From owner-freebsd-ports@freebsd.org Sun Nov 11 11:24:22 2018 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D587511006E2 for ; Sun, 11 Nov 2018 11:24:21 +0000 (UTC) (envelope-from marklmi@yahoo.com) Received: from sonic305-20.consmr.mail.ne1.yahoo.com (sonic305-20.consmr.mail.ne1.yahoo.com [66.163.185.146]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B48D47BA92 for ; Sun, 11 Nov 2018 11:24:20 +0000 (UTC) (envelope-from marklmi@yahoo.com) X-YMail-OSG: dW5twnwVM1k3dZ1FTMfGTlvM64vN7ZuI8QjHSRkxO5VAqjxgLRY.usSw2MwHqqA dXK0htqPYGiDmF0EbbmzGGY2hQYLJz7dinbX0w59k4mTdGn07FWqZXMROexjlbRAzTo3PpHeX0D1 ENI2gZMoUDglvkjBs.Q8MAI81wzC5lO5UHQkBR0YE84tDbMzduE9fVDT0KHwtCPCt0SzVMlVUVP2 dX6zXmHi_PoNZD5sUdzuuN14L4Yv7f.p0xDEjwg6OjQwRVRk5J8g2.THRurkKgriat5eUcPiQC7t sBiqAXogo2d9T1G3Vw0UJWi.Oj.DBxWZb.rzWWqZiR8F3O0eY1myb3sHlKgRW0Y6i1Vyb.s4.YkW KvxSf6mnQz2rqVoqs_lVpO_qu2Zjmxqae5eg7ch51KZumC8vkphZAXBA4z4kaZ.SkpTYobpGaTZy f5FtFC6l5HWMjgD0exk_f8RVRyQg14ug23YFfzwCXmnJ0aW_RcMV.C8eLVwuYnL2OK19xqDgPlAj Vda_TBEG5L3x9.xNjTlAPlcqxroMBfMBCkmawk0UKF9a9ysUM6q75LsGRWI4SLhZvbIMRL_Pzt22 2jkSgtXG0nKLo2vsmMLM1pzVHLWx4lodJU584weQOVk8yhEnnytVLNMwyH9Z_6RwrjHuEQa5O7aG UdmeSlwvJCfP7OXO203itc91z8v4l_RXNrK8KFSFFBuXOJXDxlNbvafI1XeZX3cXL8d1KjnUy4cB 7DW9C1NYK6i0s9ZT7wTfh1VVugVaztWI7EEiXHI5UA3oPa4inPLv79eLFgTuiFV8crK3PsmAwCKp QTWTLFw8ptHzHZAdyISAnQxCx8DAwbx2RYXUraxt_ddlqwy8LdkuLqYdgNo5XVGdzkbip3mcaeCK f06Ks1ty6DpZGtNv0P2p1ox.pjtp8GjNhtEqECXcta4Z8VzLPnQ3Q2JMotSxfZ04yJC5UUw8N3HM 6u7pyyqXvzcO7c9J5OWDwT6wa9RkHPV55UglA1blCy_Gzxwzo.JuICUD44FdE_kVZw64h3BUoTyX 1pAOsfc5bRsFppCyzilh0.RLOIQO3EQW7KUO70DeaLtxCzeWsCZw- Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.ne1.yahoo.com with HTTP; Sun, 11 Nov 2018 11:24:19 +0000 Received: from c-76-115-7-162.hsd1.or.comcast.net (EHLO [192.168.1.25]) ([76.115.7.162]) by smtp427.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 919db21105bf7d286fe8b757e98aeded; Sun, 11 Nov 2018 11:24:18 +0000 (UTC) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.1 \(3445.101.1\)) Subject: Re: ports -r484565 : qemu-arm-static fails with: (start < end): backtrace included; start+len arithmetic overflow (abi_ulong wrap) for TARGET_FREEBSD_NR_mmap use From: Mark Millard In-Reply-To: <7F3A94B8-C6E9-42D5-A5DF-94BF910B1D0C@yahoo.com> Date: Sun, 11 Nov 2018 03:24:16 -0800 Cc: Sean Bruno , ports-list freebsd Content-Transfer-Encoding: quoted-printable Message-Id: <09E0609A-B10E-4D00-89D2-4E102C4F3537@yahoo.com> References: <783DE9B1-F1F5-45B5-8C3E-0B0D8BF4CC03@yahoo.com> <04F7FF99-96DE-4A51-B17F-7F2FEE667417@yahoo.com> <7F3A94B8-C6E9-42D5-A5DF-94BF910B1D0C@yahoo.com> To: Kyle Evans X-Mailer: Apple Mail (2.3445.101.1) X-Rspamd-Queue-Id: B48D47BA92 X-Spamd-Result: default: False [-0.53 / 200.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[yahoo.com]; NEURAL_HAM_MEDIUM(-0.93)[-0.925,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+ptr:yahoo.com]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; FREEMAIL_FROM(0.00)[yahoo.com]; NEURAL_HAM_LONG(-0.96)[-0.964,0]; NEURAL_SPAM_SHORT(0.89)[0.893,0]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[yahoo.com:+]; MX_GOOD(-0.01)[cached: mta6.am0.yahoodns.net]; RCVD_IN_DNSWL_NONE(0.00)[146.185.163.66.list.dnswl.org : 127.0.5.0]; DMARC_POLICY_ALLOW(-0.50)[yahoo.com,reject]; IP_SCORE(0.97)[ip: (1.32), ipnet: 66.163.184.0/21(2.02), asn: 36646(1.61), country: US(-0.09)]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; FREEMAIL_ENVFROM(0.00)[yahoo.com]; ASN(0.00)[asn:36646, ipnet:66.163.184.0/21, country:US]; MID_RHS_MATCH_FROM(0.00)[] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Nov 2018 11:24:22 -0000 I attached with gdb in order to stop at the assert and look around. The following is a backtrace with notes and prints mixed in: (gdb) bt #0 thr_kill () at thr_kill.S:3 #1 0x000000006028a21f in __raise (s=3D6) at = /usr/src/lib/libc/gen/raise.c:52 #2 0x0000000060204949 in abort () at = /usr/src/lib/libc/stdlib/abort.c:67 #3 0x000000006027855a in __assert (func=3D, = file=3D, line=3D, failedexpr=3D) at /usr/src/lib/libc/gen/assert.c:51 Note end=3D=3D37146624 below vs. start (37146624 will show up again in = later notes) #4 0x0000000060036243 in page_set_flags (start=3D4143968256, = end=3D37146624, flags=3D9) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-2cb0cdd/a= ccel/tcg/translate-all.c:2077 Note start and len below: #5 0x000000006003df2b in target_mmap (start=3D4143968256, = len=3D188145664, prot=3D, flags=3D, = fd=3D, offset=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-2cb0cdd/b= sd-user/mmap.c:626 (gdb) print/x start $5 =3D 0xf6fff000 (gdb) print/x len $6 =3D 0xb36e000 Note start+len for the above (without wrapping): (gdb) print/x (long long)start + (long long)len $10 =3D 0x10236d000 (gdb) print (long long)start + (long long)len $11 =3D 4332113920 With wrapping: (gdb) print/x start+len $8 =3D 0x236d000 (gdb) print start+len $9 =3D 37146624 And there is end's value again. The code doing the wrapping is (with more context): 621 if (p =3D=3D MAP_FAILED) 622 goto fail; 623 } 624 } 625 the_end1: 626 page_set_flags(start, start + len, prot | PAGE_VALID); 627 the_end: 628 #ifdef DEBUG_MMAP 629 printf("ret=3D0x" TARGET_ABI_FMT_lx "\n", start); 630 page_dump(stdout); #6 0x000000006004219c in do_bsd_mmap (arg1=3D, = arg2=3D, arg3=3D, arg4=3D2, = arg5=3D, arg6=3D, arg7=3D, = arg8=3D0,=20 cpu_env=3D) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-2cb0cdd/b= sd-user/bsd-mem.h:75 The code for the above is: if (regpairs_aligned(cpu_env) !=3D 0) { arg6 =3D arg7; arg7 =3D arg8; } return get_errno(target_mmap(arg1, arg2, arg3, target_to_host_bitmask(arg4, mmap_flags_tbl), arg5, target_arg64(arg6, arg7))); #7 do_freebsd_syscall (cpu_env=3D0x860c08318, num=3D477, = arg1=3D, arg2=3D, arg3=3D, = arg4=3D2, arg5=3D9, arg6=3D0, arg7=3D0, arg8=3D0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-2cb0cdd/b= sd-user/syscall.c:946 The code above is (with some context): break; /* * Memory management system calls. */ case TARGET_FREEBSD_NR_mmap: /* mmap(2) */ ret =3D do_bsd_mmap(cpu_env, arg1, arg2, arg3, arg4, arg5, arg6, = arg7, arg8); break; #8 0x0000000060038be3 in target_cpu_loop (env=3D0x860c08318) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-2cb0cdd/b= sd-user/arm/target_arch_cpu.h:207 The code and its context for the above is: break; case EXCP_SWI: case EXCP_BKPT: . . . /* * system call * See arm/arm/trap.c cpu_fetch_syscall_args() */ . . . DEBUG_PRINTF("AVANT CALL %d\n", n); if (bsd_type =3D=3D target_freebsd) { int ret; abi_ulong params =3D get_sp_from_cpustate(env); int32_t syscall_nr =3D n; int32_t arg1, arg2, arg3, arg4, arg5, arg6, arg7, = arg8; if (syscall_nr =3D=3D TARGET_FREEBSD_NR_syscall) { . . . } else if (syscall_nr =3D=3D = TARGET_FREEBSD_NR___syscall) { . . . } else { arg1 =3D env->regs[0]; arg2 =3D env->regs[1]; arg3 =3D env->regs[2]; arg4 =3D env->regs[3]; get_user_s32(arg5, params); params +=3D sizeof(int32_t); get_user_s32(arg6, params); params +=3D sizeof(int32_t); get_user_s32(arg7, params); params +=3D sizeof(int32_t); get_user_s32(arg8, params); } ret =3D do_freebsd_syscall(env, syscall_nr, arg1, = arg2, arg3, arg4, arg5, arg6, arg7, arg8); #9 0x0000000060038589 in cpu_loop (env=3D0x18b2f) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-2cb0cdd/b= sd-user/main.c:121 #10 0x0000000060039802 in main (argc=3D-10089, argv=3D0x7fffffffd4e0) at = /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-2cb0cdd/b= sd-user/main.c:513 =3D=3D=3D Mark Millard marklmi at yahoo.com ( dsl-only.net went away in early 2018-Mar)