Giters

flightaware / speedtables

Speed tables is a high-performance memory-resident database. The speed table compiler reads a table definition and generates a set of C access routines to create, manipulate and search tables containing millions of rows. Currently oriented towards Tcl.

Home Page:https://flightaware.github.io/speedtables/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Segfault during "search -write_tabsep" in shmem reader

bovine opened this issue · comments

commented

I'm occasionally seeing a segfault in a shared-memory child while it is trying to write out a table to a file.

I have a stacktrace, however this doesn't have full debugging symbols so it is of limited use. I will try to get a more complete stacktrace the next time it occurs.

Program received signal SIGSEGV, Segmentation fault.
0x0000000800a56f27 in strlen () from /lib/libc.so.7
(gdb) bt
 #0  0x0000000800a56f27 in strlen () from /lib/libc.so.7
 #1  0x0000000801825538 in InFlight_get_string () from stobj/birdseye/libbirdseye.so
 #2  0x0000000801828edd in InFlight_dstring_append_get_tabsep () from stobj/birdseye/libbirdseye.so
 #3  0x0000000801824ab6 in ctable_SearchAction () from stobj/birdseye/libbirdseye.so
 #4  0x000000080183fdde in ctable_SetupAndPerformSearch () from stobj/birdseye/libbirdseye.so
 #5  0x000000080184d3b3 in InFlightObjCmd () from stobj/birdseye/libbirdseye.so
 #6  0x0000000800675313 in TclEvalObjvInternal () from /usr/local/lib/libtcl85.so.1
 #7  0x00000008006bb5d7 in TclExecuteByteCode () from /usr/local/lib/libtcl85.so.1
 #8  0x00000008006f8a82 in TclObjInterpProcCore () from /usr/local/lib/libtcl85.so.1
#9  0x0000000800675313 in TclEvalObjvInternal () from /usr/local/lib/libtcl85.so.1
#10 0x00000008006bb5d7 in TclExecuteByteCode () from /usr/local/lib/libtcl85.so.1
commented

the full command being used to write is:

    set fp [open [file join $dir $destination] w]
    fconfigure $fp -encoding binary -translation binary

    set count [$ctable search -write_tabsep $fp -with_field_names 1 -nokeys 1]

    close $fp
commented 
Program received signal SIGSEGV, Segmentation fault.
0x0000000800a56f27 in strlen () from /lib/libc.so.7
(gdb) bt
#0  0x0000000800a56f27 in strlen () from /lib/libc.so.7
#1  0x0000000801825638 in InFlight_get_string (vPointer=0x23b5aadd8, field=Variable "field" is not available.
)
    at stobj/birdseye/birdseye-1.0.c:18335
#2  0x0000000801828fdd in InFlight_dstring_append_get_tabsep (key=0x0, 
    vPointer=0x23b5aadd8, fieldNums=Variable "fieldNums" is not available.
) at stobj/birdseye/birdseye-1.0.c:18706
#3  0x0000000801824bb6 in ctable_SearchAction (interp=0x800e38200, ctable=Variable "ctable" is not available.
)
    at ctable_search.c:566
#4  0x000000080183fede in ctable_SetupAndPerformSearch (interp=0x800e38200, 
    objv=Variable "objv" is not available.
) at ctable_search.c:948
#5  0x000000080184d4b3 in InFlightObjCmd (cData=0x8016fd380, 
    interp=0x800e38200, objc=8, objv=0x800e47470)
    at stobj/birdseye/birdseye-1.0.c:26366
#6  0x0000000800675313 in TclEvalObjvInternal ()
   from /usr/local/lib/libtcl85.so.1
#7  0x00000008006bb5d7 in TclExecuteByteCode ()
   from /usr/local/lib/libtcl85.so.1
#8  0x00000008006f8a82 in TclObjInterpProcCore ()
   from /usr/local/lib/libtcl85.so.1
#9  0x0000000800675313 in TclEvalObjvInternal ()
   from /usr/local/lib/libtcl85.so.1
#10 0x00000008006bb5d7 in TclExecuteByteCode ()
   from /usr/local/lib/libtcl85.so.1


(gdb) up
#1  0x0000000801825638 in InFlight_get_string (vPointer=0x23b5aadd8, field=Variable "field" is not available.
)
    at stobj/birdseye/birdseye-1.0.c:18335
18335           *lengthPtr = strlen(row->hashEntry.key);

(gdb) p vPointer
$1 = (const void *) 0x23b5aadd8

(gdb) x/16w vPointer
0x23b5aadd8:    0x00000000      0x00000000      0x00000000      0x00000000
0x23b5aade8:    0x60d10439      0x00000000      0x00000035      0x00000000
0x23b5aadf8:    0x3b5aa7a8      0x00000002      0x00000000      0x00000000
0x23b5aae08:    0xa0000448      0x00000000      0x38b17958      0x00000002

(gdb) p *(struct InFlight*)vPointer
$6 = {hashEntry = {nextPtr = 0x0, key = 0x0, hash = 1624310841}, 
  _row_cycle = 53, _ll_nodes = {{next = 0x23b5aa7a8, prev = 0x0, 
      head = 0xa0000448}, {next = 0x238b17958, prev = 0x0, 
      head = 0x25dae4000}, {next = 0x23b59db78, prev = 0x0, 
      head = 0x25ba9c560}, {next = 0x23b5aa7a8, prev = 0x0, 
      head = 0x25bb07058}, {next = 0x0, prev = 0x0, head = 0x2718f82b8}}, 
  ident = 0x2718f8168 "VIR8", _identLength = 4, _identAllocatedLength = 5, 
  arrivalTime = 1301230380, fp_id = 0x0, _fp_idLength = 0, 
  _fp_idAllocatedLength = 0, prefix = 0x0, _prefixLength = 0, 
  _prefixAllocatedLength = 0, suffix = 0x2718f8198 "Q", _suffixLength = 1, 
  _suffixAllocatedLength = 2, aircraftType = 0x2718f81c8 "A346", 
  _aircraftTypeLength = 4, _aircraftTypeAllocatedLength = 5, 
  orig = 0x2718f81f8 "KLAX", _origLength = 4, _origAllocatedLength = 5, 
  dest = 0x2718f8228 "EGLL", _destLength = 4, _destAllocatedLength = 5, 
  originalDest = 0x2718f8258 "EGLL", _originalDestLength = 4, 
  _originalDestAllocatedLength = 5, fdt = 1301192700, cdt = 0, cta = 0, 
  eta = 1301229720, edt = 1301193180, ogta = 1301231100, ogtd = 1301192700, 
  distance = 5570, actualDepartureTime = 1301193240, 
  firstPositionTime = 1301193226, lastPositionTime = 1301232108, 
  lowLon = -118.598892, lowLat = 33.5900002, hiLon = -0.430694014, 
  hiLat = 67.1691284, recvd = 0, clock = 1301232108, alt = -1, altMax = 350, 
  altChar = "-", altChange = " ", gs = 0x2718f8288 "-1", _gsLength = 2, 
  _gsAllocatedLength = 3, lat = 53.6516991, lon = -5.44832993, heading = 308, 
---Type  to continue, or q  to quit---
  lastHeading = 308, angleCount = 325, circles = 4, nPositions = 0, 
  speed = -82, airways = 0x2718f8300 "SEBBY7", _airwaysLength = 6, 
  _airwaysAllocatedLength = 7, 
  fixes = 0x2718f8330 "LAX SEBBY SLI SEBBY DAG LAS HELPR RECAP YBR SCAG KAIIN BODRA DARUB BALIX UP59 NINEX UN590 GOW UN615 LAKEY NUGRA EGLL", 
  _fixesLength = 116, _fixesAllocatedLength = 117, 
  route = 0x2718f83d0 "KLAX./.5700N/09000W..BODRA..6500N/07000W..DARUB..6700N/05000W..6700N/04000W..6600N/03000W..6400N/02000W..BALIX..UP59..NINEX..UN590..GOW..UN615..LAKEY..NUGRA..EGLL", _routeLength = 162, _routeAllocatedLength = 163, 
  waypoints = 0x2718f84a0 "33.9", '3' , " -118.4 33.9 -118.31", '6' , " 33.88", '3' , " -118.3 33.88", '3' , " -118.28", '3' , " 33.85 -118.21", '6' , "7 33.85 -118.21", '6' , "7 33.8", '3' , "6 -118.2 33.833333"..., _waypointsLength = 3247, 
  _waypointsAllocatedLength = 3248, userClass = "C", physClass = "J", 
  status = "A", updateType = "P", inAir = 0, arrived = 1, cancelled = 0, 
  blocked = 0, debug = 0, diverting = 0, diverted = 0, 
  divertCancellationReceived = 0, lifeguard = 0, taxi = 0, adtEst = 0, 
  arrivalTimeEstimated = 0, archived = 0, _dirty = 0, _identIsNull = 0, 
  _fp_idIsNull = 1, _prefixIsNull = 1, _suffixIsNull = 0, 
  _aircraftTypeIsNull = 0, _originalDestIsNull = 0, _latIsNull = 0, 
  _lastHeadingIsNull = 0, _airwaysIsNull = 0, _fixesIsNull = 0, 
  _routeIsNull = 0, _waypointsIsNull = 0}

Note that ((struct InFlight*)vPointer)->hashEntry.key is NULL, which is what strlen() is being invoked against.

commented

Here's another, with the same NULL hashEntry.key condition on a different system. All other data in the structure appears to be fine:

Program received signal SIGSEGV, Segmentation fault.
0x0000000800a56f27 in strlen () from /lib/libc.so.7
(gdb) bt
#0  0x0000000800a56f27 in strlen () from /lib/libc.so.7
#1  0x0000000801825638 in InFlight_get_string (vPointer=0x2209a9d10, field=Variable "field" is not available.
) at stobj/birdseye/birdseye-1.0.c:18335
#2  0x0000000801828fdd in InFlight_dstring_append_get_tabsep (key=0x0, vPointer=0x2209a9d10, fieldNums=Variable "fieldNums" is not available.
) at stobj/birdseye/birdseye-1.0.c:18706
#3  0x0000000801824bb6 in ctable_SearchAction (interp=0x800e38200, ctable=Variable "ctable" is not available.
) at ctable_search.c:566
#4  0x000000080183fede in ctable_SetupAndPerformSearch (interp=0x800e38200, objv=Variable "objv" is not available.
) at ctable_search.c:948
#5  0x000000080184d4c3 in InFlightObjCmd (cData=0x8016d2b00, interp=0x800e38200, objc=8, objv=0x800e47470) at stobj/birdseye/birdseye-1.0.c:26366
#6  0x0000000800675313 in TclEvalObjvInternal () from /usr/local/lib/libtcl85.so.1
#7  0x00000008006bb5d7 in TclExecuteByteCode () from /usr/local/lib/libtcl85.so.1
#8  0x00000008006f8a82 in TclObjInterpProcCore () from /usr/local/lib/libtcl85.so.1
#9  0x0000000800675313 in TclEvalObjvInternal () from /usr/local/lib/libtcl85.so.1
#10 0x00000008006bb5d7 in TclExecuteByteCode () from /usr/local/lib/libtcl85.so.1


gdb) up
#1  0x0000000801825638 in InFlight_get_string (vPointer=0x2209a9d10, field=Variable "field" is not available.
) at stobj/birdseye/birdseye-1.0.c:18335
18335           *lengthPtr = strlen(row->hashEntry.key);

(gdb) p *(struct InFlight*)vPointer
$1 = {hashEntry = {nextPtr = 0x22102cb40, key = 0x0, hash = 3720861599}, _row_cycle = 102931061, _ll_nodes = {{next = 0x21d90e3d0, prev = 0x0, head = 0xa0000448}, {next = 0x0, prev = 0x0, head = 0x246874b00}, {next = 0x21d90e3d0, prev = 0x0, 
      head = 0x243ad4b88}, {next = 0x21dd31550, prev = 0x0, head = 0x243a2eb28}, {next = 0x0, prev = 0x0, head = 0x26598d998}}, ident = 0x123bc4690 "EJA375", _identLength = 6, _identAllocatedLength = 7, arrivalTime = 1301243082, fp_id = 0x0, 
  _fp_idLength = 0, _fp_idAllocatedLength = 0, prefix = 0x0, _prefixLength = 0, _prefixAllocatedLength = 0, suffix = 0x123dc2a18 "L", _suffixLength = 1, _suffixAllocatedLength = 2, aircraftType = 0x123ecc2e8 "C680", _aircraftTypeLength = 4, 
  _aircraftTypeAllocatedLength = 5, orig = 0x1238c0070 "KRSW", _origLength = 4, _origAllocatedLength = 5, dest = 0x124225ab8 "KVRB", _destLength = 4, _destAllocatedLength = 5, originalDest = 0x124324de8 "KVRB", _originalDestLength = 4, 
  _originalDestAllocatedLength = 5, fdt = 1301241600, cdt = 0, cta = 0, eta = 1301243082, edt = 1301241480, ogta = 1301243760, ogtd = 1301241600, distance = 121, actualDepartureTime = 1301241480, firstPositionTime = 1301241526, 
  lastPositionTime = 1301242962, lowLon = -81.913887, lowLat = 26.4930553, hiLon = -80.4161148, hiLat = 27.6947231, recvd = 0, clock = 1301243038, alt = 2, altMax = 430, altChar = " ", altChange = "D", gs = 0x26157f820 "86", _gsLength = 2, 
  _gsAllocatedLength = 4, lat = 27.6680565, lon = -80.4161148, heading = 157, lastHeading = 157, angleCount = 264, circles = 0, nPositions = 0, speed = 251, airways = 0x1e0bd90f0 "V225", _airwaysLength = 4, _airwaysAllocatedLength = 5, 
  fixes = 0x2605fe4b0 "RSW VRB VRB", _fixesLength = 11, _fixesAllocatedLength = 29, route = 0x12401bf10 "KRSW./.LBV136012..VRB..KVRB/1621", _routeLength = 32, _routeAllocatedLength = 39, 
  waypoints = 0x11e60dda8 "26.5", '3' , "5 -81.75 26.5", '6' , " -81.6 26.58", '3' , "2 -81.5", '3' , " 26.58", '3' , "2 -81.51", '6' , "7 26.6", '3' , " -81.35 26.6", '3' , " -81.35 26.65 -81.3 26.683333"..., _waypointsLength = 755, _waypointsAllocatedLength = 756, userClass = "T", physClass = "J", status = "A", updateType = "Z", inAir = 0, arrived = 1, 
  cancelled = 0, blocked = 0, debug = 0, diverting = 0, diverted = 0, divertCancellationReceived = 0, lifeguard = 0, taxi = 0, adtEst = 0, arrivalTimeEstimated = 1, archived = 1, _dirty = 0, _identIsNull = 0, _fp_idIsNull = 1, _prefixIsNull = 1, 
  _suffixIsNull = 0, _aircraftTypeIsNull = 0, _originalDestIsNull = 0, _latIsNull = 0, _lastHeadingIsNull = 0, _airwaysIsNull = 0, _fixesIsNull = 0, _routeIsNull = 0, _waypointsIsNull = 0}
commented

Thanks, those stack dumps and debug output look to be very useful. I'm not sure exactly why this is happening, but I think I have a handle on where to look. The hash tables themselves are not replicated in the client, but while the _key should still be valid I have some ideas where to look.

commented

Closing, since I haven't seen any problems from this recently after your commits to return empty strings.