ports -r484565 : qemu-arm-static fails with: (start < end): backtrace included; start+len arithmetic overflow (abi_ulong wrap) for TARGET_FREEBSD_NR_mmap use
Mark Millard
marklmi at yahoo.com
Sun Nov 11 11:24:22 UTC 2018
I attached with gdb in order to stop at the assert and look around.
The following is a backtrace with notes and prints mixed in:
(gdb) bt
#0 thr_kill () at thr_kill.S:3
#1 0x000000006028a21f in __raise (s=6) at /usr/src/lib/libc/gen/raise.c:52
#2 0x0000000060204949 in abort () at /usr/src/lib/libc/stdlib/abort.c:67
#3 0x000000006027855a in __assert (func=<optimized out>, file=<optimized out>, line=<optimized out>, failedexpr=<optimized out>) at /usr/src/lib/libc/gen/assert.c:51
Note end==37146624 below vs. start (37146624 will show up again in later notes)
#4 0x0000000060036243 in page_set_flags (start=4143968256, end=37146624, flags=9) at /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-2cb0cdd/accel/tcg/translate-all.c:2077
Note start and len below:
#5 0x000000006003df2b in target_mmap (start=4143968256, len=188145664, prot=<optimized out>, flags=<optimized out>, fd=<optimized out>, offset=<optimized out>)
at /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-2cb0cdd/bsd-user/mmap.c:626
(gdb) print/x start
$5 = 0xf6fff000
(gdb) print/x len
$6 = 0xb36e000
Note start+len for the above (without wrapping):
(gdb) print/x (long long)start + (long long)len
$10 = 0x10236d000
(gdb) print (long long)start + (long long)len
$11 = 4332113920
With wrapping:
(gdb) print/x start+len
$8 = 0x236d000
(gdb) print start+len
$9 = 37146624
And there is end's value again.
The code doing the wrapping is (with more context):
621 if (p == MAP_FAILED)
622 goto fail;
623 }
624 }
625 the_end1:
626 page_set_flags(start, start + len, prot | PAGE_VALID);
627 the_end:
628 #ifdef DEBUG_MMAP
629 printf("ret=0x" TARGET_ABI_FMT_lx "\n", start);
630 page_dump(stdout);
#6 0x000000006004219c in do_bsd_mmap (arg1=<optimized out>, arg2=<optimized out>, arg3=<optimized out>, arg4=2, arg5=<optimized out>, arg6=<optimized out>, arg7=<optimized out>, arg8=0,
cpu_env=<optimized out>) at /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-2cb0cdd/bsd-user/bsd-mem.h:75
The code for the above is:
if (regpairs_aligned(cpu_env) != 0) {
arg6 = arg7;
arg7 = arg8;
}
return get_errno(target_mmap(arg1, arg2, arg3,
target_to_host_bitmask(arg4, mmap_flags_tbl), arg5,
target_arg64(arg6, arg7)));
#7 do_freebsd_syscall (cpu_env=0x860c08318, num=477, arg1=<optimized out>, arg2=<optimized out>, arg3=<optimized out>, arg4=2, arg5=9, arg6=0, arg7=0, arg8=0)
at /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-2cb0cdd/bsd-user/syscall.c:946
The code above is (with some context):
break;
/*
* Memory management system calls.
*/
case TARGET_FREEBSD_NR_mmap: /* mmap(2) */
ret = do_bsd_mmap(cpu_env, arg1, arg2, arg3, arg4, arg5, arg6, arg7,
arg8);
break;
#8 0x0000000060038be3 in target_cpu_loop (env=0x860c08318) at /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-2cb0cdd/bsd-user/arm/target_arch_cpu.h:207
The code and its context for the above is:
break;
case EXCP_SWI:
case EXCP_BKPT:
. . .
/*
* system call
* See arm/arm/trap.c cpu_fetch_syscall_args()
*/
. . .
DEBUG_PRINTF("AVANT CALL %d\n", n);
if (bsd_type == target_freebsd) {
int ret;
abi_ulong params = get_sp_from_cpustate(env);
int32_t syscall_nr = n;
int32_t arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8;
if (syscall_nr == TARGET_FREEBSD_NR_syscall) {
. . .
} else if (syscall_nr == TARGET_FREEBSD_NR___syscall) {
. . .
} else {
arg1 = env->regs[0];
arg2 = env->regs[1];
arg3 = env->regs[2];
arg4 = env->regs[3];
get_user_s32(arg5, params);
params += sizeof(int32_t);
get_user_s32(arg6, params);
params += sizeof(int32_t);
get_user_s32(arg7, params);
params += sizeof(int32_t);
get_user_s32(arg8, params);
}
ret = do_freebsd_syscall(env, syscall_nr, arg1, arg2, arg3,
arg4, arg5, arg6, arg7, arg8);
#9 0x0000000060038589 in cpu_loop (env=0x18b2f) at /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-2cb0cdd/bsd-user/main.c:121
#10 0x0000000060039802 in main (argc=-10089, argv=0x7fffffffd4e0) at /wrkdirs/usr/ports/emulators/qemu-user-static/work/qemu-bsd-user-2cb0cdd/bsd-user/main.c:513
===
Mark Millard
marklmi at yahoo.com
( dsl-only.net went
away in early 2018-Mar)
More information about the freebsd-ports
mailing list