reopen 494221
clone 494221 -1
reassign -1 librrd4
retitle -1 librrd4: segfault in rrd_open() on sparc
block 494221 by -1
thanks
I don't have any problem reproducing it on sparc, so reopening. The
segfault occurs in rrd_open() function in librrd4, as following gdb
session illustrates (rebuilt rrd with debugging symbols to get it):
Starting program: /usr/bin/rrdtool create zero.rrd DS:mon_25:GAUGE:600:U:U
RRA:AVERAGE:0:1:1 RRA:LAST:0:1:1 RRA:MAX:0:1:1
[Thread debugging using libthread_db enabled]
[New Thread 0xf751e700 (LWP 29891)]
[Switching to Thread 0xf751e700 (LWP 29891)]
Breakpoint 1, rrd_dontneed (rrd_file=0x28680, rrd=0xfff0f2c8) at rrd_open.c:329
329 ssize_t _page_size = sysconf(_SC_PAGESIZE);
(gdb) n
336 rra_start = rrd_file->header_len;
(gdb)
337 dontneed_start = PAGE_START(rra_start) + _page_size;
(gdb)
338 for (i = 0; i < rrd->stat_head->rra_cnt; ++i) {
(gdb)
339 active_block =
(gdb) display i
5: i = 0
(gdb) n
343 if (active_block > dontneed_start) {
5: i = 0
(gdb)
355 dontneed_start = active_block;
5: i = 0
(gdb)
358 if (rrd->stat_head->pdp_step * rrd->rra_def[i].pdp_cnt -
5: i = 0
(gdb)
361 dontneed_start += _page_size;
5: i = 0
(gdb)
363 rra_start +=
5: i = 0
(gdb)
338 for (i = 0; i < rrd->stat_head->rra_cnt; ++i) {
5: i = 0
(gdb)
339 active_block =
5: i = 1
(gdb)
343 if (active_block > dontneed_start) {
5: i = 1
(gdb)
355 dontneed_start = active_block;
5: i = 1
(gdb)
358 if (rrd->stat_head->pdp_step * rrd->rra_def[i].pdp_cnt -
5: i = 1
(gdb)
361 dontneed_start += _page_size;
5: i = 1
(gdb)
363 rra_start +=
5: i = 1
(gdb)
338 for (i = 0; i < rrd->stat_head->rra_cnt; ++i) {
5: i = 1
(gdb)
339 active_block =
5: i = 2
(gdb)
343 if (active_block > dontneed_start) {
5: i = 2
(gdb)
355 dontneed_start = active_block;
5: i = 2
(gdb)
358 if (rrd->stat_head->pdp_step * rrd->rra_def[i].pdp_cnt -
5: i = 2
(gdb)
361 dontneed_start += _page_size;
5: i = 2
(gdb)
363 rra_start +=
5: i = 2
(gdb)
338 for (i = 0; i < rrd->stat_head->rra_cnt; ++i) {
5: i = 2
(gdb)
368 madvise(rrd_file->file_start + dontneed_start,
5: i = 3
(gdb) list
363 rra_start +=
364 rrd->rra_def[i].row_cnt * rrd->stat_head->ds_cnt *
365 sizeof(rrd_value_t);
366 }
367 #ifdef USE_MADVISE
368 madvise(rrd_file->file_start + dontneed_start,
369 rrd_file->file_len - dontneed_start, MADV_DONTNEED);
370 #endif
371 #ifdef HAVE_POSIX_FADVISE
372 posix_fadvise(rrd_file->fd, dontneed_start,
(gdb) print rrd_file
$14 = (rrd_file_t *) 0x28680
(gdb) print rrd_file->file_start
$15 = 0xf7f48000 "RRD"
(gdb) print dontneed_start
$16 = 8192
(gdb) print rrd_file->file_len
$17 = 972
(gdb) print rrd_file->file_len - dontneed_start
$18 = 4294960076
(gdb) bt
#0 rrd_dontneed (rrd_file=0x28680, rrd=0xfff0f2c8) at rrd_open.c:368
#1 0xf7ef6134 in rrd_create_fn (file_name=0xfff0f9ad "zero.rrd",
rrd=0xfff0f3c4) at rrd_create.c:827
#2 0xf7ef4fd0 in rrd_create_r (filename=0xfff0f9ad "zero.rrd", pdp_step=300,
last_up=1220819559, argc=4, argv=0xfff0f8a0) at rrd_create.c:555
#3 0xf7ef356c in rrd_create (argc=6, argv=0xfff0f898) at rrd_create.c:100
#4 0x000133ec in HandleInputLine (argc=7, argv=0xfff0f894, out=0xf7baaaf8) at
rrd_tool.c:622
#5 0x00012b54 in main (argc=7, argv=0xfff0f894) at rrd_tool.c:494
(gdb) n
Program received signal SIGSEGV, Segmentation fault.
rrd_dontneed (rrd_file=Cannot access memory at address 0x44) at rrd_open.c:372
372 posix_fadvise(rrd_file->fd, dontneed_start,
Disabling display 5 to avoid infinite recursion.
5: i = Cannot access memory at address 0xffffffe8
I guess that the problem here is passing negative second argument to
madvise() which makes it very unhappy and smashes the stack, but I did
not grok the code yet to understand what's going on here.
Cheers.
--
Jurij Smakov [EMAIL PROTECTED]
Key: http://www.wooyd.org/pgpkey/ KeyID: C99E03CC
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
