Uploaded image for project: 'HPCC'
  1. HPCC
  2. HPCC-18139

CSocketEpollThread::run segfault calling si.nfy->notifySelected

    XMLWordPrintable

    Details

    • Type: Regression
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 6.2.14
    • Fix Version/s: 6.2.22
    • Component/s: JLib
    • Labels:
      None

      Description

      It looks like it's in this code:

                          ForEachItemIn(j,tonotify) {
                              const SelectItem &si = tonotify.item(j);
                              try { 
                                  si.nfy->notifySelected(si.sock,si.mode); // ignore return <--- crashes here
                              }
                              catch (IException *e) { // should be acted upon by notifySelected
                                  EXCLOG(e,"CSocketSelectThread notifySelected");
                                  throw ;
                              }
                          }
      

      disasm from core:

         0x00007ff22e6fe25f <+943>:	test   $0x19,%al
         0x00007ff22e6fe261 <+945>:	setne  %r14b
         0x00007ff22e6fe265 <+949>:	test   $0x4,%al
         0x00007ff22e6fe267 <+951>:	jne    0x7ff22e6fe1a8 <_ZN18CSocketEpollThread3runEv+760>
         0x00007ff22e6fe26d <+957>:	test   $0x2,%al
         0x00007ff22e6fe26f <+959>:	je     0x7ff22e6fe280 <_ZN18CSocketEpollThread3runEv+976>
         0x00007ff22e6fe271 <+961>:	or     $0x4,%r14d
         0x00007ff22e6fe275 <+965>:	jmpq   0x7ff22e6fe1b4 <_ZN18CSocketEpollThread3runEv+772>
         0x00007ff22e6fe27a <+970>:	nopw   0x0(%rax,%rax,1)
         0x00007ff22e6fe280 <+976>:	test   %r14d,%r14d
         0x00007ff22e6fe283 <+979>:	jne    0x7ff22e6fe1b4 <_ZN18CSocketEpollThread3runEv+772>
         0x00007ff22e6fe289 <+985>:	add    $0x1,%r12d
         0x00007ff22e6fe28d <+989>:	add    $0xc,%r13
         0x00007ff22e6fe291 <+993>:	cmp    %r12d,%r15d
         0x00007ff22e6fe294 <+996>:	jg     0x7ff22e6fe225 <_ZN18CSocketEpollThread3runEv+885>
         0x00007ff22e6fe296 <+998>:	nopw   %cs:0x0(%rax,%rax,1)
         0x00007ff22e6fe2a0 <+1008>:	mov    0x20(%rsp),%rdi
         0x00007ff22e6fe2a5 <+1013>:	xor    %ebp,%ebp
         0x00007ff22e6fe2a7 <+1015>:	callq  0x7ff22e65db80 <pthread_mutex_unlock@plt>
         0x00007ff22e6fe2ac <+1020>:	mov    0xe8(%rsp),%r12d
         0x00007ff22e6fe2b4 <+1028>:	test   %r12d,%r12d
         0x00007ff22e6fe2b7 <+1031>:	mov    %r12d,%eax
         0x00007ff22e6fe2ba <+1034>:	jne    0x7ff22e6fe2c7 <_ZN18CSocketEpollThread3runEv+1047>
         0x00007ff22e6fe2bc <+1036>:	jmp    0x7ff22e6fe2f8 <_ZN18CSocketEpollThread3runEv+1096>
         0x00007ff22e6fe2be <+1038>:	xchg   %ax,%ax
         0x00007ff22e6fe2c0 <+1040>:	mov    0xe8(%rsp),%eax
         0x00007ff22e6fe2c7 <+1047>:	cmp    %ebp,%eax
         0x00007ff22e6fe2c9 <+1049>:	jbe    0x7ff22e6fea9d <_ZN18CSocketEpollThread3runEv+3053>
         0x00007ff22e6fe2cf <+1055>:	mov    %rbp,%rax
         0x00007ff22e6fe2d2 <+1058>:	shl    $0x5,%rax
         0x00007ff22e6fe2d6 <+1062>:	add    0xe0(%rsp),%rax
         0x00007ff22e6fe2de <+1070>:	mov    0x10(%rax),%rdi
         0x00007ff22e6fe2e2 <+1074>:	movzbl 0x18(%rax),%edx
         0x00007ff22e6fe2e6 <+1078>:	mov    (%rax),%rsi
      => 0x00007ff22e6fe2e9 <+1081>:	mov    (%rdi),%rcx
         0x00007ff22e6fe2ec <+1084>:	callq  *0x10(%rcx)
         0x00007ff22e6fe2ef <+1087>:	add    $0x1,%rbp
         0x00007ff22e6fe2f3 <+1091>:	cmp    %ebp,%r12d
         0x00007ff22e6fe2f6 <+1094>:	ja     0x7ff22e6fe2c0 <_ZN18CSocketEpollThread3runEv+1040>
         0x00007ff22e6fe2f8 <+1096>:	mov    0x28(%rsp),%rdi
         0x00007ff22e6fe2fd <+1101>:	movl   $0x0,0xe8(%rsp)
         0x00007ff22e6fe308 <+1112>:	callq  0x7ff22e65dc50 <_ZN9Allocator4killEv@plt>
         0x00007ff22e6fe30d <+1117>:	movzbl 0xb0(%rbx),%eax
         0x00007ff22e6fe314 <+1124>:	movl   $0x0,0x20(%rsp)
         0x00007ff22e6fe31c <+1132>:	movl   $0x0,0x10(%rsp)
         0x00007ff22e6fe324 <+1140>:	jmpq   0x7ff22e6fdf28 <_ZN18CSocketEpollThread3runEv+120>
         0x00007ff22e6fe329 <+1145>:	nopl   0x0(%rax)
         0x00007ff22e6fe330 <+1152>:	mov    0x20(%rsp),%rdi
         0x00007ff22e6fe335 <+1157>:	callq  0x7ff22e65fac0 <pthread_mutex_lock@plt>
         0x00007ff22e6fe33a <+1162>:	nopw   0x0(%rax,%rax,1)
         0x00007ff22e6fe340 <+1168>:	mov    0x144(%rbx),%edi
         0x00007ff22e6fe346 <+1174>:	mov    0x10(%rsp),%rsi
         0x00007ff22e6fe34b <+1179>:	mov    $0x1,%edx
         0x00007ff22e6fe350 <+1184>:	callq  0x7ff22e65f8f0 <read@plt>
         0x00007ff22e6fe355 <+1189>:	cmp    $0x1,%rax
         0x00007ff22e6fe359 <+1193>:	je     0x7ff22e6fe340 <_ZN18CSocketEpollThread3runEv+1168>
         0x00007ff22e6fe35b <+1195>:	mov    0x20(%rsp),%rdi
         0x00007ff22e6fe360 <+1200>:	callq  0x7ff22e65db80 <pthread_mutex_unlock@plt>
      
      (gdb) info registers
      rax            0x7ff13495db00	140673946082048
      rbx            0x10c7c20	17595424
      rcx            0x1	1
      rdx            0x1	1
      rsi            0x7ff1400b3150	140674138321232
      rdi            0x103fffffff	69793218559
      rbp            0x0	0x0
      rsp            0x7ff22943ac30	0x7ff22943ac30
      r8             0x0	0
      r9             0x100	256
      r10            0x11	17
      r11            0x0	0
      r12            0x1	1
      r13            0x18	24
      r14            0x1	1
      r15            0x2	2
      rip            0x7ff22e6fe2e9	0x7ff22e6fe2e9 <CSocketEpollThread::run()+1081>
      eflags         0x10206	[ PF IF RF ]
      cs             0x33	51
      ss             0x2b	43
      ds             0x0	0
      es             0x0	0
      fs             0x0	0
      gs             0x0	0
      

      It looks like RDI is supposed to the VMT for nfy, but it contains a duff value.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                mckellyln Mark Kelly
                Reporter:
                jakesmith Jake Smith
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: