[Mono-bugs] [Bug 647248] New: SIGSEGV when calling a managed handler
bugzilla_noreply at novell.com
bugzilla_noreply at novell.com
Sun Oct 17 01:39:03 EDT 2010
https://bugzilla.novell.com/show_bug.cgi?id=647248
https://bugzilla.novell.com/show_bug.cgi?id=647248#c0
Summary: SIGSEGV when calling a managed handler
Classification: Mono
Product: Mono: Runtime
Version: 2.6.x
Platform: x86-64
OS/Version: FreeBSD
Status: NEW
Severity: Critical
Priority: P5 - None
Component: interop
AssignedTo: mono-bugs at lists.ximian.com
ReportedBy: alexander at kojevnikov.com
QAContact: mono-bugs at lists.ximian.com
Found By: ---
Blocker: ---
Created an attachment (id=395310)
--> (http://bugzilla.novell.com/attachment.cgi?id=395310)
Test case
User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US) AppleWebKit/533.4
(KHTML, like Gecko) Chrome/5.0.375.127 Safari/533.4
Mono crashes when native code invokes a managed callback from a thread,
different from the one that registered the callback.
This occurs only under FreeBSD. The bug is very severe, e.g. it prevents
Banshee from functioning normally as many GStreamer callbacks are invoked from
newly created threads.
Test case is attached.
Reproducible: Always
Steps to Reproduce:
Unpack the attached test case, then:
% cd mono-crash
% ./run
Actual Results:
% ./run
Abort trap (core dumped)
% gdb mono
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...
(gdb) core mono.core
Core was generated by `mono'.
Program terminated with signal 6, Aborted.
Reading symbols from /usr/local/lib/libgthread-2.0.so.0...done.
Loaded symbols for /usr/local/lib/libgthread-2.0.so.0
Reading symbols from /usr/local/lib/libglib-2.0.so.0...done.
Loaded symbols for /usr/local/lib/libglib-2.0.so.0
Reading symbols from /usr/local/lib/libintl.so.9...done.
Loaded symbols for /usr/local/lib/libintl.so.9
Reading symbols from /usr/local/lib/libiconv.so.3...done.
Loaded symbols for /usr/local/lib/libiconv.so.3
Reading symbols from /usr/local/lib/libpcre.so.0...done.
Loaded symbols for /usr/local/lib/libpcre.so.0
Reading symbols from /lib/libm.so.5...done.
Loaded symbols for /lib/libm.so.5
Reading symbols from /lib/libthr.so.3...done.
Loaded symbols for /lib/libthr.so.3
Reading symbols from /lib/libc.so.7...done.
Loaded symbols for /lib/libc.so.7
Reading symbols from ./libnative.so...done.
Loaded symbols for ./libnative.so
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
#0 0x000000080133603c in thr_kill () from /lib/libc.so.7
[New Thread 80160ac80 (LWP 100355)]
[New Thread 80160aac0 (LWP 100321)]
[New Thread 8016a6540 (LWP 100252)]
[New Thread 8016041c0 (LWP 100103)]
(gdb) where
#0 0x000000080133603c in thr_kill () from /lib/libc.so.7
#1 0x00000008013d21cb in abort () from /lib/libc.so.7
#2 0x00000000004c9fb5 in mono_handle_native_sigsegv (signal=11,
ctx=0x7fffff9ec9b0)
at mini-exceptions.c:1856
#3 0x0000000000421a8f in mono_sigsegv_signal_handler (_dummy=11,
info=0x7fffff9ecd20,
context=0x7fffff9ec9b0) at mini.c:4867
#4 <signal handler called>
#5 0x00000008011d0b3c in sem_post () from /lib/libthr.so.3
#6 0x00000000006943dc in GC_start_routine_head (arg=0x7fffff9ece60,
base_addr=0x7fffff9eced8, start=0x0, start_arg=0x0) at
pthread_support.c:1342
#7 0x000000000069447b in GC_thread_register_foreign (base_addr=0x7fffff9eced8)
at pthread_support.c:1370
#8 0x00000000005648f7 in mono_gc_register_thread (baseptr=0x7fffff9eced8) at
boehm-gc.c:240
#9 0x000000000062b144 in mono_thread_attach (domain=0xa24e00) at threads.c:908
#10 0x000000000041ae25 in mono_jit_thread_attach (domain=0xa24e00) at
mini.c:2276
#11 0x00000008008a2646 in ?? ()
#12 0x0000000000000000 in ?? ()
#13 0x000000080200083f in thread_start () from ./libnative.so
#14 0x0000000800b016f4 in g_thread_create_full () from
/usr/local/lib/libglib-2.0.so.0
#15 0x00000008011d1511 in pthread_getprio () from /lib/libthr.so.3
#16 0x0000000000000000 in ?? ()
Cannot access memory at address 0x7fffff9ed000
Expected Results:
The same code runs fine under GNU/Linux:
$ ./run
handler
If the callback is called from the same thread, Mono no longer crashes. You can
use the following diff:
diff --git a/native.c b/native.c
index 52cc227..70e6749 100644
--- a/native.c
+++ b/native.c
@@ -10,6 +10,7 @@ gpointer thread_start (gpointer data) {
void start (Handler handler) {
GThread *thread;
- thread = g_thread_create (thread_start, handler, TRUE, NULL);
- g_thread_join (thread);
+// thread = g_thread_create (thread_start, handler, TRUE, NULL);
+// g_thread_join (thread);
+ thread_start (handler);
}
System details:
% uname -a
FreeBSD alex-desktop 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:36:49
UTC 2010 root at mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
% mono -V
Mono JIT compiler version 2.6.7 (tarball Sun Oct 17 09:45:46 EST 2010)
Copyright (C) 2002-2010 Novell, Inc and Contributors. www.mono-project.com
TLS: normal
GC: Included Boehm (with typed GC and Parallel Mark)
SIGSEGV: normal
Notification: Thread + polling
Architecture: amd64
Disabled: none
This crash does not occur under Linux. Details of the system that works fine:
$ uname -a
Linux alex-vbox 2.6.35-22-generic #33-Ubuntu SMP Sun Sep 19 20:32:27 UTC 2010
x86_64 GNU/Linux
$ mono -V
Mono JIT compiler version 2.6.7 (Debian 2.6.7-3ubuntu1)
Copyright (C) 2002-2010 Novell, Inc and Contributors. www.mono-project.com
TLS: __thread
GC: Included Boehm (with typed GC and Parallel Mark)
SIGSEGV: altstack
Notifications: epoll
Architecture: amd64
Disabled: none
Let me know if you need more information.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
More information about the mono-bugs
mailing list