RHEL7.2 - segfault occurs in vim when unlink() is attempted
Issue
Segfault occurs in vim. According to backtrace it seems that segfault is in the process of unlink(). Backtrace is shown below:
(gdb) bt
#0 0x00007f170cd0c8c7 in kill () at ../sysdeps/unix/syscall-template.S:81
#1 0x00000000005071e3 in may_core_dump () at os_unix.c:3230
#2 0x0000000000508dc5 in may_core_dump () at os_unix.c:3187
#3 mch_exit (r=1) at os_unix.c:3196
#4 0x00000000005a493b in getout (exitval=<optimized out>, exitval@entry=1) at main.c:1509
#5 0x0000000000507f5a in deathtrap (sigarg=<optimized out>) at os_unix.c:1100
#6 <signal handler called>
#7 0x00007f170e3b148c in do_lookup_x (new_hash=new_hash@entry=550380534, old_hash=old_hash@entry=0xb630a0, result=result@entry=0xb630b0,
scope=0x7f170e5cb4c0, i=i@entry=0, flags=flags@entry=1, skip=skip@entry=0x0, undef_map=undef_map@entry=0x7f170e5cb208) at dl-lookup.c:82
#8 0x00007f170e3b1e6f in _dl_lookup_symbol_x (undef_name=0x41d965 "unlink", undef_map=0x7f170e5cb208, ref=ref@entry=0xb63168,
symbol_scope=0x7f170e5cb560, version=0x7f170e5c2740, type_class=type_class@entry=1, flags=1, skip_map=skip_map@entry=0x0) at dl-lookup.c:739
#9 0x00007f170e3b6776 in _dl_fixup (l=<optimized out>, reloc_arg=<optimized out>) at ../elf/dl-runtime.c:113
#10 0x00007f170e3bd260 in _dl_runtime_resolve () at ../sysdeps/x86_64/dl-trampoline.S:87
#11 0x000000000049c180 in vim_rename (from=0xb6ce10 "/root/.viminft.tmp", to=0xd231d0 "/root/.viminfo") at fileio.c:6635
#12 0x0000000000000000 in ?? ()
(gdb) f 7
#7 0x00007f170e3b148c in do_lookup_x (new_hash=new_hash@entry=550380534, old_hash=old_hash@entry=0xb630a0, result=result@entry=0xb630b0,
scope=0x7f170e5cb4c0, i=i@entry=0, flags=flags@entry=1, skip=skip@entry=0x0, undef_map=undef_map@entry=0x7f170e5cb208) at dl-lookup.c:82
(gdb) l
warning: Source file is more recent than executable.
77 do_lookup_x (const char *undef_name, uint_fast32_t new_hash,
78 unsigned long int *old_hash, const ElfW(Sym) *ref,
79 struct sym_val *result, struct r_scope_elem *scope, size_t i,
80 const struct r_found_version *const version, int flags,
81 struct link_map *skip, int type_class, struct link_map *undef_map)
82 {
83 size_t n = scope->r_nlist;
84 /* Make sure we read the value before proceeding. Otherwise we
85 might use r_list pointing to the initial scope and r_nlist being
86 the value after a resize. That is the only path in dl-open.c not
(gdb) disass/m
Dump of assembler code for function do_lookup_x:
77 do_lookup_x (const char *undef_name, uint_fast32_t new_hash,
0x00007f170e3b149b <+27>: mov 0xc8(%rsp),%rax
0x00007f170e3b14b8 <+56>: mov %rdi,0x58(%rsp)
0x00007f170e3b14bd <+61>: mov %rcx,0x68(%rsp)
0x00007f170e3b14c2 <+66>: mov %rax,0x48(%rsp)
0x00007f170e3b14c7 <+71>: mov 0xd0(%rsp),%eax
0x00007f170e3b14ce <+78>: mov %eax,0x74(%rsp)
0x00007f170e3b14d2 <+82>: mov 0xe0(%rsp),%eax
0x00007f170e3b14d9 <+89>: mov %eax,0x7c(%rsp)
78 unsigned long int *old_hash, const ElfW(Sym) *ref,
79 struct sym_val *result, struct r_scope_elem *scope, size_t i,
80 const struct r_found_version *const version, int flags,
81 struct link_map *skip, int type_class, struct link_map *undef_map)
82 {
0x00007f170e3b1480 <+0>: push %r15
0x00007f170e3b1482 <+2>: mov %rdx,%r11
0x00007f170e3b1485 <+5>: push %r14
0x00007f170e3b1487 <+7>: push %r13
0x00007f170e3b1489 <+9>: mov %rsi,%r13
=> 0x00007f170e3b148c <+12>: push %r12
0x00007f170e3b148e <+14>: push %rbp
0x00007f170e3b148f <+15>: push %rbx
0x00007f170e3b1490 <+16>: sub $0x88,%rsp
0x00007f170e3b14a3 <+35>: mov %r8,0x20(%rsp)
0x00007f170e3b14a8 <+40>: mov 0xc0(%rsp),%rbp
0x00007f170e3b14b0 <+48>: mov 0xd8(%rsp),%r15
(gdb) p $rsi
$1 = 550380534
(gdb) p $r13
$2 = 550380534
Environment
- Red Hat Enterprise Linux 7.2 and later
- vim-enhanced-7.4.160-1.el7 and later
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
