Bug#865341: pagein: Segfaults roughly every 1 in ten executions

Tue, 20 Jun 2017 14:27:25 -0700 

Hello,
in version 0.00.04, which you commited to git three hours ago, the bug is still present, although much more seldom. 

I enabled core dumping, and looked at it through gdb.

Please find attached at "bt full" for version 0.00.04-1 as gdb prints it 
for the version with debug symbols.  It appears that the error is 
("still"?) with accessing mmaps.



For comparison: core dumps with version 0.00.03 mostly have their stack 
corrupted, and the rest crashes somewhere deep in 'scanf' while trying 
to read things from the stack; so probably stack corruption, too.



Btw, can you enable debug symbols again?  One litte "-g" in the CFLAGS 
increases the binary size only slightly, and makes debugging easier.  I 
did that by hand when reproducing the bug.


Cheers,
Ben Wiederhake

PS: Today I learned how *not* to use reportbug.  I assumed --body-file 
would either accept it as the full message, or allow me to edit it once 
more.  Oh well.

user@machine:~/workspace/pagein$ gdb ./pagein core
GNU gdb (Debian 7.12-6) 7.12.0.20161007-git
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./pagein...done.
[New LWP 28377]
Core was generated by `./pagein -p 1073'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  pagein_proc_mmap (pages_touched=<synthetic pointer>, prot=0xbfeeaa73 
"r--p", 
    path=0xbfeeaae0 "/usr/lib/i386-linux-gnu/libgstreamer-1.0.so.0.1004.0", 
len=<optimized out>, 
    end=3077554176, begin=<optimized out>, page_size=4096, mappings=0x811c28e8) 
at pagein.c:263
263                             x += *ptr;
(gdb) set pagination off
(gdb) bt full
#0  pagein_proc_mmap (pages_touched=<synthetic pointer>, prot=0xbfeeaa73 
"r--p", path=0xbfeeaae0 "/usr/lib/i386-linux-gnu/libgstreamer-1.0.so.0.1004.0", 
len=<optimized out>, end=3077554176, begin=<optimized out>, page_size=4096, 
mappings=0x811c28e8) at pagein.c:263
        ptr = 0xb76fb000 <error: Cannot access memory at address 0xb76fb000>
        x = <optimized out>
        fd = 5
        statbuf = {st_dev = 65025, __pad1 = 0, st_ino = 7606200, st_mode = 
33188, st_nlink = 1, st_uid = 0, st_gid = 0, st_rdev = 0, __pad2 = 0, st_size = 
1377772, st_blksize = 4096, st_blocks = 2696, st_atim = {tv_sec = 1497960752, 
tv_nsec = 83782983}, st_mtim = {tv_sec = 1487856812, tv_nsec = 0}, st_ctim = 
{tv_sec = 1490879804, tv_nsec = 871008154}, __glibc_reserved4 = 0, 
__glibc_reserved5 = 0}
        off = 3077550080
        prot_flags = <optimized out>
        mapped = 0xb770d000
#1  pagein_proc (mappings=0x811c28e8, page_size=4096, pid=1073, 
procs=0xbfeecf38, kthreads=0xbfeecf3c, total_pages_touched=0xbfeecf60) at 
pagein.c:337
        begin = 3077541888
        end = 3077554176
        len = <optimized out>
        off = <optimized out>
        off_end = <optimized out>
        byte = 0 '\000'
        mapped = 0x0
        path = 
"/usr/lib/i386-linux-gnu/libgstreamer-1.0.so.0.1004.0\000\000-le32d4.cache-4\000png.so",
 '\000' <repeats 947 times>
        prot = "r--p"
        path = "/proc/1073/maps", '\000' <repeats 1073 times>...
        buffer = "b76f9000-b76fc000 r--p 0014c000 fe:01 7606200    
/usr/lib/i386-linux-gnu/libgstreamer-1.0.so.0.1004.0\n\000\000\000e32d4.cache-4\n\000ng.so\n\000)\n",
 '\000' <repeats 2236 times>...
        fdmem = 3
        rc = 0
        fpmap = 0x811c2008
        pages = 26343
        pages_touched = 22240
        has_maps = <optimized out>
#2  0x80054e0e in main (argc=<optimized out>, argv=<optimized out>) at 
pagein.c:493
        ret = <optimized out>
        memfree_begin = 152728
        memfree_end = -5227627996823549632
        swapfree_begin = 1039448
        swapfree_end = 0
        delta = <optimized out>
        total_pages_touched = 0
        procs = 0
        total_procs = <optimized out>
        kthreads = 0
        scale = <optimized out>
        usage = {ru_utime = {tv_sec = -1074868352, tv_usec = -2147137980}, 
ru_stime = {tv_sec = 0, tv_usec = -1074868204}, {ru_maxrss = -1217433600, 
__ru_maxrss_word = -1217433600}, {ru_ixrss = 10, __ru_ixrss_word = 10}, 
{ru_idrss = -1, __ru_idrss_word = -1}, {ru_isrss = -1217433600, __ru_isrss_word 
= -1217433600}, {ru_minflt = -1219166696, __ru_minflt_word = -1219166696}, 
{ru_majflt = -1217324968, __ru_majflt_word = -1217324968}, {ru_nswap = 
-1217433600, __ru_nswap_word = -1217433600}, {ru_inblock = -1074868108, 
__ru_inblock_word = -1074868108}, {ru_oublock = -1217155840, __ru_oublock_word 
= -1217155840}, {ru_msgsnd = 524288, __ru_msgsnd_word = 524288}, {ru_msgrcv = 
-1, __ru_msgrcv_word = -1}, {ru_nsignals = -2147123200, __ru_nsignals_word = 
-2147123200}, {ru_nvcsw = 3, __ru_nvcsw_word = 3}, {ru_nivcsw = -2147131877, 
__ru_nivcsw_word = -2147131877}}
        pid = <optimized out>
        mappings = <optimized out>
(gdb)






















					Reply via email to