Greetings,
One of my tests intermittently failed with the following stack trace:
#3 0x00000000029c2cea in FailureSignalHandler (signo=11,
si=0x2b3e119bb740, uc=0x2b3e119bb610)
#4 <signal handler called>
#5 trace_lookup () at src/x86_64/Gtrace.c:293
#6 _ULx86_64_tdep_trace () at src/x86_64/Gtrace.c:437
#7 0x00000000029ebdb2 in unw_backtrace () at src/mi/backtrace.c:73
#8 0x00000000029cdd4b in GetStackTraceWithContext ()
#9 0x00000000029c9ceb in sigprof_handler (sig=27,
signal_ucontext=0x2b3e119bca40, cpu_profiler=0x449c0e0)
#10 <signal handler called>
#11 0x00000000029ed686 in munmap () from /lib64/libc.so.6
#12 trace_cache_free () at src/x86_64/Gtrace.c:70
#13 0x00002b3e0e565c31 in start_thread () from /lib64/libpthread.so.0
#14 0x00002b3e0e7a253d in clone () from /lib64/libc.so.6
That is:
- the thread is exiting, and we are running thread-specific destructors,
- while we are munmap()ing the frame cache, SIGPROF arrives, and gets delivered
during return from the munmap syscall,
- SIGPROF handler asks for a stack trace,
- since we have not yet reset tls_cache, we proceed to use it.
Kaboom!
Attached patch re-orders the steps and fixes that crash.
Google ref: b/5721767
Thanks,
--
Paul Pluzhnikov
diff --git a/src/x86_64/Gtrace.c b/src/x86_64/Gtrace.c
index 2d78729..446610c 100644
--- a/src/x86_64/Gtrace.c
+++ b/src/x86_64/Gtrace.c
@@ -66,10 +66,10 @@ trace_cache_free (void *arg)
PTHREAD_DESTRUCTOR_ITERATIONS - cache->dtor_count);
return;
}
+ tls_cache_destroyed = 1;
+ tls_cache = NULL;
munmap (cache->frames, (1u << cache->log_size) * sizeof(unw_tdep_frame_t));
mempool_free (&trace_cache_pool, cache);
- tls_cache = NULL;
- tls_cache_destroyed = 1;
Debug(5, "freed cache %p\n", cache);
}
_______________________________________________
Libunwind-devel mailing list
[email protected]
https://lists.nongnu.org/mailman/listinfo/libunwind-devel
