-
-
Save sparr/fc97f4a265971bf720aedeaeb6874fd6 to your computer and use it in GitHub Desktop.
inexplicable SIGSEGV (Address boundary error)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Newlines addedfor clarity. Some inconsequential output removed. | |
| https://github.com/fenrus75/powertop/blob/master/src/perf/perf.cpp#L233 | |
| $ sudo gdb ./powertop | |
| (gdb) break perf.cpp:233 | |
| Breakpoint 1 at 0x435f0: file perf/perf.cpp, line 233. | |
| (gdb) run | |
| [first break is a good run of the function] | |
| Breakpoint 1, perf_event::process (this=0x5555555f0800, cookie=cookie@entry=0x5555555f0910) at perf/perf.cpp:233 | |
| 233 if (perf_fd < 0) | |
| (gdb) set disassemble-next-line on | |
| (gdb) info registers | |
| rax 0x1 1 | |
| rbx 0x5555555f08c0 93824992872640 | |
| rcx 0x5555555f3030 93824992882736 | |
| rdx 0x0 0 | |
| rsi 0x5555555f0910 93824992872720 | |
| rdi 0x5555555f0800 93824992872448 | |
| rbp 0x7fffffffc440 0x7fffffffc440 | |
| rsp 0x7fffffffc3a8 0x7fffffffc3a8 | |
| r8 0x7 7 | |
| r9 0x6 6 | |
| r10 0x0 0 | |
| r11 0x246 582 | |
| r12 0x5555555f0910 93824992872720 | |
| r13 0x0 0 | |
| r14 0x1 1 | |
| r15 0x0 0 | |
| rip 0x5555555975f0 0x5555555975f0 <perf_event::process(void*)> | |
| eflags 0x206 [ PF IF ] | |
| cs 0x33 51 | |
| ss 0x2b 43 | |
| ds 0x0 0 | |
| es 0x0 0 | |
| fs 0x0 0 | |
| gs 0x0 0 | |
| (gdb) stepi 14 | |
| 0x0000555555597617 233 if (perf_fd < 0) | |
| 0x00005555555975f0 <perf_event::process(void*)+0>: 8b 47 08 mov 0x8(%rdi),%eax | |
| 0x00005555555975f3 <perf_event::process(void*)+3>: 85 c0 test %eax,%eax | |
| 0x00005555555975f5 <perf_event::process(void*)+5>: 0f 88 eb 00 00 00 js 0x5555555976e6 <perf_event::process(void*)+246> | |
| 0x00005555555975fb <perf_event::process(void*)+11>: 55 push %rbp | |
| 0x00005555555975fc <perf_event::process(void*)+12>: 48 89 e5 mov %rsp,%rbp | |
| 0x00005555555975ff <perf_event::process(void*)+15>: 41 57 push %r15 | |
| 0x0000555555597601 <perf_event::process(void*)+17>: 49 89 ff mov %rdi,%r15 | |
| 0x0000555555597604 <perf_event::process(void*)+20>: 41 56 push %r14 | |
| 0x0000555555597606 <perf_event::process(void*)+22>: 41 55 push %r13 | |
| 0x0000555555597608 <perf_event::process(void*)+24>: 41 54 push %r12 | |
| 0x000055555559760a <perf_event::process(void*)+26>: 53 push %rbx | |
| 0x000055555559760b <perf_event::process(void*)+27>: 48 83 ec 18 sub $0x18,%rsp | |
| 0x000055555559760f <perf_event::process(void*)+31>: 48 89 75 c8 mov %rsi,-0x38(%rbp) | |
| 0x0000555555597613 <perf_event::process(void*)+35>: 4d 8b 6f 20 mov 0x20(%r15),%r13 | |
| => 0x0000555555597617 <perf_event::process(void*)+39>: 4d 8b a5 00 04 00 00 mov 0x400(%r13),%r12 | |
| 0x000055555559761e <perf_event::process(void*)+46>: 66 90 xchg %ax,%ax | |
| (gdb) info registers | |
| rax 0xa0 160 | |
| rbx 0x5555555f08c0 93824992872640 | |
| rcx 0x5555555f3030 93824992882736 | |
| rdx 0x0 0 | |
| rsi 0x5555555f0910 93824992872720 | |
| rdi 0x5555555f0800 93824992872448 | |
| rbp 0x7fffffffc3a0 0x7fffffffc3a0 | |
| rsp 0x7fffffffc360 0x7fffffffc360 | |
| r8 0x7 7 | |
| r9 0x6 6 | |
| r10 0x0 0 | |
| r11 0x246 582 | |
| r12 0x5555555f0910 93824992872720 | |
| r13 0x5555555faca0 93824992914592 | |
| r14 0x1 1 | |
| r15 0x5555555f0800 93824992872448 | |
| rip 0x555555597617 0x555555597617 <perf_event::process(void*)+39> | |
| eflags 0x206 [ PF IF ] | |
| cs 0x33 51 | |
| ss 0x2b 43 | |
| ds 0x0 0 | |
| es 0x0 0 | |
| fs 0x0 0 | |
| gs 0x0 0 | |
| (gdb) continue | |
| [second time it breaks is the problem] | |
| Continuing. | |
| Breakpoint 1, perf_event::process (this=0x5555555f1bb0, cookie=cookie@entry=0x5555555f0910) at perf/perf.cpp:233 | |
| 233 if (perf_fd < 0) | |
| => 0x00005555555975f0 <perf_event::process(void*)+0>: 8b 47 08 mov 0x8(%rdi),%eax | |
| 0x00005555555975f3 <perf_event::process(void*)+3>: 85 c0 test %eax,%eax | |
| 0x00005555555975f5 <perf_event::process(void*)+5>: 0f 88 eb 00 00 00 js 0x5555555976e6 <perf_event::process(void*)+246> | |
| 0x00005555555975fb <perf_event::process(void*)+11>: 55 push %rbp | |
| 0x00005555555975fc <perf_event::process(void*)+12>: 48 89 e5 mov %rsp,%rbp | |
| 0x00005555555975ff <perf_event::process(void*)+15>: 41 57 push %r15 | |
| 0x0000555555597601 <perf_event::process(void*)+17>: 49 89 ff mov %rdi,%r15 | |
| 0x0000555555597604 <perf_event::process(void*)+20>: 41 56 push %r14 | |
| 0x0000555555597606 <perf_event::process(void*)+22>: 41 55 push %r13 | |
| 0x0000555555597608 <perf_event::process(void*)+24>: 41 54 push %r12 | |
| 0x000055555559760a <perf_event::process(void*)+26>: 53 push %rbx | |
| 0x000055555559760b <perf_event::process(void*)+27>: 48 83 ec 18 sub $0x18,%rsp | |
| 0x000055555559760f <perf_event::process(void*)+31>: 48 89 75 c8 mov %rsi,-0x38(%rbp) | |
| 0x0000555555597613 <perf_event::process(void*)+35>: 4d 8b 6f 20 mov 0x20(%r15),%r13 | |
| 0x0000555555597617 <perf_event::process(void*)+39>: 4d 8b a5 00 04 00 00 mov 0x400(%r13),%r12 | |
| 0x000055555559761e <perf_event::process(void*)+46>: 66 90 xchg %ax,%ax | |
| (gdb) info registers | |
| rax 0x18 24 | |
| rbx 0x5555555f08c0 93824992872640 | |
| rcx 0x5555555f3030 93824992882736 | |
| rdx 0x1 1 | |
| rsi 0x5555555f0910 93824992872720 | |
| rdi 0x5555555f1bb0 93824992877488 | |
| rbp 0x7fffffffc440 0x7fffffffc440 | |
| rsp 0x7fffffffc3a8 0x7fffffffc3a8 | |
| r8 0x7 7 | |
| r9 0x6 6 | |
| r10 0x0 0 | |
| r11 0x246 582 | |
| r12 0x5555555f0910 93824992872720 | |
| r13 0x1 1 | |
| r14 0x1 1 | |
| r15 0x0 0 | |
| rip 0x5555555975f0 0x5555555975f0 <perf_event::process(void*)> | |
| eflags 0x202 [ IF ] | |
| cs 0x33 51 | |
| ss 0x2b 43 | |
| ds 0x0 0 | |
| es 0x0 0 | |
| fs 0x0 0 | |
| gs 0x0 0 | |
| (gdb) stepi 14 | |
| 0x0000555555597617 233 if (perf_fd < 0) | |
| 0x00005555555975f0 <perf_event::process(void*)+0>: 8b 47 08 mov 0x8(%rdi),%eax | |
| 0x00005555555975f3 <perf_event::process(void*)+3>: 85 c0 test %eax,%eax | |
| 0x00005555555975f5 <perf_event::process(void*)+5>: 0f 88 eb 00 00 00 js 0x5555555976e6 <perf_event::process(void*)+246> | |
| 0x00005555555975fb <perf_event::process(void*)+11>: 55 push %rbp | |
| 0x00005555555975fc <perf_event::process(void*)+12>: 48 89 e5 mov %rsp,%rbp | |
| 0x00005555555975ff <perf_event::process(void*)+15>: 41 57 push %r15 | |
| 0x0000555555597601 <perf_event::process(void*)+17>: 49 89 ff mov %rdi,%r15 | |
| 0x0000555555597604 <perf_event::process(void*)+20>: 41 56 push %r14 | |
| 0x0000555555597606 <perf_event::process(void*)+22>: 41 55 push %r13 | |
| 0x0000555555597608 <perf_event::process(void*)+24>: 41 54 push %r12 | |
| 0x000055555559760a <perf_event::process(void*)+26>: 53 push %rbx | |
| 0x000055555559760b <perf_event::process(void*)+27>: 48 83 ec 18 sub $0x18,%rsp | |
| 0x000055555559760f <perf_event::process(void*)+31>: 48 89 75 c8 mov %rsi,-0x38(%rbp) | |
| 0x0000555555597613 <perf_event::process(void*)+35>: 4d 8b 6f 20 mov 0x20(%r15),%r13 | |
| => 0x0000555555597617 <perf_event::process(void*)+39>: 4d 8b a5 00 04 00 00 mov 0x400(%r13),%r12 | |
| 0x000055555559761e <perf_event::process(void*)+46>: 66 90 xchg %ax,%ax | |
| (gdb) info registers | |
| rax 0xa1 161 | |
| rbx 0x5555555f08c0 93824992872640 | |
| rcx 0x5555555f3030 93824992882736 | |
| rdx 0x1 1 | |
| rsi 0x5555555f0910 93824992872720 | |
| rdi 0x5555555f1bb0 93824992877488 | |
| rbp 0x7fffffffc3a0 0x7fffffffc3a0 | |
| rsp 0x7fffffffc360 0x7fffffffc360 | |
| r8 0x7 7 | |
| r9 0x6 6 | |
| r10 0x0 0 | |
| r11 0x246 582 | |
| r12 0x5555555f0910 93824992872720 | |
| r13 0x632f7265776f702f 7147056913781321775 | |
| r14 0x1 1 | |
| r15 0x5555555f1bb0 93824992877488 | |
| rip 0x555555597617 0x555555597617 <perf_event::process(void*)+39> | |
| eflags 0x206 [ PF IF ] | |
| cs 0x33 51 | |
| ss 0x2b 43 | |
| ds 0x0 0 | |
| es 0x0 0 | |
| fs 0x0 0 | |
| gs 0x0 0 | |
| (gdb) print *this | |
| $1 = {_vptr.perf_event = 0x5555555d6898 <vtable for perf_bundle_event+16>, perf_fd = 161, perf_mmap = 0xffffffffffffffff, | |
| data_mmap = 0x73746e6576652f67, pc = 0x632f7265776f702f, bufsize = 128, name = 0x5555555f2370 "power/cpu_idle", | |
| cpu = 1, trace_type = 454, static pevent = 0x5555555f1aa0} | |
| [notice the very large value in this->pc which has ended up in r13 and is going to cause the address boundary error | |
| as soon as access to `0x400(%r13)` is attempted] | |
| (gdb) stepi | |
| Program received signal SIGSEGV, Segmentation fault. | |
| 0x0000555555597617 in perf_event::process (this=0x5555555f1bb0, cookie=cookie@entry=0x5555555f0910) at perf/perf.cpp:233 | |
| 233 if (perf_fd < 0) | |
| (gdb) print $_siginfo | |
| $2 = {si_signo = 11, si_errno = 0, si_code = 128, _sifields = {_pad = {0 <repeats 28 times>}, _kill = {si_pid = 0, | |
| si_uid = 0}, _timer = {si_tid = 0, si_overrun = 0, si_sigval = {sival_int = 0, sival_ptr = 0x0}}, _rt = { | |
| si_pid = 0, si_uid = 0, si_sigval = {sival_int = 0, sival_ptr = 0x0}}, _sigchld = {si_pid = 0, si_uid = 0, | |
| si_status = 0, si_utime = 0, si_stime = 0}, _sigfault = {si_addr = 0x0, _addr_lsb = 0, _addr_bnd = {_lower | |
| = 0x0, _upper = 0x0}}, _sigpoll = {si_band = 0, si_fd = 0}}} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment