oraluben commented on issue #464: URL: https://github.com/apache/tvm-ffi/issues/464#issuecomment-4485621970
## Root cause identified Crash happens in `SimpleObjAllocator::Handler<ErrorObjFromStd>::Deleter_` called from `TVMFFIObjectDecRef` during Python exception cleanup (`BaseException_dealloc` → `dict_dealloc`). **Crash detail** (from macOS arm64 crash report): - Signal: SIGBUS (`EXC_ARM_DA_ALIGN`) - Fault address: `0x6c616e7265746e49` = ASCII `"Internal"` (first 8 bytes of "InternalError" error kind) The `ErrorObj` constructor (line 68-71 of error.h) sets `cause_chain = nullptr` and `extra_context = nullptr`, but on macOS arm64 the allocator (`AlignedAlloc` → `std::malloc`) may reuse memory containing stale non-null bytes. The base class constructor body may not overwrite these bytes under certain compiler optimization scenarios. When `~ErrorObj()` runs during cleanup, it reads `cause_chain` which is NOT nullptr (contains garbage "Internal"), then calls `DecRefObjectHandle` on this garbage pointer → SIGBUS. **Why 0.1.7 works, 0.1.8+ crashes**: PR #396 added `cause_chain` and `extra_context` fields to `ErrorObj` with a non-trivial destructor that calls `DecRefObjectHandle`. Before this, `ErrorObj` had no destructor and no such fields. **POC fix**: #592 — explicitly zero `cause_chain` and `extra_context` in `SafeCallContext::SetRaised` / `SetRaisedByCstr` before storing the ErrorObj in TLS. This prevents the destructor from attempting `DecRefObjectHandle` on garbage pointers. The ideal fix would be to ensure memory is zeroed at the allocator level or that the constructor reliably initializes all fields regardless of compiler optimizations. Feedback welcome. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
