ps:Segmentation fault with option “-LAlm”

1.problem

# ps -LAlm
F S   UID     PID    PPID     LWP  C PRI  NI ADDR SZ WCHAN  TTY          TIME CMD
4 -     0       1       0       -  0   -   - - 41400 -      ?        00:00:05 systemd
4 S     0       -       -       1  0 1011469308 - - - 
                                                           -        00:00:05 -
1 -     0       2       0       -  0   -   - -     0 -      ?        00:00:00 kthreadd
Signal 11 (SEGV) caught by ps (4.0.0).
1 S     0       -       -       2  0  60   0 -     -ps:ps/display.c:66: please report this bug
\Segmentation fault (core dumped)
# ps --version
ps from procps-ng 4.0.0
# rpm -qa | grep procps-ng
procps-ng-4.0.0

2.debug

#gdb ps  ./core.ps.0.7a969c60ffc74e42b62ecb4bb0b7315a.260455.1684463299000000
(gdb) bt
#0  0x00007f09cc09910b in kill () at ../sysdeps/unix/syscall-template.S:120
#1  0x000055e91017ad00 in signal_handler (signo=11) at ps/display.c:71
#2  <signal handler called>
#3  __strlen_evex () at ../sysdeps/x86_64/multiarch/strlen-evex.S:77
#4  0x000055e910180d79 in pr_wchan (outbuf=0x7f09cac3b090 "-", pp=<optimized out>) at ps/output.c:791
#5  0x000055e91018329a in show_one_proc (p=0x7f09caada038, fmt=0x55e911a26a30) at ps/output.c:2195
#6  0x000055e91017a952 in simple_spew () at ps/display.c:337
#7  main (argc=<optimized out>, argv=<optimized out>) at ps/display.c:664
(gdb) fram 4
#4  0x000055e910180d79 in pr_wchan (outbuf=0x7f09cac3b090 "-", pp=<optimized out>) at ps/output.c:791
791       len = strlen(w);
(gdb) p rel_WCHAN_NAME
$191 = -1
(gdb) 
(gdb) info  locals 
w = 0x0
len = <optimized out>
(gdb) 
(gdb) fram 5
#5  0x000055e91018329a in show_one_proc (p=0x7f09caada038, fmt=0x55e911a26a30) at ps/output.c:2195
2195        if(p && fmt->pr) amount = (*fmt->pr)(outbuf,p);
(gdb) info locals 
correct = 53
actual = 52
amount = <optimized out>
leftpad = 4
space = <optimized out>
dospace = 1
legit = 0
sz = <optimized out>
tmpspace = 0
outbuf = <optimized out>
did_stuff = 1
(gdb) 
(gdb) print p->head->result
$192 = {s_ch = -48 '\320', s_int = 295857104, u_int = 295857104, ul_int = 94459511598032, ull_int = 94459511598032, str = 0x55e911a26bd0 "kthreadd", strv = 0x55e911a26bd0, real = 4.6669199603530399e-310}
(gdb) print p->head[-1]->result.str
$193 = 0x0

--------------------------------

static int pr_wchan(char *restrict const outbuf, const proc_t *restrict const pp){

  const char *w;
  size_t len;
setREL1(WCHAN_NAME)
  w = rSv(WCHAN_NAME, str, pp); --->>  w is null,so coredump in strlen.
  len = strlen(w);            
  if(len>max_rightward) len=max_rightward;
  memcpy(outbuf, w, len);
  outbuf[len] = '\0';
  return len;
}

src/ps/output.c
#define rSv(E,T,S) PIDS_VAL(rel_ ## E, T, S, Pids_info)   -->>PIDS_VAL return null

library/include/pids.h
#define PIDS_VAL( relative_enum, type, stack, info )     stack -> head [ relative_enum ] . result . type 

-->> relative_enum（rel_WCHAN_NAME） is -1， why?    so p->head[-1]->result.str is null

Why is the index here -1(rel_WCHAN_NAME)? Are there any other considerations?

Edited May 24, 2023 by zhangdaolong