTY, to the extent permitted by law. Type "show copying" | |
| and "show warranty" for details. | |
| This GDB was configured as "x86_64-linux-gnu". | |
| Type "show configuration" for configuration details. | |
| For bug reporting instructions, please see: | |
| <http://www.gnu.org/software/gdb/bugs/>. | |
| Find the GDB manual and other documentation resources online at: | |
| <http://www.gnu.org/software/gdb/documentation/>. | |
| For help, type "help". | |
| Type "apropos word" to search for commands related to "word"... | |
| Reading symbols from ryzen_segv_test...(no debugging symbols found)...done. | |
| [New LWP 115249] | |
| [New LWP 115248] | |
| [New LWP 115250] | |
| [New LWP 115251] | |
| [Thread debugging using libthread_db enabled] | |
| Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". | |
| Core was generated by `./ryzen_segv_test 2500000'. | |
| Program terminated with signal SIGSEGV, Segmentation fault. | |
| #0 0x000055581215dd21 in thread1 () | |
| [Current thread is 1 (Thread 0x7fb5bb3b4700 (LWP 115249))] | |
| (gdb) bt | |
| #0 0x000055581215dd21 in thread1 () | |
| #1 0x00007fb5bb7836da in start_thread (arg=0x7fb5bb3b4700) at pthread_create.c:456 | |
| #2 0x00007fb5bb4bdd7f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:105 | |
| (gdb) disas | |
| Dump of assembler code for function thread1: | |
| 0x000055581215dc60 <+0>: push r13 | |
| 0x000055581215dc62 <+2>: push r12 | |
| 0x000055581215dc64 <+4>: mov r12,rdi | |
| 0x000055581215dc67 <+7>: push rbp | |
| 0x000055581215dc68 <+8>: push rbx | |
| 0x000055581215dc69 <+9>: xor ebp,ebp | |
| 0x000055581215dc6b <+11>: sub rsp,0x18 | |
| 0x000055581215dc6f <+15>: mov rax,QWORD PTR fs:0x28 | |
| 0x000055581215dc78 <+24>: mov QWORD PTR [rsp+0x8],rax | |
| 0x000055581215dc7d <+29>: xor eax,eax | |
| 0x000055581215dc7f <+31>: cmp QWORD PTR [rdi],0x0 | |
| 0x000055581215dc83 <+35>: je 0x55581215dd50 <thread1+240> | |
| 0x000055581215dc89 <+41>: nop DWORD PTR [rax+0x0] | |
| 0x000055581215dc90 <+48>: mov edx,0x1 | |
| 0x000055581215dc95 <+53>: nop DWORD PTR [rax] | |
| 0x000055581215dc98 <+56>: mov eax,edx | |
| 0x000055581215dc9a <+58>: xchg DWORD PTR [rip+0x2014bc],eax # 0x55581235f15c <locked> | |
| 0x000055581215dca0 <+64>: test eax,eax | |
| 0x000055581215dca2 <+66>: jne 0x55581215dc98 <thread1+56> | |
| 0x000055581215dca4 <+68>: mfence | |
| 0x000055581215dca7 <+71>: cpuid | |
| 0x000055581215dca9 <+73>: mov rdi,QWORD PTR [rip+0x2014a0] # 0x55581235f150 <func_set> | |
| 0x000055581215dcb0 <+80>: movzx eax,BYTE PTR [rdi+0x23b] | |
| 0x000055581215dcb7 <+87>: mov ebx,DWORD PTR [rdi+0x23c] | |
| 0x000055581215dcbd <+93>: lea rax,[rdi+rax*1+0x40] | |
| 0x000055581215dcc2 <+98>: call rax | |
| 0x000055581215dcc4 <+100>: mov r13d,eax | |
| 0x000055581215dcc7 <+103>: xor eax,eax | |
| 0x000055581215dcc9 <+105>: call 0x55581215dc30 <lock_leave> | |
| 0x000055581215dcce <+110>: mov eax,ebx | |
| 0x000055581215dcd0 <+112>: shl eax,0xd | |
| 0x000055581215dcd3 <+115>: xor eax,ebx | |
| 0x000055581215dcd5 <+117>: mov edx,eax | |
| 0x000055581215dcd7 <+119>: shr edx,0x11 | |
| 0x000055581215dcda <+122>: xor eax,edx | |
| 0x000055581215dcdc <+124>: mov edx,eax | |
| 0x000055581215dcde <+126>: shl edx,0x5 | |
| 0x000055581215dce1 <+129>: xor eax,edx | |
| 0x000055581215dce3 <+131>: cmp eax,0xc6e57479 | |
| 0x000055581215dce8 <+136>: lea r8d,[rax+0x652a09af] | |
| 0x000055581215dcef <+143>: ja 0x55581215dd11 <thread1+177> | |
| 0x000055581215dcf1 <+145>: xor eax,0xc6e5747a | |
| 0x000055581215dcf6 <+150>: mov r8d,eax | |
| 0x000055581215dcf9 <+153>: shl eax,0xd | |
| 0x000055581215dcfc <+156>: xor r8d,eax | |
| 0x000055581215dcff <+159>: mov eax,r8d | |
| 0x000055581215dd02 <+162>: shr eax,0x11 | |
| 0x000055581215dd05 <+165>: xor r8d,eax | |
| 0x000055581215dd08 <+168>: mov eax,r8d | |
| 0x000055581215dd0b <+171>: shl eax,0x5 | |
| 0x000055581215dd0e <+174>: xor r8d,eax | |
| 0x000055581215dd11 <+177>: cmp r8d,r13d | |
| 0x000055581215dd14 <+180>: je 0x55581215dd33 <thread1+211> | |
| 0x000055581215dd16 <+182>: mov rdi,QWORD PTR [rip+0x201423] # 0x55581235f140 <stderr@@GLIBC_2.2.5> | |
| 0x000055581215dd1d <+189>: lea rdx,[rip+0x246] # 0x55581215df6a | |
| 0x000055581215dd24 <+196>: mov ecx,r13d | |
| 0x000055581215dd27 <+199>: mov esi,0x1 | |
| 0x000055581215dd2c <+204>: xor eax,eax | |
| 0x000055581215dd2e <+206>: call 0x55581215d930 | |
| 0x000055581215dd33 <+211>: mov rax,QWORD PTR [r12] | |
| 0x000055581215dd37 <+215>: add rbp,0x1 | |
| 0x000055581215dd3b <+219>: cmp rax,rbp | |
| 0x000055581215dd3e <+222>: jg 0x55581215dc90 <thread1+48> | |
| 0x000055581215dd44 <+228>: shr rax,0x3f | |
| 0x000055581215dd48 <+232>: test al,al | |
| 0x000055581215dd4a <+234>: jne 0x55581215dc90 <thread1+48> | |
| 0x000055581215dd50 <+240>: mov DWORD PTR [rip+0x2013fe],0x0 # 0x55581235f158 <flg> | |
| 0x000055581215dd5a <+250>: mfence | |
| 0x000055581215dd5d <+253>: mov rax,QWORD PTR [rsp+0x8] | |
| 0x000055581215dd62 <+258>: xor rax,QWORD PTR fs:0x28 | |
| 0x000055581215dd6b <+267>: jne 0x55581215dd78 <thread1+280> | |
| 0x000055581215dd6d <+269>: add rsp,0x18 | |
| 0x000055581215dd71 <+273>: pop rbx | |
| 0x000055581215dd72 <+274>: pop rbp | |
| 0x000055581215dd73 <+275>: pop r12 | |
| 0x000055581215dd75 <+277>: pop r13 | |
| 0x000055581215dd77 <+279>: ret | |
| 0x000055581215dd78 <+280>: call 0x55581215d8e8 | |
| End of assembler dump. | |
| (gdb) info reg | |
| rax 0xf64eaa61 4132350561 | |
| rbx 0x34661146 879104326 | |
| rcx 0x444d4163 1145913699 | |
| rdx 0xc9d54c20 3386199072 | |
| rsi 0x0 0 | |
| rdi 0x7fb5bbbbb000 140418515447808 | |
| rbp 0x6758b 0x6758b | |
| rsp 0x7fb5bb3b3f20 0x7fb5bb3b3f20 | |
| r8 0x2b39e7a7 725215143 | |
| r9 0x7fb5bb3b4700 140418507032320 | |
| r10 0x7fb5bb3b49d0 140418507033040 | |
| r11 0x202 514 | |
| r12 0x7fffa18276a0 140735903069856 | |
| r13 0x4c051347 1275401031 | |
| r14 0x7fb5bb3b49c0 140418507033024 | |
| r15 0x7fb5bb3b4700 140418507032320 | |
| rip 0x55581215dd21 0x55581215dd21 <thread1+193> | |
| eflags 0x10a92 [ AF SF IF OF RF ] | |
| cs 0x33 51 | |
| ss 0x2b 43 | |
| ds 0x0 0 | |
| es 0x0 0 | |
| fs 0x0 0 | |
| gs 0x0 0 | |
| (gdb) p $_siginfo | |
| $1 = { | |
| si_signo = 11, | |
| si_errno = 0, | |
| si_code = 1, | |
| _sifields = { | |
| _pad = {-162616735, 0 <repeats 27 times>}, | |
| _kill = { | |
| si_pid = -162616735, | |
| si_uid = 0 | |
| }, | |
| _timer = { | |
| si_tid = -162616735, | |
| si_overrun = 0, | |
| si_sigval = { | |
| sival_int = 0, | |
| sival_ptr = 0x0 | |
| } | |
| }, | |
| _rt = { | |
| si_pid = -162616735, | |
| si_uid = 0, | |
| si_sigval = { | |
| sival_int = 0, | |
| sival_ptr = 0x0 | |
| } | |
| }, | |
| _sigchld = { | |
| si_pid = -162616735, | |
| si_uid = 0, | |
| si_status = 0, | |
| si_utime = 0, | |
| si_stime = 0 | |
| }, | |
| _sigfault = { | |
| si_addr = 0xf64eaa61, | |
| _addr_lsb = 0, | |
| _addr_bnd = { | |
| _lower = 0x0, | |
| _upper = 0x0 | |
| } | |
| }, | |
| _sigpoll = { | |
| si_band = 4132350561, | |
| si_fd = 0 | |
| } | |
| } | |
| } | |
| (gdb) x/64xg $sp - 0x100 | |
| 0x7fb5bb3b3e20: 0x0000000000000000 0x0000000000000000 | |
| 0x7fb5bb3b3e30: 0x0000000000000000 0x0000000000000000 | |
| 0x7fb5bb3b3e40: 0x0000000000000000 0x0000000000000000 | |
| 0x7fb5bb3b3e50: 0x0000000000000000 0x0000000000000000 | |
| 0x7fb5bb3b3e60: 0x0000000000000000 0x0000000000000000 | |
| 0x7fb5bb3b3e70: 0x0000000000000000 0x0000000000000000 | |
| 0x7fb5bb3b3e80: 0x0000000000000000 0x0000000000000000 | |
| 0x7fb5bb3b3e90: 0x0000000000000000 0x0000000000000000 | |
| 0x7fb5bb3b3ea0: 0x0000000000000000 0x0000000000000000 | |
| 0x7fb5bb3b3eb0: 0x0000000000000000 0x0000000000000000 | |
| 0x7fb5bb3b3ec0: 0x0000000000000000 0x0000000000000000 | |
| 0x7fb5bb3b3ed0: 0x0000000000000000 0x0000000000000000 | |
| 0x7fb5bb3b3ee0: 0x0000000000000000 0x0000000000000000 | |
| 0x7fb5bb3b3ef0: 0x0000000000000000 0x0000000000000000 | |
| 0x7fb5bb3b3f00: 0x0000000000000000 0x0000000000000000 | |
| 0x7fb5bb3b3f10: 0x0000000000000000 0x000055581215dcce | |
| 0x7fb5bb3b3f20: 0x0000000000000000 0x75867f52cf720500 | |
| 0x7fb5bb3b3f30: 0x0000000000000000 0x0000000000000000 | |
| 0x7fb5bb3b3f40: 0x0000000000000000 0x00007fffa182761e | |
| 0x7fb5bb3b3f50: 0x00007fffa182761f 0x00007fb5bb7836da | |
| 0x7fb5bb3b3f60: 0x0000000000000000 0x00007fb5bb3b4700 | |
| 0x7fb5bb3b3f70: 0x00007fb5bb3b4700 0x5c650e332d24b2d2 | |
| 0x7fb5bb3b3f80: 0x00007fffa182761e 0x00007fffa182761f | |
| 0x7fb5bb3b3f90: 0x00007fb5bb3b49c0 0x00007fb5bb3b4700 | |
| 0x7fb5bb3b3fa0: 0xa30e784553e4b2d2 0xa30e78c3401eb2d2 | |
| 0x7fb5bb3b3fb0: 0x0000000000000000 0x0000000000000000 | |
| 0x7fb5bb3b3fc0: 0x0000000000000000 0x0000000000000000 | |
| 0x7fb5bb3b3fd0: 0x0000000000000000 0x0000000000000000 | |
| 0x7fb5bb3b3fe0: 0x0000000000000000 0x0000000000000000 | |
| 0x7fb5bb3b3ff0: 0x00007fb5bb3b4700 0x00007fb5bb4bdd7f | |
| 0x7fb5bb3b4000: 0x0000000000000000 0x0000000000000000 | |
| 0x7fb5bb3b4010: 0x0000000000000000 0x0000000000000000 | |
| (gdb) x/i $pc | |
| => 0x55581215dd21 <thread1+193>: add al,BYTE PTR [rax] | |
| (gdb) q | |
| fujii@ubuntu $ | |
| Process shell finished |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdlib.h> | |
| #include <stdint.h> | |
| #include <stdio.h> | |
| #define RAND_STEP(y) do { \ | |
| (y) = (y) ^ ((y) << 13); (y) = (y) ^ ((y) >> 17); \ | |
| (y) = (y) ^ ((y) << 5); \ | |
| } while(0) | |
| int main(int argc, char* argv[]) | |
| { | |
| uint32_t should; | |
| uint32_t t1 = 0x34661146, t2 = 12345; | |
| t1 = t1 ^ (t1 << 13); | |
| t1 = t1 ^ (t1 >> 17); | |
| printf("%x\n", t1); // f64eaa61 == eax | |
| printf("%x\n", t1 << 5); // c9d54c20 == edx | |
| t1 = t1 ^ (t1 << 5); | |
| RAND_STEP(t2); | |
| if (t1 < t2) { | |
| t1 ^= t2; | |
| t1 = t1 ^ (t1 << 13); | |
| t1 = t1 ^ (t1 >> 17); | |
| printf("%x\n", t1); // 2b39e7a7 == r8d | |
| t1 = t1 ^ (t1 << 5); | |
| should = t1; | |
| } else { | |
| RAND_STEP(t2); | |
| should = (t1 + t2); | |
| } | |
| printf("%x\n", should); // 4c051347 == r13d | |
| return 0; | |
| } |