[GHC] #13970: Segmentation fault inside threadPaused

GHC ghc-devs at haskell.org
Fri Jul 14 13:33:22 UTC 2017 

#13970: Segmentation fault inside threadPaused
-------------------------------------+-------------------------------------
        Reporter:  albertov          |                Owner:  (none)
            Type:  bug               |               Status:  new
        Priority:  normal            |            Milestone:
       Component:  Runtime System    |              Version:  8.2.1-rc3
      Resolution:                    |             Keywords:
Operating System:  Unknown/Multiple  |         Architecture:
                                     |  Unknown/Multiple
 Type of failure:  None/Unknown      |            Test Case:
      Blocked By:                    |             Blocking:
 Related Tickets:                    |  Differential Rev(s):
       Wiki Page:                    |
-------------------------------------+-------------------------------------

Comment (by albertov):

 Another interesting segfault, again, I believe related to the same root
 issue:

 {{{
 Program terminated with signal SIGSEGV, Segmentation fault.
 #0  0x00007f16a46dc18b in cas (n=<optimized out>, o=596035667054922568,
 p=0x7f16a46fce88 <stg_upd_frame_info>) at includes/stg/SMP.h:139
 139     includes/stg/SMP.h: No such file or directory.
 [Current thread is 1 (LWP 3885)]
 warning: File "/nix/store/xfrkm34sk0a13ha9bpki61l2k5g1v8dh-
 gcc-5.4.0-lib/lib/libstdc++.so.6.0.21-gdb.py" auto-loading has been
 declined by your `auto-load safe-path' set to "$debugdir:$datadir/auto-
 load".
 (gdb) bt
 #0  0x00007f16a46dc18b in cas (n=<optimized out>, o=596035667054922568,
 p=0x7f16a46fce88 <stg_upd_frame_info>) at includes/stg/SMP.h:139
 #1  threadPaused (cap=0x1393750, tso=0x421d9dc000) at
 rts/ThreadPaused.c:326
 #2  0x00007f16a46fc275 in stg_returnToSched ()
    from /nix/store/jbrmlni9jhswsdz0rfx5h5qayn8jd96r-
 ghc-8.2.0.20170704/lib/ghc-8.2.0.20170704/rts/libHSrts_thr_debug-
 ghc8.2.0.20170704.so
 #3  0x0000000000000000 in ?? ()
 (gdb) up
 #1  threadPaused (cap=0x1393750, tso=0x421d9dc000) at
 rts/ThreadPaused.c:326
 326     rts/ThreadPaused.c: No such file or directory.
 (gdb) x/64a tso->stackobj->sp
 0x4217cbee88:   0x7f16a46fc5c8 <stg_enter_info> 0x420f67a2d0
 0x4217cbee98:   0x7f16aaaaeba8  0x7f16aaaaeb30
 0x4217cbeea8:   0xfffffffffffffffe      0x7f16a46fcf80
 <stg_marked_upd_frame_info>
 0x4217cbeeb8:   0x7f16a46fce88 <stg_upd_frame_info>     0x420f67a2d0
 0x4217cbeec8:   0x7f16aaaaea10
 <sigym4zmpropagzmenginezm0zi1zi0zi0zmFERo4wFJ8F465LTBnpBC6B_Sigym4ziPropagziEngine_zdwpolyzugo13_info+296>
 0xfffffffffffffffe
 0x4217cbeed8:   0x2     0x7f16aaaaf338
 0x4217cbeee8:   0x420c2a39e0    0x420c2a39f8
 0x4217cbeef8:   0x4201518f80    0x7f16a46fce88 <stg_upd_frame_info>
 0x4217cbef08:   0x420c2a3af0    0x7f16aaade098
 0x4217cbef18:   0x4220a868aa    0x420c2a3900
 0x4217cbef28:   0x4220389af1    0x420bd629e9
 0x4217cbef38:   0x420bd626c9    0x420c2a3969
 0x4217cbef48:   0x2a3   0xfffffffffffffefa
 0x4217cbef58:   0x420c1513f9    0x7f16ab5b47a0
 0x4217cbef68:   0x42209c9db9    0x420c151409
 0x4217cbef78:   0xffffffffffffff05      0x420bd62460
 0x4217cbef88:   0x421d9ac4d9    0x421c790e93
 0x4217cbef98:   0x2ab   0x4220389af1
 0x4217cbefa8:   0x7f16a46fd2a0 <stg_maskAsyncExceptionszh_ret_info>
 0x7f16a5026cc0
 0x4217cbefb8:   0x7f16a46fd800 <stg_catch_frame_info>   0xc
 0x4217cbefc8:   0x7f16a554d592  0x7f16a5026d80
 0x4217cbefd8:   0x421c790eca    0x7f16a46fd800 <stg_catch_frame_info>
 0x4217cbefe8:   0xc     0x7f16a5582e2a
 0x4217cbeff8:   0x7f16a46fc088 <stg_stop_thread_info>   0x7f16a9f35a08
 <psqueueszm0zi2zi2zi3zmE0U6TXGwkLSF0Mk5m0oV8d_DataziIntPSQziInternal_Bin_con_info>
 0x4217cbf008:   0x4217cbfae1    0x4217cbfaf1
 0x4217cbf018:   0x4217f8edea    0x7f16a9f7083b
 0x4217cbf028:   0x6465c89002d5d36b      0x40
 0x4217cbf038:   0x7f16a9f35a08
 <psqueueszm0zi2zi2zi3zmE0U6TXGwkLSF0Mk5m0oV8d_DataziIntPSQziInternal_Bin_con_info>
 0x42198d6069
 0x4217cbf048:   0x42198d6079    0x4218bb47d2
 0x4217cbf058:   0x7f16a9f7083b  0x6465c89002d5d3ab
 0x4217cbf068:   0x8     0x7f16a9f35a08
 <psqueueszm0zi2zi2zi3zmE0U6TXGwkLSF0Mk5m0oV8d_DataziIntPSQziInternal_Bin_con_info>
 0x4217cbf078:   0x4217cbfb11    0x4217cbfb21

 }}}

 BTW: By inspecting the stack of using {{{x/64a tso->stackobj->sp}}} I've
 noticed that the pointer to
 {{{sigym4zmpropagzmenginezm0zi1zi0zi0zmFERo4wFJ8F465LTBnpBC6B_Sigym4ziPropagziEngine_zdwpolyzugo13_info}}}
 is always there when it crashes. However, I cannot figure out the teh
 corresponding haskell function. It seems like it lives in the
 Sigym4.Propag.Engine but there's no function there named in a similar way
 to "polyzugo". I believe it could be an inlined/specialized function from
 another module. Any ideas on how I can I map it back to the haskell world?
 (I've had no success in figuring it out by reading
 https://ghc.haskell.org/trac/ghc/wiki/Debugging/CompiledCode)

 Another interesting thing is that pointers to functions from the
 'psqueues' package always seem to be in the stack too when it crashes.
 Could be a hint on a way to build a small reproducible case. I'll continue
 investigating.

-- 
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/13970#comment:12>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler

More information about the ghc-tickets mailing list