Helping understand cause of SIGSEGV
Pete Wright
pete at nomadlogic.org
Sat Nov 7 17:59:56 UTC 2020
On 11/5/20 9:44 PM, Patrick Mahan wrote:
> On Thu, Nov 5, 2020 at 5:01 PM Pete Wright <pete at nomadlogic.org
> <mailto:pete at nomadlogic.org>> wrote:
>
>
>
> On 11/5/20 4:01 PM, Patrick Mahan wrote:
>>
>>
>> | thread #1, name = 'fluent-bit', stop reason = signal SIGABRT
>> * frame #0: 0x000000004087100a libc.so.7`__sys_thr_kill at
>> thr_kill.S:4
>> frame #1: 0x00000000407e6c84 libc.so.7`__raise(s=6) at
>> raise.c:52:10
>> frame #2: 0x000000004089a5d9 libc.so.7`abort at abort.c:67:8
>> frame #3: 0x000000000034a7a8
>> fluent-bit`flb_signal_handler(signal=11) at fluent-bit.c:418:9
>> frame #4: 0x00000000406d1c20
>> libthr.so.3`handle_signal(actp=0x00007fffdfffc600, sig=11,
>> info=0x00007fffdfffc9f0, ucp=0x00007fffdfffc680) at
>> thr_sig.c:303:3
>> frame #5: 0x00000000406d11ef
>> libthr.so.3`thr_sighandler(sig=11,
>> info=0x00007fffdfffc9f0, _ucp=0x00007fffdfffc680) at
>> thr_sig.c:246:2
>> frame #6: 0x00007fffffffe193
>> frame #7: 0x000000000036fe0c fluent-bit`tasks_start
>> [inlined]
>> output_params_set(th=0x00000000416091c0,
>> data=0x000000004165d980,
>> bytes=128, tag="random.0", tag_len=8, i_ins=0x0000000040e58000,
>> out_plugin=0x0000000040e2dfc0, out_context=0x00000000416051e0,
>> config=0x0000000040e19180) at flb_output.h:429:5
>>
>>
>> I would look at what is happening here in output_params_set().
>> Something
>> is accessing out of bounds memory.
>
> thanks for your response Patrick i really appreciate it.
>
> So here is where output_params_set() is defined - with an
> interesting comment that i haven't chased down yet:
>
> 521 /* Workaround for makecontext() */
> 522 output_params_set(th,
> 523 buf,
> 524 size,
> 525 tag,
> 526 tag_len,
> 527 i_ins,
> 528 o_ins->p,
> 529 o_ins->context,
> 530 config);
> 531 return th;
> 532 }
> 533
>
> and the frame from the backtrace is this for reference:
> frame #8: 0x000000000036fd14 fluent-bit`tasks_start [inlined]
> flb_output_thread(task=0x00000000416410a0, i_ins=0x0000000040e58000,
> o_ins=0x0000000040e5b000, config=0x0000000040e19180,
> buf=0x000000004165d980, size=128, tag="random.0", tag_len=8) at
> flb_output.h:522
>
> and then later on line 429 of flb_output.h it does this:
> 428 FLB_TLS_SET(flb_libco_params, params);
> 429 co_switch(th->callee);
>
> like i said i'm not really sure how to grok this, but it sounds
> like one of the params in output_params_set isn't being set
> correctly. hopefully the code snippet makes the error more obvious :)
>
>
> Okay, I don't know lldb very well. But according to the GDB to LLDB
> command map <http://lldb.llvm.org/use/map.html> it uses the same
> commands to move between frames. So at startup you want to ensure you
> are in thread 1 (thread select 1). That should place you in the last
> frame on the stack (frame #0). You just move up the stack using the
> command 'up' until you are in frame #7.
>
> Once there you need to dump the contents of 'th' using the command 'p
> *th' or 'frame variable -T *th'. I suspect the value of th->callee is
> incorrect. The next frame on the stack is -
>
> frame #6: 0x00007fffffffe193
>
> This is different from the rest of the stack addresses. So I suspect
> it is out of bounds.
>
> Patrick
that's totally it - thanks Patrick!
frame #7: 0x000000000036fe0c fluent-bit`tasks_start [inlined]
output_params_set(th=0x00000000416091c0, data=0x000000004165d980,
bytes=128, tag="random.0", tag_len=8, i_ins=0x0000000040e58000,
out_plugin=0x0000000040e2dfc0, out_context=0x00000000416051e0,
config=0x0000000040e19180) at flb_output.h:429:5
426 params->th = th;
427
428 FLB_TLS_SET(flb_libco_params, params);
-> 429 co_switch(th->callee);
430 }
431
432 static FLB_INLINE void output_pre_cb_flush(void)
(lldb) p *th
(flb_thread) $0 = {
caller = 0x00000000406b2950
callee = 0x000000004169f640
data = 0xa5a5a5a5a5a5a5a5
cb_destroy = 0x0000000000000000
}
(lldb)
i guess the next question to answer is why is this out of bounds. i'm
gonna poke around and see what i can learn today.
cheers,
-pete
--
Pete Wright
pete at nomadlogic.org
@nomadlogicLA
More information about the freebsd-questions
mailing list