search

byzhang / leveldb

Automatically exported from code.google.com/p/leveldb
BSD 3-Clause "New" or "Revised" License
0 stars 0 forks source link

corruption_test segfaults on ARM #251

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Compile leveldb's corruption test for armv7a 
2. Execute on some such lower-powered device (e.g. beaglebone)
3. Segmentation fault!

What is the expected output? What do you see instead?
  >>EXPECTED>>
    ==== Test CorruptionTest.Recovery
    expected=100..100; got=100; bad_keys=0; bad_values=0; missed=0
    expected=36..36; got=36; bad_keys=0; bad_values=0; missed=64
    ==== Test CorruptionTest.RecoverWriteError
    ==== Test CorruptionTest.NewFileErrorDuringWrite
    ==== Test CorruptionTest.TableFile
    expected=90..99; got=99; bad_keys=0; bad_values=1; missed=0
    ==== Test CorruptionTest.TableFileRepair
    expected=95..99; got=98; bad_keys=0; bad_values=0; missed=2
    ==== Test CorruptionTest.TableFileIndexData
    expected=5000..9999; got=8056; bad_keys=0; bad_values=0; missed=0
    ==== Test CorruptionTest.MissingDescriptor
    expected=1000..1000; got=1000; bad_keys=0; bad_values=0; missed=0
    ==== Test CorruptionTest.SequenceNumberRecovery
    ==== Test CorruptionTest.CorruptedDescriptor
    ==== Test CorruptionTest.CompactionInputError
    expected=5..9; got=9; bad_keys=0; bad_values=1; missed=0
    expected=10000..10000; got=10000; bad_keys=0; bad_values=0; missed=0
    ==== Test CorruptionTest.CompactionInputErrorParanoid
    ==== Test CorruptionTest.UnrelatedKeys
    ==== PASSED 12 tests
  <<EXPECTED<<

  >>>ACTUAL>>>
    ==== Test CorruptionTest.Recovery
    expected=100..100; got=100; bad_keys=0; bad_values=0; missed=0
    expected=36..36; got=36; bad_keys=0; bad_values=0; missed=64
    ==== Test CorruptionTest.RecoverWriteError
    ==== Test CorruptionTest.NewFileErrorDuringWrite
    ==== Test CorruptionTest.TableFile
    expected=90..99; got=99; bad_keys=0; bad_values=1; missed=0
    ==== Test CorruptionTest.TableFileRepair
    expected=95..99; got=98; bad_keys=0; bad_values=0; missed=2
    ==== Test CorruptionTest.TableFileIndexData
    Segmentation fault
  <<<ACTUAL<<<

What version of the product are you using? On what operating system?
  LevelDB versions: both 1.15 and git-e353fbc7ea81f12a5694991b708f8f45343594b1 (claims to be 1.17)
  OS: both Debian 7.5 (wheezy) for beaglebone and chromiumos for beaglebone (not sure what version -- based on kernel 3.8.13 + libstdc++ 6.0.18)

Please provide any additional information below.

  This testcase is flaky (segfaulting approximately 30% of the time) with the following compiler/linker flags:
    FLAGs:    -g2 -ggdb -no-canonical-prefixes
    CXXFLAGS: -ffunction-sections -fdata-sections -fno-math-errno -fno-buildtin-memcmp -pthread -std=gnu++0x
    LDFLAGS:  -Wl,--gc-sections,--no-wchar-size-warning -std=gnu++0x

  The testcase is segfaults 100% (unless run under gdb) of the time with the following compiler/linker flags:
    FLAGs:    -O2 -D_FORTIFY_SOURCE=2 -no-canonical-prefixes 
    CXXFLAGS: -ffunction-sections -fdata-sections -fno-math-errno -fno-strict-aliasing -fstack-protector-all
              -fPIC -fno-buildtin-memcmp -z noexecstack -pthread -std=gnu++0x
    LDFLAGS:  -Wl,--gc-sections,--no-wchar-size-warning -pie -Wl,-z,relrow,-z,now -std=gnu++0x

The segfault's back trace is is as follows:
 Program terminated with signal 11, Segmentation fault.
  #0  0x0002f79a in leveldb::DecodeEntry(char const*, char const*, unsigned int*, unsigned int*, unsigned int*) () at ./leveldb/table/block.cc:58
  58      ./leveldb/table/block.cc: No such file or directory.
  (gdb) bt
  #0  0x0002f79a in leveldb::DecodeEntry(char const*, char const*, unsigned int*, unsigned int*, unsigned int*) () at ./leveldb/table/block.cc:58
  #1  0x0002fe3e in leveldb::Block::Iter::ParseNextKey() () at ./leveldb/table/block.cc:239
  #2  0x0002fd02 in leveldb::Block::Iter::SeekToFirst() () at ./leveldb/table/block.cc:207
  #3  0x00032734 in leveldb::IteratorWrapper::SeekToFirst() () at ./leveldb/table/iterator_wrapper.h:45
  #4  0x00034e72 in leveldb::(anonymous namespace)::TwoLevelIterator::SeekToFirst() () at ./leveldb/table/two_level_iterator.cc:99
  #5  0x00032734 in leveldb::IteratorWrapper::SeekToFirst() () at ./leveldb/table/iterator_wrapper.h:45
  #6  0x00034fee in leveldb::(anonymous namespace)::TwoLevelIterator::SkipEmptyDataBlocksForward() () at ./leveldb/table/two_level_iterator.cc:134
  #7  0x00034f38 in leveldb::(anonymous namespace)::TwoLevelIterator::Next() () at ./leveldb/table/two_level_iterator.cc:115
  #8  0x0003264c in leveldb::IteratorWrapper::Next() () at ./leveldb/table/iterator_wrapper.h:42
  #9  0x00032b24 in leveldb::(anonymous namespace)::MergingIterator::Next() () at ./leveldb/table/merger.cc:81
  #10 0x0001fff0 in leveldb::(anonymous namespace)::DBIter::FindNextUserEntry(bool, std::string*) () at ./leveldb/db/db_iter.cc:199
  #11 0x0001feb4 in leveldb::(anonymous namespace)::DBIter::Next() () at ./leveldb/db/db_iter.cc:170
  #12 0x0001076c in leveldb::CorruptionTest::Check(int, int) () at ./leveldb/db/corruption_test.cc:96
  #13 0x000115da in leveldb::_Test_TableFileIndexData::_Run() ()

  (gdb) disassemble
  Dump of assembler code for function _ZN7leveldbL11DecodeEntryEPKcS1_PjS2_S2_:
     0x0002f77c <+0>:     push    {r7, lr}
     0x0002f77e <+2>:     subne   sp, #16
     0x0002f780 <+4>:     addeq   r7, sp, #0
     0x0002f782 <+6>:     str     r0, [r7, #12]
     0x0002f784 <+8>:     str     r1, [r7, #8]
     0x0002f786 <+10>:    str     r2, [r7, #4]
     0x0002f788 <+12>:    str     r3, [r7, #0]
     0x0002f78a <+14>:    ldr     r2, [r7, #8]
     0x0002f78c <+16>:    ldr     r3, [r7, #12]
     0x0002f78e <+18>:    subs    r3, r2, r3
     0x0002f790 <+20>:    cmp     r3, #2
     0x0002f792 <+22>:    bgt.n   0x2f798 <_ZN7leveldbL11DecodeEntryEPKcS1_PjS2_S2_+28>
     0x0002f794 <+24>:    movs    r3, #0
     0x0002f796 <+26>:    b.n     0x2f858 <_ZN7leveldbL11DecodeEntryEPKcS1_PjS2_S2_+220>
     0x0002f798 <+28>:    ldr     r3, [r7, #12]
  => 0x0002f79a <+30>:    ldrb    r3, [r3, #0]
     0x0002f79c <+32>:    mov     r2, r3

Original issue reported on code.google.com by vlankh...@google.com on 22 Aug 2014 at 12:40

GoogleCodeExporter commented 9 years ago 
Using Leveldb on internal firewall company, in my case it is nearly impossible 
to reproduce, it happens sometimes. No open fd or mem leak detected by valgrind 
or tracked with lsof. The rest of thread are waiting on epoll_wait or similar.

Thread 1 (Thread 0xefdfdb90 (LWP 19442)):
#0  0x08435bf1 in leveldb::Block::Iter::SeekToFirst() ()
#1  0x08430f47 in leveldb::(anonymous 
namespace)::TwoLevelIterator::SkipEmptyDataBlocksForward() ()
#2  0x0842d97a in leveldb::(anonymous 
namespace)::MergingIterator::SeekToFirst() ()
#3  0x08419e0a in 
leveldb::DBImpl::DoCompactionWork(leveldb::DBImpl::CompactionState*) ()
#4  0x0841a90d in leveldb::DBImpl::BackgroundCompaction() ()
#5  0x0841b117 in leveldb::DBImpl::BackgroundCall() ()
#6  0x08437ce8 in leveldb::(anonymous 
namespace)::PosixEnv::BGThreadWrapper(void*) ()
#7  0x47ebc51f in start_thread () from /lib/libpthread.so.0
#8  0x47df201e in clone () from /lib/libc.so.6

Disassembly:

  0x08435b70 <+0>:     push   %ebp
   0x08435b71 <+1>:     mov    %esp,%ebp
   0x08435b73 <+3>:     push   %edi
   0x08435b74 <+4>:     push   %esi
   0x08435b75 <+5>:     push   %ebx
   0x08435b76 <+6>:     sub    $0x4c,%esp
   0x08435b79 <+9>:     mov    0x8(%ebp),%esi
   0x08435b7c <+12>:    lea    0x2c(%esi),%eax
   0x08435b7f <+15>:    mov    %eax,-0x40(%ebp)
   0x08435b82 <+18>:    movl   $0x0,0xc(%esp)
   0x08435b8a <+26>:    mov    0x2c(%esi),%eax
   0x08435b8d <+29>:    mov    -0xc(%eax),%eax
   0x08435b90 <+32>:    movl   $0x0,0x4(%esp)
   0x08435b98 <+40>:    mov    %eax,0x8(%esp)
   0x08435b9c <+44>:    mov    -0x40(%ebp),%eax
   0x08435b9f <+47>:    mov    %eax,(%esp)
   0x08435ba2 <+50>:    call   0x811a89c <_ZNSs9_M_mutateEjjj@plt>
   0x08435ba7 <+55>:    mov    0x18(%esi),%edx
   0x08435baa <+58>:    mov    0x1c(%esi),%ecx
   0x08435bad <+61>:    movl   $0x0,0x28(%esi)
   0x08435bb4 <+68>:    lea    (%edx,%ecx,1),%edi
   0x08435bb7 <+71>:    mov    (%edi),%eax
   0x08435bb9 <+73>:    mov    %eax,-0x10(%ebp)
   0x08435bbc <+76>:    lea    (%edx,%eax,1),%eax
   0x08435bbf <+79>:    mov    %eax,0x30(%esi)
   0x08435bc2 <+82>:    sub    0x18(%esi),%eax
   0x08435bc5 <+85>:    movl   $0x0,0x34(%esi)
   0x08435bcc <+92>:    lea    (%edx,%eax,1),%ebx
   0x08435bcf <+95>:    cmp    %edi,%ebx
   0x08435bd1 <+97>:    mov    %eax,0x24(%esi)
   0x08435bd4 <+100>:   jb     0x8435be8 <_ZN7leveldb5Block4Iter11SeekToFirstEv+120>
   0x08435bd6 <+102>:   mov    0x20(%esi),%eax
   0x08435bd9 <+105>:   mov    %ecx,0x24(%esi)
   0x08435bdc <+108>:   mov    %eax,0x28(%esi)
   0x08435bdf <+111>:   add    $0x4c,%esp
   0x08435be2 <+114>:   pop    %ebx
   0x08435be3 <+115>:   pop    %esi
   0x08435be4 <+116>:   pop    %edi
   0x08435be5 <+117>:   pop    %ebp
   0x08435be6 <+118>:   ret    
   0x08435be7 <+119>:   nop
   0x08435be8 <+120>:   mov    %edi,%eax
   0x08435bea <+122>:   sub    %ebx,%eax
   0x08435bec <+124>:   cmp    $0x2,%eax
   0x08435bef <+127>:   jle    0x8435c3d <_ZN7leveldb5Block4Iter11SeekToFirstEv+205>
=> 0x08435bf1 <+129>:   movzbl (%ebx),%eax
   0x08435bf4 <+132>:   mov    %eax,-0x10(%ebp)

Original comment by Raist...@gmail.com on 6 Oct 2014 at 5:32