[erlang-questions] beam[8449]: segfault at 0 ip 0000000000437e10 sp 00007fffce250948 error 4 in beam[400000+174000]
Eric Liang
eric.l.2046@REDACTED
Tue May 25 05:40:36 CEST 2010
On 05/25/2010 11:24 AM, Eric Liang wrote:
> On 05/24/2010 09:14 PM, Mikael Pettersson wrote:
>> Liang Yupeng wrote:
>>
>>> Thanks for your reply, Mikael. Yes, it is beam.smp and 64-bit one.
>>>
>> I have some doubts about that, see below.
>>
>>
>>>> 3. what tools (esp. gcc version) was this built with?
>>>>
>>>>
>>> I install erlang by the command apt-get:
>>>
>> ...
>>
>>> Is this OK? Should I install a new beam-vm by source to get some debug info?
>>>
>> Run `strings -a /path/to/beam | fgrep GCC | sort -u'
>> (where /path/to/beam is the path to the beam executable).
>>
>
> sunny@REDACTED:~$ strings -a /usr/lib/erlang/erts-5.7.2/bin/beam |
> fgrep GCC | sort -u
> sunny@REDACTED:~$ strings -a /usr/lib/erlang/erts-5.7.2/bin/beam.smp
> | fgrep GCC | sort -u
> sunny@REDACTED:~$
>
> You see, neither beam nor beam.smp contains the string like GCC. :(
>
>>
>>>> 4. using gdb or objdump on the `beam' executable, can you
>>>> provide a disassembly of the procedure surrounding 0x437e10?
>>>>
>>> sunny@REDACTED:~$ objdump -D /usr/lib/erlang/erts-5.7.2/bin/beam.smp >
>>> beam.smp.objdump
>>> sunny@REDACTED:~$ cat beam.smp.objdump | grep -C 10 437e1
>>> 437deb: 48 83 c4 38 add $0x38,%rsp
>>> 437def: e9 8c fa ff ff jmpq 437880
>>> <erts_alcu_realloc_thr_spec>
>>> 437df4: be 36 7e 55 00 mov $0x557e36,%esi
>>> 437df9: 89 c7 mov %eax,%edi
>>> 437dfb: e8 70 50 00 00 callq 43ce70
>>> <erts_thr_fatal_error>
>>>
>>> 0000000000437e00 <erts_alcu_realloc_ts>:
>>> 437e00: 4c 89 6c 24 e8 mov %r13,-0x18(%rsp)
>>> 437e05: 4c 8d ae 28 01 00 00 lea 0x128(%rsi),%r13
>>> 437e0c: 48 89 5c 24 d0 mov %rbx,-0x30(%rsp)
>>> 437e11: 48 89 6c 24 d8 mov %rbp,-0x28(%rsp)
>>> 437e16: 4c 89 64 24 e0 mov %r12,-0x20(%rsp)
>>> 437e1b: 48 89 f3 mov %rsi,%rbx
>>> 437e1e: 4c 89 74 24 f0 mov %r14,-0x10(%rsp)
>>> 437e23: 4c 89 7c 24 f8 mov %r15,-0x8(%rsp)
>>> 437e28: 41 89 fe mov %edi,%r14d
>>> 437e2b: 48 83 ec 38 sub $0x38,%rsp
>>> 437e2f: 4c 89 ef mov %r13,%rdi
>>> 437e32: 48 89 d5 mov %rdx,%rbp
>>> 437e35: 49 89 cc mov %rcx,%r12
>>> 437e38: e8 e3 f1 fe ff callq 427020
>>> <pthread_mutex_lock@REDACTED>
>>> 437e3d: 85 c0 test %eax,%eax
>>> 437e3f: 0f 85 ae 02 00 00 jne 4380f3
>>> <erts_alcu_realloc_ts+0x2f3>
>>> 437e45: 48 85 ed test %rbp,%rbp
>>>
>>> Is these lines enough?
>>>
>> This makes me suspect even more that the crash is in an instance of
>> the uni-processor beam executable, not the beam.smp executable.
>> There are two signs for that:
>> 1. The kernel message refers to the executable as `beam' not `beam.smp'.
>>
> You are right. After looking back the benchmark process, I found the
> process:
>
> sunny 4796 0.9 1.8 134320 76444 ? Sl 10:58 0:00
> /usr/lib/erlang/erts-5.7.2/bin/beam -A 256 -P 250000 -- -root
> /usr/lib/erlang -progname erl -- -home /home/sunny -noshell
> -noinput -noshell -noinput -master tsung_controller@REDACTED
> -name os_mon@REDACTED -s slave slave_start
> tsung_controller@REDACTED slave_waiter_2 -rsh ssh -noshell
> -noinput -setcookie tsung -smp disable
>
> This is a tsung monitor process which was started by the tsung
> controller to get the information from dev-3.
>
>> 2. The above disassembly from beam.smp doesn't HAVE any instruction starting
>> at 0x437e10.
>>
>> So please do the objdump and grep thing again but on the plain `beam' executable.
>>
>
> sunny@REDACTED:~/commands$ objdump -D
> /usr/lib/erlang/erts-5.7.2/bin/beam > beam.objdump
> sunny@REDACTED:~/commands$ cat beam.objdump | grep -C 10 437e10
> 437ddd: e9 35 ff ff ff jmpq 437d17
> <erts_gfalc_init+0x317>
> 437de2: 66 0f 1f 44 00 00 nopw 0x0(%rax,%rax,1)
> 437de8: 48 2d 20 e2 00 00 sub $0xe220,%rax
> 437dee: 31 d2 xor %edx,%edx
> 437df0: 48 f7 b7 10 03 00 00 divq 0x310(%rdi)
> 437df7: 05 c0 00 00 00 add $0xc0,%eax
> 437dfc: e9 16 ff ff ff jmpq 437d17
> <erts_gfalc_init+0x317>
> 437e01: 66 66 66 66 66 66 2e nopw %cs:0x0(%rax,%rax,1)
> 437e08: 0f 1f 84 00 00 00 00
> 437e0f: 00
> 437e10: 4c 8b 06 mov (%rsi),%r8
> 437e13: 49 83 e0 f8 and $0xfffffffffffffff8,%r8
> 437e17: 49 81 f8 1f 02 00 00 cmp $0x21f,%r8
> 437e1e: 77 40 ja 437e60
> <erts_gfalc_init+0x460>
> 437e20: 49 8d 50 e0 lea -0x20(%r8),%rdx
> 437e24: 48 c1 ea 03 shr $0x3,%rdx
> 437e28: 4c 8b 4e 08 mov 0x8(%rsi),%r9
> 437e2c: 4d 85 c9 test %r9,%r9
> 437e2f: 74 4f je 437e80
> <erts_gfalc_init+0x480>
> 437e31: 48 8b 46 10 mov 0x10(%rsi),%rax
> 437e35: 49 89 41 10 mov %rax,0x10(%r9)
> --
> 437fae: e8 ed fb ff ff callq 437ba0
> <erts_gfalc_init+0x1a0>
> 437fb3: 4d 85 e4 test %r12,%r12
> 437fb6: 48 89 c3 mov %rax,%rbx
> 437fb9: 74 10 je 437fcb
> <erts_gfalc_init+0x5cb>
> 437fbb: 48 8b 00 mov (%rax),%rax
> 437fbe: 48 83 e0 f8 and $0xfffffffffffffff8,%rax
> 437fc2: 49 39 c7 cmp %rax,%r15
> 437fc5: 0f 86 95 00 00 00 jbe 438060
> <erts_gfalc_init+0x660>
> 437fcb: 48 89 de mov %rbx,%rsi
> 437fce: 48 89 ef mov %rbp,%rdi
> 437fd1: e8 3a fe ff ff callq 437e10
> <erts_gfalc_init+0x410>
> 437fd6: 48 89 d8 mov %rbx,%rax
> 437fd9: 48 8b 5c 24 08 mov 0x8(%rsp),%rbx
> 437fde: 48 8b 6c 24 10 mov 0x10(%rsp),%rbp
> 437fe3: 4c 8b 64 24 18 mov 0x18(%rsp),%r12
> 437fe8: 4c 8b 6c 24 20 mov 0x20(%rsp),%r13
> 437fed: 4c 8b 74 24 28 mov 0x28(%rsp),%r14
> 437ff2: 4c 8b 7c 24 30 mov 0x30(%rsp),%r15
> 437ff7: 48 83 c4 38 add $0x38,%rsp
> 437ffb: c3 retq
> 437ffc: 0f 1f 40 00 nopl 0x0(%rax)
> --
> 438081: 74 54 je 4380d7
> <erts_gfalc_init+0x6d7>
> 438083: 4d 85 e4 test %r12,%r12
> 438086: 74 0c je 438094
> <erts_gfalc_init+0x694>
> 438088: 48 8b 10 mov (%rax),%rdx
> 43808b: 48 83 e2 f8 and $0xfffffffffffffff8,%rdx
> 43808f: 4c 39 fa cmp %r15,%rdx
> 438092: 73 cc jae 438060
> <erts_gfalc_init+0x660>
> 438094: 48 89 c6 mov %rax,%rsi
> 438097: 48 89 ef mov %rbp,%rdi
> 43809a: 48 89 04 24 mov %rax,(%rsp)
> 43809e: e8 6d fd ff ff callq 437e10
> <erts_gfalc_init+0x410>
> 4380a3: 48 8b 04 24 mov (%rsp),%rax
> 4380a7: e9 2d ff ff ff jmpq 437fd9
> <erts_gfalc_init+0x5d9>
> 4380ac: 0f 1f 40 00 nopl 0x0(%rax)
> 4380b0: 4c 8d ae e0 dd ff ff lea -0x2220(%rsi),%r13
> 4380b7: 48 ba ab aa aa aa aa mov $0xaaaaaaaaaaaaaaab,%rdx
> 4380be: aa aa aa
> 4380c1: 4c 89 e8 mov %r13,%rax
> 4380c4: 48 f7 e2 mul %rdx
> 4380c7: 48 c1 ea 09 shr $0x9,%rdx
> 4380cb: 44 8d aa 80 00 00 00 lea 0x80(%rdx),%r13d
> --
> 438302: 48 c7 83 b0 00 00 00 movq $0x1000,0xb0(%rbx)
> 438309: 00 10 00 00
> 43830d: 48 c7 83 b8 00 00 00 movq $0x18,0xb8(%rbx)
> 438314: 18 00 00 00
> 438318: 48 c7 43 28 2f 60 53 movq $0x53602f,0x28(%rbx)
> 43831f: 00
> 438320: 48 c7 83 e8 00 00 00 movq $0x437f40,0xe8(%rbx)
> 438327: 40 7f 43 00
> 43832b: 48 c7 83 f0 00 00 00 movq $0x437d00,0xf0(%rbx)
> 438332: 00 7d 43 00
> 438336: 48 c7 83 f8 00 00 00 movq $0x437e10,0xf8(%rbx)
> 43833d: 10 7e 43 00
> 438341: 48 c7 83 00 01 00 00 movq $0x438480,0x100(%rbx)
> 438348: 80 84 43 00
> 43834c: 48 c7 83 08 01 00 00 movq $0x0,0x108(%rbx)
> 438353: 00 00 00 00
> 438357: 48 c7 83 10 01 00 00 movq $0x438100,0x110(%rbx)
> 43835e: 00 81 43 00
> 438362: 48 c7 83 18 01 00 00 movq $0x438100,0x118(%rbx)
> 438369: 00 81 43 00
> 43836d: 48 c7 83 20 01 00 00 movq $0x4385c0,0x120(%rbx)
>
> Well, the beam does have the instructions starting at 0x437e10.
>
> By the way, would you mind tell me where to get the beam vm sources?
> (or erts sources if there is an address)
>
Forget this, I found it in the OTP sources. :P
Eric
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20100525/02209026/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20100525/02209026/attachment.bin>
More information about the erlang-questions
mailing list