Dear Maintainer,
while having a proper core dump would be desirable,
I tried to get some more information out this actual crash.
I assume the crash happens in the following functions,
while there might be a problem with a variable argument list.
Aborting (signal 11) [/usr/libexec/iwd]
++++++++ backtrace ++++++++
#0 0x7fb8c92d4fc0 in /lib/x86_64-linux-gnu/libc.so.6 |
#1 0x55f5d9829edd in /usr/libexec/iwd | 0x.........edd in
l_dbus_message_new_error_valist
#2 0x55f5d9829fef in /usr/libexec/iwd | 0x.........fef in
l_dbus_message_new_error 388 reply =
l_dbus_message_new_error_valist(method_call, name,
| in
dbus_error_from_errno
#3 0x55f5d97eabad in /usr/libexec/iwd | 0x.........bad in
station_dbus_scan_triggered 1907 reply =
dbus_error_from_errno(err, station->scan_pending);
#4 0x55f5d97f4c75 in /usr/libexec/iwd | 0x.........c75 in
scan_request_trigger_failed 128 sr->trigger(err,
sr->userdata);
#5 0x55f5d97f64fc in /usr/libexec/iwd | 0x.........4f7 in
scan_triggered 242
scan_request_trigger_failed(sr, err);
#6 0x55f5d9823948 in /usr/libexec/iwd | 0x.........948 in
received_data 415
request->callback(msg, request->user_data);
#7 0x55f5d9820893 in /usr/libexec/iwd | 0x.........893 in
io_callback 126 if
(!io->read_handler(io, io->read_data)) {
#8 0x55f5d981fbcd in /usr/libexec/iwd | 0x.........bcd in
l_main_iterate (timeout=<optimized out>)
#9 0x55f5d981fc9c in /usr/libexec/iwd | 0x.........c9c in
l_main_run () at ell/main.c:434
#10 0x55f5d97dde97 in /usr/libexec/iwd | 0x.........e97 in main
(argc=<optimized out>, argv=<optimized out>) at src/main.c:489
#11 0x7fb8c92c1b17 in /lib/x86_64-linux-gnu/libc.so.6 | 0x.........b17 in
__libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
+++++++++++++++++++++++++++
Kind regards,
Bernhard
# buster
apt update
apt dist-upgrade
apt install gdb iwd
# Entpacken von iwd (0.10-1) ...
root@debian:~# gdb -q --pid 462
Attaching to process 462
Reading symbols from /usr/libexec/iwd...(no debugging symbols found)...done.
Reading symbols from /lib/x86_64-linux-gnu/libdl.so.2...(no debugging symbols
found)...done.
Reading symbols from /lib/x86_64-linux-gnu/libc.so.6...(no debugging symbols
found)...done.
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols
found)...done.
0x00007f9a110361c7 in epoll_wait () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0 0x00007f9a110361c7 in epoll_wait () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x000055c3e8fe8b75 in ?? ()
#2 0x000055c3e8fe8c9c in ?? ()
#3 0x000055c3e8fa6e97 in ?? ()
#4 0x00007f9a10f60b17 in __libc_start_main () from
/lib/x86_64-linux-gnu/libc.so.6
#5 0x000055c3e8fa747a in ?? ()
(gdb) detach
Detaching from program: /usr/libexec/iwd, process 462
(gdb) q
apt install mc devscripts dpkg-dev gdb iwd iwd-dbgsym libc6-dbg
apt build-dep iwd
mkdir iwd/orig -p
cd iwd/orig
apt source iwd
cd ../..
root@debian:~# gdb -q --pid 462
Attaching to process 462
Reading symbols from /usr/libexec/iwd...Reading symbols from
/usr/lib/debug/.build-id/98/c983915707eecdbe437d08043dae58306ecaad.debug...done.
done.
Reading symbols from /lib/x86_64-linux-gnu/libdl.so.2...Reading symbols from
/usr/lib/debug/.build-id/2b/51cce982e540854dd1995136601f770f127b05.debug...done.
done.
Reading symbols from /lib/x86_64-linux-gnu/libc.so.6...Reading symbols from
/usr/lib/debug/.build-id/e9/38fe6706abe362f6c3c7474373ccc626cf4805.debug...done.
done.
Reading symbols from /lib64/ld-linux-x86-64.so.2...Reading symbols from
/usr/lib/debug/.build-id/fa/01a234506568b77ad2d1a6da398e45586c550b.debug...done.
done.
0x00007f9a110361c7 in epoll_wait (epfd=3, events=events@entry=0x7fff609828f0,
maxevents=maxevents@entry=10, timeout=-1) at
../sysdeps/unix/sysv/linux/epoll_wait.c:30
30 ../sysdeps/unix/sysv/linux/epoll_wait.c: Datei oder Verzeichnis nicht
gefunden.
(gdb) set width 0
(gdb) set pagination off
(gdb) bt
#0 0x00007f9a110361c7 in epoll_wait (epfd=3,
events=events@entry=0x7fff609828f0, maxevents=maxevents@entry=10, timeout=-1)
at ../sysdeps/unix/sysv/linux/epoll_wait.c:30
#1 0x000055c3e8fe8b75 in l_main_iterate (timeout=<optimized out>) at
ell/main.c:373
#2 0x000055c3e8fe8c9c in l_main_run () at ell/main.c:434
#3 0x000055c3e8fa6e97 in main (argc=<optimized out>, argv=<optimized out>) at
src/main.c:489
(gdb) disassemble l_main_iterate
Dump of assembler code for function l_main_iterate:
0x000055c3e8fe8b40 <+0>: push %r13
0x000055c3e8fe8b42 <+2>: mov %edi,%ecx
0x000055c3e8fe8b44 <+4>: mov $0xa,%edx
0x000055c3e8fe8b49 <+9>: push %r12
0x000055c3e8fe8b4b <+11>: push %rbp
0x000055c3e8fe8b4c <+12>: push %rbx
0x000055c3e8fe8b4d <+13>: sub $0x88,%rsp
0x000055c3e8fe8b54 <+20>: mov 0x4ab8e(%rip),%edi #
0x55c3e90336e8 <epoll_fd>
0x000055c3e8fe8b5a <+26>: mov %fs:0x28,%rax
0x000055c3e8fe8b63 <+35>: mov %rax,0x78(%rsp)
0x000055c3e8fe8b68 <+40>: xor %eax,%eax
0x000055c3e8fe8b6a <+42>: mov %rsp,%r13
0x000055c3e8fe8b6d <+45>: mov %r13,%rsi
0x000055c3e8fe8b70 <+48>: callq 0x55c3e8fa65a0 <epoll_wait@plt>
0x000055c3e8fe8b75 <+53>: test %eax,%eax
0x000055c3e8fe8b77 <+55>: jle 0x55c3e8fe8c08 <l_main_iterate+200>
0x000055c3e8fe8b7d <+61>: sub $0x1,%eax
0x000055c3e8fe8b80 <+64>: lea 0x4(%r13),%rbp
0x000055c3e8fe8b84 <+68>: mov %r13,%rbx
0x000055c3e8fe8b87 <+71>: lea (%rax,%rax,2),%rcx
0x000055c3e8fe8b8b <+75>: mov %rbp,%rax
0x000055c3e8fe8b8e <+78>: shl $0x2,%rcx
0x000055c3e8fe8b92 <+82>: lea 0x10(%r13,%rcx,1),%r12
0x000055c3e8fe8b97 <+87>: nopw 0x0(%rax,%rax,1)
0x000055c3e8fe8ba0 <+96>: mov (%rax),%rdx
0x000055c3e8fe8ba3 <+99>: add $0xc,%rax
0x000055c3e8fe8ba7 <+103>: orl $0x1,0x8(%rdx)
0x000055c3e8fe8bab <+107>: cmp %r12,%rax
0x000055c3e8fe8bae <+110>: jne 0x55c3e8fe8ba0 <l_main_iterate+96>
0x000055c3e8fe8bb0 <+112>: lea 0xc(%r13,%rcx,1),%r13
0x000055c3e8fe8bb5 <+117>: nopl (%rax)
0x000055c3e8fe8bb8 <+120>: mov 0x4(%rbx),%rax
0x000055c3e8fe8bbc <+124>: testb $0x2,0x8(%rax)
0x000055c3e8fe8bc0 <+128>: jne 0x55c3e8fe8bcd <l_main_iterate+141>
0x000055c3e8fe8bc2 <+130>: mov 0x20(%rax),%rdx
0x000055c3e8fe8bc6 <+134>: mov (%rbx),%esi
0x000055c3e8fe8bc8 <+136>: mov (%rax),%edi
0x000055c3e8fe8bca <+138>: callq *0x10(%rax)
<<<<<<<<
0x000055c3e8fe8bcd <+141>: add $0xc,%rbx
0x000055c3e8fe8bd1 <+145>: cmp %r13,%rbx
0x000055c3e8fe8bd4 <+148>: jne 0x55c3e8fe8bb8 <l_main_iterate+120>
0x000055c3e8fe8bd6 <+150>: mov 0x0(%rbp),%rdi
0x000055c3e8fe8bda <+154>: testb $0x2,0x8(%rdi)
0x000055c3e8fe8bde <+158>: jne 0x55c3e8fe8bfa <l_main_iterate+186>
0x000055c3e8fe8be0 <+160>: add $0xc,%rbp
0x000055c3e8fe8be4 <+164>: movl $0x0,0x8(%rdi)
0x000055c3e8fe8beb <+171>: cmp %r12,%rbp
0x000055c3e8fe8bee <+174>: je 0x55c3e8fe8c08 <l_main_iterate+200>
0x000055c3e8fe8bf0 <+176>: mov 0x0(%rbp),%rdi
0x000055c3e8fe8bf4 <+180>: testb $0x2,0x8(%rdi)
0x000055c3e8fe8bf8 <+184>: je 0x55c3e8fe8be0 <l_main_iterate+160>
0x000055c3e8fe8bfa <+186>: callq 0x55c3e8fe3eb0 <l_free>
0x000055c3e8fe8bff <+191>: add $0xc,%rbp
0x000055c3e8fe8c03 <+195>: cmp %r12,%rbp
0x000055c3e8fe8c06 <+198>: jne 0x55c3e8fe8bf0 <l_main_iterate+176>
0x000055c3e8fe8c08 <+200>: mov 0x4aac9(%rip),%rdi #
0x55c3e90336d8 <idle_list>
0x000055c3e8fe8c0f <+207>: xor %edx,%edx
0x000055c3e8fe8c11 <+209>: lea -0x658(%rip),%rsi #
0x55c3e8fe85c0 <idle_dispatch>
0x000055c3e8fe8c18 <+216>: callq 0x55c3e8fe5200 <l_queue_foreach>
0x000055c3e8fe8c1d <+221>: mov 0x4aab4(%rip),%rdi #
0x55c3e90336d8 <idle_list>
0x000055c3e8fe8c24 <+228>: xor %edx,%edx
0x000055c3e8fe8c26 <+230>: lea -0x61d(%rip),%rsi #
0x55c3e8fe8610 <idle_prune>
0x000055c3e8fe8c2d <+237>: callq 0x55c3e8fe5250 <l_queue_foreach_remove>
0x000055c3e8fe8c32 <+242>: mov 0x78(%rsp),%rax
0x000055c3e8fe8c37 <+247>: xor %fs:0x28,%rax
0x000055c3e8fe8c40 <+256>: jne 0x55c3e8fe8c50 <l_main_iterate+272>
0x000055c3e8fe8c42 <+258>: add $0x88,%rsp
0x000055c3e8fe8c49 <+265>: pop %rbx
0x000055c3e8fe8c4a <+266>: pop %rbp
0x000055c3e8fe8c4b <+267>: pop %r12
0x000055c3e8fe8c4d <+269>: pop %r13
0x000055c3e8fe8c4f <+271>: retq
0x000055c3e8fe8c50 <+272>: callq 0x55c3e8fa6240 <__stack_chk_fail@plt>
End of assembler dump.
benutzer@debian:~/iwd/orig/iwd-0.10$ grep watch_add . -Rn
(gdb) disassemble /m io_callback
Dump of assembler code for function io_callback:
...
123 l_util_debug(io->debug_handler, io->debug_data,
0x0000564ac4448870 <+32>: mov 0x68(%rdx),%rsi
0x0000564ac4448874 <+36>: mov 0x58(%rdx),%rdi
0x0000564ac4448878 <+40>: mov %rdx,%rcx
0x0000564ac444887b <+43>: xor %eax,%eax
0x0000564ac444887d <+45>: lea 0x27ffb(%rip),%rdx #
0x564ac447087f
0x0000564ac4448884 <+52>: callq 0x564ac4443bc0 <l_util_debug>
124 "read event <%p>", io);
125
126 if (!io->read_handler(io, io->read_data)) {
0x0000564ac4448889 <+57>: mov 0x20(%rbx),%rsi
0x0000564ac444888d <+61>: mov %rbx,%rdi
0x0000564ac4448890 <+64>: callq *0x10(%rbx)
<<<<<<<<<<<<<<<<
0x0000564ac4448893 <+67>: test %al,%al
0x0000564ac4448895 <+69>: jne 0x564ac44488e0 <io_callback+144>
127 if (io->read_destroy)
benutzer@debian:~/iwd/orig/iwd-0.10$ grep l_io_set_read_handler . -Rn
(gdb) disassemble /m received_data
Dump of assembler code for function received_data:
...
0x0000564ac444b93d <+573>: je 0x564ac444b980 <received_data+640>
415 request->callback(msg, request->user_data);
0x0000564ac444b93f <+575>: mov 0x28(%r15),%rsi
0x0000564ac444b943 <+579>: mov %r13,%rdi
0x0000564ac444b946 <+582>: callq *%rax
<<<<<<<<<<<<<<<
416
417 if (nlmsg->nlmsg_flags & NLM_F_MULTI) {
0x0000564ac444b948 <+584>: testb $0x2,0x6(%rbx)
0x0000564ac444b94c <+588>: je 0x564ac444b980 <received_data+640>
benutzer@debian:~/iwd/orig/iwd-0.10$ grep callback . -Rn --color=always
benutzer@debian:~/iwd/orig/iwd-0.10$ grep send_common . -R
benutzer@debian:~/iwd/orig/iwd-0.10$ grep l_genl_family_send . -Rn
--color=always
benutzer@debian:~/iwd/orig/iwd-0.10$ grep scan_send_start . -Rn --color=always
(gdb) disassemble /m scan_triggered
Dump of assembler code for function scan_triggered:
...
241 l_queue_pop_head(sc->requests);
0x0000564ac441e4e5 <+165>: mov 0x40(%rbp),%rdi
0x0000564ac441e4e9 <+169>: callq 0x564ac4443f20 <l_queue_pop_head>
242 scan_request_trigger_failed(sr, err);
0x0000564ac441e4ee <+174>: mov %r12d,%esi
0x0000564ac441e4f1 <+177>: mov %rbx,%rdi
0x0000564ac441e4f4 <+180>: neg %r12d
0x0000564ac441e4f7 <+183>: callq 0x564ac441cc60
<scan_request_trigger_failed> <<<<<<<<<<<<<
243
244 l_error("Received error during CMD_TRIGGER_SCAN: %s
(%d)",
0x0000564ac441e4fc <+188>: mov %r12d,%edi
0x0000564ac441e4ff <+191>: callq 0x564ac4405720 <strerror@plt>
0x0000564ac441e504 <+196>: sub $0x8,%rsp
0x0000564ac441e508 <+200>: lea 0x4b067(%rip),%rdx #
0x564ac4469576
0x0000564ac441e50f <+207>: mov $0x3,%edi
0x0000564ac441e514 <+212>: push %r12
0x0000564ac441e516 <+214>: mov %rax,%r9
0x0000564ac441e519 <+217>: xor %eax,%eax
0x0000564ac441e51b <+219>: lea 0x4bab6(%rip),%r8 # 0x564ac4469fd8
0x0000564ac441e522 <+226>: lea 0x4c0ff(%rip),%rcx #
0x564ac446a628 <__func__.9963>
0x0000564ac441e529 <+233>: lea 0x4b775(%rip),%rsi #
0x564ac4469ca5
0x0000564ac441e530 <+240>: callq 0x564ac4449300 <l_log_with_location>
245 strerror(-err), -err);
246
247 start_next_scan_request(sc);
(gdb) disassemble /m scan_request_trigger_failed
Dump of assembler code for function scan_request_trigger_failed:
...
127 if (sr->trigger)
0x0000564ac441cc60 <+0>: push %rbx
0x0000564ac441cc61 <+1>: mov 0x8(%rdi),%rax
0x0000564ac441cc65 <+5>: mov %rdi,%rbx
0x0000564ac441cc68 <+8>: test %rax,%rax
0x0000564ac441cc6b <+11>: je 0x564ac441cc75
<scan_request_trigger_failed+21>
0x0000564ac441cc6d <+13>: mov %esi,%edi
128 sr->trigger(err, sr->userdata);
0x0000564ac441cc6f <+15>: mov 0x18(%rbx),%rsi
0x0000564ac441cc73 <+19>: callq *%rax
<<<<<<<<<<<<<<<<
129
130 if (sr->destroy)
0x0000564ac441cc75 <+21>: mov 0x20(%rbx),%rax
0x0000564ac441cc79 <+25>: test %rax,%rax
0x0000564ac441cc7c <+28>: je 0x564ac441cc84
<scan_request_trigger_failed+36>
131 sr->destroy(sr->userdata);
benutzer@debian:~/iwd/orig/iwd-0.10$ grep "trigger =" . -Rn --color=always
benutzer@debian:~/iwd/orig/iwd-0.10$ grep scan_common . -Rn --color=always
benutzer@debian:~/iwd/orig/iwd-0.10$ grep scan_active_full . -Rn --color=always
(gdb) disassemble /m station_dbus_scan_triggered
Dump of assembler code for function station_dbus_scan_triggered:
...
0x0000564ac4412b9a <+218>: test %ebp,%ebp
0x0000564ac4412b9c <+220>: jns 0x564ac4412af0
<station_dbus_scan_triggered+48>
1907 reply = dbus_error_from_errno(err,
station->scan_pending);
0x0000564ac4412ba2 <+226>: mov 0x68(%rbx),%rsi
0x0000564ac4412ba6 <+230>: mov %ebp,%edi
0x0000564ac4412ba8 <+232>: callq 0x564ac4417ec0 <dbus_error_from_errno>
<<<<<<<<<<<<<<
1908 dbus_pending_reply(&station->scan_pending, reply);
0x0000564ac4412bad <+237>: add $0x8,%rsp
0x0000564ac4412bb1 <+241>: mov %r12,%rdi
0x0000564ac4412bb4 <+244>: pop %rbx
0x0000564ac4412bb5 <+245>: mov %rax,%rsi
0x0000564ac4412bb8 <+248>: pop %rbp
0x0000564ac4412bb9 <+249>: pop %r12
0x0000564ac4412bbb <+251>: pop %r13
0x0000564ac4412bbd <+253>: jmpq 0x564ac44180a0 <dbus_pending_reply>
0x0000564ac4412bc2 <+258>: nopw 0x0(%rax,%rax,1)
1909 return;
1910 }
1911
1912 l_debug("Scan triggered for %s",
netdev_get_name(station->netdev));
(gdb) disassemble dbus_error_from_errno
Dump of assembler code for function dbus_error_from_errno:
0x0000564ac4417ec0 <+0>: mov %rsi,%rax
0x0000564ac4417ec3 <+3>: cmp $0xffffffb6,%edi
0x0000564ac4417ec6 <+6>: je 0x564ac4417fa0
<dbus_error_from_errno+224>
0x0000564ac4417ecc <+12>: jle 0x564ac4417f08 <dbus_error_from_errno+72>
0x0000564ac4417ece <+14>: cmp $0xffffffef,%edi
0x0000564ac4417ed1 <+17>: je 0x564ac4417fc0
<dbus_error_from_errno+256>
0x0000564ac4417ed7 <+23>: jg 0x564ac4417f40
<dbus_error_from_errno+128>
0x0000564ac4417ed9 <+25>: cmp $0xffffffda,%edi
0x0000564ac4417edc <+28>: je 0x564ac4417fe0
<dbus_error_from_errno+288>
0x0000564ac4417ee2 <+34>: cmp $0xffffffea,%edi
0x0000564ac4417ee5 <+37>: jne 0x564ac4418000
<dbus_error_from_errno+320>
0x0000564ac4417eeb <+43>: mov %rax,%rdi
0x0000564ac4417eee <+46>: lea 0x50f11(%rip),%rdx #
0x564ac4468e06
0x0000564ac4417ef5 <+53>: lea 0x50f21(%rip),%rsi #
0x564ac4468e1d
0x0000564ac4417efc <+60>: xor %eax,%eax
0x0000564ac4417efe <+62>: jmpq 0x564ac4451f60 <l_dbus_message_new_error>
0x0000564ac4417f03 <+67>: nopl 0x0(%rax,%rax,1)
0x0000564ac4417f08 <+72>: cmp $0xffffff83,%edi
0x0000564ac4417f0b <+75>: je 0x564ac4418020
<dbus_error_from_errno+352>
0x0000564ac4417f11 <+81>: jg 0x564ac4417f70
<dbus_error_from_errno+176>
0x0000564ac4417f13 <+83>: cmp $0xffffff7c,%edi
0x0000564ac4417f19 <+89>: je 0x564ac4418040
<dbus_error_from_errno+384>
0x0000564ac4417f1f <+95>: cmp $0xffffff82,%edi
0x0000564ac4417f22 <+98>: jne 0x564ac4418000
<dbus_error_from_errno+320>
0x0000564ac4417f28 <+104>: mov %rax,%rdi
0x0000564ac4417f2b <+107>: lea 0x5102a(%rip),%rdx #
0x564ac4468f5c
0x0000564ac4417f32 <+114>: lea 0x51032(%rip),%rsi #
0x564ac4468f6b
0x0000564ac4417f39 <+121>: xor %eax,%eax
0x0000564ac4417f3b <+123>: jmpq 0x564ac4451f60 <l_dbus_message_new_error>
0x0000564ac4417f40 <+128>: cmp $0xfffffff0,%edi
0x0000564ac4417f43 <+131>: je 0x564ac4418060
<dbus_error_from_errno+416>
0x0000564ac4417f49 <+137>: cmp $0xfffffffe,%edi
0x0000564ac4417f4c <+140>: jne 0x564ac4418000
<dbus_error_from_errno+320>
0x0000564ac4417f52 <+146>: mov %rax,%rdi
0x0000564ac4417f55 <+149>: lea 0x50f4a(%rip),%rdx #
0x564ac4468ea6
0x0000564ac4417f5c <+156>: lea 0x50f54(%rip),%rsi #
0x564ac4468eb7
0x0000564ac4417f63 <+163>: xor %eax,%eax
0x0000564ac4417f65 <+165>: jmpq 0x564ac4451f60 <l_dbus_message_new_error>
0x0000564ac4417f6a <+170>: nopw 0x0(%rax,%rax,1)
0x0000564ac4417f70 <+176>: cmp $0xffffff95,%edi
0x0000564ac4417f73 <+179>: je 0x564ac4418080
<dbus_error_from_errno+448>
0x0000564ac4417f79 <+185>: cmp $0xffffffa1,%edi
0x0000564ac4417f7c <+188>: jne 0x564ac4418000
<dbus_error_from_errno+320>
0x0000564ac4417f82 <+194>: mov %rax,%rdi
0x0000564ac4417f85 <+197>: lea 0x50f44(%rip),%rdx #
0x564ac4468ed0
0x0000564ac4417f8c <+204>: lea 0x50f55(%rip),%rsi #
0x564ac4468ee8
0x0000564ac4417f93 <+211>: xor %eax,%eax
0x0000564ac4417f95 <+213>: jmpq 0x564ac4451f60 <l_dbus_message_new_error>
0x0000564ac4417f9a <+218>: nopw 0x0(%rax,%rax,1)
0x0000564ac4417fa0 <+224>: mov %rax,%rdi
0x0000564ac4417fa3 <+227>: lea 0x50e8f(%rip),%rdx #
0x564ac4468e39
0x0000564ac4417faa <+234>: lea 0x50ea3(%rip),%rsi #
0x564ac4468e54
0x0000564ac4417fb1 <+241>: xor %eax,%eax
0x0000564ac4417fb3 <+243>: jmpq 0x564ac4451f60 <l_dbus_message_new_error>
0x0000564ac4417fb8 <+248>: nopl 0x0(%rax,%rax,1)
0x0000564ac4417fc0 <+256>: mov %rax,%rdi
0x0000564ac4417fc3 <+259>: lea 0x50ea8(%rip),%rdx #
0x564ac4468e72
0x0000564ac4417fca <+266>: lea 0x50eb7(%rip),%rsi #
0x564ac4468e88
0x0000564ac4417fd1 <+273>: xor %eax,%eax
0x0000564ac4417fd3 <+275>: jmpq 0x564ac4451f60 <l_dbus_message_new_error>
0x0000564ac4417fd8 <+280>: nopl 0x0(%rax,%rax,1)
0x0000564ac4417fe0 <+288>: mov %rax,%rdi
0x0000564ac4417fe3 <+291>: lea 0x50f9f(%rip),%rdx #
0x564ac4468f89
0x0000564ac4417fea <+298>: lea 0x50ff7(%rip),%rsi #
0x564ac4468fe8
0x0000564ac4417ff1 <+305>: xor %eax,%eax
0x0000564ac4417ff3 <+307>: jmpq 0x564ac4451f60 <l_dbus_message_new_error>
0x0000564ac4417ff8 <+312>: nopl 0x0(%rax,%rax,1)
0x0000564ac4418000 <+320>: mov %rax,%rdi
0x0000564ac4418003 <+323>: lea 0x50d75(%rip),%rdx #
0x564ac4468d7f
0x0000564ac441800a <+330>: lea 0x50d7f(%rip),%rsi #
0x564ac4468d90
0x0000564ac4418011 <+337>: xor %eax,%eax
0x0000564ac4418013 <+339>: jmpq 0x564ac4451f60 <l_dbus_message_new_error>
0x0000564ac4418018 <+344>: nopl 0x0(%rax,%rax,1)
0x0000564ac4418020 <+352>: mov %rax,%rdi
0x0000564ac4418023 <+355>: lea 0x50d7d(%rip),%rdx #
0x564ac4468da7
0x0000564ac441802a <+362>: lea 0x50d88(%rip),%rsi #
0x564ac4468db9
0x0000564ac4418031 <+369>: xor %eax,%eax
0x0000564ac4418033 <+371>: jmpq 0x564ac4451f60 <l_dbus_message_new_error>
0x0000564ac4418038 <+376>: nopl 0x0(%rax,%rax,1)
0x0000564ac4418040 <+384>: mov %rax,%rdi
0x0000564ac4418043 <+387>: lea 0x50d87(%rip),%rdx #
0x564ac4468dd1
0x0000564ac441804a <+394>: lea 0x50d98(%rip),%rsi #
0x564ac4468de9
0x0000564ac4418051 <+401>: xor %eax,%eax
0x0000564ac4418053 <+403>: jmpq 0x564ac4451f60 <l_dbus_message_new_error>
0x0000564ac4418058 <+408>: nopl 0x0(%rax,%rax,1)
0x0000564ac4418060 <+416>: mov %rax,%rdi
0x0000564ac4418063 <+419>: lea 0x50cdc(%rip),%rdx #
0x564ac4468d46
0x0000564ac441806a <+426>: lea 0x50cf3(%rip),%rsi #
0x564ac4468d64
0x0000564ac4418071 <+433>: xor %eax,%eax
0x0000564ac4418073 <+435>: jmpq 0x564ac4451f60 <l_dbus_message_new_error>
0x0000564ac4418078 <+440>: nopl 0x0(%rax,%rax,1)
0x0000564ac4418080 <+448>: mov %rax,%rdi
0x0000564ac4418083 <+451>: lea 0x50ea7(%rip),%rdx #
0x564ac4468f31
0x0000564ac441808a <+458>: lea 0x50eae(%rip),%rsi #
0x564ac4468f3f
0x0000564ac4418091 <+465>: xor %eax,%eax
0x0000564ac4418093 <+467>: jmpq 0x564ac4451f60 <l_dbus_message_new_error>
End of assembler dump.
0x0000564ac4412bad - 0x55f5d97eabad = 0x54EAC28000
0x0000564AC4451FEF = 0x55f5d9829fef + 0x54EAC28000
(gdb) disassemble 0x0000564AC4451FEF-0x12,0x0000564AC4451FEF+0x20
Dump of assembler code from 0x564ac4451fdd to 0x564ac445200f:
0x0000564ac4451fdd <l_dbus_message_new_error+125>: movl $0x30,0x4(%rsp)
0x0000564ac4451fe5 <l_dbus_message_new_error+133>: mov %rax,0x10(%rsp)
0x0000564ac4451fea <l_dbus_message_new_error+138>: callq 0x564ac4451eb0
<l_dbus_message_new_error_valist>
0x0000564ac4451fef <l_dbus_message_new_error+143>: mov 0x18(%rsp),%rdx
0x0000564ac4451ff4 <l_dbus_message_new_error+148>: xor %fs:0x28,%rdx
0x0000564ac4451ffd <l_dbus_message_new_error+157>: jne 0x564ac4452007
<l_dbus_message_new_error+167>
0x0000564ac4451fff <l_dbus_message_new_error+159>: add $0xd8,%rsp
0x0000564ac4452006 <l_dbus_message_new_error+166>: retq
0x0000564ac4452007 <l_dbus_message_new_error+167>: callq 0x564ac4405240
<__stack_chk_fail@plt>
0x0000564ac445200c: nopl 0x0(%rax)
End of assembler dump.
(gdb) disassemble /m l_dbus_message_new_error
Dump of assembler code for function l_dbus_message_new_error:
383 {
0x0000564ac4451f60 <+0>: sub $0xd8,%rsp
0x0000564ac4451f67 <+7>: mov %rcx,0x38(%rsp)
0x0000564ac4451f6c <+12>: mov %r8,0x40(%rsp)
0x0000564ac4451f71 <+17>: mov %r9,0x48(%rsp)
0x0000564ac4451f76 <+22>: test %al,%al
0x0000564ac4451f78 <+24>: je 0x564ac4451fb1
<l_dbus_message_new_error+81>
0x0000564ac4451f7a <+26>: movaps %xmm0,0x50(%rsp)
0x0000564ac4451f7f <+31>: movaps %xmm1,0x60(%rsp)
0x0000564ac4451f84 <+36>: movaps %xmm2,0x70(%rsp)
0x0000564ac4451f89 <+41>: movaps %xmm3,0x80(%rsp)
0x0000564ac4451f91 <+49>: movaps %xmm4,0x90(%rsp)
0x0000564ac4451f99 <+57>: movaps %xmm5,0xa0(%rsp)
0x0000564ac4451fa1 <+65>: movaps %xmm6,0xb0(%rsp)
0x0000564ac4451fa9 <+73>: movaps %xmm7,0xc0(%rsp)
0x0000564ac4451fb1 <+81>: mov %fs:0x28,%rax
0x0000564ac4451fba <+90>: mov %rax,0x18(%rsp)
0x0000564ac4451fbf <+95>: xor %eax,%eax
384 va_list args;
385 struct l_dbus_message *reply;
386
387 va_start(args, format);
0x0000564ac4451fc1 <+97>: lea 0xe0(%rsp),%rax
0x0000564ac4451fc9 <+105>: mov %rsp,%rcx
0x0000564ac4451fcc <+108>: movl $0x18,(%rsp)
0x0000564ac4451fd3 <+115>: mov %rax,0x8(%rsp)
0x0000564ac4451fd8 <+120>: lea 0x20(%rsp),%rax
0x0000564ac4451fdd <+125>: movl $0x30,0x4(%rsp)
0x0000564ac4451fe5 <+133>: mov %rax,0x10(%rsp)
388 reply = l_dbus_message_new_error_valist(method_call, name,
0x0000564ac4451fea <+138>: callq 0x564ac4451eb0
<l_dbus_message_new_error_valist> <<<<<<<<<<<<<<<<<<<<
389 format,
args);
390 va_end(args);
391
392 return reply;
0x0000564ac4451fef <+143>: mov 0x18(%rsp),%rdx
0x0000564ac4451ff4 <+148>: xor %fs:0x28,%rdx
0x0000564ac4451ffd <+157>: jne 0x564ac4452007
<l_dbus_message_new_error+167>
0x0000564ac4451fff <+159>: add $0xd8,%rsp
0x0000564ac4452006 <+166>: retq
0x0000564ac4452007 <+167>: callq 0x564ac4405240 <__stack_chk_fail@plt>
0x0000564ac445200c: nopl 0x0(%rax)
End of assembler dump.
(gdb) disassemble 0x0000564AC4451edd,0x0000564AC4451edd+0x10
Dump of assembler code from 0x564ac4451edd to 0x564ac4451eed:
0x0000564ac4451edd <l_dbus_message_new_error_valist+45>: mov
0x8(%rdi),%r14
0x0000564ac4451ee1 <l_dbus_message_new_error_valist+49>: mov
%fs:0x28,%rax
0x0000564ac4451eea <l_dbus_message_new_error_valist+58>: mov
%rax,0x408(%rsp)
End of assembler dump.
(gdb) disassemble l_dbus_message_new_error_valist
Dump of assembler code for function l_dbus_message_new_error_valist:
0x0000564ac4451eb0 <+0>: push %r14
0x0000564ac4451eb2 <+2>: mov %rdx,%r8
0x0000564ac4451eb5 <+5>: mov %rcx,%r9
0x0000564ac4451eb8 <+8>: mov $0x1,%edx
0x0000564ac4451ebd <+13>: push %r13
0x0000564ac4451ebf <+15>: mov $0x400,%ecx
0x0000564ac4451ec4 <+20>: mov %rsi,%r13
0x0000564ac4451ec7 <+23>: mov $0x400,%esi
0x0000564ac4451ecc <+28>: push %r12
0x0000564ac4451ece <+30>: xor %r12d,%r12d
0x0000564ac4451ed1 <+33>: push %rbp
0x0000564ac4451ed2 <+34>: push %rbx
0x0000564ac4451ed3 <+35>: mov %rdi,%rbx
0x0000564ac4451ed6 <+38>: sub $0x410,%rsp
0x0000564ac4451edd <+45>: mov 0x8(%rdi),%r14
<<<<<<<<<<<<<<<<<<<<<<
0x0000564ac4451ee1 <+49>: mov %fs:0x28,%rax
0x0000564ac4451eea <+58>: mov %rax,0x408(%rsp)
0x0000564ac4451ef2 <+66>: xor %eax,%eax
0x0000564ac4451ef4 <+68>: mov %rsp,%rbp
0x0000564ac4451ef7 <+71>: mov %rbp,%rdi
0x0000564ac4451efa <+74>: callq 0x564ac4405530 <__vsnprintf_chk@plt>
0x0000564ac4451eff <+79>: mov %rbx,%rdi
0x0000564ac4451f02 <+82>: callq 0x564ac444f9b0
<l_dbus_message_get_no_reply>
0x0000564ac4451f07 <+87>: test %al,%al
0x0000564ac4451f09 <+89>: jne 0x564ac4451f13
<l_dbus_message_new_error_valist+99>
0x0000564ac4451f0b <+91>: mov 0x8(%rbx),%rax
0x0000564ac4451f0f <+95>: mov 0x8(%rax),%r12d
0x0000564ac4451f13 <+99>: mov %rbx,%rdi
0x0000564ac4451f16 <+102>: callq 0x564ac4450690
<l_dbus_message_get_sender>
0x0000564ac4451f1b <+107>: movzbl 0x3(%r14),%edi
0x0000564ac4451f20 <+112>: mov %rbp,%r8
0x0000564ac4451f23 <+115>: mov %r13,%rcx
0x0000564ac4451f26 <+118>: mov %rax,%rdx
0x0000564ac4451f29 <+121>: mov %r12d,%esi
0x0000564ac4451f2c <+124>: callq 0x564ac4451e10 <_dbus_message_new_error>
0x0000564ac4451f31 <+129>: mov 0x408(%rsp),%rdx
0x0000564ac4451f39 <+137>: xor %fs:0x28,%rdx
0x0000564ac4451f42 <+146>: jne 0x564ac4451f54
<l_dbus_message_new_error_valist+164>
0x0000564ac4451f44 <+148>: add $0x410,%rsp
0x0000564ac4451f4b <+155>: pop %rbx
0x0000564ac4451f4c <+156>: pop %rbp
0x0000564ac4451f4d <+157>: pop %r12
0x0000564ac4451f4f <+159>: pop %r13
0x0000564ac4451f51 <+161>: pop %r14
0x0000564ac4451f53 <+163>: retq
0x0000564ac4451f54 <+164>: callq 0x564ac4405240 <__stack_chk_fail@plt>
End of assembler dump.
(gdb) disassemble /m l_dbus_message_new_error_valist
Dump of assembler code for function l_dbus_message_new_error_valist:
...
360 LIB_EXPORT struct l_dbus_message *l_dbus_message_new_error_valist(
361 struct l_dbus_message
*method_call,
362 const char *name,
363 const char *format, va_list
args)
364 {
0x0000564ac4451eb0 <+0>: push %r14
0x0000564ac4451eb2 <+2>: mov %rdx,%r8
0x0000564ac4451eb5 <+5>: mov %rcx,%r9
0x0000564ac4451eb8 <+8>: mov $0x1,%edx
0x0000564ac4451ebd <+13>: push %r13
0x0000564ac4451ebf <+15>: mov $0x400,%ecx
0x0000564ac4451ec4 <+20>: mov %rsi,%r13
0x0000564ac4451ec7 <+23>: mov $0x400,%esi
0x0000564ac4451ecc <+28>: push %r12
0x0000564ac4451ece <+30>: xor %r12d,%r12d
0x0000564ac4451ed1 <+33>: push %rbp
0x0000564ac4451ed2 <+34>: push %rbx
0x0000564ac4451ed3 <+35>: mov %rdi,%rbx
0x0000564ac4451ed6 <+38>: sub $0x410,%rsp
0x0000564ac4451edd <+45>: mov 0x8(%rdi),%r14
<<<<<<<<<<<<<<<<<<<
0x0000564ac4451ee1 <+49>: mov %fs:0x28,%rax
0x0000564ac4451eea <+58>: mov %rax,0x408(%rsp)
0x0000564ac4451ef2 <+66>: xor %eax,%eax
365 char str[1024];
366 struct dbus_header *hdr = method_call->header;
367 uint32_t reply_serial = 0;
368
369 vsnprintf(str, sizeof(str), format, args);
370
371 if (!l_dbus_message_get_no_reply(method_call))
0x0000564ac4451eff <+79>: mov %rbx,%rdi
0x0000564ac4451f02 <+82>: callq 0x564ac444f9b0
<l_dbus_message_get_no_reply>
0x0000564ac4451f07 <+87>: test %al,%al
.
benutzer@debian:~/iwd/orig/iwd-0.10$ grep scan_pending . -Rn --color=always
benutzer@debian:~/iwd/orig/iwd-0.10$ grep dbus_pending_reply . -Rn
--color=always
benutzer@debian:~/iwd/orig/iwd-0.10$ grep l_dbus_message_ref . -Rn
--color=always
Aborting (signal 11) [/usr/libexec/iwd]
++++++++ backtrace ++++++++
#0 0x7fb8c92d4fc0 in /lib/x86_64-linux-gnu/libc.so.6 |
#1 0x55f5d9829edd in /usr/libexec/iwd | 0x.........edd in
l_dbus_message_new_error_valist
#2 0x55f5d9829fef in /usr/libexec/iwd | 0x.........fef in
l_dbus_message_new_error 388 reply =
l_dbus_message_new_error_valist(method_call, name,
| in
dbus_error_from_errno
#3 0x55f5d97eabad in /usr/libexec/iwd | 0x.........bad in
station_dbus_scan_triggered 1907 reply =
dbus_error_from_errno(err, station->scan_pending);
#4 0x55f5d97f4c75 in /usr/libexec/iwd | 0x.........c75 in
scan_request_trigger_failed 128 sr->trigger(err,
sr->userdata);
#5 0x55f5d97f64fc in /usr/libexec/iwd | 0x.........4f7 in
scan_triggered 242
scan_request_trigger_failed(sr, err);
#6 0x55f5d9823948 in /usr/libexec/iwd | 0x.........948 in
received_data 415
request->callback(msg, request->user_data);
#7 0x55f5d9820893 in /usr/libexec/iwd | 0x.........893 in
io_callback 126 if
(!io->read_handler(io, io->read_data)) {
#8 0x55f5d981fbcd in /usr/libexec/iwd | 0x.........bcd in
l_main_iterate (timeout=<optimized out>)
#9 0x55f5d981fc9c in /usr/libexec/iwd | 0x.........c9c in
l_main_run () at ell/main.c:434
#10 0x55f5d97dde97 in /usr/libexec/iwd | 0x.........e97 in main
(argc=<optimized out>, argv=<optimized out>) at src/main.c:489
#11 0x7fb8c92c1b17 in /lib/x86_64-linux-gnu/libc.so.6 | 0x.........b17 in
__libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
+++++++++++++++++++++++++++
(host) chmod 666 /dev/bus/usb/001/017
(qemu) device_add usb-host,vendorid=0x148f,productid=0x2573,id=wlan
apt install firmware-misc-nonfree
iwctl
device list
station wlx001f1f32a3e1 scan
station wlx001f1f32a3e1 get-networks
gdb -q --pid 462
set width 0
set pagination off
directory /home/benutzer/iwd/orig/iwd-0.10
b station_dbus_scan_triggered
b dbus_error_from_errno
b l_dbus_message_new_error
cont
