From owner-freebsd-questions@freebsd.org  Sat Nov  7 19:57:37 2020
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 003482D0822
 for <freebsd-questions@mailman.nyi.freebsd.org>;
 Sat,  7 Nov 2020 19:57:37 +0000 (UTC)
 (envelope-from plmahan@gmail.com)
Received: from mail-lj1-x229.google.com (mail-lj1-x229.google.com
 [IPv6:2a00:1450:4864:20::229])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4CT7Mh2Kq0z3lQh
 for <freebsd-questions@freebsd.org>; Sat,  7 Nov 2020 19:57:36 +0000 (UTC)
 (envelope-from plmahan@gmail.com)
Received: by mail-lj1-x229.google.com with SMTP id y25so4346573lja.9
 for <freebsd-questions@freebsd.org>; Sat, 07 Nov 2020 11:57:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=jVO87zLTU4FNyHXIuLpC8wwSf4FmBfZ4AkRYqxob6p4=;
 b=MKdclrJSTdj/oMSg/7zX/elNoNwb86ho3F+OzkRzws7BhFzSrRRRerAGlVCInMn87e
 8TdY1i09EU47lexNk6D+8sfhL6gWwT/TpvIt7BR2Vu2Aa3TPNYmGzEou02Y3cizfMxVo
 kOdsbw+fL6VyZM5MOwnov67xxLU/voSIMbwT9h99Gz6UANQHvl2ReIBfvcYo4o0QdqDP
 eQLAMoCsyvcSQahEjnwqhlOYUsY/3YFy/vFMwwQ2UIMWDtm5BXsy3LD7KkfaD3QAiqzy
 wzs+QfPCUwpTQSWWXoU+u8ofrI7LsDMq4Ho84m7vA7f+XFYEJNlqt4AutNRrcBWQ4hbl
 8LYA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=jVO87zLTU4FNyHXIuLpC8wwSf4FmBfZ4AkRYqxob6p4=;
 b=nA7xARBAu2JBatlW51kN7YOENHu94Z/qXzzIgoP900B9gi+h/Ukyx77LSIuTOxVLQM
 0Gr66pQMPMVDaEu7cB175BC3jrsWDO+CCGrLT7RO1mslPIcpoNpF+sYLLiK935TtZoYy
 TB1eDFrP8iwI1FZWvj/tSrLNLTUenmctboK0oGgE+Vz6Y+EoUe4Vcu7t12zR9H0Iq9Us
 IlioiDYnQH6DK6ek7tnOVp3hzRkh7Lbj3cne0JycKVHmkOxwB4Npxl4WJ0EwYyjbLgrW
 OG/5ZLmDyd78WoibbkSyE9uEPNHbo1+z81JinDXECenB8TuWyLOgBKwg/0mOk2VYfvh0
 /1qg==
X-Gm-Message-State: AOAM531WXfwUVGc5UH4ItlbjukmEZW8ZaBJ+slfwinHxcHaeP2Zd/+G6
 aiIjQon6PhmUIbfd8khLsdMVCdDb/4rF080SxUxh8VmC1z0=
X-Google-Smtp-Source: ABdhPJyKm4c0jDEorPmUhj99lckwNX/USh4fltTDVD21vDzgyu39JEt3D1sOzZHyg7yuWxc4qzAEzo0DMNDfFpNj/uE=
X-Received: by 2002:a2e:6c15:: with SMTP id h21mr3100078ljc.45.1604779052828; 
 Sat, 07 Nov 2020 11:57:32 -0800 (PST)
MIME-Version: 1.0
References: <c2eab4b0-b10b-9db3-1aa3-1f61689e24e8@nomadlogic.org>
 <CAFDHx1Jg_9k3oWU8X-WdP2CJX8hnBYgMz+vxwOs766JZcM3WRQ@mail.gmail.com>
 <0764e7ef-bd81-a6c5-47c4-7cd539a428f5@nomadlogic.org>
 <CAFDHx1K2-RWS4=xYtNUKMV3t_J7OKKPUE56f9JY45Q+0nH_TFA@mail.gmail.com>
 <f51dfaf6-46da-9cd8-ea37-b2733f5ad9bc@nomadlogic.org>
In-Reply-To: <f51dfaf6-46da-9cd8-ea37-b2733f5ad9bc@nomadlogic.org>
From: Patrick Mahan <plmahan@gmail.com>
Date: Sat, 7 Nov 2020 11:57:21 -0800
Message-ID: <CAFDHx1JDyJq+sepz1O186AeijTqyXP6AuQajsETY00j5eAsLXQ@mail.gmail.com>
Subject: Re: Helping understand cause of SIGSEGV
To: Pete Wright <pete@nomadlogic.org>
Cc: questions list <freebsd-questions@freebsd.org>
X-Rspamd-Queue-Id: 4CT7Mh2Kq0z3lQh
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=MKdclrJS;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of plmahan@gmail.com designates
 2a00:1450:4864:20::229 as permitted sender) smtp.mailfrom=plmahan@gmail.com
X-Spamd-Result: default: False [-2.01 / 15.00]; FREEMAIL_FROM(0.00)[gmail.com];
 R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36];
 TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+];
 RCPT_COUNT_TWO(0.00)[2];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~];
 RBL_DBL_DONT_QUERY_IPS(0.00)[2a00:1450:4864:20::229:from];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US];
 DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[];
 NEURAL_SPAM_SHORT(0.99)[0.992]; NEURAL_HAM_LONG(-1.00)[-1.000];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org];
 SPAMHAUS_ZRD(0.00)[2a00:1450:4864:20::229:from:127.0.2.255];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::229:from];
 RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[];
 MAILMAN_DEST(0.00)[freebsd-questions]
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.34
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Nov 2020 19:57:37 -0000

On Sat, Nov 7, 2020 at 9:59 AM Pete Wright <pete@nomadlogic.org> wrote:

>
>
> On 11/5/20 9:44 PM, Patrick Mahan wrote:
>
> On Thu, Nov 5, 2020 at 5:01 PM Pete Wright <pete@nomadlogic.org> wrote:
>
>>
>>
>> On 11/5/20 4:01 PM, Patrick Mahan wrote:
>>
>>
>>
>>> | thread #1, name = 'fluent-bit', stop reason = signal SIGABRT
>>>    * frame #0: 0x000000004087100a libc.so.7`__sys_thr_kill at
>>> thr_kill.S:4
>>>      frame #1: 0x00000000407e6c84 libc.so.7`__raise(s=6) at raise.c:52:10
>>>      frame #2: 0x000000004089a5d9 libc.so.7`abort at abort.c:67:8
>>>      frame #3: 0x000000000034a7a8
>>> fluent-bit`flb_signal_handler(signal=11) at fluent-bit.c:418:9
>>>      frame #4: 0x00000000406d1c20
>>> libthr.so.3`handle_signal(actp=0x00007fffdfffc600, sig=11,
>>> info=0x00007fffdfffc9f0, ucp=0x00007fffdfffc680) at thr_sig.c:303:3
>>>      frame #5: 0x00000000406d11ef libthr.so.3`thr_sighandler(sig=11,
>>> info=0x00007fffdfffc9f0, _ucp=0x00007fffdfffc680) at thr_sig.c:246:2
>>>      frame #6: 0x00007fffffffe193
>>>      frame #7: 0x000000000036fe0c fluent-bit`tasks_start [inlined]
>>> output_params_set(th=0x00000000416091c0, data=0x000000004165d980,
>>> bytes=128, tag="random.0", tag_len=8, i_ins=0x0000000040e58000,
>>> out_plugin=0x0000000040e2dfc0, out_context=0x00000000416051e0,
>>> config=0x0000000040e19180) at flb_output.h:429:5
>>>
>>
>> I would look at what is happening here in output_params_set().  Something
>> is accessing out of bounds memory.
>>
>>
>>
>> thanks for your response Patrick i really appreciate it.
>>
>> So here is where output_params_set() is defined - with an interesting
>> comment that i haven't chased down yet:
>>
>> 521     /* Workaround for makecontext() */
>> 522     output_params_set(th,
>> 523                       buf,
>> 524                       size,
>> 525                       tag,
>> 526                       tag_len,
>> 527                       i_ins,
>> 528                       o_ins->p,
>> 529                       o_ins->context,
>> 530                       config);
>> 531     return th;
>> 532 }
>> 533
>>
>> and the frame from the backtrace is this for reference:
>>      frame #8: 0x000000000036fd14 fluent-bit`tasks_start [inlined]
>> flb_output_thread(task=0x00000000416410a0, i_ins=0x0000000040e58000,
>> o_ins=0x0000000040e5b000, config=0x0000000040e19180,
>> buf=0x000000004165d980, size=128, tag="random.0", tag_len=8) at
>> flb_output.h:522
>>
>> and then later on line 429 of flb_output.h it does this:
>> 428     FLB_TLS_SET(flb_libco_params, params);
>> 429     co_switch(th->callee);
>>
>> like i said i'm not really sure how to grok this, but it sounds like one
>> of the params in output_params_set isn't being set correctly.  hopefully
>> the code snippet makes the error more obvious :)
>>
>>
> Okay, I don't know lldb very well.  But according to the GDB to LLDB
> command map <http://lldb.llvm.org/use/map.html> it uses the same commands
> to move between frames.  So at startup you want to ensure you are in thread
> 1 (thread select 1).  That should place you in the last frame on the stack
> (frame #0).  You just move up the stack using the command 'up' until you
> are in frame #7.
>
> Once there you need to dump the contents of 'th' using the command 'p *th'
> or 'frame variable -T *th'.  I suspect the value of th->callee is
> incorrect.  The next frame on the stack is -
>
>     frame #6: 0x00007fffffffe193
>
> This is different from the rest of the stack addresses.  So I suspect it
> is out of bounds.
>
> Patrick
>
>
>
> that's totally it - thanks Patrick!
>
> frame #7: 0x000000000036fe0c fluent-bit`tasks_start [inlined]
> output_params_set(th=0x00000000416091c0, data=0x000000004165d980,
> bytes=128, tag="random.0", tag_len=8, i_ins=0x0000000040e58000,
> out_plugin=0x0000000040e2dfc0, out_context=0x00000000416051e0,
> config=0x0000000040e19180) at flb_output.h:429:5
>    426       params->th          = th;
>    427
>    428       FLB_TLS_SET(flb_libco_params, params);
> -> 429       co_switch(th->callee);
>    430   }
>    431
>    432   static FLB_INLINE void output_pre_cb_flush(void)
> (lldb) p *th
> (flb_thread) $0 = {
>   caller = 0x00000000406b2950
>   callee = 0x000000004169f640
>   data = 0xa5a5a5a5a5a5a5a5
>   cb_destroy = 0x0000000000000000
> }
> (lldb)
>
> i guess the next question to answer is why is this out of bounds.  i'm
> gonna poke around and see what i can learn today.
>
>
The value of th->callee should be a function, I think.  That is just from a
cursory glance at libco.

Good luck.

Patrick


>