pharo
pharo copied to clipboard
Published
20 hours ago •
pharo-project
pharo-project
[Crash] EXCEPTION_ACCESS_VIOLATION in BitBltPlugin.DLL!copyBits from GrafPort>copyBits
Bug description Playing a bit too much with the image made it crash: crash.dmp.txt
From the analysis of the windows crash dump (can be provided on demand (500MB)):
STACK_TEXT:
00000000`0073f020 00000000`69bc566d : 00000000`00747f68 00000000`00000001 00000000`6fbe7448 00000000`00000000 : BitBltPlugin!copyBits+0x21eb
00000000`0073f160 00000000`70001658 : 00000000`00000800 00000000`0000092c 00000000`0075fc60 00000000`6fb5e154 : BitBltPlugin!primitiveCopyBits+0x4d
00000000`0073f1a0 00000000`00000800 : 00000000`0000092c 00000000`0075fc60 00000000`6fb5e154 00000000`00000000 : 0x70001658
00000000`0073f1a8 00000000`0000092c : 00000000`0075fc60 00000000`6fb5e154 00000000`00000000 00000000`000186a0 : 0x800
00000000`0073f1b0 00000000`0075fc60 : 00000000`6fb5e154 00000000`00000000 00000000`000186a0 00000000`00000002 : 0x92c
00000000`0073f1b8 00000000`6fb5e154 : 00000000`00000000 00000000`000186a0 00000000`00000002 00000000`0075f218 : 0x75fc60
00000000`0073f1c0 00000000`6fb4d1bc : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : PharoVMCore!getVMGMTOffset+0x56594
00000000`0073f1f0 00000000`70eea378 : 00000000`70eea3d8 00000000`70eea2d8 00000000`70edbfa0 00000000`70edbf60 : PharoVMCore!getVMGMTOffset+0x455fc
00000000`00747fb8 00000000`70eea3d8 : 00000000`70eea2d8 00000000`70edbfa0 00000000`70edbf60 00000000`71755c00 : 0x70eea378
00000000`00747fc0 00000000`70eea2d8 : 00000000`70edbfa0 00000000`70edbf60 00000000`71755c00 00000000`700eaab8 : 0x70eea3d8
To Reproduce Steps I was doing when it happens:
- Open a browser with the UML tab open
- Try to make the spotter slow and crash I'm not sure it is easy to reproduce
Expected behavior No crash
Version information:
- OS: win10 Pharo 9.0.0 Build information: Pharo-9.0.0+build.1356.sha.f2e26ea4a61c1d3eb2f0c4024e027d6df3b992f7 (64 Bit)
Expected development cost 🤷♂️
Additional context Vanilla Pharo image
Same here, it just crashes when opening the "UML" tab:
PharoVM version:5.0-Pharo 9.0.15 built on Jun 10 2022 15:52:10 Compiler: 5.4.0 20160609 5.4.0 20160609 [Production Spur 64-bit VM]
Built from: CoInterpreter * VMMaker-tonel.1 uuid: aa6234f4-799d-0d00-90d1-c90e092bce84 Jun 10 2022
With:StackToRegisterMappingCogit * VMMaker-tonel.1 uuid: aa6234f4-799d-0d00-90d1-c90e092bce84 Jun 10 2022
Revision: v9.0.15 - Commit: b487900 - Date: 2022-06-02 09:48:57 +0200
C stack backtrace & registers:
rax 0x00000000 rbx 0x7ffde3cc96e0 rcx 0x0000003b rdx 0x7ffde3cc9520
rdi 0x01c2b888 rsi 0x01c2b888 rbp 0x0000003b rsp 0x7ffde3cc94d0
r8 0x7ffde3cc9600 r9 0x00000005 r10 0x00000000 r11 0x00000000
r12 0x7f5dbbd5c340 r13 0x00000005 r14 0x01c25f10 r15 0x7f5dbbd5c210
rip 0x7f5dbb829959
*/media/fadimk/DATA/Applications/Pharo/vm/lib/libPharoVMCore.so(+0x29959)[0x7f5dbb829959]
/media/fadimk/DATA/Applications/Pharo/vm/lib/libPharoVMCore.so(+0xc41ec)[0x7f5dbb8c41ec]
/media/fadimk/DATA/Applications/Pharo/vm/lib/libPharoVMCore.so(doReport+0xb5)[0x7f5dbb8c44d5]
/media/fadimk/DATA/Applications/Pharo/vm/lib/libPharoVMCore.so(sigsegv+0x14)[0x7f5dbb8c4544]
/lib/x86_64-linux-gnu/libc.so.6(+0x42520)[0x7f5dbb61a520]
/media/fadimk/DATA/Applications/Pharo/vm/lib/libPharoVMCore.so(+0x29959)[0x7f5dbb829959]
/media/fadimk/DATA/Applications/Pharo/vm/lib/libffi.so(+0x77ec)[0x7f5dbbd5a7ec]
/media/fadimk/DATA/Applications/Pharo/vm/lib/libffi.so(+0x8050)[0x7f5dbbd5b050]
/media/fadimk/DATA/Applications/Pharo/vm/lib/libSurfacePlugin.so(ioGetSurfaceFormat+0x35)[0x7f5da4601305]
/media/fadimk/DATA/Applications/Pharo/vm/lib/libBitBltPlugin.so(+0x2802)[0x7f5da5402802]
/media/fadimk/DATA/Applications/Pharo/vm/lib/libBitBltPlugin.so(primitiveCopyBits+0x1d)[0x7f5da5406a9d]
[0x1d4de498]
[0x0]
Using Ubuntu 22.04 LTS x64 w/ native SDL2
Did some fairly basic debugging work here.
[New Thread 0x7fffe8264640 (LWP 25176)]
[New Thread 0x7fffe17fa640 (LWP 25177)]
[Thread 0x7fffe17fa640 (LWP 25177) exited]
[New Thread 0x7fffe17fa640 (LWP 25178)]
Thread 1 "pharo" received signal SIGSEGV, Segmentation fault.
callbackFrontend (cif=0x69f258, ret=0x7ffffffbd270, args=0x7ffffffbd0e0, cbPtr=0x3b) at /builds/workspace/pharo-vm_pharo-9/repository/ffi/src/callbacks/callbacks.c:24
24 /builds/workspace/pharo-vm_pharo-9/repository/ffi/src/callbacks/callbacks.c: Datei oder Verzeichnis nicht gefunden.
(gdb) bt
#0 callbackFrontend (cif=0x69f258, ret=0x7ffffffbd270, args=0x7ffffffbd0e0, cbPtr=0x3b) at /builds/workspace/pharo-vm_pharo-9/repository/ffi/src/callbacks/callbacks.c:24
#1 0x00007ffff7fb57ec in ?? () from /media/fadimk/DATA/Applications/Pharo/vm/lib/libffi.so
#2 0x00007ffff7fb6050 in ?? () from /media/fadimk/DATA/Applications/Pharo/vm/lib/libffi.so
#3 0x00007fffb2001305 in ioGetSurfaceFormat (surfaceID=<optimized out>, width=width@entry=0x7fffe0e0b988 <sourceWidth>, height=height@entry=0x7fffe0e0b9a8 <sourceHeight>,
depth=depth@entry=0x7fffe0e0b9b8 <sourceDepth>, isMSB=isMSB@entry=0x7fffe0e0b99c <sourceMSB>)
at /builds/workspace/pharo-vm_pharo-9/build-stockReplacement/generated/64/plugins/src/SurfacePlugin/SurfacePlugin.c:201
#4 0x00007fffe0c02802 in loadBitBltFromwarping (bbObj=<optimized out>, aBool=aBool@entry=0)
at /builds/workspace/pharo-vm_pharo-9/repository/extracted/plugins/BitBltPlugin/src/common/BitBltPlugin.c:3339
#5 0x00007fffe0c06a9d in primitiveCopyBits () at /builds/workspace/pharo-vm_pharo-9/repository/extracted/plugins/BitBltPlugin/src/common/BitBltPlugin.c:5112
#6 0x000000001d4de498 in ?? ()
#7 0x00007fffffffddb0 in ?? ()
#8 0x00007ffff7cadca6 in interpret () at /builds/workspace/pharo-vm_pharo-9/build-stockReplacement/generated/64/vm/src/gcc3x-cointerp.c:2985
#9 0x000000001d4de3d8 in ?? ()
#10 0x000000001e18cdf0 in ?? ()
Stepping into the top frame:
(gdb) f 0
#0 callbackFrontend (cif=0x69f258, ret=0x7ffffffbd270, args=0x7ffffffbd0e0, cbPtr=0x3b) at /builds/workspace/pharo-vm_pharo-9/repository/ffi/src/callbacks/callbacks.c:24
24 /builds/workspace/pharo-vm_pharo-9/repository/ffi/src/callbacks/callbacks.c: Datei oder Verzeichnis nicht gefunden.
(gdb) disassemble
Dump of assembler code for function callbackFrontend:
0x00007ffff7c29940 <+0>: push %rbp
0x00007ffff7c29941 <+1>: push %rbx
0x00007ffff7c29942 <+2>: mov %rcx,%rbp
0x00007ffff7c29945 <+5>: sub $0x38,%rsp
0x00007ffff7c29949 <+9>: mov %fs:0x28,%rax
0x00007ffff7c29952 <+18>: mov %rax,0x28(%rsp)
0x00007ffff7c29957 <+23>: xor %eax,%eax
=> 0x00007ffff7c29959 <+25>: mov (%rcx),%rax
0x00007ffff7c2995c <+28>: mov %rdx,0x10(%rsp)
0x00007ffff7c29961 <+33>: mov %rcx,(%rsp)
0x00007ffff7c29965 <+37>: mov %rsi,0x8(%rsp)
0x00007ffff7c2996a <+42>: mov %rsp,%rsi
0x00007ffff7c2996d <+45>: mov 0x18(%rax),%rdx
0x00007ffff7c29971 <+49>: mov %rax,%rdi
0x00007ffff7c29974 <+52>: mov %rdx,0x20(%rsp)
0x00007ffff7c29979 <+57>: mov %rsp,0x18(%rax)
0x00007ffff7c2997d <+61>: call *0x10(%rax)
0x00007ffff7c29980 <+64>: mov %rsp,%rdi
0x00007ffff7c29983 <+67>: call 0x7ffff7c21690 <queue_add_pending_callback@plt>
0x00007ffff7c29988 <+72>: mov 0x0(%rbp),%rax
0x00007ffff7c2998c <+76>: mov %rsp,%rsi
0x00007ffff7c2998f <+79>: mov %rax,%rdi
0x00007ffff7c29992 <+82>: call *(%rax)
0x00007ffff7c29994 <+84>: mov 0x28(%rsp),%rax
0x00007ffff7c29999 <+89>: xor %fs:0x28,%rax
0x00007ffff7c299a2 <+98>: jne 0x7ffff7c299ab <callbackFrontend+107>
0x00007ffff7c299a4 <+100>: add $0x38,%rsp
0x00007ffff7c299a8 <+104>: pop %rbx
0x00007ffff7c299a9 <+105>: pop %rbp
0x00007ffff7c299aa <+106>: ret
0x00007ffff7c299ab <+107>: call 0x7ffff7c21ab0 <__stack_chk_fail@plt>
End of assembler dump.
IMO it's seem like it's attempting to assign %rax into *cbPtr which is malformed (0x3b is not a valid pointer), thus causing the segfault.
After some digging, it seems that this was caused by a mismatched/broken libffi version in my case. Restoring the bundled version of libffi and ensuring that it gets loaded fixed this for more. Sorry for the noise.
I think we can close this " this was caused by a mismatched/broken libffi version"
