Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 1475293 Details for
Bug 1615093
[abrt] gvfs-mtp: g_vfs_job_enumerate_add_info(): gvfsd-mtp killed by SIGSEGV
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
File: backtrace
backtrace (text/plain), 23.72 KB, created by
Boyzz
on 2018-08-12 10:04:24 UTC
(
hide
)
Description:
File: backtrace
Filename:
MIME Type:
Creator:
Boyzz
Created:
2018-08-12 10:04:24 UTC
Size:
23.72 KB
patch
obsolete
>[New LWP 3029] >[New LWP 3092] >[New LWP 3026] >[New LWP 3030] >[New LWP 3025] >[New LWP 3016] >[Thread debugging using libthread_db enabled] >Using host libthread_db library "/lib64/libthread_db.so.1". >Core was generated by `/usr/libexec/gvfsd-mtp --spawner :1.14 /org/gtk/gvfs/exec_spaw/3'. >Program terminated with signal SIGSEGV, Segmentation fault. >#0 malloc_consolidate (av=0x7f070c000020) at malloc.c:4461 >4461 nextsize = chunksize(nextchunk); >[Current thread is 1 (Thread 0x7f0713fff700 (LWP 3029))] > >Thread 1 (Thread 0x7f0713fff700 (LWP 3029)): >#0 malloc_consolidate (av=0x7f070c000020) at malloc.c:4461 > p = 0x7f070c01f641 > first_unsorted = <optimized out> > size = 14987979559889010688 > nextsize = <optimized out> > nextinuse = <optimized out> > maxfb = 0x7f070c000078 > nextp = 0xe000007f070c01f8 > unsorted_bin = 0x7f070c000080 > nextchunk = 0xd0007f070c01f641 > prevsize = <optimized out> > fwd = <optimized out> > fb = 0x7f070c000038 > bck = <optimized out> > av = 0x7f070c000020 >#1 0x00007f072ae87037 in _int_free (av=0x7f070c000020, p=0x7f070c084ff0, have_lock=<optimized out>) at malloc.c:4369 > size = 118800 > fb = <optimized out> > nextchunk = 0x7f070c085080 > nextsize = 118656 > nextinuse = <optimized out> > prevsize = <optimized out> > bck = <optimized out> > fwd = <optimized out> > __func__ = "_int_free" >#2 0x00007f072b62f46e in g_free (mem=mem@entry=0x7f070c085000) at gmem.c:189 >No locals. >#3 0x00007f072d423dce in g_vfs_job_enumerate_add_info (job=job@entry=0x7f070c027a40, info=info@entry=0x7f070c02c8a0) at gvfsjobenumerate.c:200 > uri = 0x7f070c085000 "mtp://%5Busb%3A001,009%5D/Internal%20storage/.thumbnails/1480401611444.jpg" > escaped_name = <optimized out> > v = <optimized out> >#4 0x0000556b753b56ef in do_enumerate (backend=0x556b761ca130, job=0x7f070c027a40, filename=0x556b761e07b0 "/Internal storage/.thumbnails", attribute_matcher=<optimized out>, flags=<optimized out>) at gvfsbackendmtp.c:1399 > file = 0x7f070c0535b0 > entry = <optimized out> > remove_prefix = <optimized out> > files = 0x7f070c053610 > op_backend = <optimized out> > info = 0x7f070c02c8a0 > elements = 0x7f070c02b840 > ne = <optimized out> > device = <optimized out> >#5 0x00007f072d41cc8a in g_vfs_job_run (job=0x7f070c027a40) at gvfsjob.c:197 > class = 0x556b761e1d20 >#6 0x00007f072b651e50 in g_thread_pool_thread_proxy (data=<optimized out>) at gthreadpool.c:307 > pool = 0x556b761be800 >#7 0x00007f072b651486 in g_thread_proxy (data=0x556b761a3b70) at gthread.c:784 > thread = 0x556b761a3b70 > __func__ = "g_thread_proxy" >#8 0x00007f072b1c550b in start_thread (arg=0x7f0713fff700) at pthread_create.c:465 > pd = 0x7f0713fff700 > now = <optimized out> > unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668377040640, 3814513572285249241, 140736182950494, 140736182950495, 93920031292272, 140736182950624, -3827505402275694887, -3827626634944186663}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} > not_first_call = <optimized out> >#9 0x00007f072aefd16f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 >No locals. > >Thread 2 (Thread 0x7f07127fc700 (LWP 3092)): >#0 syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 >No locals. >#1 0x00007f072b66f62a in g_cond_wait_until (cond=cond@entry=0x556b761a2208, mutex=mutex@entry=0x556b761a2200, end_time=end_time@entry=172208395) at gthread-posix.c:1442 > now = {tv_sec = 171, tv_nsec = 708395485} > span = {tv_sec = 0, tv_nsec = 499999515} > sampled = 1 > res = <optimized out> >#2 0x00007f072b5fe381 in g_async_queue_pop_intern_unlocked (queue=0x556b761a2200, wait=wait@entry=1, end_time=172208395) at gasyncqueue.c:422 > retval = <optimized out> > __func__ = "g_async_queue_pop_intern_unlocked" >#3 0x00007f072b5fe978 in g_async_queue_timeout_pop_unlocked (queue=<optimized out>, timeout=timeout@entry=500000) at gasyncqueue.c:570 > end_time = <optimized out> >#4 0x00007f072b651e24 in g_thread_pool_wait_for_new_task (pool=<optimized out>) at gthreadpool.c:262 > task = <optimized out> >#5 g_thread_pool_thread_proxy (data=<optimized out>) at gthreadpool.c:296 > pool = 0x556b761a3400 >#6 0x00007f072b651486 in g_thread_proxy (data=0x7f070c024de0) at gthread.c:784 > thread = 0x7f070c024de0 > __func__ = "g_thread_proxy" >#7 0x00007f072b1c550b in start_thread (arg=0x7f07127fc700) at pthread_create.c:465 > pd = 0x7f07127fc700 > now = <optimized out> > unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668351862528, 3814513572285249241, 140736182949822, 140736182949823, 139668242976224, 140736182949952, -3827502105351424295, -3827626634944186663}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} > not_first_call = <optimized out> >#8 0x00007f072aefd16f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 >No locals. > >Thread 3 (Thread 0x7f07216c3700 (LWP 3026)): >#0 0x00007f072aef2c6b in __GI___poll (fds=0x556b761df9e0, nfds=3, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29 > resultvar = 18446744073709551100 > sc_cancel_oldtype = 0 >#1 0x00007f072b629e99 in g_main_context_poll (priority=<optimized out>, n_fds=3, fds=0x556b761df9e0, timeout=<optimized out>, context=0x556b761bb7d0) at gmain.c:4169 > ret = <optimized out> > errsv = <optimized out> > poll_func = 0x7f072b639450 <g_poll> >#2 g_main_context_iterate (context=0x556b761bb7d0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3863 > max_priority = 2147483647 > timeout = -1 > some_ready = <optimized out> > nfds = 3 > allocated_nfds = 4 > fds = 0x556b761df9e0 >#3 0x00007f072b62a232 in g_main_loop_run (loop=0x556b761bb910) at gmain.c:4064 > __func__ = "g_main_loop_run" >#4 0x00007f072c2aab56 in gdbus_shared_thread_func (user_data=0x556b761bb7a0) at gdbusprivate.c:275 > data = 0x556b761bb7a0 >#5 0x00007f072b651486 in g_thread_proxy (data=0x556b761a38a0) at gthread.c:784 > thread = 0x556b761a38a0 > __func__ = "g_thread_proxy" >#6 0x00007f072b1c550b in start_thread (arg=0x7f07216c3700) at pthread_create.c:465 > pd = 0x7f07216c3700 > now = <optimized out> > unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668602238720, 3814513572285249241, 140736182952718, 140736182952719, 93920031291552, 140736182952848, -3827605335427254567, -3827626634944186663}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} > not_first_call = <optimized out> >#7 0x00007f072aefd16f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 >No locals. > >Thread 4 (Thread 0x7f07137fe700 (LWP 3030)): >#0 0x00007f072aef2c6b in __GI___poll (fds=fds@entry=0x7f07137fdd80, nfds=nfds@entry=2, timeout=timeout@entry=-1) at ../sysdeps/unix/sysv/linux/poll.c:29 > resultvar = 18446744073709551100 > sc_cancel_oldtype = 0 >#1 0x00007f072bd60bc1 in poll (__timeout=-1, __nfds=2, __fds=0x7f07137fdd80) at /usr/include/bits/poll2.h:46 >No locals. >#2 linux_udev_event_thread_main (arg=<optimized out>) at os/linux_udev.c:175 > dummy = 0 '\000' > r = <optimized out> > udev_dev = <optimized out> > fds = {{fd = 9, events = 1, revents = 0}, {fd = 8, events = 1, revents = 0}} > __FUNCTION__ = "linux_udev_event_thread_main" >#3 0x00007f072b1c550b in start_thread (arg=0x7f07137fe700) at pthread_create.c:465 > pd = 0x7f07137fe700 > now = <optimized out> > unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668368647936, 3814513572285249241, 139668377037374, 139668377037375, 0, 139668377037376, -3827504301153454375, -3827626634944186663}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} > not_first_call = <optimized out> >#4 0x00007f072aefd16f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 >No locals. > >Thread 5 (Thread 0x7f0721ec4700 (LWP 3025)): >#0 0x00007f072aef2c6b in __GI___poll (fds=0x556b761a4810, nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:29 > resultvar = 18446744073709551100 > sc_cancel_oldtype = 0 >#1 0x00007f072b629e99 in g_main_context_poll (priority=<optimized out>, n_fds=1, fds=0x556b761a4810, timeout=<optimized out>, context=0x556b761a3500) at gmain.c:4169 > ret = <optimized out> > errsv = <optimized out> > poll_func = 0x7f072b639450 <g_poll> >#2 g_main_context_iterate (context=context@entry=0x556b761a3500, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3863 > max_priority = 2147483647 > timeout = -1 > some_ready = <optimized out> > nfds = 1 > allocated_nfds = 1 > fds = 0x556b761a4810 >#3 0x00007f072b629fac in g_main_context_iteration (context=0x556b761a3500, may_block=may_block@entry=1) at gmain.c:3929 > retval = <optimized out> >#4 0x00007f072b629ff1 in glib_worker_main (data=<optimized out>) at gmain.c:5724 >No locals. >#5 0x00007f072b651486 in g_thread_proxy (data=0x556b761a3800) at gthread.c:784 > thread = 0x556b761a3800 > __func__ = "g_thread_proxy" >#6 0x00007f072b1c550b in start_thread (arg=0x7f0721ec4700) at pthread_create.c:465 > pd = 0x7f0721ec4700 > now = <optimized out> > unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139668610631424, 3814513572285249241, 140736182952334, 140736182952335, 93920031291392, 140736182952464, -3827606434402011431, -3827626634944186663}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} > not_first_call = <optimized out> >#7 0x00007f072aefd16f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 >No locals. > >Thread 6 (Thread 0x7f072d81cd00 (LWP 3016)): >#0 0x00007f072aef2c6b in __GI___poll (fds=0x556b761da6c0, nfds=2, timeout=1222) at ../sysdeps/unix/sysv/linux/poll.c:29 > resultvar = 18446744073709551100 > sc_cancel_oldtype = 0 >#1 0x00007f072b629e99 in g_main_context_poll (priority=<optimized out>, n_fds=2, fds=0x556b761da6c0, timeout=<optimized out>, context=0x556b761b3430) at gmain.c:4169 > ret = <optimized out> > errsv = <optimized out> > poll_func = 0x7f072b639450 <g_poll> >#2 g_main_context_iterate (context=0x556b761b3430, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3863 > max_priority = 2147483647 > timeout = 1222 > some_ready = <optimized out> > nfds = 2 > allocated_nfds = 3 > fds = 0x556b761da6c0 >#3 0x00007f072b62a232 in g_main_loop_run (loop=0x556b761bbd30) at gmain.c:4064 > __func__ = "g_main_loop_run" >#4 0x0000556b753b706f in daemon_main (argc=4, argv=0x7fffb2312648, max_job_threads=1, default_type=0x556b753b7690 "mtp", mountable_name=0x0, first_type_name=<optimized out>) at daemon-main.c:398 > var_args = {{gp_offset = 48, fp_offset = 32767, overflow_arg_area = 0x7fffb2312550, reg_save_area = 0x7fffb23124d0}} > type = <optimized out> > name_owner_id = 1 > data = 0x556b761b22a0 >#5 0x0000556b753afff3 in main (argc=4, argv=0x7fffb2312648) at daemon-main-generic.c:45 >No locals. >From To Syms Read Shared Object Library >0x00007f072d416970 0x00007f072d427642 Yes /usr/lib64/gvfs/libgvfsdaemon.so >0x00007f072d1e08e0 0x00007f072d1f78e6 Yes /usr/lib64/gvfs/libgvfscommon.so >0x00007f072cf56db0 0x00007f072cf9cc41 Yes /lib64/libgcr-base-3.so.1 >0x00007f072cd05660 0x00007f072cd23297 Yes /lib64/libgck-1.so.0 >0x00007f072c9f93a0 0x00007f072ca8bda6 Yes /lib64/libp11-kit.so.0 >0x00007f072c7cb0f0 0x00007f072c7cbfe6 Yes /lib64/libgmodule-2.0.so.0 >0x00007f072c586130 0x00007f072c5b0d66 Yes /lib64/libsecret-1.so.0 >0x00007f072c215810 0x00007f072c2f56e2 Yes /lib64/libgio-2.0.so.0 >0x00007f072bf85100 0x00007f072bfad066 Yes /lib64/libmtp.so.9 >0x00007f072bd55310 0x00007f072bd6125c Yes /lib64/libusb-1.0.so.0 >0x00007f072bb49910 0x00007f072bb4ca82 Yes /lib64/libgudev-1.0.so.0 >0x00007f072b8fd710 0x00007f072b92f3d5 Yes /lib64/libgobject-2.0.so.0 >0x00007f072b5f9ed0 0x00007f072b671f78 Yes /lib64/libglib-2.0.so.0 >0x00007f072b3dce70 0x00007f072b3dd6da Yes /lib64/libutil.so.1 >0x00007f072b1c3b10 0x00007f072b1d1941 Yes /lib64/libpthread.so.0 >0x00007f072ae28770 0x00007f072af693ac Yes /lib64/libc.so.6 >0x00007f072ac06610 0x00007f072ac0676a Yes /lib64/libgthread-2.0.so.0 >0x00007f072a8f7580 0x00007f072a9c3e18 Yes (*) /lib64/libgcrypt.so.20 >0x00007f072a6e8e50 0x00007f072a6e9ace Yes /lib64/libdl.so.2 >0x00007f072a4cc190 0x00007f072a4dd2b8 Yes /lib64/libgpg-error.so.0 >0x00007f072a2c17c0 0x00007f072a2c5f7a Yes /lib64/libffi.so.6 >0x00007f072a04f610 0x00007f072a0a0f3d Yes (*) /lib64/libpcre.so.1 >0x00007f0729e393d0 0x00007f0729e4623f Yes /lib64/libz.so.1 >0x00007f0729c14ca0 0x00007f0729c2bfcf Yes /lib64/libselinux.so.1 >0x00007f07299fa830 0x00007f0729a06212 Yes /lib64/libresolv.so.2 >0x00007f07297afa30 0x00007f07297e2868 No /lib64/libmount.so.1 >0x00007f072958eac0 0x00007f072959ede5 No /lib64/libgcc_s.so.1 >0x00007f0729371a20 0x00007f0729383ba3 No /lib64/libudev.so.1 >0x00007f072d632d50 0x00007f072d64f4d0 Yes /lib64/ld-linux-x86-64.so.2 >0x00007f07290ee120 0x00007f072914ad71 Yes (*) /lib64/libpcre2-8.so.0 >0x00007f0728eaae70 0x00007f0728ed6fb8 No /lib64/libblkid.so.1 >0x00007f0728c9d550 0x00007f0728c9ec43 No /lib64/libuuid.so.1 >0x00007f0728a961a0 0x00007f0728a99326 Yes /lib64/librt.so.1 >(*): Shared library is missing debugging information. >$1 = 0x0 >$2 = 0x0 >rax 0x7f070c01f641 139668242953793 >rbx 0x0 0 >rcx 0xd0007f070c01f641 -3458624845577587135 >rdx 0xd000000000000000 -3458764513820540928 >rsi 0x31 49 >rdi 0x7f070c000020 139668242825248 >rbp 0x7f070c000078 0x7f070c000078 >rsp 0x7f0713ffec00 0x7f0713ffec00 >r8 0x34 52 >r9 0xd000000000000000 -3458764513820540928 >r10 0x7f070c000038 139668242825272 >r11 0x7f070c000080 139668242825344 >r12 0xe000007f070c01f8 -2305842463634619912 >r13 0x7f070c0222f0 139668242965232 >r14 0xb1 177 >r15 0x1cf80 118656 >rip 0x7f072ae858fd 0x7f072ae858fd <malloc_consolidate+77> >eflags 0x10286 [ PF SF IF RF ] >cs 0x33 51 >ss 0x2b 43 >ds 0x0 0 >es 0x0 0 >fs 0x0 0 >gs 0x0 0 >Dump of assembler code for function malloc_consolidate: > 0x00007f072ae858b0 <+0>: cmpq $0x0,0x335068(%rip) # 0x7f072b1ba920 <global_max_fast> > 0x00007f072ae858b8 <+8>: je 0x7f072ae85ac0 <malloc_consolidate+528> > 0x00007f072ae858be <+14>: push %r14 > 0x00007f072ae858c0 <+16>: lea 0x60(%rdi),%r11 > 0x00007f072ae858c4 <+20>: push %r13 > 0x00007f072ae858c6 <+22>: lea 0x10(%rdi),%r10 > 0x00007f072ae858ca <+26>: push %r12 > 0x00007f072ae858cc <+28>: push %rbp > 0x00007f072ae858cd <+29>: lea 0x58(%rdi),%rbp > 0x00007f072ae858d1 <+33>: push %rbx > 0x00007f072ae858d2 <+34>: xor %ebx,%ebx > 0x00007f072ae858d4 <+36>: movl $0x0,0x8(%rdi) > 0x00007f072ae858db <+43>: mov %rbx,%rax > 0x00007f072ae858de <+46>: xchg %rax,(%r10) > 0x00007f072ae858e1 <+49>: test %rax,%rax > 0x00007f072ae858e4 <+52>: je 0x7f072ae85a40 <malloc_consolidate+400> > 0x00007f072ae858ea <+58>: mov 0x8(%rax),%r9 > 0x00007f072ae858ee <+62>: mov 0x10(%rax),%r12 > 0x00007f072ae858f2 <+66>: mov %r9,%rdx > 0x00007f072ae858f5 <+69>: and $0xfffffffffffffff8,%rdx > 0x00007f072ae858f9 <+73>: lea (%rax,%rdx,1),%rcx >=> 0x00007f072ae858fd <+77>: mov 0x8(%rcx),%r8 > 0x00007f072ae85901 <+81>: mov %r8,%rsi > 0x00007f072ae85904 <+84>: and $0xfffffffffffffff8,%rsi > 0x00007f072ae85908 <+88>: and $0x1,%r9d > 0x00007f072ae8590c <+92>: jne 0x7f072ae8595d <malloc_consolidate+173> > 0x00007f072ae8590e <+94>: mov (%rax),%r9 > 0x00007f072ae85911 <+97>: sub %r9,%rax > 0x00007f072ae85914 <+100>: add %r9,%rdx > 0x00007f072ae85917 <+103>: mov 0x8(%rax),%r14 > 0x00007f072ae8591b <+107>: mov %r14,%r9 > 0x00007f072ae8591e <+110>: and $0xfffffffffffffff8,%r9 > 0x00007f072ae85922 <+114>: cmp (%rax,%r9,1),%r9 > 0x00007f072ae85926 <+118>: jne 0x7f072ae85ac8 <malloc_consolidate+536> > 0x00007f072ae8592c <+124>: mov 0x10(%rax),%r9 > 0x00007f072ae85930 <+128>: mov 0x18(%rax),%r13 > 0x00007f072ae85934 <+132>: cmp 0x18(%r9),%rax > 0x00007f072ae85938 <+136>: jne 0x7f072ae85ab0 <malloc_consolidate+512> > 0x00007f072ae8593e <+142>: cmp 0x10(%r13),%rax > 0x00007f072ae85942 <+146>: jne 0x7f072ae85ab0 <malloc_consolidate+512> > 0x00007f072ae85948 <+152>: cmp $0x3ff,%r14 > 0x00007f072ae8594f <+159>: mov %r13,0x18(%r9) > 0x00007f072ae85953 <+163>: mov %r9,0x10(%r13) > 0x00007f072ae85957 <+167>: ja 0x7f072ae85a78 <malloc_consolidate+456> > 0x00007f072ae8595d <+173>: cmp 0x60(%rdi),%rcx > 0x00007f072ae85961 <+177>: je 0x7f072ae85a60 <malloc_consolidate+432> > 0x00007f072ae85967 <+183>: lea (%rcx,%rsi,1),%r9 > 0x00007f072ae8596b <+187>: testb $0x1,0x8(%r9) > 0x00007f072ae85970 <+192>: jne 0x7f072ae859e8 <malloc_consolidate+312> > 0x00007f072ae85972 <+194>: add %rsi,%rdx > 0x00007f072ae85975 <+197>: cmp (%r9),%rsi > 0x00007f072ae85978 <+200>: jne 0x7f072ae85ac8 <malloc_consolidate+536> > 0x00007f072ae8597e <+206>: mov 0x10(%rcx),%rsi > 0x00007f072ae85982 <+210>: mov 0x18(%rcx),%r9 > 0x00007f072ae85986 <+214>: cmp 0x18(%rsi),%rcx > 0x00007f072ae8598a <+218>: jne 0x7f072ae85ab0 <malloc_consolidate+512> > 0x00007f072ae85990 <+224>: cmp 0x10(%r9),%rcx > 0x00007f072ae85994 <+228>: jne 0x7f072ae85ab0 <malloc_consolidate+512> > 0x00007f072ae8599a <+234>: cmp $0x3ff,%r8 > 0x00007f072ae859a1 <+241>: mov %r9,0x18(%rsi) > 0x00007f072ae859a5 <+245>: mov %rsi,0x10(%r9) > 0x00007f072ae859a9 <+249>: jbe 0x7f072ae859f0 <malloc_consolidate+320> > 0x00007f072ae859ab <+251>: mov 0x20(%rcx),%r8 > 0x00007f072ae859af <+255>: test %r8,%r8 > 0x00007f072ae859b2 <+258>: je 0x7f072ae859f0 <malloc_consolidate+320> > 0x00007f072ae859b4 <+260>: cmp 0x28(%r8),%rcx > 0x00007f072ae859b8 <+264>: jne 0x7f072ae85ad4 <malloc_consolidate+548> > 0x00007f072ae859be <+270>: mov 0x28(%rcx),%r9 > 0x00007f072ae859c2 <+274>: cmp 0x20(%r9),%rcx > 0x00007f072ae859c6 <+278>: jne 0x7f072ae85ad4 <malloc_consolidate+548> > 0x00007f072ae859cc <+284>: cmpq $0x0,0x20(%rsi) > 0x00007f072ae859d1 <+289>: je 0x7f072ae85b02 <malloc_consolidate+594> > 0x00007f072ae859d7 <+295>: mov %r9,0x28(%r8) > 0x00007f072ae859db <+299>: mov 0x28(%rcx),%rcx > 0x00007f072ae859df <+303>: mov %r8,0x20(%rcx) > 0x00007f072ae859e3 <+307>: jmp 0x7f072ae859f0 <malloc_consolidate+320> > 0x00007f072ae859e5 <+309>: nopl (%rax) > 0x00007f072ae859e8 <+312>: and $0xfffffffffffffffe,%r8 > 0x00007f072ae859ec <+316>: mov %r8,0x8(%rcx) > 0x00007f072ae859f0 <+320>: mov 0x70(%rdi),%rcx > 0x00007f072ae859f4 <+324>: cmp $0x3ff,%rdx > 0x00007f072ae859fb <+331>: mov %rax,0x70(%rdi) > 0x00007f072ae859ff <+335>: mov %rax,0x18(%rcx) > 0x00007f072ae85a03 <+339>: jbe 0x7f072ae85a15 <malloc_consolidate+357> > 0x00007f072ae85a05 <+341>: movq $0x0,0x20(%rax) > 0x00007f072ae85a0d <+349>: movq $0x0,0x28(%rax) > 0x00007f072ae85a15 <+357>: mov %rdx,%rsi > 0x00007f072ae85a18 <+360>: mov %r11,0x18(%rax) > 0x00007f072ae85a1c <+364>: mov %rcx,0x10(%rax) > 0x00007f072ae85a20 <+368>: or $0x1,%rsi > 0x00007f072ae85a24 <+372>: mov %rsi,0x8(%rax) > 0x00007f072ae85a28 <+376>: mov %rdx,(%rax,%rdx,1) > 0x00007f072ae85a2c <+380>: test %r12,%r12 > 0x00007f072ae85a2f <+383>: mov %r12,%rax > 0x00007f072ae85a32 <+386>: jne 0x7f072ae858ea <malloc_consolidate+58> > 0x00007f072ae85a38 <+392>: nopl 0x0(%rax,%rax,1) > 0x00007f072ae85a40 <+400>: add $0x8,%r10 > 0x00007f072ae85a44 <+404>: lea -0x8(%r10),%rax > 0x00007f072ae85a48 <+408>: cmp %rax,%rbp > 0x00007f072ae85a4b <+411>: jne 0x7f072ae858db <malloc_consolidate+43> > 0x00007f072ae85a51 <+417>: pop %rbx > 0x00007f072ae85a52 <+418>: pop %rbp > 0x00007f072ae85a53 <+419>: pop %r12 > 0x00007f072ae85a55 <+421>: pop %r13 > 0x00007f072ae85a57 <+423>: pop %r14 > 0x00007f072ae85a59 <+425>: retq > 0x00007f072ae85a5a <+426>: nopw 0x0(%rax,%rax,1) > 0x00007f072ae85a60 <+432>: add %rsi,%rdx > 0x00007f072ae85a63 <+435>: or $0x1,%rdx > 0x00007f072ae85a67 <+439>: mov %rdx,0x8(%rax) > 0x00007f072ae85a6b <+443>: mov %rax,0x60(%rdi) > 0x00007f072ae85a6f <+447>: jmp 0x7f072ae85a2c <malloc_consolidate+380> > 0x00007f072ae85a71 <+449>: nopl 0x0(%rax) > 0x00007f072ae85a78 <+456>: mov 0x20(%rax),%r13 > 0x00007f072ae85a7c <+460>: test %r13,%r13 > 0x00007f072ae85a7f <+463>: je 0x7f072ae8595d <malloc_consolidate+173> > 0x00007f072ae85a85 <+469>: cmp 0x28(%r13),%rax > 0x00007f072ae85a89 <+473>: jne 0x7f072ae85ad4 <malloc_consolidate+548> > 0x00007f072ae85a8b <+475>: mov 0x28(%rax),%r14 > 0x00007f072ae85a8f <+479>: cmp 0x20(%r14),%rax > 0x00007f072ae85a93 <+483>: jne 0x7f072ae85ad4 <malloc_consolidate+548> > 0x00007f072ae85a95 <+485>: cmpq $0x0,0x20(%r9) > 0x00007f072ae85a9a <+490>: je 0x7f072ae85ae0 <malloc_consolidate+560> > 0x00007f072ae85a9c <+492>: mov %r14,0x28(%r13) > 0x00007f072ae85aa0 <+496>: mov 0x28(%rax),%r9 > 0x00007f072ae85aa4 <+500>: mov %r13,0x20(%r9) > 0x00007f072ae85aa8 <+504>: jmpq 0x7f072ae8595d <malloc_consolidate+173> > 0x00007f072ae85aad <+509>: nopl (%rax) > 0x00007f072ae85ab0 <+512>: lea 0xfcd8a(%rip),%rdi # 0x7f072af82841 > 0x00007f072ae85ab7 <+519>: callq 0x7f072ae85200 <malloc_printerr> > 0x00007f072ae85abc <+524>: nopl 0x0(%rax) > 0x00007f072ae85ac0 <+528>: jmpq 0x7f072ae851b0 <malloc_init_state> > 0x00007f072ae85ac5 <+533>: nopl (%rax) > 0x00007f072ae85ac8 <+536>: lea 0xfcd55(%rip),%rdi # 0x7f072af82824 > 0x00007f072ae85acf <+543>: callq 0x7f072ae85200 <malloc_printerr> > 0x00007f072ae85ad4 <+548>: lea 0x100485(%rip),%rdi # 0x7f072af85f60 > 0x00007f072ae85adb <+555>: callq 0x7f072ae85200 <malloc_printerr> > 0x00007f072ae85ae0 <+560>: cmp %r13,%rax > 0x00007f072ae85ae3 <+563>: je 0x7f072ae85b24 <malloc_consolidate+628> > 0x00007f072ae85ae5 <+565>: mov %r13,0x20(%r9) > 0x00007f072ae85ae9 <+569>: mov 0x20(%rax),%r13 > 0x00007f072ae85aed <+573>: mov %r14,0x28(%r9) > 0x00007f072ae85af1 <+577>: mov %r9,0x28(%r13) > 0x00007f072ae85af5 <+581>: mov 0x28(%rax),%r13 > 0x00007f072ae85af9 <+585>: mov %r9,0x20(%r13) > 0x00007f072ae85afd <+589>: jmpq 0x7f072ae8595d <malloc_consolidate+173> > 0x00007f072ae85b02 <+594>: cmp %r8,%rcx > 0x00007f072ae85b05 <+597>: je 0x7f072ae85b31 <malloc_consolidate+641> > 0x00007f072ae85b07 <+599>: mov %r8,0x20(%rsi) > 0x00007f072ae85b0b <+603>: mov 0x20(%rcx),%r8 > 0x00007f072ae85b0f <+607>: mov %r9,0x28(%rsi) > 0x00007f072ae85b13 <+611>: mov %rsi,0x28(%r8) > 0x00007f072ae85b17 <+615>: mov 0x28(%rcx),%rcx > 0x00007f072ae85b1b <+619>: mov %rsi,0x20(%rcx) > 0x00007f072ae85b1f <+623>: jmpq 0x7f072ae859f0 <malloc_consolidate+320> > 0x00007f072ae85b24 <+628>: mov %r9,0x28(%r9) > 0x00007f072ae85b28 <+632>: mov %r9,0x20(%r9) > 0x00007f072ae85b2c <+636>: jmpq 0x7f072ae8595d <malloc_consolidate+173> > 0x00007f072ae85b31 <+641>: mov %rsi,0x28(%rsi) > 0x00007f072ae85b35 <+645>: mov %rsi,0x20(%rsi) > 0x00007f072ae85b39 <+649>: jmpq 0x7f072ae859f0 <malloc_consolidate+320> >End of assembler dump. >== EXPLOITABLE ==
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1475293">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1615093
: 1475293 |
1475294
|
1475295
|
1475296
|
1475297
|
1475298
|
1475299
|
1475300
|
1475301
|
1475302
|
1475303
|
1475304
|
1475305