#39 xadopus.module: crash when close lister while in the archive content

5.92
open
nobody
os4 (3) os3 (3)
6 days ago
2014-05-12
kas1e
No

Crash happens on os4 with debug kernel and enabled munge. Also happens on os4 with os3 version of dopus5. And probably, should be same for aros-hosted (segfaults)

Reproduce are easy:

-- hard reboot, run dopus5
-- go in any lister to any archive and dbl-click on it, so it will open new lister with content of archive
-- quit from dopus5 => crash

Stack trace from os4:

Dump of context at 0xEFD7ABA0
Trap type: DSI exception
Machine State (raw): 0x0000F030
Machine State (verbose): [ExtInt on] [User] [FPU on] [IAT on] [DAT on]
Instruction pointer: in module kernel+0x00020F0C (0x01820F0C)
Crashed process: dopus_function (0x66B9C7A0)
DSI verbose error description: Access not found in hash or BAT (page fault)
Access was a load operation
 0: 0181ECF8 649D5EB0 00000000 020B2C78 BEEFDEBB 00000000 00000000 649D5BBD
 8: 649D5BBC 00000100 65ACE55C 021C69F2 48842084 00000000 649D9FFC 6FF3FA50
16: 00000000 6FF3F9E8 6FF40000 6FF3F92C 0000C000 6FF3F938 65DE3960 65DDBFF0
24: 00000001 BEEFDEAD 65DE36C8 65ACD278 65CF4DB4 021C69F2 020B2C78 BEEFDEBB
CR: 48842084   XER: 00000000  CTR: 0181ECF8  LR: 01820F0C
DSISR: 40000000  DAR: BEEFDEE7

FP0 : FFF8000082004000 4020000000000000 4075D00000000000 4036000000000000
FP4 : 404D000000000000 403DCCCCC0000000 404E666660000000 4036000000000000
FP8 : 404D000000000000 4060000000000000 403DCCCCC0000000 404E666660000000
FP12: 4030000000000000 4076000000000000 0000000000000000 0000000000000000
FP16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FP20: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FP24: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FP28: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
FPSCR: 82004000

Kernel command line: serial munge debuglevel=0

Registers pointing to code:
r0 : native kernel module kernel+0x0001ecf8
r3 : native kernel module kernel+0x008b2c78
r11: native kernel module kernel+0x009c69f2
r15: default_filetype()+0x0 (section 11 @ 0x128)
r17: GUI()+0x0 (section 11 @ 0xC0)
r18: main_ipc()+0x22 (section 12 @ 0x57C)
r19: IExec()+0x0 (section 11 @ 0x4)
r21: IDOpus()+0x0 (section 11 @ 0x10)
r24: module DEVS:clipboard.device at 0x00000001 (section 0 @ 0xFFFFFFDC)
r29: native kernel module kernel+0x009c69f2
r30: native kernel module kernel+0x008b2c78
ip : native kernel module kernel+0x00020f0c
lr : native kernel module kernel+0x00020f0c
ctr: native kernel module kernel+0x0001ecf8

Stack trace:
(0x649D5EB0) native kernel module kernel+0x00020f0c
(0x649D5EE0) native kernel module kernel+0x00020f0c
(0x649D5EF0) [aos4_ppc_libstubs.c:1446] libstub_L_GetSemaphore()+0x1c (section 1 @ 0x49910)
(0x649D5F00) [buffers.c:1171] buffer_lock()+0x38 (section 1 @ 0x33E38)
(0x649D5F10) [function_support.c:433] function_cleanup()+0x60 (section 1 @ 0x69790)
(0x649D5F40) [function_support.c:531] function_do_lister_changes()+0x38 (section 1 @ 0x6997C)
(0x649D5F50) [function_run.c:58] function_run_function()+0xd8 (section 1 @ 0x658A4)
(0x649D5F60) [function_filetype.c:163] function_filetype()+0x330 (section 1 @ 0x6C158)
(0x649D5FC0) [function_launch.c:401] function_launch_codePPC()+0x21c (section 1 @ 0x630D4)
(0x649D5FF0) native kernel module kernel+0x0006033c
(0x649D6000) 0x00010000 [cannot decode symbol]

Disassembly of crash site:
 01820EFC: 8003009C   lwz               r0,156(r3)
 01820F00: 83A30010   lwz               r29,16(r3)
 01820F04: 7C0903A6   mtctr             r0
 01820F08: 4E800421   bctrl
>01820F0C: A93F002C   lha               r9,44(r31)
 01820F10: 7FC3F378   mr                r3,r30
 01820F14: 817D0114   lwz               r11,276(r29)
 01820F18: 2F89FFFF   cmpwi             cr7,r9,-1
 01820F1C: 39290001   addi              r9,r9,1
 01820F20: B13F002C   sth               r9,44(r31)
Stack pointer (0x649D5EB0) is inside bounds
Redzone is OK (4)

Discussion

  • kas1e
    kas1e
    2014-05-14

    Crash can be reproduced even without quiting from dopus5 (but still with debug kernel and munge of memory enabled):

    Its enough for me just now to do that:

    -- hard reboot
    -- run dopus5
    -- go to work
    -- click on some test.lha archive which is just:

    testdirectory1
    testdirectory1/file1.txt
    testdirectory1/file2.txt
    testdirectory2
    testdirectory1/file3.txt
    testdirectory1/file4.txt

    -- select testdirectory1
    -- copy it to any place
    -- close lister with archive content => crash.

    Stacktrace the same:

    Stack trace:
    (0x65F69EB0) native kernel module kernel+0x00020f0c
    (0x65F69EE0) native kernel module kernel+0x00020f0c
    (0x65F69EF0) [aos4_ppc_libstubs.c:1446] libstub_L_GetSemaphore()+0x1c (section 1 @ 0x49910)
    (0x65F69F00) [buffers.c:1171] buffer_lock()+0x38 (section 1 @ 0x33E38)
    (0x65F69F10) [function_support.c:433] function_cleanup()+0x60 (section 1 @ 0x69790)
    (0x65F69F40) [function_support.c:531] function_do_lister_changes()+0x38 (section 1 @ 0x6997C)
    (0x65F69F50) [function_run.c:58] function_run_function()+0xd8 (section 1 @ 0x658A4)
    (0x65F69F60) [function_filetype.c:163] function_filetype()+0x330 (section 1 @ 0x6C158)
    (0x65F69FC0) [function_launch.c:401] function_launch_codePPC()+0x21c (section 1 @ 0x630D4)
    (0x65F69FF0) native kernel module kernel+0x0006033c
    (0x65F6A000) 0x00010000 [cannot decode symbol]
    
     
  • BSzili
    BSzili
    2014-05-18

    • labels: all --> os4, os3
     
  • kas1e
    kas1e
    2014-06-23

    • Milestone: 5.91 --> 5.92