Date: Sat, 7 Nov 2020 09:59:47 -0800 From: Pete Wright <pete@nomadlogic.org> To: Patrick Mahan <plmahan@gmail.com> Cc: questions list <freebsd-questions@freebsd.org> Subject: Re: Helping understand cause of SIGSEGV Message-ID: <f51dfaf6-46da-9cd8-ea37-b2733f5ad9bc@nomadlogic.org> In-Reply-To: <CAFDHx1K2-RWS4=xYtNUKMV3t_J7OKKPUE56f9JY45Q%2B0nH_TFA@mail.gmail.com> References: <c2eab4b0-b10b-9db3-1aa3-1f61689e24e8@nomadlogic.org> <CAFDHx1Jg_9k3oWU8X-WdP2CJX8hnBYgMz%2BvxwOs766JZcM3WRQ@mail.gmail.com> <0764e7ef-bd81-a6c5-47c4-7cd539a428f5@nomadlogic.org> <CAFDHx1K2-RWS4=xYtNUKMV3t_J7OKKPUE56f9JY45Q%2B0nH_TFA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11/5/20 9:44 PM, Patrick Mahan wrote: > On Thu, Nov 5, 2020 at 5:01 PM Pete Wright <pete@nomadlogic.org > <mailto:pete@nomadlogic.org>> wrote: > > > > On 11/5/20 4:01 PM, Patrick Mahan wrote: >> >> >> | thread #1, name = 'fluent-bit', stop reason = signal SIGABRT >> * frame #0: 0x000000004087100a libc.so.7`__sys_thr_kill at >> thr_kill.S:4 >> frame #1: 0x00000000407e6c84 libc.so.7`__raise(s=6) at >> raise.c:52:10 >> frame #2: 0x000000004089a5d9 libc.so.7`abort at abort.c:67:8 >> frame #3: 0x000000000034a7a8 >> fluent-bit`flb_signal_handler(signal=11) at fluent-bit.c:418:9 >> frame #4: 0x00000000406d1c20 >> libthr.so.3`handle_signal(actp=0x00007fffdfffc600, sig=11, >> info=0x00007fffdfffc9f0, ucp=0x00007fffdfffc680) at >> thr_sig.c:303:3 >> frame #5: 0x00000000406d11ef >> libthr.so.3`thr_sighandler(sig=11, >> info=0x00007fffdfffc9f0, _ucp=0x00007fffdfffc680) at >> thr_sig.c:246:2 >> frame #6: 0x00007fffffffe193 >> frame #7: 0x000000000036fe0c fluent-bit`tasks_start >> [inlined] >> output_params_set(th=0x00000000416091c0, >> data=0x000000004165d980, >> bytes=128, tag="random.0", tag_len=8, i_ins=0x0000000040e58000, >> out_plugin=0x0000000040e2dfc0, out_context=0x00000000416051e0, >> config=0x0000000040e19180) at flb_output.h:429:5 >> >> >> I would look at what is happening here in output_params_set(). >> Something >> is accessing out of bounds memory. > > thanks for your response Patrick i really appreciate it. > > So here is where output_params_set() is defined - with an > interesting comment that i haven't chased down yet: > > 521 /* Workaround for makecontext() */ > 522 output_params_set(th, > 523 buf, > 524 size, > 525 tag, > 526 tag_len, > 527 i_ins, > 528 o_ins->p, > 529 o_ins->context, > 530 config); > 531 return th; > 532 } > 533 > > and the frame from the backtrace is this for reference: > frame #8: 0x000000000036fd14 fluent-bit`tasks_start [inlined] > flb_output_thread(task=0x00000000416410a0, i_ins=0x0000000040e58000, > o_ins=0x0000000040e5b000, config=0x0000000040e19180, > buf=0x000000004165d980, size=128, tag="random.0", tag_len=8) at > flb_output.h:522 > > and then later on line 429 of flb_output.h it does this: > 428 FLB_TLS_SET(flb_libco_params, params); > 429 co_switch(th->callee); > > like i said i'm not really sure how to grok this, but it sounds > like one of the params in output_params_set isn't being set > correctly. hopefully the code snippet makes the error more obvious :) > > > Okay, I don't know lldb very well. But according to the GDB to LLDB > command map <http://lldb.llvm.org/use/map.html> it uses the same > commands to move between frames. So at startup you want to ensure you > are in thread 1 (thread select 1). That should place you in the last > frame on the stack (frame #0). You just move up the stack using the > command 'up' until you are in frame #7. > > Once there you need to dump the contents of 'th' using the command 'p > *th' or 'frame variable -T *th'. I suspect the value of th->callee is > incorrect. The next frame on the stack is - > > frame #6: 0x00007fffffffe193 > > This is different from the rest of the stack addresses. So I suspect > it is out of bounds. > > Patrick that's totally it - thanks Patrick! frame #7: 0x000000000036fe0c fluent-bit`tasks_start [inlined] output_params_set(th=0x00000000416091c0, data=0x000000004165d980, bytes=128, tag="random.0", tag_len=8, i_ins=0x0000000040e58000, out_plugin=0x0000000040e2dfc0, out_context=0x00000000416051e0, config=0x0000000040e19180) at flb_output.h:429:5 426 params->th = th; 427 428 FLB_TLS_SET(flb_libco_params, params); -> 429 co_switch(th->callee); 430 } 431 432 static FLB_INLINE void output_pre_cb_flush(void) (lldb) p *th (flb_thread) $0 = { caller = 0x00000000406b2950 callee = 0x000000004169f640 data = 0xa5a5a5a5a5a5a5a5 cb_destroy = 0x0000000000000000 } (lldb) i guess the next question to answer is why is this out of bounds. i'm gonna poke around and see what i can learn today. cheers, -pete -- Pete Wright pete@nomadlogic.org @nomadlogicLA
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f51dfaf6-46da-9cd8-ea37-b2733f5ad9bc>