GNU bug report logs - #76705
31.0.50; igc: crash

Previous Next

Package: emacs;

Reported by: Óscar Fuentes <oscarfv <at> eclipso.eu>

Date: Mon, 3 Mar 2025 04:33:04 UTC

Severity: normal

Found in version 31.0.50

Full log

View this message in rfc822 format

From: Óscar Fuentes <oscarfv <at> eclipso.eu>
To: Pip Cet <pipcet <at> protonmail.com>
Cc: 76705 <at> debbugs.gnu.org
Subject: bug#76705: 31.0.50; igc: crash
Date: Mon, 03 Mar 2025 16:49:54 +0100

Pip Cet <pipcet <at> protonmail.com> writes:

> I assume this is a Linux kernel?

Correct.

$ uname -a
Linux zen 6.12.11-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.11-1 (2025-01-25) x86_64 GNU/Linux

> Can you do an objdump -h on the core file, reporting only the count of
> "load" sections?  (Over here, I see about 3000 sections, which is a
> lot).

Tail of objdump -h :

9260 load8395      15760000  0000556e2e8c0000  0000000000000000  9d20f000  2**12
                  CONTENTS, ALLOC, LOAD

$ objdump -h dump | grep " load" | wc
   9237   64659  747221

> What is the output of
>
> cat /proc/sys/vm/max_map_count
>
> ?  It is 65530 here,

Same here.

> Thanks! This means that it was actually ProtSet which aborted, and since
> it doesn't show up in the backtrace it must have tail-called the
> assertion function.  Can you disassemble ProtSet just to make sure that
> we're looking at an mprotect failure here?

(gdb) disass/s ProtSet
Dump of assembler code for function ProtSet:
   0x0000556e0edcf8b0 <+0>:     push   %r12
   0x0000556e0edcf8b2 <+2>:     mov    %edx,%r12d
   0x0000556e0edcf8b5 <+5>:     push   %rbp
   0x0000556e0edcf8b6 <+6>:     mov    %rdi,%rbp
   0x0000556e0edcf8b9 <+9>:     push   %rbx
   0x0000556e0edcf8ba <+10>:    mov    %rsi,%rbx
   0x0000556e0edcf8bd <+13>:    cmp    %rsi,%rdi
   0x0000556e0edcf8c0 <+16>:    jae    0x556e0edcf958 <ProtSet+168>
   0x0000556e0edcf8c6 <+22>:    test   %rbp,%rbp
   0x0000556e0edcf8c9 <+25>:    je     0x556e0edcf980 <ProtSet+208>
   0x0000556e0edcf8cf <+31>:    sub    %rbp,%rbx
   0x0000556e0edcf8d2 <+34>:    cmp    $0x7fffffff,%rbx
   0x0000556e0edcf8d9 <+41>:    ja     0x556e0edcf9b0 <ProtSet+256>
   0x0000556e0edcf8df <+47>:    mov    $0x5,%edx
   0x0000556e0edcf8e4 <+52>:    cmp    $0x2,%r12d
   0x0000556e0edcf8e8 <+56>:    je     0x556e0edcf8f6 <ProtSet+70>
   0x0000556e0edcf8ea <+58>:    ja     0x556e0edcf930 <ProtSet+128>
   0x0000556e0edcf8ec <+60>:    mov    $0x7,%edx
   0x0000556e0edcf8f1 <+65>:    test   %r12d,%r12d
   0x0000556e0edcf8f4 <+68>:    jne    0x556e0edcf94f <ProtSet+159>
   0x0000556e0edcf8f6 <+70>:    mov    %rbx,%rsi
   0x0000556e0edcf8f9 <+73>:    mov    %rbp,%rdi
   0x0000556e0edcf8fc <+76>:    call   0x556e0ead23b0 <mprotect <at> plt>
   0x0000556e0edcf901 <+81>:    test   %eax,%eax
   0x0000556e0edcf903 <+83>:    je     0x556e0edcf928 <ProtSet+120>
   0x0000556e0edcf905 <+85>:    pop    %rbx
--Type <RET> for more, q to quit, c to continue without paging-- 
   0x0000556e0edcf906 <+86>:    lea    0x3b536(%rip),%rdx        # 0x556e0ee0ae43
   0x0000556e0edcf90d <+93>:    pop    %rbp
   0x0000556e0edcf90e <+94>:    mov    $0x75,%esi
   0x0000556e0edcf913 <+99>:    lea    0x4011b(%rip),%rdi        # 0x556e0ee0fa35
   0x0000556e0edcf91a <+106>:   pop    %r12
   0x0000556e0edcf91c <+108>:   jmp    *0xbcf4e(%rip)        # 0x556e0ee8c870 <mps_lib_assert_handler>
   0x0000556e0edcf922 <+114>:   nopw   0x0(%rax,%rax,1)
   0x0000556e0edcf928 <+120>:   pop    %rbx
   0x0000556e0edcf929 <+121>:   pop    %rbp
   0x0000556e0edcf92a <+122>:   pop    %r12
   0x0000556e0edcf92c <+124>:   ret
   0x0000556e0edcf92d <+125>:   nopl   (%rax)
   0x0000556e0edcf930 <+128>:   cmp    $0x3,%r12d
   0x0000556e0edcf934 <+132>:   je     0x556e0edcf94f <ProtSet+159>
   0x0000556e0edcf936 <+134>:   lea    0x3b506(%rip),%rdx        # 0x556e0ee0ae43
   0x0000556e0edcf93d <+141>:   mov    $0x64,%esi
   0x0000556e0edcf942 <+146>:   lea    0x400ec(%rip),%rdi        # 0x556e0ee0fa35
   0x0000556e0edcf949 <+153>:   call   *0xbcf21(%rip)        # 0x556e0ee8c870 <mps_lib_assert_handler>
   0x0000556e0edcf94f <+159>:   xor    %edx,%edx
   0x0000556e0edcf951 <+161>:   jmp    0x556e0edcf8f6 <ProtSet+70>
   0x0000556e0edcf953 <+163>:   nopl   0x0(%rax,%rax,1)
   0x0000556e0edcf958 <+168>:   lea    0x3bd24(%rip),%rdx        # 0x556e0ee0b683
   0x0000556e0edcf95f <+175>:   mov    $0x49,%esi
   0x0000556e0edcf964 <+180>:   lea    0x400ca(%rip),%rdi        # 0x556e0ee0fa35
   0x0000556e0edcf96b <+187>:   call   *0xbceff(%rip)        # 0x556e0ee8c870 <mps_lib_assert_handler>
   0x0000556e0edcf971 <+193>:   test   %rbp,%rbp
   0x0000556e0edcf974 <+196>:   jne    0x556e0edcf8cf <ProtSet+31>
--Type <RET> for more, q to quit, c to continue without paging--
   0x0000556e0edcf97a <+202>:   nopw   0x0(%rax,%rax,1)
   0x0000556e0edcf980 <+208>:   sub    %rbp,%rbx
   0x0000556e0edcf983 <+211>:   lea    0x3bbea(%rip),%rdx        # 0x556e0ee0b574
   0x0000556e0edcf98a <+218>:   mov    $0x4a,%esi
   0x0000556e0edcf98f <+223>:   lea    0x4009f(%rip),%rdi        # 0x556e0ee0fa35
   0x0000556e0edcf996 <+230>:   call   *0xbced4(%rip)        # 0x556e0ee8c870 <mps_lib_assert_handler>
   0x0000556e0edcf99c <+236>:   cmp    $0x7fffffff,%rbx
   0x0000556e0edcf9a3 <+243>:   jbe    0x556e0edcf8df <ProtSet+47>
   0x0000556e0edcf9a9 <+249>:   nopl   0x0(%rax)
   0x0000556e0edcf9b0 <+256>:   lea    0x25751(%rip),%rdx        # 0x556e0edf5108
   0x0000556e0edcf9b7 <+263>:   mov    $0x4b,%esi
   0x0000556e0edcf9bc <+268>:   lea    0x40072(%rip),%rdi        # 0x556e0ee0fa35
   0x0000556e0edcf9c3 <+275>:   call   *0xbcea7(%rip)        # 0x556e0ee8c870 <mps_lib_assert_handler>
   0x0000556e0edcf9c9 <+281>:   jmp    0x556e0edcf8df <ProtSet+47>
End of assembler dump.

HTH

_________________________________________________________________
________________________________________________________
Your E-Mail. Your Cloud. Your Office. eclipso Mail Europe. https://www.eclipso.de
This bug report was last modified 163 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.