Re: Segmentation fault by ebtree.h

aogooc xu Wed, 07 Mar 2018 22:49:48 -0800

More debugging information ...

(gdb) f 2
#2  process_runnable_tasks () at src/task.c:229
229 rq_next = eb32_next(rq_next);
(gdb) print rq_next
$1 = (struct eb32_node *) 0x2a94840
(gdb) print rq_next->node
$2 = {branches = {b = {0x5d903c0, 0x2a94840}}, node_p = 0x0, leaf_p = 0x0,
bit = 3, pfx = 681}



(gdb) disas
Dump of assembler code for function process_runnable_tasks:
   0x0000000000421610 <+0>: push   %rbp
   0x0000000000421611 <+1>: push   %rbx
   0x0000000000421612 <+2>: sub    $0x8,%rsp
   0x0000000000421616 <+6>: mov    0x307d88(%rip),%eax        # 0x7293a4
<tasks_run_queue>
   0x000000000042161c <+12>: mov    0x307d7e(%rip),%edx        # 0x7293a0
<nb_tasks>
   0x0000000000421622 <+18>: test   %eax,%eax
   0x0000000000421624 <+20>: mov    %eax,0x307d7e(%rip)        # 0x7293a8
<tasks_run_queue_cur>
   0x000000000042162a <+26>: mov    %edx,0x307d7c(%rip)        # 0x7293ac
<nb_tasks_cur>
   0x0000000000421630 <+32>: je     0x42171b <process_runnable_tasks+267>
   0x0000000000421636 <+38>: cmp    $0xc8,%eax
   0x000000000042163b <+43>: mov    $0xc8,%ebx
   0x0000000000421640 <+48>: cmovbe %eax,%ebx
   0x0000000000421643 <+51>: mov    0x307d67(%rip),%eax        # 0x7293b0
<niced_tasks>
   0x0000000000421649 <+57>: test   %eax,%eax
   0x000000000042164b <+59>: jne    0x42173c <process_runnable_tasks+300>
   0x0000000000421651 <+65>: test   %ebx,%ebx
   0x0000000000421653 <+67>: je     0x42171b <process_runnable_tasks+267>
   0x0000000000421659 <+73>: nopl   0x0(%rax)
   0x0000000000421660 <+80>: mov    0x307d59(%rip),%rbp        # 0x7293c0
<rq_next>
   0x0000000000421667 <+87>: test   %rbp,%rbp
   0x000000000042166a <+90>: je     0x421747 <process_runnable_tasks+311>
   0x0000000000421670 <+96>: mov    0x18(%rbp),%rax
   0x0000000000421674 <+100>: test   $0x1,%al
   0x0000000000421676 <+102>: je     0x421688 <process_runnable_tasks+120>
   0x0000000000421678 <+104>: nopl   0x0(%rax,%rax,1)
   0x0000000000421680 <+112>: mov    0xf(%rax),%rax
   0x0000000000421684 <+116>: test   $0x1,%al
   0x0000000000421686 <+118>: jne    0x421680 <process_runnable_tasks+112>
---Type <return> to continue, or q <return> to quit---
=> 0x0000000000421688 <+120>: mov    0x8(%rax),%rax
   0x000000000042168c <+124>: xor    %edx,%edx
   0x000000000042168e <+126>: test   $0xfffffffffffffffe,%rax
   0x0000000000421694 <+132>: jne    0x4216a4 <process_runnable_tasks+148>
   0x0000000000421696 <+134>: jmp    0x4216ab <process_runnable_tasks+155>
   0x0000000000421698 <+136>: nopl   0x0(%rax,%rax,1)
   0x00000000004216a0 <+144>: mov    -0x1(%rax),%rax
   0x00000000004216a4 <+148>: test   $0x1,%al
   0x00000000004216a6 <+150>: jne    0x4216a0 <process_runnable_tasks+144>
   0x00000000004216a8 <+152>: mov    %rax,%rdx
   0x00000000004216ab <+155>: mov    %rbp,%rdi
   0x00000000004216ae <+158>: mov    %rdx,0x307d0b(%rip)        # 0x7293c0
<rq_next>
   0x00000000004216b5 <+165>: callq  0x4b7c90 <eb_delete>
   0x00000000004216ba <+170>: subl   $0x1,0x307ce3(%rip)        # 0x7293a4
<tasks_run_queue>
   0x00000000004216c1 <+177>: mov    0x307ce9(%rip),%eax        # 0x7293b0
<niced_tasks>
   0x00000000004216c7 <+183>: cmpw   $0x1,0x2a(%rbp)
   0x00000000004216cc <+188>: adc    $0xffffffffffffffff,%eax
   0x00000000004216cf <+191>: mov    %eax,0x307cdb(%rip)        # 0x7293b0
<niced_tasks>
......


(gdb) i r
rax            0x0 0
rbx            0x6 6
rcx            0x7 7
rdx            0x0 0
rsi            0x102dec7 16965319
rdi            0x2dec7 188103
rbp            0x2a94840 0x2a94840
rsp            0x7fffce10b1e0 0x7fffce10b1e0
r8             0x227e148 36168008
r9             0x227e130 36167984
r10            0x16f6383 24077187
r11            0x0 0
r12            0x1 1
r13            0x7fffce10b418 140736650589208
r14            0x14d5a70 21846640
r15            0x1 1
rip            0x421688 0x421688 <process_runnable_tasks+120>
eflags         0x10246 [ PF ZF IF RF ]
cs             0x33 51
ss             0x2b 43
ds             0x0 0
es             0x0 0
fs             0x0 0
gs             0x0 0





On Sun, Mar 4, 2018 at 10:35 PM, aogooc xu <[email protected]> wrote:

> thanks, I'm system version is centos 6.5.
>
> [root@localhost ~]# /usr/local/haproxy/sbin/haproxy -vv
>
> HA-Proxy version 1.6.13 2017/06/18
>
> Copyright 2000-2017 Willy Tarreau <[email protected]>
>
>
> Build options :
>
>   TARGET  = linux26
>
>   CPU     = generic
>
>   CC      = gcc
>
>   CFLAGS  = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement
> -fwrapv
>
>   OPTIONS = USE_ZLIB=1 USE_DL=1 USE_OPENSSL=1 USE_LUA=1
>
>
>
> *use gdb:*
>
> Program terminated with signal 11, Segmentation fault.
>
> #0  eb_next () at ebtree/ebtree.h:574
>
> 574 t = (eb_untag(t, EB_LEFT))->b[EB_RGHT];
>
>
>
> (gdb) bt full
>
> #0  eb_next () at ebtree/ebtree.h:574
>
>         t = 0x0
>
> #1  eb32_next () at ebtree/eb32tree.h:68
>
> No locals.
>
> #2  process_runnable_tasks () at src/task.c:229
>
>         t = <value optimized out>
>
>         max_processed = <value optimized out>
>
> #3  0x0000000000415198 in run_poll_loop () at src/haproxy.c:1601
>
>         next = <value optimized out>
>
> #4  0x0000000000418146 in main (argc=<value optimized out>,
>
>     argv=<value optimized out>) at src/haproxy.c:1975
>
>         err = <value optimized out>
>
>         retry = <value optimized out>
>
>         limit = {rlim_cur = 20194, rlim_max = 20194}
>
>         errmsg = "\000\000\000\000\000\000\000\
> 000\070\351q\000\000\000\000\000\360\235\226{\377\177\000\
> 000,\351q\000\000\000\000\000\b\000\000\000\000\000\000\000(
> \237\226{\377\177\000\000p\237\226{\377\177\000\000\310,
> B\000\000\000\000\000z\024I\000\000\000\000\000ַM\000\000\
> 000\000\000\240\236\226{\377\177\000\000 \267M\000\000\000\000\000\000\
> 000\000"
>
>         pidfd = <value optimized out>
>
>
> Recently, such problems often appear, so I am puzzled.
>
>

Re: Segmentation fault by ebtree.h

Reply via email to