Date: Fri, 23 Oct 2015 09:14:38 -0700 From: Garrett Cooper <yaneurabeya@gmail.com> To: George Abdelmalik <gabdelmalik@uniridge.com.au> Cc: freebsd-current@freebsd.org Subject: Re: dtc(1): reproducible segmentation fault Message-ID: <F6FF4D7B-C380-4410-8A4D-6E376DF76C7D@gmail.com> In-Reply-To: <562A3FE5.8020809@uniridge.com.au> References: <562A3FE5.8020809@uniridge.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Oct 23, 2015, at 07:10, George Abdelmalik <gabdelmalik@uniridge.com.au>=
wrote:
>=20
> Hi,
>=20
> With recent amd64 11.0-current system (as of earlier this week) I can repr=
oduciblycw
> get a SIGSEGV when running a command such as
>=20
> $ dtc -o zb.dtb /usr/src/sys/boot/fdt/dts/arm/zedboard.dts
> Segmentation fault (core dumped)
>=20
> I've investigated the issue and found that the problem is at line
> 241 of the /usr/src/usr.bin/dtc/input_buffer.cc where the call to
> mmap(2) fails. Snippet below:
>=20
> 233 mmap_input_buffer::mmap_input_buffer(int fd) : input_buffer(0, 0)
> 234 {
> 235 struct stat sb;
> 236 if (fstat(fd, &sb))
> 237 {
> 238 perror("Failed to stat file");
> 239 }
> 240 size =3D sb.st_size;
> 241 buffer =3D (const char*)mmap(0, size, PROT_READ,
> 242 MAP_PREFAULT_READ, fd, 0);
> 243 if (buffer =3D=3D 0)
> 244 {
> 245 perror("Failed to mmap file");
> 246 }
> 247 }
>=20
> The code incorrectly tests againts 0 instead of MAP_FAILED for failure
> which is why the the perror message isn't seen at the terminal, the SIGSEG=
V
> happens later when an attempt to access the buffer array is made.
>=20
> Also the final parts of truss output are:
>=20
> ..
> ..
> getrusage(0,{ u=3D0.000000,s=3D0.002578,in=3D2,out=3D0 }) =3D 0 (0x0)
> mmap(0x0,2097152,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) =3D 343=
84904192 (0x801800000)
> openat(AT_FDCWD,"xxx.dtb",O_WRONLY|O_CREAT|O_TRUNC,0666) =3D 3 (0x3)
> getrusage(0,{ u=3D0.000000,s=3D0.002697,in=3D2,out=3D0 }) =3D 0 (0x0)
> openat(AT_FDCWD,"/usr/src/sys/boot/fdt/dts/arm/zedboard.dts",O_RDONLY,00) =3D=
4 (0x4)
> fstat(4,{ mode=3D-rw-r--r-- ,inode=3D73360,size=3D5360,blksize=3D5632 }) =3D=
0 (0x0)
> fstat(4,{ mode=3D-rw-r--r-- ,inode=3D73360,size=3D5360,blksize=3D5632 }) =3D=
0 (0x0)
> mmap(0x0,5360,PROT_READ,MAP_PREFAULT_READ,4,0x0) ERR#22 'Invalid argument'=
> close(4) =3D 0 (0x0)
> SIGNAL 11 (SIGSEGV)
> process killed, signal =3D 11 (core dumped)
>=20
> Any help debugging this futher would be much appreciated. I just can't und=
erstand why
> the mmap in question would fail, and what's invalid about its arguments?
Hi George,
Could you please post the bug report (with your dts file) on bugs.freebs=
d.org and CC Ian Lepore and Warner Losh?
Thanks!
-NGie=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F6FF4D7B-C380-4410-8A4D-6E376DF76C7D>