From owner-freebsd-current@freebsd.org Fri Oct 23 14:18:47 2015 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 41381A1D586 for ; Fri, 23 Oct 2015 14:18:47 +0000 (UTC) (envelope-from gabdelmalik@uniridge.com.au) Received: from mail.uniridge.com.au (ec2-54-206-17-100.ap-southeast-2.compute.amazonaws.com [54.206.17.100]) by mx1.freebsd.org (Postfix) with ESMTP id AC8BA1217 for ; Fri, 23 Oct 2015 14:18:45 +0000 (UTC) (envelope-from gabdelmalik@uniridge.com.au) Received: from [192.168.11.50] (ip-192-168-11-50.ap-southeast-2.compute.internal [192.168.11.50]) by mail.uniridge.com.au (Postfix) with ESMTP id BB6D94A6C for ; Sat, 24 Oct 2015 01:10:47 +1100 (EST) From: George Abdelmalik Subject: dtc(1): reproducible segmentation fault Organization: Uniridge Pty Ltd To: freebsd-current@freebsd.org Message-ID: <562A3FE5.8020809@uniridge.com.au> Date: Sat, 24 Oct 2015 01:10:45 +1100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Fri, 23 Oct 2015 15:57:17 +0000 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Oct 2015 14:18:47 -0000 Hi, With recent amd64 11.0-current system (as of earlier this week) I can reproduciblycw get a SIGSEGV when running a command such as $ dtc -o zb.dtb /usr/src/sys/boot/fdt/dts/arm/zedboard.dts Segmentation fault (core dumped) I've investigated the issue and found that the problem is at line 241 of the /usr/src/usr.bin/dtc/input_buffer.cc where the call to mmap(2) fails. Snippet below: 233 mmap_input_buffer::mmap_input_buffer(int fd) : input_buffer(0, 0) 234 { 235 struct stat sb; 236 if (fstat(fd, &sb)) 237 { 238 perror("Failed to stat file"); 239 } 240 size = sb.st_size; 241 buffer = (const char*)mmap(0, size, PROT_READ, 242 MAP_PREFAULT_READ, fd, 0); 243 if (buffer == 0) 244 { 245 perror("Failed to mmap file"); 246 } 247 } The code incorrectly tests againts 0 instead of MAP_FAILED for failure which is why the the perror message isn't seen at the terminal, the SIGSEGV happens later when an attempt to access the buffer array is made. Also the final parts of truss output are: .. .. getrusage(0,{ u=0.000000,s=0.002578,in=2,out=0 }) = 0 (0x0) mmap(0x0,2097152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 34384904192 (0x801800000) openat(AT_FDCWD,"xxx.dtb",O_WRONLY|O_CREAT|O_TRUNC,0666) = 3 (0x3) getrusage(0,{ u=0.000000,s=0.002697,in=2,out=0 }) = 0 (0x0) openat(AT_FDCWD,"/usr/src/sys/boot/fdt/dts/arm/zedboard.dts",O_RDONLY,00) = 4 (0x4) fstat(4,{ mode=-rw-r--r-- ,inode=73360,size=5360,blksize=5632 }) = 0 (0x0) fstat(4,{ mode=-rw-r--r-- ,inode=73360,size=5360,blksize=5632 }) = 0 (0x0) mmap(0x0,5360,PROT_READ,MAP_PREFAULT_READ,4,0x0) ERR#22 'Invalid argument' close(4) = 0 (0x0) SIGNAL 11 (SIGSEGV) process killed, signal = 11 (core dumped) Any help debugging this futher would be much appreciated. I just can't understand why the mmap in question would fail, and what's invalid about its arguments? Regards, George. -- George Abdelmalik Director Principal Software Engineer Uniridge Pty Ltd http://www.uniridge.com.au/