This is the mail archive of the cygwin-patches mailing list for the Cygwin project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
I was looking at the crash reported at [1]. Processing the stackdump gives:
0x000000018006ff23 signal_exit exceptions.cc:1234 0x00000001800713ea _cygtls::call_signal_handler() exceptions.cc:1490 0x0000000180121d04 sig_send(_pinfo*, siginfo_t&, _cygtls*) sigproc.cc:714 0x000000018011ee5e _pinfo::kill(siginfo_t&) signal.cc:252 0x000000018011f32b kill0 signal.cc:303 0x000000018011f4fc raise signal.cc:289 0x000000018011f7bf abort signal.cc:376 0x00000001801528c5 dlfree malloc.cc:4762 0x00000001800c52b3 free sync.h:36 0x000000018011ae5b ?? sigfe.s:43
Which is not entirely helpful.We can see that an abort signal is being raised inside free, but the stacktrace stops at _sigbe, because unwinding that frame requires special measures.
Presumably run has some invalid heap use going on, but annoyingly the stackdump stops short of identifying the problem line.
Attached is a patch which teaches stack_info::walk() how to unwind these frames on x86_64.
Also attached is a small testcase, which currently produces a similar stackdump truncated at _sigbe, or with my patch applied:
0x0000000180070238 signal_exit exceptions.cc:1321 0x000000018007172a _cygtls::call_signal_handler() exceptions.cc:1578 0x0000000180127e2f sig_send(_pinfo*, siginfo_t&, _cygtls*) sigproc.cc:714 0x0000000180124fb0 _pinfo::kill(siginfo_t&) signal.cc:252 0x0000000180125479 kill0 signal.cc:303 0x000000018012564c raise signal.cc:289 0x000000018012590f abort signal.cc:376 0x000000018015969a dlfree malloc.cc:4717 0x00000001800ca103 free sync.h:36 0x0000000180120f5b ?? (_sigbe) sigfe.s:54 0x0000000100401119 foo malloc-corruption-abort.c:11 0x000000010040113b sighandler malloc-corruption-abort.c:17 0x000000018007172a _cygtls::call_signal_handler() exceptions.cc:1578 0x0000000180121078 ?? (sigdelayed) sigfe.s:144 0x0000000100401174 main malloc-corruption-abort.c:32
The x86 unwinder could probably benefit from something similar, but it seems to be able to do a slightly better job of escaping from _sigbe, I guess due to the frame pointer.
[1] https://cygwin.com/ml/cygwin/2015-03/msg00117.html
Attachment:
malloc-corruption-abort.c
Description: Text document
Attachment:
0001-Teach-stackinfo-walk-how-to-virtually-unwind-the-tls.patch
Description: Text document
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |