Re: Is dialog4ports built in/for releng/13.0 also supposed to work under main [so: 14]? It gets SIGSEGV in my context.

Reply: Mark Millard via freebsd-current : "Re: Is dialog4ports built in/for releng/13.0 also supposed to work under main [so: 14]? It gets SIGSEGV in my context. (some low level failure info now)"
In reply to: Mark Millard via freebsd-current : "Re: Is dialog4ports built in/for releng/13.0 also supposed to work under main [so: 14]? It gets SIGSEGV in my context."
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Mark Millard via freebsd-current <freebsd-current_at_freebsd.org>
Date: Thu, 21 Oct 2021 23:24:23 UTC

On 2021-Oct-21, at 11:53, Mark Millard <marklmi@yahoo.com> wrote:

> On 2021-Oct-21, at 08:27, Tomoaki AOKI <junchoon at dec.sakura.ne.jp> wrote:
> 
>> On Thu, 21 Oct 2021 07:40:36 -0700
>> Mark Millard via freebsd-current <freebsd-current@freebsd.org> wrote:
>> 
>>> 
>>> 
>>> On 2021-Oct-21, at 06:14, Gary Jennejohn <gljennjohn@gmail.com> wrote:
>>> 
>>>> On Thu, 21 Oct 2021 01:34:47 -0700
>>>> Mark Millard via freebsd-current <freebsd-current@freebsd.org> wrote:
>>>> 
>>>>> I get the following crash (amd64 example shown), as reported
>>>>> via gdb afterwards. (devel/llvm13 is just an example context.)
>>>>> 
>>>>> gdb `which dialog4ports` devel/llvm13/dialog4ports.core
>>>>> . . .
>>>>> Core was generated by `/usr/local/bin/dialog4ports'.
>>>>> Program terminated with signal SIGSEGV, Segmentation fault.
>>>>> Address not mapped to object.
>>>>> #0  vfprintf_l (fp=0x4d4940, locale=0x8004d4128 <__xlocale_global_locale>, fmt0=0x201f64 "\"%s\"", ap=ap@entry=0x7fffffffcf00) at /usr/main-src/lib/libc/stdio/vfprintf.c:281
>>>>> 281		if ((fp->_flags & (__SNBF|__SWR|__SRW)) == (__SNBF|__SWR) &&
>>>>> (gdb) bt
>>>>> #0  vfprintf_l (fp=0x4d4940, locale=0x8004d4128 <__xlocale_global_locale>, fmt0=0x201f64 "\"%s\"", ap=ap@entry=0x7fffffffcf00) at /usr/main-src/lib/libc/stdio/vfprintf.c:281
>>>>> #1  0x0000000800409283 in fprintf (fp=0x800411660 <__stdio_cancel_cleanup>, fmt=0x7fffffffcdd0 "0\317\377\377\377\177") at /usr/main-src/lib/libc/stdio/fprintf.c:57
>>>>> #2  0x000000000020399d in main (argc=<optimized out>, argv=<optimized out>) at dialog4ports.c:332
>>>>> (gdb) quit
>>>>> 
>>>>> The crash happens after selecting OK but not after selecting Cancel. The
>>>>> display is also odd before that (no line drawing, just odd text instead),
>>>>> but is sufficient to be usable at that stage.
>>>>> 
>>>>> . . .
>>> 

gdb's disass/s reports the failure point via:

. . .
/usr/main-src/lib/libc/stdio/vfprintf.c:
279		FLOCKFILE_CANCELSAFE(fp);
   0x0000000800412357 <+71>:	mov    0xbf082(%rip),%rax        # 0x8004d13e0
   0x000000080041235e <+78>:	cmpl   $0x0,(%rax)
   0x0000000800412361 <+81>:	je     0x800412370 <vfprintf_l+96>
   0x0000000800412363 <+83>:	mov    %rbx,%rdi
   0x0000000800412366 <+86>:	call   0x8004c6730 <_flockfile@plt>
   0x000000080041236b <+91>:	mov    %rbx,%rsi
   0x000000080041236e <+94>:	jmp    0x800412372 <vfprintf_l+98>
   0x0000000800412370 <+96>:	xor    %esi,%esi
   0x0000000800412372 <+98>:	lea    -0xd19(%rip),%rdi        # 0x800411660 <__stdio_cancel_cleanup>
   0x0000000800412379 <+105>:	lea    -0x70(%rbp),%rdx
   0x000000080041237d <+109>:	call   0x800384a90 <__pthread_cleanup_push_imp_int>

280		/* optimise fprintf(stderr) (and other unbuffered Unix files) */
281		if ((fp->_flags & (__SNBF|__SWR|__SRW)) == (__SNBF|__SWR) &&
=> 0x0000000800412382 <+114>:	movzwl 0x10(%rbx),%eax
   0x0000000800412386 <+118>:	and    $0x1a,%eax
   0x0000000800412389 <+121>:	cmp    $0xa,%ax
   0x000000080041238d <+125>:	jne    0x8004123a9 <vfprintf_l+153>

282		    fp->_file >= 0)
   0x000000080041238f <+127>:	cmpw   $0x0,0x12(%rbx)

281		if ((fp->_flags & (__SNBF|__SWR|__SRW)) == (__SNBF|__SWR) &&
   0x0000000800412394 <+132>:	js     0x8004123a9 <vfprintf_l+153>
. . .

(gdb) info reg
rax            0x0                 0
rbx            0x4d4940            5065024
rcx            0x7fffffffd0e0      140737488343264
rdx            0x7fffffffcfb0      140737488342960
rsi            0x0                 0
rdi            0x800411660         34364003936
rbp            0x7fffffffd020      0x7fffffffd020
rsp            0x7fffffffcfb0      0x7fffffffcfb0
r8             0x0                 0
r9             0x0                 0
r10            0x800a330f0         34370433264
r11            0x206               518
r12            0x8004d4128         34364801320
r13            0x2083a0            2130848
r14            0x7fffffffd0e0      140737488343264
r15            0x201f64            2105188
rip            0x800412382         0x800412382 <vfprintf_l+114>
eflags         0x10246             [ PF ZF IF RF ]
cs             0x43                67
ss             0x3b                59
ds             <unavailable>
es             <unavailable>
fs             <unavailable>
gs             <unavailable>
fs_base        <unavailable>
gs_base        <unavailable>

where:

(gdb) disass/s __pthread_cleanup_push_imp_int
Dump of assembler code for function __pthread_cleanup_push_imp_int:
/usr/main-src/lib/libc/gen/_pthread_stubs.c:
289	STUB_FUNC3(__pthread_cleanup_push_imp, PJT_CLEANUP_PUSH_IMP, void, void *,
   0x0000000800384a90 <+0>:	push   %rbp
   0x0000000800384a91 <+1>:	mov    %rsp,%rbp
   0x0000000800384a94 <+4>:	mov    0x14c94d(%rip),%rax        # 0x8004d13e8
   0x0000000800384a9b <+11>:	mov    0x3c8(%rax),%rax
   0x0000000800384aa2 <+18>:	pop    %rbp
   0x0000000800384aa3 <+19>:	jmp    *%rax
End of assembler dump.


It is not obvious that any of this has any relationship with
libtinfow.so.9 or libncursesw.so.9 use unless some memory is
being trashed first.

===
Mark Millard
marklmi at yahoo.com
( dsl-only.net went
away in early 2018-Mar)