From owner-freebsd-questions@freebsd.org Sat Nov 7 17:59:56 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6DF4A466318 for ; Sat, 7 Nov 2020 17:59:56 +0000 (UTC) (envelope-from pete@nomadlogic.org) Received: from mail.nomadlogic.org (mail.nomadlogic.org [174.136.98.114]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mail.nomadlogic.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CT4lv4LM5z3NKc for ; Sat, 7 Nov 2020 17:59:55 +0000 (UTC) (envelope-from pete@nomadlogic.org) Received: from [192.168.1.160] (cpe-24-24-163-126.socal.res.rr.com [24.24.163.126]) by mail.nomadlogic.org (OpenSMTPD) with ESMTPSA id 721649e1 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO); Sat, 7 Nov 2020 17:59:48 +0000 (UTC) Subject: Re: Helping understand cause of SIGSEGV To: Patrick Mahan Cc: questions list References: <0764e7ef-bd81-a6c5-47c4-7cd539a428f5@nomadlogic.org> From: Pete Wright Message-ID: Date: Sat, 7 Nov 2020 09:59:47 -0800 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.4.0 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-Rspamd-Queue-Id: 4CT4lv4LM5z3NKc X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of pete@nomadlogic.org designates 174.136.98.114 as permitted sender) smtp.mailfrom=pete@nomadlogic.org X-Spamd-Result: default: False [-1.30 / 15.00]; RCVD_TLS_ALL(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[174.136.98.114:from]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; DMARC_NA(0.00)[nomadlogic.org]; ARC_NA(0.00)[]; NEURAL_SPAM_SHORT(1.00)[1.000]; SPAMHAUS_ZRD(0.00)[174.136.98.114:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:25795, ipnet:174.136.96.0/20, country:US]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-questions] Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Nov 2020 17:59:56 -0000 On 11/5/20 9:44 PM, Patrick Mahan wrote: > On Thu, Nov 5, 2020 at 5:01 PM Pete Wright > wrote: > > > > On 11/5/20 4:01 PM, Patrick Mahan wrote: >> >> >> | thread #1, name = 'fluent-bit', stop reason = signal SIGABRT >>    * frame #0: 0x000000004087100a libc.so.7`__sys_thr_kill at >> thr_kill.S:4 >>      frame #1: 0x00000000407e6c84 libc.so.7`__raise(s=6) at >> raise.c:52:10 >>      frame #2: 0x000000004089a5d9 libc.so.7`abort at abort.c:67:8 >>      frame #3: 0x000000000034a7a8 >> fluent-bit`flb_signal_handler(signal=11) at fluent-bit.c:418:9 >>      frame #4: 0x00000000406d1c20 >> libthr.so.3`handle_signal(actp=0x00007fffdfffc600, sig=11, >> info=0x00007fffdfffc9f0, ucp=0x00007fffdfffc680) at >> thr_sig.c:303:3 >>      frame #5: 0x00000000406d11ef >> libthr.so.3`thr_sighandler(sig=11, >> info=0x00007fffdfffc9f0, _ucp=0x00007fffdfffc680) at >> thr_sig.c:246:2 >>      frame #6: 0x00007fffffffe193 >>      frame #7: 0x000000000036fe0c fluent-bit`tasks_start >> [inlined] >> output_params_set(th=0x00000000416091c0, >> data=0x000000004165d980, >> bytes=128, tag="random.0", tag_len=8, i_ins=0x0000000040e58000, >> out_plugin=0x0000000040e2dfc0, out_context=0x00000000416051e0, >> config=0x0000000040e19180) at flb_output.h:429:5 >> >> >> I would look at what is happening here in output_params_set().  >> Something >> is accessing out of bounds memory. > > thanks for your response Patrick i really appreciate it. > > So here is where output_params_set() is defined - with an > interesting comment that i haven't chased down yet: > > 521     /* Workaround for makecontext() */ > 522     output_params_set(th, > 523                       buf, > 524                       size, > 525                       tag, > 526                       tag_len, > 527                       i_ins, > 528                       o_ins->p, > 529                       o_ins->context, > 530                       config); > 531     return th; > 532 } > 533 > > and the frame from the backtrace is this for reference: >      frame #8: 0x000000000036fd14 fluent-bit`tasks_start [inlined] > flb_output_thread(task=0x00000000416410a0, i_ins=0x0000000040e58000, > o_ins=0x0000000040e5b000, config=0x0000000040e19180, > buf=0x000000004165d980, size=128, tag="random.0", tag_len=8) at > flb_output.h:522 > > and then later on line 429 of flb_output.h it does this: > 428     FLB_TLS_SET(flb_libco_params, params); > 429     co_switch(th->callee); > > like i said i'm not really sure how to grok this, but it sounds > like one of the params in output_params_set isn't being set > correctly.  hopefully the code snippet makes the error more obvious :) > > > Okay, I don't know lldb very well.  But according to the GDB to LLDB > command map it uses the same > commands to move between frames.  So at startup you want to ensure you > are in thread 1 (thread select 1). That should place you in the last > frame on the stack (frame #0).  You just move up the stack using the > command 'up' until you are in frame #7. > > Once there you need to dump the contents of 'th' using the command 'p > *th' or 'frame variable -T *th'.  I suspect the value of th->callee is > incorrect.  The next frame on the stack is - > >     frame #6: 0x00007fffffffe193 > > This is different from the rest of the stack addresses. So I suspect > it is out of bounds. > > Patrick that's totally it - thanks Patrick! frame #7: 0x000000000036fe0c fluent-bit`tasks_start [inlined] output_params_set(th=0x00000000416091c0, data=0x000000004165d980, bytes=128, tag="random.0", tag_len=8, i_ins=0x0000000040e58000, out_plugin=0x0000000040e2dfc0, out_context=0x00000000416051e0, config=0x0000000040e19180) at flb_output.h:429:5    426       params->th          = th;    427    428       FLB_TLS_SET(flb_libco_params, params); -> 429       co_switch(th->callee);    430   }    431    432   static FLB_INLINE void output_pre_cb_flush(void) (lldb) p *th (flb_thread) $0 = {   caller = 0x00000000406b2950   callee = 0x000000004169f640   data = 0xa5a5a5a5a5a5a5a5   cb_destroy = 0x0000000000000000 } (lldb) i guess the next question to answer is why is this out of bounds. i'm gonna poke around and see what i can learn today. cheers, -pete -- Pete Wright pete@nomadlogic.org @nomadlogicLA