Re: armv7 main's gpart [show]: signal 11 core dump during boot, before login; xo_format_string_direct; official pkgbase distribution (kernel and world)

Sun, 28 Dec 2025 09:44:50 -0800

Can someone with a FreeBSD 15 or 16 -CURRENT armv7 machine test if they're also getting segfaults when running gpart show? Or better yet, if someone has a test machine to lend me. 

On 12/28/25 17:06, Mark Millard wrote:

[minherit(0x2051e000,1100,INHERIT_ZERO)           = 0 (0x0)
might be involoved?]

On Dec 28, 2025, at 00:23, Mark Millard <[email protected]> wrote:


On Dec 27, 2025, at 23:55, Mark Millard <[email protected]> wrote:


[Turns out: works on aarch64 kernel's armv7 support, fails
on the armv7 native kernel, exact same world files on the
exact same media.]


I got that wrong: a large part of the output occurs before a
segmentation fault on the Windows Dev Kit 2023. But it has a
very different backtrace and the output before that has numerical
garbage values showing.



On Dec 27, 2025, at 23:35, Mark Millard <[email protected]> wrote:


On Dec 27, 2025, at 22:03, Mark Millard <[email protected]> wrote:


Context:

# uname -apKU
FreeBSD OPiP2E-RPi2v1p1 16.0-CURRENT FreeBSD 16.0-CURRENT 
main-n282732-939ac0c8fde2 GENERIC-NODEBUG arm armv7 1600007 1600007

That is an official pkgbase distribution that I installed, not
a personal build. pkgbase for main has world being a debug
build, no matter which of the kernels one choses to boot.
For pkgbase, 939ac0c8fde2 would be correct(?) for the kernel
but might not be exact for the world: /usr/src/sys/ and
/usr/src/ (without sys/) are from different times, last I
knew anyway. Changes can happen between.

During boot, the time on the Orange Pi Plus 2ed is bad so:

# ls -lodT /gpart.core
-rw-------  1 root wheel nodump 3174400 Jan  1 00:01:01 2010 /gpart.core

Also, for pkgbase, a source file distributed can be newer
for its time stamp than the program distributed that was
based on the source file. Such happens below.



Core was generated by `gpart show'.
Program terminated with signal SIGSEGV, Segmentation fault.
Address not mapped to object.
#0  xo_format_string_direct (xop=xop@entry=0x2009b120, xbp=xbp@entry=0x2009b150, 
flags=flags@entry=4096, wcp=0x0, cp=0x6e480000 <error: Cannot access memory at 
address 0x6e480000>, len=-1, max=-1,
need_enc=3, have_enc=2) at /usr/src/contrib/libxo/libxo/libxo.c:2715

warning: Source file is more recent than executable.
2715    if (*cp == '\0')
(gdb) bt
#0  xo_format_string_direct (xop=xop@entry=0x2009b120, xbp=xbp@entry=0x2009b150, 
flags=flags@entry=4096, wcp=0x0, cp=0x6e480000 <error: Cannot access memory at 
address 0x6e480000>, len=-1, max=-1,
need_enc=3, have_enc=2) at /usr/src/contrib/libxo/libxo/libxo.c:2715
#1  0x20150908 in xo_format_string (xop=0x2009b120, xbp=0x2009b150, flags=4096, 
xfp=0xbfbfd280) at /usr/src/contrib/libxo/libxo/libxo.c:2982
#2  xo_do_format_field (xop=<optimized out>, xop@entry=0x2009b120, xbp=0x2009b150, 
fmt=fmt@entry=0x20130635 "%s", flen=flen@entry=2, flags=4096) at 
/usr/src/contrib/libxo/libxo/libxo.c:3503
#3  0x2014c69c in xo_simple_field (xop=0x2009b120, encode_only=0, value=0x0, vlen=0, 
fmt=0x20130635 "%s", flen=2, flags=<optimized out>) at 
/usr/src/contrib/libxo/libxo/libxo.c:3817
#4  xo_format_value (xop=<optimized out>, xop@entry=0x2009b120, name=<optimized out>, 
name@entry=0x204bf931 "state}\n", nlen=<optimized out>, nlen@entry=5, value=0x0, vlen=0, 
fmt=0x20130635 "%s",
flen=2, encoding=0x0, elen=0, flags=<optimized out>) at 
/usr/src/contrib/libxo/libxo/libxo.c:4373
#5  0x20148710 in xo_do_emit_fields (xop=<optimized out>, xop@entry=0x2009b120, 
fields=<optimized out>, fields@entry=0xbfbfd7e8, max_fields=max_fields@entry=17, 
fmt=<optimized out>)
at /usr/src/contrib/libxo/libxo/libxo.c:6372
#6  0x201476a0 in xo_do_emit (xop=xop@entry=0x2009b120, flags=<optimized out>, 
fmt=fmt@entry=0x204bf8e3 "=>{t:start/%*jd}  {t:sectors/%*jd}  {t:name/%*s}  {:scheme}  
({h:size/%ld}){t:state}\n")
at /usr/src/contrib/libxo/libxo/libxo.c:6551
#7  0x20147840 in xo_emit (fmt=0x204bf8e3 "=>{t:start/%*jd}  {t:sectors/%*jd}  
{t:name/%*s}  {:scheme}  ({h:size/%ld}){t:state}\n") at 
/usr/src/contrib/libxo/libxo/libxo.c:6622
#8  0x204d1fd4 in gpart_show_geom (gp=gp@entry=0x20089168, 
element=element@entry=0x204bfe51 "type", show_providers=show_providers@entry=0) 
at /usr/src/lib/geom/part/geom_part.c:654
#9  0x204d1048 in gpart_show (req=0x20089000, fl=<optimized out>) at 
/usr/src/lib/geom/part/geom_part.c:793
#10 0x000230dc in run_command (argc=0, argv=<optimized out>) at 
/usr/src/sbin/geom/core/geom.c:497
#11 0x00022308 in main (argc=1, argv=0xbfbfed90) at 
/usr/src/sbin/geom/core/geom.c:861
(gdb) list
2710    for (;;) {
2711 if (len == 0)
2712    break;
2713
2714 if (cp) {
2715    if (*cp == '\0')
2716 break;
2717    if ((flags & XFF_UNESCAPE) && (*cp == '\\' || *cp == '%')) {
2718 cp += 1;
2719 len -= 1;
(gdb) up
#1  0x20150908 in xo_format_string (xop=0x2009b120, xbp=0x2009b150, flags=4096, 
xfp=0xbfbfd280) at /usr/src/contrib/libxo/libxo/libxo.c:2982
2982    cols = xo_format_string_direct(xop, xbp, flags, wcp, cp, len,
(gdb) list
2977
2978    return rc;
2979 }
2980    }
2981
2982    cols = xo_format_string_direct(xop, xbp, flags, wcp, cp, len,
2983   xfp->xf_width[XF_WIDTH_MAX],
2984   need_enc, xfp->xf_enc);
2985    if (cols < 0)
2986 goto bail;
(gdb) list
3498
3499 xf.xf_enc = (xf.xf_fc == 'm') ? XF_ENC_UTF8
3500    : (xf.xf_lflag || (xf.xf_fc == 'S')) ? XF_ENC_WIDE
3501    : xf.xf_hflag ? XF_ENC_LOCALE : XF_ENC_UTF8;
3502
3503 rc = xo_format_string(xop, xbp, flags, &xf);
3504
3505 if ((flags & XFF_TRIM_WS) && xo_style_is_encoding(xop))
3506    rc = xo_trim_ws(xbp, rc);
3507
(gdb) up
#3  0x2014c69c in xo_simple_field (xop=0x2009b120, encode_only=0, value=0x0, vlen=0, 
fmt=0x20130635 "%s", flen=2, flags=<optimized out>) at 
/usr/src/contrib/libxo/libxo/libxo.c:3817
3817 xo_do_format_field(xop, NULL, fmt, flen, flags);
(gdb) list
3812 {
3813    if (encode_only)
3814 flags |= XFF_NO_OUTPUT;
3815
3816    if (vlen == 0)
3817 xo_do_format_field(xop, NULL, fmt, flen, flags);
3818    else if (!encode_only)
3819 xo_data_append_content(xop, value, vlen, flags);
3820 }
3821
(gdb) up
#4  xo_format_value (xop=<optimized out>, xop@entry=0x2009b120, name=<optimized out>, 
name@entry=0x204bf931 "state}\n", nlen=<optimized out>, nlen@entry=5, value=0x0, vlen=0, 
fmt=0x20130635 "%s",
flen=2, encoding=0x0, elen=0, flags=<optimized out>) at 
/usr/src/contrib/libxo/libxo/libxo.c:4373
4373 xo_simple_field(xop, FALSE, value, vlen, fmt, flen, flags);
(gdb) list
4368
4369 save.xhs_offset = xbp->xb_curp - xbp->xb_bufp;
4370 save.xhs_columns = xop->xo_columns;
4371 save.xhs_anchor_columns = xop->xo_anchor_columns;
4372
4373 xo_simple_field(xop, FALSE, value, vlen, fmt, flen, flags);
4374
4375 if (flags & XFF_HUMANIZE)
4376    xo_format_humanize(xop, xbp, &save, flags);
4377 break;
(gdb) up
#5  0x20148710 in xo_do_emit_fields (xop=<optimized out>, xop@entry=0x2009b120, 
fields=<optimized out>, fields@entry=0xbfbfd7e8, max_fields=max_fields@entry=17, 
fmt=<optimized out>)
at /usr/src/contrib/libxo/libxo/libxo.c:6372
6372    xo_format_value(xop, content, clen, NULL, 0,
(gdb) list
6367 flags &= ~XFF_WS; /* Prevent later handling of this flag */
6368    }
6369 }
6370
6371 if (ftype == 'V')
6372    xo_format_value(xop, content, clen, NULL, 0,
6373    xfip->xfi_format, xfip->xfi_flen,
6374    xfip->xfi_encoding, xfip->xfi_elen, flags);
6375 else if (ftype == '[')
6376    xo_anchor_start(xop, xfip, content, clen);
(gdb) up
#6  0x201476a0 in xo_do_emit (xop=xop@entry=0x2009b120, flags=<optimized out>, 
fmt=fmt@entry=0x204bf8e3 "=>{t:start/%*jd}  {t:sectors/%*jd}  {t:name/%*s}  {:scheme}  
({h:size/%ld}){t:state}\n")
at /usr/src/contrib/libxo/libxo/libxo.c:6551
6551    return xo_do_emit_fields(xop, fields, max_fields, fmt);
(gdb) list
6546    /* Retain the info */
6547    xo_retain_add(fmt, fields, max_fields);
6548 }
6549    }
6550
6551    return xo_do_emit_fields(xop, fields, max_fields, fmt);
6552 }
6553
6554 /*
6555 * Rebuild a format string in a gettext-friendly format.  This function
(gdb) up
#7  0x20147840 in xo_emit (fmt=0x204bf8e3 "=>{t:start/%*jd}  {t:sectors/%*jd}  
{t:name/%*s}  {:scheme}  ({h:size/%ld}){t:state}\n") at 
/usr/src/contrib/libxo/libxo/libxo.c:6622
6622    rc = xo_do_emit(xop, 0, fmt);
(gdb) list
6617 {
6618    xo_handle_t *xop = xo_default(NULL);
6619    ssize_t rc;
6620
6621    va_start(xop->xo_vap, fmt);
6622    rc = xo_do_emit(xop, 0, fmt);
6623    va_end(xop->xo_vap);
6624    bzero(&xop->xo_vap, sizeof(xop->xo_vap));
6625
6626    return rc;
(gdb) up
#8  0x204d1fd4 in gpart_show_geom (gp=gp@entry=0x20089168, 
element=element@entry=0x204bfe51 "type", show_providers=show_providers@entry=0) 
at /usr/src/lib/geom/part/geom_part.c:654
warning: Source file is more recent than executable.
654 xo_emit("=>{t:start/%*jd}  {t:sectors/%*jd}  {t:name/%*s}  {:scheme}  
({h:size/%ld}){t:state}\n",
(gdb) list
649 }
650 wname = wmax;
651 pp = LIST_FIRST(&gp->lg_consumer)->lg_provider;
652 secsz = pp->lg_sectorsize;
653 xo_open_instance("part");
654 xo_emit("=>{t:start/%*jd}  {t:sectors/%*jd}  {t:name/%*s}  {:scheme}  
({h:size/%ld}){t:state}\n",
655 wblocks, (intmax_t)first, wblocks, (intmax_t)(last - first + 1),
656 wname, gp->lg_name,
657 scheme, pp->lg_mediasize,
658 s ? " [CORRUPT]": "");
(gdb) up
#9  0x204d1048 in gpart_show (req=0x20089000, fl=<optimized out>) at 
/usr/src/lib/geom/part/geom_part.c:793
793 gpart_show_geom(gp, element, show_providers);
(gdb) list
788 else
789 errx(EXIT_FAILURE, "No such geom: %s.", name);
790 }
791 } else {
792 LIST_FOREACH(gp, &classp->lg_geom, lg_geom) {
793 gpart_show_geom(gp, element, show_providers);
794 }
795 }
796 xo_close_list(name);
797 geom_deletetree(&mesh);
(gdb) up
#10 0x000230dc in run_command (argc=0, argv=<optimized out>) at 
/usr/src/sbin/geom/core/geom.c:497
warning: Source file is more recent than executable.
497 cmd->gc_func(req, flags);
(gdb) list
492 buf[0] = '\0';
493 if (cmd->gc_func != NULL) {
494 unsigned flags;
495
496 flags = set_flags(cmd);
497 cmd->gc_func(req, flags);
498 errstr = req->error;
499 } else {
500 gctl_add_param(req, "output", sizeof(buf), buf,
501    GCTL_PARAM_WR | GCTL_PARAM_ASCII);
(gdb) up
#11 0x00022308 in main (argc=1, argv=0xbfbfed90) at 
/usr/src/sbin/geom/core/geom.c:861
861 run_command(argc, argv);
(gdb) list
856 show_tree();
857 return (0);
858 }
859
860 get_class(&argc, &argv);
861 run_command(argc, argv);
862 /* NOTREACHED */
863
864 exit(EXIT_FAILURE);
865 }


For reference:

# ls -lodT /usr/src/contrib/libxo/libxo/libxo.c 
/usr/src/lib/geom/part/geom_part.c /usr/src/sbin/geom/core/geom.c /sbin/gpart
-r-xr-xr-x  17 root wheel -  30720 Dec 18 07:22:59 2025 /sbin/gpart
-rw-r--r--   1 root wheel - 211505 Dec 24 08:29:29 2025 
/usr/src/contrib/libxo/libxo/libxo.c
-rw-r--r--   1 root wheel -  35380 Dec 24 08:29:29 2025 
/usr/src/lib/geom/part/geom_part.c
-rw-r--r--   1 root wheel -  36298 Dec 24 08:29:29 2025 
/usr/src/sbin/geom/core/geom.c

That explains the "warning: Source file is more recent than executable"
messages.


Additional context notes:

) On the Cortex-A7 SUT the above is repeatable at the
shell prompt when logged in: just try "gpart show",
including via gdb use. "/rescue/gpart show" also
core dumps.

) In a armv7 chroot on a aarch64 system (the Windows
Dev Kit 2023), the "gpart show" works just fine.

But the vintages could well be a little different.
(Tracing to git commits for pkgbase is problematical.)


I'll note:

Johan Söllvander <js_at_FreeBSD.org>
Date: Thu, 18 Dec 2025 15:23:29 UTC
The branch main has been updated by js:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=4f809ffec69cd6ede3e7be9a5bc876b2e5931028

commit 4f809ffec69cd6ede3e7be9a5bc876b2e5931028
Author: Johan Söllvander <[email protected]>
AuthorDate: 2025-12-18 15:06:09 +0000
Commit: Johan Söllvander <[email protected]>
CommitDate: 2025-12-18 15:22:59 +0000

gpart: add libxo support for "show" subcommand + man page updates

Added libxo support to `gpart show`, also updated the man
pages for geom and gpart to show where you can expect
libxo formatted output.

PR: 290629
MFC after: 1 week
Sponsored by: ConnectWise
Reviewed by: asomers, mckusick, phil
Approved by: asomers (mentor)
Differential Revision: https://reviews.freebsd.org/D53950
---
. . .


Note: Dec 18 07:22:59 2025 /sbin/gpart for my time zone
would be 2025-12-18 15:22:59 +0000 (the CommitDate) UTC.



I shut down the OPi+2e and mounted the boot media
on the Windows Dev Kit 2023 and then did a chroot
into that boot media and tried "gpart show":

"gpart show" worked just fine.

What matters is which kernel it runs on for the
exact same world files on the exact same media.



I got that wrong: a large part of the output occurs before
a segmentation fault on the Windows Dev Kit 2023. But it has a
very different backtrace. Also, note all the "517M" that make no
sense --and the "0" and "2" junk as well:

# gpart show
=>        34  1000215149  nda0  GPT  (2)(null)
          34        2014        - free -  (2)
        2048      532480     1  efi  (517M)
      534528       32768     2  ms-reserved  (517M)
      567296   997287936     3  ms-basic-data  (517M)
   997855232     2359296     4  ms-recovery  (517M)
  1000214528         655        - free -  (2)

=>        34  2930277101  da0  GPT  (0)(null)
          34       32734       - free -  (0)
       32768      501760    1  efi  (517M)
      534528    20971520    2  freebsd-swap  (517M)
    21506048    29360128    3  freebsd-swap  (517M)
    50866176    33554432    4  freebsd-swap  (517M)
    84420608    67108864    5  freebsd-swap  (517M)
   151529472    96468992    6  freebsd-swap  (517M)
   247998464   268435456    7  freebsd-swap  (517M)
   516433920     7340032    8  freebsd-swap  (517M)
   523773952    13096960       - free -  (0)
   536870912  2357198848    9  freebsd-ufs  (517M)
  2894069760    36207375       - free -  (0)

=>        40  1953525088  da1  GPT  (0)(null)
          40      532480    1  efi  (517M)
      532520        2008       - free -  (0)
      534528     3563520    2  freebsd-swap  (517M)
     4098048     6504448       - free -  (0)
    10602496  1740636160    4  freebsd-ufs  (517M)
  1751238656     7546880    3  freebsd-swap  (517M)
  1758785536   194739592       - free -  (0)

Segmentation fault (core dumped)

As for gdb's backtrace:

Program terminated with signal SIGSEGV, Segmentation fault.
Address not mapped to object.
#0  0x200c5ef0 in delete_config (gp=0x2053e224) at 
/usr/src/lib/libgeom/geom_xml2tree.c:502

warning: Source file is more recent than executable.
502 LIST_REMOVE(cf, lg_config);
(gdb) bt
#0  0x200c5ef0 in delete_config (gp=0x2053e224) at 
/usr/src/lib/libgeom/geom_xml2tree.c:502
#1  geom_deletetree (gmp=gmp@entry=0xffffcb48) at 
/usr/src/lib/libgeom/geom_xml2tree.c:524
#2  0x204d2064 in gpart_show (req=<optimized out>, fl=<optimized out>) at 
/usr/src/lib/geom/part/geom_part.c:797
#3  0x000230dc in run_command (argc=0, argv=<optimized out>) at 
/usr/src/sbin/geom/core/geom.c:497
#4  0x00022308 in main (argc=1, argv=0xffffdc70) at 
/usr/src/sbin/geom/core/geom.c:861


(I need to get some sleep.)


Back to the Cortex-A7 context (armv7 without aatch64)
for that same media . . .

The tail of a truss output from a run looks like
(note the "minherit(0x2051e000,1100,INHERIT_ZERO)"?):

. . .
modfind("g_part")                                = 190 (0xbe)
mmap(0x0,20480,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0)
 = 537432064 (0x20089000)
mmap(0x0,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0) 
= 537452544 (0x2008e000)
mmap(0x0,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0) 
= 537456640 (0x2008f000)
mmap(0x0,12288,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0)
 = 542076928 (0x204f7000)
mmap(0x0,20480,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0)
 = 542089216 (0x204fa000)
mmap(0x0,12288,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0)
 = 542109696 (0x204ff000)
mmap(0x0,28672,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0)
 = 542121984 (0x20502000)
__sysctl("sysctl.name2oid 
kern.geom.confxml",2,0xbfbfdbb8,0xbfbfdbb0,0x200b4716,17) = 0 (0x0)
__sysctl("kern.geom.confxml",3,0x0,0xbfbfdbb4,0x0,0) = 0 (0x0)
mmap(0x0,24576,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0)
 = 542150656 (0x20509000)
__sysctl("kern.geom.confxml",3,0x20509180,0xbfbfdbb4,0x0,0) = 0 (0x0)
mmap(0x0,20480,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0)
 = 542175232 (0x2050f000)
mmap(0x0,20480,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0)
 = 542195712 (0x20514000)
mmap(0x0,20480,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0)
 = 542216192 (0x20519000)
mmap(0x0,1100,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON,-1,0x0) = 542236672 
(0x2051e000)
minherit(0x2051e000,1100,INHERIT_ZERO)           = 0 (0x0)
getrandom("\M-,\M-;\M^P\^Rl\^VHP\M->'\M-v"...,40,0) = 40 (0x28)
mmap(0x0,20480,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0)
 = 542240768 (0x2051f000)
mmap(0x0,28672,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0)
 = 542261248 (0x20524000)
mmap(0x0,12288,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0)
 = 542289920 (0x2052b000)
mmap(0x0,20480,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0)
 = 542302208 (0x2052e000)
mmap(0x0,12288,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0)
 = 542322688 (0x20533000)
mmap(0x0,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0) 
= 542334976 (0x20536000)
mmap(0x0,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0) 
= 542339072 (0x20537000)
mmap(0x0,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANON|MAP_ALIGNED(12),-1,0x0) 
= 542343168 (0x20538000)
SIGNAL 11 (SIGSEGV) code=SEGV_MAPERR trapno=5 addr=0x6e480000
process killed, signal = 11 (core dumped)


Given recent work on anonymous zeroed pages, I note for
minherit:

QUOTE
        INHERIT_ZERO This option causes the address space in question to be
mapped as new anonymous pages, which would be initial-
ized to all zero bytes, in the child process.
END QUOTE

Not that I've any specific evidence of it being an issue.

I'll note that trying the official debug kernel did not report
anything special and got the same behavior.


===
Mark Millard
marklmi at yahoo.com

Reply via email to