[GHC] #13970: Segmentation fault inside threadPaused
GHC
ghc-devs at haskell.org
Thu Jul 13 16:23:05 UTC 2017
#13970: Segmentation fault inside threadPaused
-------------------------------------+-------------------------------------
Reporter: albertov | Owner: (none)
Type: bug | Status: new
Priority: normal | Milestone:
Component: Runtime | Version: 8.2.1-rc3
System |
Keywords: | Operating System: Unknown/Multiple
Architecture: | Type of failure: None/Unknown
Unknown/Multiple |
Test Case: | Blocked By:
Blocking: | Related Tickets:
Differential Rev(s): | Wiki Page:
-------------------------------------+-------------------------------------
A multithreaded program generated by latest release candidate occasionally
segfaults inside the runtime system. It is always at the same instruction:
{{{
(gdb) bt
#0 0x00007f25ca77fde3 in threadPaused ()
from /nix/store/995xifyvjlbvd138r0gpq008nyxls6hr-
ghc-8.2.0.20170704/lib/ghc-8.2.0.20170704/rts/libHSrts_thr-
ghc8.2.0.20170704.so
#1 0x00007f25ca795068 in stg_returnToSched ()
from /nix/store/995xifyvjlbvd138r0gpq008nyxls6hr-
ghc-8.2.0.20170704/lib/ghc-8.2.0.20170704/rts/libHSrts_thr-
ghc8.2.0.20170704.so
#2 0x0000000000000000 in ?? ()
(gdb) disassemble
Dump of assembler code for function threadPaused:
0x00007f25ca77fda0 <+0>: push %r15
0x00007f25ca77fda2 <+2>: push %r14
0x00007f25ca77fda4 <+4>: push %r13
0x00007f25ca77fda6 <+6>: push %r12
0x00007f25ca77fda8 <+8>: mov %rdi,%r12
0x00007f25ca77fdab <+11>: push %rbp
0x00007f25ca77fdac <+12>: push %rbx
0x00007f25ca77fdad <+13>: mov %rsi,%rbp
0x00007f25ca77fdb0 <+16>: sub $0x28,%rsp
0x00007f25ca77fdb4 <+20>: callq 0x7f25ca77a640
<maybePerformBlockedException>
0x00007f25ca77fdb9 <+25>: cmpw $0x3,0x20(%rbp)
0x00007f25ca77fdbe <+30>: je 0x7f25ca77fe1d <threadPaused+125>
0x00007f25ca77fdc0 <+32>: mov 0x18(%rbp),%rax
0x00007f25ca77fdc4 <+36>: mov 0x8(%rax),%edx
0x00007f25ca77fdc7 <+39>: mov 0x10(%rax),%rbx
0x00007f25ca77fdcb <+43>: lea 0x18(%rax,%rdx,8),%r13
0x00007f25ca77fdd0 <+48>: cmp %rbx,%r13
0x00007f25ca77fdd3 <+51>: jbe 0x7f25ca77fe16 <threadPaused+118>
0x00007f25ca77fdd5 <+53>: xor %r9d,%r9d
0x00007f25ca77fdd8 <+56>: xor %r14d,%r14d
0x00007f25ca77fddb <+59>: xor %r15d,%r15d
0x00007f25ca77fdde <+62>: xor %ecx,%ecx
0x00007f25ca77fde0 <+64>: mov (%rbx),%rdx
=> 0x00007f25ca77fde3 <+67>: mov -0x8(%rdx),%eax
0x00007f25ca77fde6 <+70>: cmp $0x21,%eax
0x00007f25ca77fde9 <+73>: je 0x7f25ca77ff10 <threadPaused+368>
0x00007f25ca77fdef <+79>: jb 0x7f25ca77fed0 <threadPaused+304>
0x00007f25ca77fdf5 <+85>: lea -0x23(%rax),%esi
0x00007f25ca77fdf8 <+88>: cmp $0x1,%esi
0x00007f25ca77fdfb <+91>: ja 0x7f25ca77fed0 <threadPaused+304>
0x00007f25ca77fe01 <+97>: cmp $0x8,%r15d
0x00007f25ca77fe05 <+101>: setbe %dl
0x00007f25ca77fe08 <+104>: test %ecx,%ecx
0x00007f25ca77fe0a <+106>: setne %al
0x00007f25ca77fe0d <+109>: test %al,%dl
0x00007f25ca77fe0f <+111>: jne 0x7f25ca77fe30 <threadPaused+144>
0x00007f25ca77fe11 <+113>: cmp %r15d,%ecx
0x00007f25ca77fe14 <+116>: ja 0x7f25ca77fe30 <threadPaused+144>
0x00007f25ca77fe16 <+118>: andl $0xffffff7f,0x24(%rbp)
0x00007f25ca77fe1d <+125>: add $0x28,%rsp
0x00007f25ca77fe21 <+129>: pop %rbx
0x00007f25ca77fe22 <+130>: pop %rbp
0x00007f25ca77fe23 <+131>: pop %r12
0x00007f25ca77fe25 <+133>: pop %r13
0x00007f25ca77fe27 <+135>: pop %r14
0x00007f25ca77fe29 <+137>: pop %r15
0x00007f25ca77fe2b <+139>: retq
0x00007f25ca77fe2c <+140>: nopl 0x0(%rax)
0x00007f25ca77fe30 <+144>: lea 0x3e2c9(%rip),%rax #
0x7f25ca7be100 <RtsFlags>
0x00007f25ca77fe37 <+151>: cmpb $0x0,0x4c(%rax)
0x00007f25ca77fe3b <+155>: je 0x7f25ca77fe16 <threadPaused+118>
0x00007f25ca77fe3d <+157>: mov 0x18(%rbp),%rax
0x00007f25ca77fe41 <+161>: mov 0x10(%rax),%r14
0x00007f25ca77fe45 <+165>: cmp %rbx,%r14
0x00007f25ca77fe48 <+168>: lea -0x10(%r14),%r13
0x00007f25ca77fe4c <+172>: ja 0x7f25ca780082 <threadPaused+738>
0x00007f25ca77fe52 <+178>: xor %ecx,%ecx
0x00007f25ca77fe54 <+180>: jmp 0x7f25ca77fe70 <threadPaused+208>
0x00007f25ca77fe56 <+182>: nopw %cs:0x0(%rax,%rax,1)
0x00007f25ca77fe60 <+192>: add $0x1,%ecx
0x00007f25ca77fe63 <+195>: add $0x10,%r14
0x00007f25ca77fe67 <+199>: cmp %rbx,%r14
0x00007f25ca77fe6a <+202>: ja 0x7f25ca780060 <threadPaused+704>
0x00007f25ca77fe70 <+208>: mov (%r14),%rdx
0x00007f25ca77fe73 <+211>: mov -0x8(%rdx),%eax
0x00007f25ca77fe76 <+214>: cmp $0x21,%eax
0x00007f25ca77fe79 <+217>: je 0x7f25ca77fe60 <threadPaused+192>
0x00007f25ca77fe7b <+219>: cmp $0x1,%ecx
0x00007f25ca77fe7e <+222>: jbe 0x7f25ca77fe9b <threadPaused+251>
0x00007f25ca77fe80 <+224>: lea -0x10(%r14),%rdx
0x00007f25ca77fe84 <+228>: mov %r13,%r8
0x00007f25ca77fe87 <+231>: mov %rbp,%rsi
0x00007f25ca77fe8a <+234>: mov %r12,%rdi
0x00007f25ca77fe8d <+237>: callq 0x7f25ca77fce0
<updateAdjacentFrames>
0x00007f25ca77fe92 <+242>: mov (%r14),%rdx
0x00007f25ca77fe95 <+245>: mov %rax,%r13
0x00007f25ca77fe98 <+248>: mov -0x8(%rdx),%eax
0x00007f25ca77fe9b <+251>: cmp $0x1f,%eax
0x00007f25ca77fe9e <+254>: je 0x7f25ca780048 <threadPaused+680>
0x00007f25ca77fea4 <+260>: cmp $0x20,%eax
0x00007f25ca77fea7 <+263>: je 0x7f25ca780038 <threadPaused+664>
0x00007f25ca77fead <+269>: cmp $0x1d,%eax
0x00007f25ca77feb0 <+272>: je 0x7f25ca780020 <threadPaused+640>
...
}}}
Which I believe is the same place as reported in #9130.
Apart from this error, the program also crashes, occasionally, with:
{{{
sigym4-propag: internal error: scavenge_stack: weird activation record
found on stack: -1717986919
(GHC version 8.2.0.20170704 for x86_64_unknown_linux)
Please report this as a GHC bug:
http://www.haskell.org/ghc/reportabug
}}}
(The activation record number changes between runs).
I believe these to be related since I've found (after a long git-bisect
session) that they both began manifesting themselves after the same GHC
commit: c1c0985416a6f9766c03d361449f556905bf8e1d
--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/13970>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
More information about the ghc-tickets
mailing list