-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Built-in CPU profiling causes a segmentation fault on macOS 11 #9957
Comments
After some investigation, I find it is probably a macOS unwinder bug. I made a minimal reproducible example: #include <stdio.h>
#include <string.h>
#include <signal.h>
#include <unwind.h>
#include <sys/time.h>
_Unwind_Reason_Code trace_func(_Unwind_Context *ctx, void *arg)
{
return _URC_NO_REASON;
}
void sig_handler(int signal)
{
_Unwind_Backtrace(trace_func, NULL);
}
void register_sig_handler()
{
signal(SIGPROF, sig_handler);
}
void start_timer()
{
struct itimerval val;
memset(&val, 0, sizeof(struct itimerval));
val.it_interval.tv_usec = 10101;
val.it_value.tv_usec = 10101;
setitimer(ITIMER_PROF, &val, NULL);
}
void work()
{
struct timeval tp, tzp;
gettimeofday(&tp, &tzp);
}
int main(void)
{
register_sig_handler();
start_timer();
for (;;)
{
work();
}
return 0;
} This C program leads to a segmentation fault. The backtrace shows the cause is the same:
Therefore, the problem is the macOS system libunwind cannot handle the debug information of macOS kernel functions like |
I guess we can't do anything practical for the problem. We should check if it's MacOS and return error for the http API. |
x86 does not guarantee the existence of frame-pointer, so maybe it can be solved with a custom unwind implementation: when it finds that |
@mornyx It's fine. The |
This is a good way, |
How can a kernel space address end up on the user stack? |
Sorry, this is a misrepresentation, the correct one should be |
|
Ah I see, that makes sense. Thanks!
Whoa, using write on a pipe with a random source pointer in order to validate the pointer! Wild! I didn't know you could do that. |
ref tikv#9957, close tikv#10658, ref tikv#10658, ref tikv#11964 Signed-off-by: mornyx <mornyx.z@gmail.com> Co-authored-by: Ti Chi Robot <ti-community-prow-bot@tidb.io>
Bug Report
What version of TiKV are you using?
What operating system and CPU are you using?
macOS 11.2.3. Intel 4258U.
It does not happen on macOS 10.14 or 10.15.
Steps to reproduce
Executing a write workload on TiKV (for example running TPC-C on TiDB). Then, use the built-in profiling tool to get a flame graph by
GET http://{TiKV_IP}:20180/debug/pprof/profile?seconds=30
What did you expect?
A CPU flame graph is generated.
What did happened?
A segmentation fault occurs.
Examining the core dump, we find the CFI parser in
libunwind.dylib
tries to access0x0
:The text was updated successfully, but these errors were encountered: