[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] xenstored crashes with SIGSEGV

To: Philipp Hahn <hahn@xxxxxxxxxxxxx>
From: Ian Campbell <Ian.Campbell@xxxxxxxxxx>
Date: Mon, 15 Dec 2014 17:45:24 +0000
Cc: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Xen-devel@xxxxxxxxxxxxx
Delivery-date: Mon, 15 Dec 2014 18:14:02 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Mon, 2014-12-15 at 14:50 +0000, Ian Campbell wrote:
> On Mon, 2014-12-15 at 15:19 +0100, Philipp Hahn wrote:
> > I just noticed something strange:
> > 
> > > #3  0x000000000040a684 in tdb_open (name=0xff00000000 <Address
> > > 0xff00000000 out of bounds>, hash_size=0,
> > >     tdb_flags=4254928, open_flags=-1, mode=3119127560) at tdb.c:1773
> > > #4  0x000000000040a70b in tdb_copy (tdb=0x192e540, outfile=0x1941fb0
> > > "/var/lib/xenstored/tdb.0x1935bb0")
> > 
> > Why does gdb-7.0.1 print "name=0xff000000" here for frame 3, but for
> > frame 2 and 4 the pointers are correct again?
> > Verifying the values with an explicit "print" shows them as correct.
> 
> I has just noticed that and was wondering about that same thing. I'm
> starting to worry that 0xff00000000 might just be a gdb thing, similar
> to <value optimized out>, but infinitely more misleading.

I'm reasonably convinced now that this is just a weird artefact of
running gdb on an optimised binary, probably a shortcoming in the debug
info leading to gdb getting confused.

Unfortunately this also calls into doubt the parameter to talloc_free,
perhaps in that context 0xff0000000 is a similar artefact.

Please can you print the entire contents of tdb in the second frame
("print *tdb" ought to do it). I'm curious whether it is all sane or
not.

Please can you also print "info regs" at the point of the segv (in frame
0) as well as "disas" at that point.

Can you also "p $_siginfo._sifields._sigfault.si_addr" (in frame 0).
This ought to be the actual faulting address, which ought to give a hint
on how much we can trust the parameters in the stack trace.

Since I'm asking for the world I may as well ask you to dump the raw
stack too "x/64x $sp" ought to be a good starting point.

I notice in your bugzilla (for a different occurrence, I think):
> [2090451.721705] univention-conf[2512]: segfault at ff00000000 ip 
> 000000000045e238 sp 00007ffff68dfa30 error 6 in python2.6[400000+21e000]

Which appears to have faulted access 0xff000000000 too. It looks like
this process is a python thing, it's nothing to do with xenstored I
assume? It seems rather coincidental that it should be accessing the 
same sort of address and be faulting.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] xenstored crashes with SIGSEGV
  - From: Philipp Hahn

References:
- Re: [Xen-devel] xenstored crashes with SIGSEGV
  - From: Philipp Hahn
- Re: [Xen-devel] xenstored crashes with SIGSEGV
  - From: Ian Campbell
- Re: [Xen-devel] xenstored crashes with SIGSEGV
  - From: Philipp Hahn
- Re: [Xen-devel] xenstored crashes with SIGSEGV
  - From: Ian Campbell
- Re: [Xen-devel] xenstored crashes with SIGSEGV
  - From: Philipp Hahn
- Re: [Xen-devel] xenstored crashes with SIGSEGV
  - From: Ian Campbell
- Re: [Xen-devel] xenstored crashes with SIGSEGV
  - From: Ian Campbell
- Re: [Xen-devel] xenstored crashes with SIGSEGV
  - From: Philipp Hahn
- Re: [Xen-devel] xenstored crashes with SIGSEGV
  - From: Ian Campbell

Prev by Date: [Xen-devel] [GIT PULL] xen: additional features for 3.19-rc0
Next by Date: [Xen-devel] Xen Project 4.5 RC4 is Ready Today; Test Day is Wednesday
Previous by thread: Re: [Xen-devel] xenstored crashes with SIGSEGV
Next by thread: Re: [Xen-devel] xenstored crashes with SIGSEGV
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.