0x5f5e0ff doesn't cause a segfault...
but 
calc:              Contains the main calulator function, including calling get_expr.
08048e44 get_expr: gets user input, look into this!



during crash 1:

mov    DWORD PTR [edx+eax*4+0x4], ecx
$eax   : 0x0
$ecx   : 0x98967f
$edx   : 0xffffcb18  →  0x00000001





calc+56: right before get_expr
calc+113: right before parce_expr

0x080f05e8
0x080f05f8

either eax or edx

08048e44 <get_expr>:
 8048e44:	55                   	push   ebp
 8048e45:	89 e5                	mov    ebp,esp
 8048e47:	83 ec 28             	sub    esp,0x28                   ; 40 bytes available
 8048e4a:	c7 45 f4 00 00 00 00 	mov    DWORD PTR [ebp-0xc],0x0    ; our counter, which starts at zero
 8048e51:	eb 76                	jmp    8048ec9 <get_expr+0x85>    ; jumps to the place that compares length to 1024
 8048e53:	c7 44 24 08 01 00 00 	mov    DWORD PTR [esp+0x8],0x1    ; jump 2
 8048e5a:	00 
 8048e5b:	8d 45 f3             	lea    eax,[ebp-0xd]              ; just setting up for the read call
 8048e5e:	89 44 24 04          	mov    DWORD PTR [esp+0x4],eax    ; just setting up for the read call
 8048e62:	c7 04 24 00 00 00 00 	mov    DWORD PTR [esp],0x0        ; just setting up for the read call
 8048e69:	e8 62 58 02 00       	call   806e6d0 <__libc_read>      ; puts one of our input into eax
 8048e6e:	83 f8 ff             	cmp    eax,0xffffffff             ; if our read returns an error
 8048e71:	74 5e                	je     8048ed1 <get_expr+0x8d>    ; then jump 3
 8048e73:	0f b6 45 f3          	movzx  eax,BYTE PTR [ebp-0xd]
 8048e77:	3c 0a                	cmp    al,0xa                     ; if byte is newline
 8048e79:	74 56                	je     8048ed1 <get_expr+0x8d>    ; then jump 3
 8048e7b:	0f b6 45 f3          	movzx  eax,BYTE PTR [ebp-0xd]
 8048e7f:	3c 2b                	cmp    al,0x2b                    ; if byte is +
 8048e81:	74 30                	je     8048eb3 <get_expr+0x6f>    ; then jump 4
 8048e83:	0f b6 45 f3          	movzx  eax,BYTE PTR [ebp-0xd]
 8048e87:	3c 2d                	cmp    al,0x2d                    ; if byte is -
 8048e89:	74 28                	je     8048eb3 <get_expr+0x6f>    ; then jump 4
 8048e8b:	0f b6 45 f3          	movzx  eax,BYTE PTR [ebp-0xd]
 8048e8f:	3c 2a                	cmp    al,0x2a                    ; if byte is *
 8048e91:	74 20                	je     8048eb3 <get_expr+0x6f>    ; then jump 4
 8048e93:	0f b6 45 f3          	movzx  eax,BYTE PTR [ebp-0xd]
 8048e97:	3c 2f                	cmp    al,0x2f                    ; if byte is /
 8048e99:	74 18                	je     8048eb3 <get_expr+0x6f>    ; then jump 4
 8048e9b:	0f b6 45 f3          	movzx  eax,BYTE PTR [ebp-0xd]
 8048e9f:	3c 25                	cmp    al,0x25                    ; if byte is %
 8048ea1:	74 10                	je     8048eb3 <get_expr+0x6f>    ; then jump 4
 8048ea3:	0f b6 45 f3          	movzx  eax,BYTE PTR [ebp-0xd]
 8048ea7:	3c 2f                	cmp    al,0x2f                    ; if byte <= /
 8048ea9:	7e 1e                	jle    8048ec9 <get_expr+0x85>    ; then jump 1
 8048eab:	0f b6 45 f3          	movzx  eax,BYTE PTR [ebp-0xd]
 8048eaf:	3c 39                	cmp    al,0x39                    ; if byte > '9' (if letter)
 8048eb1:	7f 16                	jg     8048ec9 <get_expr+0x85>    ; then jump 1
 8048eb3:	8b 45 f4             	mov    eax,DWORD PTR [ebp-0xc]    ; jump 4
 8048eb6:	8d 50 01             	lea    edx,[eax+0x1]
 8048eb9:	89 55 f4             	mov    DWORD PTR [ebp-0xc],edx    ; puts quanity into the thing
 8048ebc:	89 c2                	mov    edx,eax
 8048ebe:	8b 45 08             	mov    eax,DWORD PTR [ebp+0x8]    ; this is where the amount of letters we have is
 8048ec1:	01 c2                	add    edx,eax                    ; here, edx contains the address of the string, and eax contains the length (1). 
 8048ec3:	0f b6 45 f3          	movzx  eax,BYTE PTR [ebp-0xd]     ; We move the input back into register eax.
 8048ec7:	88 02                	mov    BYTE PTR [edx],al          ; this puts the actual letter in edx, which is where the string pointer was added from two instructions ago.
 8048ec9:	8b 45 f4             	mov    eax,DWORD PTR [ebp-0xc]    ; We move the quanity to eax,         JUMP 1
 8048ecc:	3b 45 0c             	cmp    eax,DWORD PTR [ebp+0xc]    ; and compare it with this static variable that's a value of 1024.
 8048ecf:	7c 82                	jl     8048e53 <get_expr+0xf>     ; if len < 1024, go to jump 2

 8048ed1:	8b 55 f4             	mov    edx,DWORD PTR [ebp-0xc]    ; jump 3. This puts the quanity into edx.
 8048ed4:	8b 45 08             	mov    eax,DWORD PTR [ebp+0x8]    ; This puts the begning of the string into eax.
 8048ed7:	01 d0                	add    eax,edx                    ; Finds the end of the string for some reason?
 8048ed9:	c6 00 00             	mov    BYTE PTR [eax],0x0         ; We terminate it with a null pointer (this may be importaint).
 8048edc:	8b 45 f4             	mov    eax,DWORD PTR [ebp-0xc]    ; Move quanity back into eax.
 8048edf:	c9                   	leave  
 8048ee0:	c3                   	ret  


parse_expr:

0804902a <parse_expr>:
 804902a:	55                   	push   ebp
 804902b:	89 e5                	mov    ebp,esp
 804902d:	53                   	push   ebx
 804902e:	81 ec a4 00 00 00    	sub    esp,0xa4
 8049034:	8b 45 08             	mov    eax,DWORD PTR [ebp+0x8]
 8049037:	89 85 74 ff ff ff    	mov    DWORD PTR [ebp-0x8c],eax
 804903d:	8b 45 0c             	mov    eax,DWORD PTR [ebp+0xc]
 8049040:	89 85 70 ff ff ff    	mov    DWORD PTR [ebp-0x90],eax
 8049046:	65 a1 14 00 00 00    	mov    eax,gs:0x14
 804904c:	89 45 f4             	mov    DWORD PTR [ebp-0xc],eax
 804904f:	31 c0                	xor    eax,eax
 8049051:	8b 85 74 ff ff ff    	mov    eax,DWORD PTR [ebp-0x8c]
 8049057:	89 85 78 ff ff ff    	mov    DWORD PTR [ebp-0x88],eax
 804905d:	c7 45 80 00 00 00 00 	mov    DWORD PTR [ebp-0x80],0x0
 8049064:	c7 44 24 04 64 00 00 	mov    DWORD PTR [esp+0x4],0x64
 804906b:	00 
 804906c:	8d 45 90             	lea    eax,[ebp-0x70]
 804906f:	89 04 24             	mov    DWORD PTR [esp],eax
 8049072:	e8 c9 f1 ff ff       	call   8048240 <.plt+0x60>
 8049077:	c7 85 7c ff ff ff 00 	mov    DWORD PTR [ebp-0x84],0x0
 804907e:	00 00 00 
 8049081:	8b 95 7c ff ff ff    	mov    edx,DWORD PTR [ebp-0x84]
 8049087:	8b 85 74 ff ff ff    	mov    eax,DWORD PTR [ebp-0x8c]
 804908d:	01 d0                	add    eax,edx
 804908f:	0f b6 00             	movzx  eax,BYTE PTR [eax]
 8049092:	0f be c0             	movsx  eax,al
 8049095:	83 e8 30             	sub    eax,0x30
 8049098:	83 f8 09             	cmp    eax,0x9
 804909b:	0f 86 83 02 00 00    	jbe    8049324 <parse_expr+0x2fa>
 80490a1:	8b 95 7c ff ff ff    	mov    edx,DWORD PTR [ebp-0x84]
 80490a7:	8b 85 74 ff ff ff    	mov    eax,DWORD PTR [ebp-0x8c]
 80490ad:	01 d0                	add    eax,edx
 80490af:	89 c2                	mov    edx,eax
 80490b1:	8b 85 78 ff ff ff    	mov    eax,DWORD PTR [ebp-0x88]
 80490b7:	29 c2                	sub    edx,eax
 80490b9:	89 d0                	mov    eax,edx
 80490bb:	89 45 84             	mov    DWORD PTR [ebp-0x7c],eax
 80490be:	8b 45 84             	mov    eax,DWORD PTR [ebp-0x7c]
 80490c1:	83 c0 01             	add    eax,0x1
 80490c4:	89 04 24             	mov    DWORD PTR [esp],eax
 80490c7:	e8 b4 0e 01 00       	call   8059f80 <__libc_malloc>        BNOTE: Allocates for memcpy call in a few instructinos
 80490cc:	89 45 88             	mov    DWORD PTR [ebp-0x78],eax
 80490cf:	8b 45 84             	mov    eax,DWORD PTR [ebp-0x7c]
 80490d2:	89 44 24 08          	mov    DWORD PTR [esp+0x8],eax
 80490d6:	8b 85 78 ff ff ff    	mov    eax,DWORD PTR [ebp-0x88]
 80490dc:	89 44 24 04          	mov    DWORD PTR [esp+0x4],eax
 80490e0:	8b 45 88             	mov    eax,DWORD PTR [ebp-0x78]
 80490e3:	89 04 24             	mov    DWORD PTR [esp],eax
 80490e6:	e8 95 45 01 00       	call   805d680 <memcpy>               BNOTE: 0x080f05e8 returned?
 80490eb:	8b 55 84             	mov    edx,DWORD PTR [ebp-0x7c]
 80490ee:	8b 45 88             	mov    eax,DWORD PTR [ebp-0x78]
 80490f1:	01 d0                	add    eax,edx
 80490f3:	c6 00 00             	mov    BYTE PTR [eax],0x0
 80490f6:	c7 44 24 04 a8 f7 0b 	mov    DWORD PTR [esp+0x4],0x80bf7a8
 80490fd:	08 
 80490fe:	8b 45 88             	mov    eax,DWORD PTR [ebp-0x78]
 8049101:	89 04 24             	mov    DWORD PTR [esp],eax
 8049104:	e8 97 f1 ff ff       	call   80482a0 <.plt+0xc0>
 8049109:	85 c0                	test   eax,eax
 804910b:	75 23                	jne    8049130 <parse_expr+0x106>
 804910d:	c7 04 24 aa f7 0b 08 	mov    DWORD PTR [esp],0x80bf7aa
 8049114:	e8 a7 73 00 00       	call   80504c0 <_IO_puts>
 8049119:	a1 c0 c4 0e 08       	mov    eax,ds:0x80ec4c0
 804911e:	89 04 24             	mov    DWORD PTR [esp],eax
 8049121:	e8 5a 71 00 00       	call   8050280 <_IO_fflush>
 8049126:	b8 00 00 00 00       	mov    eax,0x0
 804912b:	e9 2f 02 00 00       	jmp    804935f <parse_expr+0x335>
 8049130:	8b 45 88             	mov    eax,DWORD PTR [ebp-0x78]
 8049133:	89 04 24             	mov    DWORD PTR [esp],eax
 8049136:	e8 35 54 00 00       	call   804e570 <atoi>
 804913b:	89 45 8c             	mov    DWORD PTR [ebp-0x74],eax
 804913e:	83 7d 8c 00          	cmp    DWORD PTR [ebp-0x74],0x0
 8049142:	7e 20                	jle    8049164 <parse_expr+0x13a>
 8049144:	8b 85 70 ff ff ff    	mov    eax,DWORD PTR [ebp-0x90]
 804914a:	8b 00                	mov    eax,DWORD PTR [eax]
 804914c:	8d 48 01             	lea    ecx,[eax+0x1]
 804914f:	8b 95 70 ff ff ff    	mov    edx,DWORD PTR [ebp-0x90]
 8049155:	89 0a                	mov    DWORD PTR [edx],ecx
 8049157:	8b 95 70 ff ff ff    	mov    edx,DWORD PTR [ebp-0x90]
 804915d:	8b 4d 8c             	mov    ecx,DWORD PTR [ebp-0x74]
 8049160:	89 4c 82 04          	mov    DWORD PTR [edx+eax*4+0x4],ecx //can cause segfault
 8049164:	8b 95 7c ff ff ff    	mov    edx,DWORD PTR [ebp-0x84]
 804916a:	8b 85 74 ff ff ff    	mov    eax,DWORD PTR [ebp-0x8c]
 8049170:	01 d0                	add    eax,edx
 8049172:	0f b6 00             	movzx  eax,BYTE PTR [eax]
 8049175:	84 c0                	test   al,al
 8049177:	74 1f                	je     8049198 <parse_expr+0x16e>
 8049179:	8b 85 7c ff ff ff    	mov    eax,DWORD PTR [ebp-0x84]
 804917f:	8d 50 01             	lea    edx,[eax+0x1]
 8049182:	8b 85 74 ff ff ff    	mov    eax,DWORD PTR [ebp-0x8c]
 8049188:	01 d0                	add    eax,edx
 804918a:	0f b6 00             	movzx  eax,BYTE PTR [eax]
 804918d:	0f be c0             	movsx  eax,al
 8049190:	83 e8 30             	sub    eax,0x30
 8049193:	83 f8 09             	cmp    eax,0x9
 8049196:	77 28                	ja     80491c0 <parse_expr+0x196>
 8049198:	8b 85 7c ff ff ff    	mov    eax,DWORD PTR [ebp-0x84]
 804919e:	8d 50 01             	lea    edx,[eax+0x1]
 80491a1:	8b 85 74 ff ff ff    	mov    eax,DWORD PTR [ebp-0x8c]
 80491a7:	01 d0                	add    eax,edx
 80491a9:	89 85 78 ff ff ff    	mov    DWORD PTR [ebp-0x88],eax
 80491af:	8d 55 90             	lea    edx,[ebp-0x70]
 80491b2:	8b 45 80             	mov    eax,DWORD PTR [ebp-0x80]
 80491b5:	01 d0                	add    eax,edx
 80491b7:	0f b6 00             	movzx  eax,BYTE PTR [eax]
 80491ba:	84 c0                	test   al,al
 80491bc:	74 25                	je     80491e3 <parse_expr+0x1b9>
 80491be:	eb 43                	jmp    8049203 <parse_expr+0x1d9>
 80491c0:	c7 04 24 c3 f7 0b 08 	mov    DWORD PTR [esp],0x80bf7c3
 80491c7:	e8 f4 72 00 00       	call   80504c0 <_IO_puts>
 80491cc:	a1 c0 c4 0e 08       	mov    eax,ds:0x80ec4c0
 80491d1:	89 04 24             	mov    DWORD PTR [esp],eax
 80491d4:	e8 a7 70 00 00       	call   8050280 <_IO_fflush>
 80491d9:	b8 00 00 00 00       	mov    eax,0x0
 80491de:	e9 7c 01 00 00       	jmp    804935f <parse_expr+0x335>
 80491e3:	8b 95 7c ff ff ff    	mov    edx,DWORD PTR [ebp-0x84]
 80491e9:	8b 85 74 ff ff ff    	mov    eax,DWORD PTR [ebp-0x8c]
 80491ef:	01 d0                	add    eax,edx
 80491f1:	0f b6 00             	movzx  eax,BYTE PTR [eax]
 80491f4:	8d 4d 90             	lea    ecx,[ebp-0x70]
 80491f7:	8b 55 80             	mov    edx,DWORD PTR [ebp-0x80]
 80491fa:	01 ca                	add    edx,ecx
 80491fc:	88 02                	mov    BYTE PTR [edx],al
 80491fe:	e9 09 01 00 00       	jmp    804930c <parse_expr+0x2e2>
 8049203:	8b 95 7c ff ff ff    	mov    edx,DWORD PTR [ebp-0x84]
 8049209:	8b 85 74 ff ff ff    	mov    eax,DWORD PTR [ebp-0x8c]
 804920f:	01 d0                	add    eax,edx
 8049211:	0f b6 00             	movzx  eax,BYTE PTR [eax]
 8049214:	0f be c0             	movsx  eax,al
 8049217:	83 e8 25             	sub    eax,0x25
 804921a:	83 f8 0a             	cmp    eax,0xa
 804921d:	0f 87 c5 00 00 00    	ja     80492e8 <parse_expr+0x2be>
 8049223:	8b 04 85 d8 f7 0b 08 	mov    eax,DWORD PTR [eax*4+0x80bf7d8]
 804922a:	ff e0                	jmp    eax
 804922c:	8d 55 90             	lea    edx,[ebp-0x70]
 804922f:	8b 45 80             	mov    eax,DWORD PTR [ebp-0x80]
 8049232:	01 d0                	add    eax,edx
 8049234:	0f b6 00             	movzx  eax,BYTE PTR [eax]
 8049237:	0f be c0             	movsx  eax,al
 804923a:	89 44 24 04          	mov    DWORD PTR [esp+0x4],eax
 804923e:	8b 85 70 ff ff ff    	mov    eax,DWORD PTR [ebp-0x90]
 8049244:	89 04 24             	mov    DWORD PTR [esp],eax
 8049247:	e8 95 fc ff ff       	call   8048ee1 <eval>
 804924c:	8b 95 7c ff ff ff    	mov    edx,DWORD PTR [ebp-0x84]
 8049252:	8b 85 74 ff ff ff    	mov    eax,DWORD PTR [ebp-0x8c]
 8049258:	01 d0                	add    eax,edx
 804925a:	0f b6 00             	movzx  eax,BYTE PTR [eax]
 804925d:	8d 4d 90             	lea    ecx,[ebp-0x70]
 8049260:	8b 55 80             	mov    edx,DWORD PTR [ebp-0x80]
 8049263:	01 ca                	add    edx,ecx
 8049265:	88 02                	mov    BYTE PTR [edx],al
 8049267:	e9 a0 00 00 00       	jmp    804930c <parse_expr+0x2e2>
 804926c:	8d 55 90             	lea    edx,[ebp-0x70]
 804926f:	8b 45 80             	mov    eax,DWORD PTR [ebp-0x80]
 8049272:	01 d0                	add    eax,edx
 8049274:	0f b6 00             	movzx  eax,BYTE PTR [eax]
 8049277:	3c 2b                	cmp    al,0x2b
 8049279:	74 0f                	je     804928a <parse_expr+0x260>
 804927b:	8d 55 90             	lea    edx,[ebp-0x70]
 804927e:	8b 45 80             	mov    eax,DWORD PTR [ebp-0x80]
 8049281:	01 d0                	add    eax,edx
 8049283:	0f b6 00             	movzx  eax,BYTE PTR [eax]
 8049286:	3c 2d                	cmp    al,0x2d
 8049288:	75 21                	jne    80492ab <parse_expr+0x281>
 804928a:	83 45 80 01          	add    DWORD PTR [ebp-0x80],0x1
 804928e:	8b 95 7c ff ff ff    	mov    edx,DWORD PTR [ebp-0x84]
 8049294:	8b 85 74 ff ff ff    	mov    eax,DWORD PTR [ebp-0x8c]
 804929a:	01 d0                	add    eax,edx
 804929c:	0f b6 00             	movzx  eax,BYTE PTR [eax]
 804929f:	8d 4d 90             	lea    ecx,[ebp-0x70]
 80492a2:	8b 55 80             	mov    edx,DWORD PTR [ebp-0x80]
 80492a5:	01 ca                	add    edx,ecx
 80492a7:	88 02                	mov    BYTE PTR [edx],al
 80492a9:	eb 61                	jmp    804930c <parse_expr+0x2e2>
 80492ab:	8d 55 90             	lea    edx,[ebp-0x70]
 80492ae:	8b 45 80             	mov    eax,DWORD PTR [ebp-0x80]
 80492b1:	01 d0                	add    eax,edx
 80492b3:	0f b6 00             	movzx  eax,BYTE PTR [eax]
 80492b6:	0f be c0             	movsx  eax,al
 80492b9:	89 44 24 04          	mov    DWORD PTR [esp+0x4],eax
 80492bd:	8b 85 70 ff ff ff    	mov    eax,DWORD PTR [ebp-0x90]
 80492c3:	89 04 24             	mov    DWORD PTR [esp],eax
 80492c6:	e8 16 fc ff ff       	call   8048ee1 <eval>
 80492cb:	8b 95 7c ff ff ff    	mov    edx,DWORD PTR [ebp-0x84]
 80492d1:	8b 85 74 ff ff ff    	mov    eax,DWORD PTR [ebp-0x8c]
 80492d7:	01 d0                	add    eax,edx
 80492d9:	0f b6 00             	movzx  eax,BYTE PTR [eax]
 80492dc:	8d 4d 90             	lea    ecx,[ebp-0x70]
 80492df:	8b 55 80             	mov    edx,DWORD PTR [ebp-0x80]
 80492e2:	01 ca                	add    edx,ecx
 80492e4:	88 02                	mov    BYTE PTR [edx],al
 80492e6:	eb 24                	jmp    804930c <parse_expr+0x2e2>
 80492e8:	8d 55 90             	lea    edx,[ebp-0x70]
 80492eb:	8b 45 80             	mov    eax,DWORD PTR [ebp-0x80]
 80492ee:	01 d0                	add    eax,edx
 80492f0:	0f b6 00             	movzx  eax,BYTE PTR [eax]
 80492f3:	0f be c0             	movsx  eax,al
 80492f6:	89 44 24 04          	mov    DWORD PTR [esp+0x4],eax
 80492fa:	8b 85 70 ff ff ff    	mov    eax,DWORD PTR [ebp-0x90]
 8049300:	89 04 24             	mov    DWORD PTR [esp],eax
 8049303:	e8 d9 fb ff ff       	call   8048ee1 <eval>
 8049308:	83 6d 80 01          	sub    DWORD PTR [ebp-0x80],0x1
 804930c:	8b 95 7c ff ff ff    	mov    edx,DWORD PTR [ebp-0x84]
 8049312:	8b 85 74 ff ff ff    	mov    eax,DWORD PTR [ebp-0x8c]
 8049318:	01 d0                	add    eax,edx
 804931a:	0f b6 00             	movzx  eax,BYTE PTR [eax]
 804931d:	84 c0                	test   al,al
 804931f:	75 03                	jne    8049324 <parse_expr+0x2fa>
 8049321:	90                   	nop
 8049322:	eb 30                	jmp    8049354 <parse_expr+0x32a>
 8049324:	83 85 7c ff ff ff 01 	add    DWORD PTR [ebp-0x84],0x1
 804932b:	e9 51 fd ff ff       	jmp    8049081 <parse_expr+0x57>
 8049330:	8d 55 90             	lea    edx,[ebp-0x70]
 8049333:	8b 45 80             	mov    eax,DWORD PTR [ebp-0x80]
 8049336:	01 d0                	add    eax,edx
 8049338:	0f b6 00             	movzx  eax,BYTE PTR [eax]
 804933b:	0f be c0             	movsx  eax,al
 804933e:	89 44 24 04          	mov    DWORD PTR [esp+0x4],eax
 8049342:	8b 85 70 ff ff ff    	mov    eax,DWORD PTR [ebp-0x90]
 8049348:	89 04 24             	mov    DWORD PTR [esp],eax
 804934b:	e8 91 fb ff ff       	call   8048ee1 <eval>
 8049350:	83 6d 80 01          	sub    DWORD PTR [ebp-0x80],0x1
 8049354:	83 7d 80 00          	cmp    DWORD PTR [ebp-0x80],0x0
 8049358:	79 d6                	jns    8049330 <parse_expr+0x306>
 804935a:	b8 01 00 00 00       	mov    eax,0x1
 804935f:	8b 5d f4             	mov    ebx,DWORD PTR [ebp-0xc]
 8049362:	65 33 1d 14 00 00 00 	xor    ebx,DWORD PTR gs:0x14
 8049369:	74 05                	je     8049370 <parse_expr+0x346>
 804936b:	e8 a0 70 02 00       	call   8070410 <__stack_chk_fail>
 8049370:	81 c4 a4 00 00 00    	add    esp,0xa4
 8049376:	5b                   	pop    ebx
 8049377:	5d                   	pop    ebp
 8049378:	c3                   	ret    

Disassembly of section __libc_freeres_fn:

Disassembly of section __libc_thread_freeres_fn:

Disassembly of section .fini: