W3M fdsan error

[dipayand]

** Problem Description **

On launch, w3m gives the following error

fdsan: attempted to close file descriptor 3, expected to be unowned, actually owned by FILE* 0x73797c20e8
fdsan: attempted to close file descriptor 3, expected to be unowned, actually owned by FILE* 0x73797c20e8
Aborted

Additional information
I have moved to the F-Droid version of Termux

[dipayand]

Any chance of getting this fixed

[Grimler91]

I think most of us do not have android 11 devices, making debugging these errors a hassle.
I might move to android 11 on at least some of my devices within a few weeks.

[Grimler91]

With a debug build gdb gives a backtrace that shows where the error originates:

~ $ gdb w3m
GNU gdb (GDB) 10.1
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "arm-linux-androideabi".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from w3m...
(gdb) r
Starting program: /data/data/com.termux/files/usr/bin/w3m 

Program received signal SIGSEGV, Segmentation fault.
0xb697f5e6 in GC_find_limit_with_bound () from /data/data/com.termux/files/usr/lib/libgc.so
(gdb) c
Continuing.
[New LWP 20581]
[New LWP 20582]
[New LWP 20583]
[Detaching after vfork from child process 20584]
[Detaching after vfork from child process 20585]
fdsan: attempted to close file descriptor 3, expected to be unowned, actually owned by FILE* 0xb6c8800c

Thread 1 "w3m" received signal SIGABRT, Aborted.
0xb67d29e8 in fdsan_error(char const*, ...) () from /apex/com.android.runtime/lib/bionic/libc.so
(gdb) bt
#0  0xb67d29e8 in fdsan_error(char const*, ...) () from /apex/com.android.runtime/lib/bionic/libc.so
#1  0xb67d26fe in android_fdsan_close_with_tag () from /apex/com.android.runtime/lib/bionic/libc.so
#2  0xb67d2d6e in close () from /apex/com.android.runtime/lib/bionic/libc.so
#3  0x7f57b9a6 in fmTerm () at display.c:174
#4  0x7f56385a in main (argc=2137430584, argv=0x7f669a2c <CurrentKey>, envp=<optimized out>) at main.c:959

There is no easy fix however, we really need to dig into the code to solve it.

The fdsan docs suggest to replace all int fd with a special unique_fd fd, but as I understand it that type is just available for c++, and when including android-base/unique_fd.h from the aosp sources.

I guess we need to implement something similar to unique_fd to have a chance of solving this for all the packages where the error happens (other debugging tools can help us as well, just need to figure out how to get useful info with gdb or valgrind (or other)).

Very annoying, google really screwed us over here by making this behavior standard and not providing better tools for debugging it.

[dipayand]

WARNING :-I am just a novice

If you use lldb then I get something different. Maybe this could be of some help

❯ lldb ../usr/bin/w3m ~
(lldb) target create "../usr/bin/w3m"
Current executable set to '/data/data/com.termux/files/usr/bin/w3m' (aarch64).
(lldb) r
Process 22884 launched: '/data/data/com.termux/files/usr/bin/w3m' (aarch64)
Process 22884 stopped

• thread Git-submodule tries to run /usr/bin/perl #1, name = 'w3m', stop reason = signal SIGSEGV: invalid address (fault address: 0x5555554f00)
  frame #0: 0x0000007fbdb9643c libgc.soGC_find_limit_with_bound + 128 libgc.soGC_find_limit_with_bound:
  -> 0x7fbdb9643c <+128>: ldrb w0, [x8]
  0x7fbdb96440 <+132>: bl 0x7fbdb87458 ; symbol stub for: GC_noop1
  0x7fbdb96444 <+136>: ldr x8, [x21, #0xc18]
  0x7fbdb96448 <+140>: cbz w19, 0x7fbdb96420 ; <+100>
  (lldb) c
  Process 22884 resuming
  Process 22884 stopped and restarted: thread 1 received signal: SIGCHLD
  Process 22884 stopped and restarted: thread 1 received signal: SIGCHLD
  fdsan: attempted to close file descriptor 3, expected to be unowned, actually owned by FILE* 0x7fbd60a018
  Process 22884 stopped
• thread Git-submodule tries to run /usr/bin/perl #1, name = 'w3m', stop reason = signal SIGABRT
  frame #0: 0x0000007fbdfda09c libc.sofdsan_error(char const*, ...) + 588 libc.sofdsan_error:
  -> 0x7fbdfda09c <+588>: bl 0x7fbe03b4f0 ; symbol stub for: abort

libc.so`android_fdsan_get_owner_tag:
0x7fbdfda0a0 <+0>: stp x29, x30, [sp, #-0x20]!
0x7fbdfda0a4 <+4>: str x19, [sp, #0x10]
0x7fbdfda0a8 <+8>: mov x29, sp
(lldb)

[Grimler91]

@dipayand what device do you have, and are you using a custom ROM or original android?

Could you try compiling and running this and see if it triggers the error?

#include <stdio.h>
int main()
{
  fdopen (2, "w");
  fclose (stderr);
}

Put it in for example test.c and then compile with gcc -o test test.c, and then run ./test.

[dipayand]

[Grimler91]

@dipayand thanks, and what is your output of termux-info?

[dipayand]

Application version:
0.108
Packages CPU architecture: aarch64 Subscribed repositories:

sources.list deb https://termux.mentality.rip/termux-packages-24/ stable main

game-repo (sources.list.d/game.list)

deb https://grimler.se/game-packages-24 games stable

science-repo (sources.list.d/science.list) deb https://grimler.se/science-packages-24 science stable

sources.list.d/pointless.list

deb https://its-pointless.github.io/files/24 termux extras # x11-repo (sources.list.d/x11.list)
deb https://ipfs.io/ipns/k51qzi5uqu5dgu3homski160l4t4bmp52vb6dbgxb5bda90rewnwg64wnkwxj4 x11 main

unstable-repo (sources.list.d/unstable.list)

deb https://ipfs.io/ipns/k51qzi5uqu5dj05z8mr958kwvrg7a0wqouj5nnoo5uqu1btnsljvpznfaav9nk unstable main
Updatable packages:
All packages up to date Android version:
11
Kernel build information:
Linux localhost 4.14.113-21183318 #1 SMP PREEMPT Tue Mar 23 13:43:54 KST 2021 aarch64 Android
Device manufacturer:
samsung
Device model:
SM-M315F

[RalfWerner]

On my Samsung with Android 11 there is no problem with the example.
Because gfortran, I had to Change pkg in gcc-8 into pkg in gcc-9 - possibly helps that you too.

[Grimler91]

@RalfWerner official stock android? Thanks for testing

[ghost]

Here is a result from official stock android.

Please note that official Termux compiler is clang. Using gcc may give false-positive results that there "no issue". Use clang for testing.

[ghost]

Adding this line to the beginning of main of example

android_fdsan_set_error_level(ANDROID_FDSAN_ERROR_LEVEL_DISABLED);

makes the issue disappear.

[Grimler91]

That looks like a good workaround for the programs we don't have a fix for!

I think I have a fix for w3m, pushed in fee1315. Still don't know for emacs, texlive, zsh or inetutils though. I suggest we set android_fdsan_set_error_level(ANDROID_FDSAN_ERROR_LEVEL_DISABLED) for zsh as I suppose that affects the most people.

[ghost]

Here is what we need:

void *lib_handle = dlopen("libc.so", RTLD_LAZY);
  if (lib_handle) {
    void (*set_fdsan_error_level)(enum android_fdsan_error_level newlevel) = dlsym(lib_handle, "android_fdsan_set_error_level");
    if (set_fdsan_error_level) {
      set_fdsan_error_level(ANDROID_FDSAN_ERROR_LEVEL_DISABLED);
    }
    dlclose(lib_handle);
}

because android_fdsan_set_error_level is for API 29+ libc.

[Grimler91]

Great!

[ghost]

I see that w3m is fixed, fee1315 works. zsh is however fixed with solution from #6410 (comment) which should be applicable for everything.

Perhaps this issue can be closed?