https://bugzilla.novell.com/show_bug.cgi?id=647248
https://bugzilla.novell.com/show_bug.cgi?id=647248#c0 Summary: SIGSEGV when calling a managed handler Classification: Mono Product: Mono: Runtime Version: 2.6.x Platform: x86-64 OS/Version: FreeBSD Status: NEW Severity: Critical Priority: P5 - None Component: interop AssignedTo: [email protected] ReportedBy: [email protected] QAContact: [email protected] Found By: --- Blocker: --- Created an attachment (id=395310) --> (http://bugzilla.novell.com/attachment.cgi?id=395310) Test case User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.127 Safari/533.4 Mono crashes when native code invokes a managed callback from a thread, different from the one that registered the callback. This occurs only under FreeBSD. The bug is very severe, e.g. it prevents Banshee from functioning normally as many GStreamer callbacks are invoked from newly created threads. Test case is attached. Reproducible: Always Steps to Reproduce: Unpack the attached test case, then: % cd mono-crash % ./run Actual Results: % ./run Abort trap (core dumped) % gdb mono GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-marcel-freebsd"... (gdb) core mono.core Core was generated by `mono'. Program terminated with signal 6, Aborted. Reading symbols from /usr/local/lib/libgthread-2.0.so.0...done. Loaded symbols for /usr/local/lib/libgthread-2.0.so.0 Reading symbols from /usr/local/lib/libglib-2.0.so.0...done. Loaded symbols for /usr/local/lib/libglib-2.0.so.0 Reading symbols from /usr/local/lib/libintl.so.9...done. Loaded symbols for /usr/local/lib/libintl.so.9 Reading symbols from /usr/local/lib/libiconv.so.3...done. Loaded symbols for /usr/local/lib/libiconv.so.3 Reading symbols from /usr/local/lib/libpcre.so.0...done. Loaded symbols for /usr/local/lib/libpcre.so.0 Reading symbols from /lib/libm.so.5...done. Loaded symbols for /lib/libm.so.5 Reading symbols from /lib/libthr.so.3...done. Loaded symbols for /lib/libthr.so.3 Reading symbols from /lib/libc.so.7...done. Loaded symbols for /lib/libc.so.7 Reading symbols from ./libnative.so...done. Loaded symbols for ./libnative.so Reading symbols from /libexec/ld-elf.so.1...done. Loaded symbols for /libexec/ld-elf.so.1 #0 0x000000080133603c in thr_kill () from /lib/libc.so.7 [New Thread 80160ac80 (LWP 100355)] [New Thread 80160aac0 (LWP 100321)] [New Thread 8016a6540 (LWP 100252)] [New Thread 8016041c0 (LWP 100103)] (gdb) where #0 0x000000080133603c in thr_kill () from /lib/libc.so.7 #1 0x00000008013d21cb in abort () from /lib/libc.so.7 #2 0x00000000004c9fb5 in mono_handle_native_sigsegv (signal=11, ctx=0x7fffff9ec9b0) at mini-exceptions.c:1856 #3 0x0000000000421a8f in mono_sigsegv_signal_handler (_dummy=11, info=0x7fffff9ecd20, context=0x7fffff9ec9b0) at mini.c:4867 #4 <signal handler called> #5 0x00000008011d0b3c in sem_post () from /lib/libthr.so.3 #6 0x00000000006943dc in GC_start_routine_head (arg=0x7fffff9ece60, base_addr=0x7fffff9eced8, start=0x0, start_arg=0x0) at pthread_support.c:1342 #7 0x000000000069447b in GC_thread_register_foreign (base_addr=0x7fffff9eced8) at pthread_support.c:1370 #8 0x00000000005648f7 in mono_gc_register_thread (baseptr=0x7fffff9eced8) at boehm-gc.c:240 #9 0x000000000062b144 in mono_thread_attach (domain=0xa24e00) at threads.c:908 #10 0x000000000041ae25 in mono_jit_thread_attach (domain=0xa24e00) at mini.c:2276 #11 0x00000008008a2646 in ?? () #12 0x0000000000000000 in ?? () #13 0x000000080200083f in thread_start () from ./libnative.so #14 0x0000000800b016f4 in g_thread_create_full () from /usr/local/lib/libglib-2.0.so.0 #15 0x00000008011d1511 in pthread_getprio () from /lib/libthr.so.3 #16 0x0000000000000000 in ?? () Cannot access memory at address 0x7fffff9ed000 Expected Results: The same code runs fine under GNU/Linux: $ ./run handler If the callback is called from the same thread, Mono no longer crashes. You can use the following diff: diff --git a/native.c b/native.c index 52cc227..70e6749 100644 --- a/native.c +++ b/native.c @@ -10,6 +10,7 @@ gpointer thread_start (gpointer data) { void start (Handler handler) { GThread *thread; - thread = g_thread_create (thread_start, handler, TRUE, NULL); - g_thread_join (thread); +// thread = g_thread_create (thread_start, handler, TRUE, NULL); +// g_thread_join (thread); + thread_start (handler); } System details: % uname -a FreeBSD alex-desktop 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:36:49 UTC 2010 [email protected]:/usr/obj/usr/src/sys/GENERIC amd64 % mono -V Mono JIT compiler version 2.6.7 (tarball Sun Oct 17 09:45:46 EST 2010) Copyright (C) 2002-2010 Novell, Inc and Contributors. www.mono-project.com TLS: normal GC: Included Boehm (with typed GC and Parallel Mark) SIGSEGV: normal Notification: Thread + polling Architecture: amd64 Disabled: none This crash does not occur under Linux. Details of the system that works fine: $ uname -a Linux alex-vbox 2.6.35-22-generic #33-Ubuntu SMP Sun Sep 19 20:32:27 UTC 2010 x86_64 GNU/Linux $ mono -V Mono JIT compiler version 2.6.7 (Debian 2.6.7-3ubuntu1) Copyright (C) 2002-2010 Novell, Inc and Contributors. www.mono-project.com TLS: __thread GC: Included Boehm (with typed GC and Parallel Mark) SIGSEGV: altstack Notifications: epoll Architecture: amd64 Disabled: none Let me know if you need more information. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug. You are the assignee for the bug. _______________________________________________ mono-bugs maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-bugs
