[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
pvm_execute_or_initialize SEGV with reproducer
|
From: |
David Faust |
|
Subject: |
pvm_execute_or_initialize SEGV with reproducer |
|
Date: |
Thu, 22 Apr 2021 11:39:45 -0700 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1 |
Hi!
Firstly, this issue predates Mohammad's recent GC changes; those
improvements don't seem to be responsible for, nor fix, this issue.
I started investigating this when I noticed some object files with BTF
debug information causing significant slowdown in btf-dump.pk's btf_dump
function. Calling btf_dump repeatedly in rapid succession would cause
these cases to SEGV on the 2nd or 3rd repetition.
A slightly larger test case like this one reliably SEGVs (at least on
the two machines I've tested on) midway through printing the BTF
information on the first invocation of btf_dump.
btf_dump operates by using a repeated structure like:
try {
btf_dump_array (data.array);
return;
} catch if E_elem {}
try {
btf_dump_enum (data.enum);
return;
} catch if E_elem {}
etc.
to "switch" on the type of each BTF record. As can be seen below, the
SEGV occurs at JITTER_PUSH_EXCEPTIONSTACK. I am not that familiar with
jitter and the pvm internals to figure out exactly why/how this happens,
but I suspect the sheer number of E_elem exceptions being raised here
might be problematic :)
Unfortunately I don't really have time right now to dig deeper, so at
Jose's suggestion I want to at least raise the issue and provide the
reproducer I have. Attached are the reproducer source and x86 ELF object
file with BTF.
Happy to provide more info, or continue investigating when I have some
more time.
Thanks,
David
Backtrace:
poke configured with the following:
$ ../configure --disable-dispatch-no-threading
--disable-dispatch-minimal-threading --disable-dispatch-direct-threading
The same also occurs with none of the --disables, they serve to simplify
the backtrace.
(poke) .file ~/playpen/btf/poke-fault/poke-fault.o
(poke) load elf
(poke) load "btf-dump.pk" # note, this also loads btf.pk
(poke) var elf = Elf64_File @ 0#B
(poke) var shdr = elf.get_sections_by_name (".BTF") [0]
(poke) var btf = BTF_Section @ shdr.sh_offset
(poke) btf_dump (btf)
[1] int 'unsigned char'(1U#B) size=1U#B offset=0UB#b bits=8UB#b CHAR
[2] int 'short unsigned int'(15U#B) size=2U#B offset=0UB#b bits=16UB#b
[3] int 'unsigned int'(34U#B) size=4U#B offset=0UB#b bits=32UB#b
... snipped for brevity ...
[50] ptr <anonymous> type=15
[51] ptr <anonymous> type=49
Thread 1 "lt-poke" received signal SIGSEGV, Segmentation fault.
pvm_execute_or_initialize (jitter_initialize=64,
jitter_original_state=0x7ffff7fa00cd)
at ../../libpoke/pvm.jitter:5752
5752 JITTER_PUSH_EXCEPTIONSTACK (ehandler);
(gdb) bt
#0 pvm_execute_or_initialize (jitter_initialize=64,
jitter_original_state=0x7ffff7fa00cd)
at ../../libpoke/pvm.jitter:5752
#1 0x00007ffff7f6ae8f in pvm_run (apvm=0x441730,
program=program@entry=0x7fffe4d22150,
res=res@entry=0x7fffffffd9d8) at ../../libpoke/pvm.c:158
#2 0x00007ffff7f18fef in pkl_execute_statement (compiler=0x448c60,
buffer=buffer@entry=0x103f3a0 "btf_dump (btf);",
end=end@entry=0x7fffffffda00,
val=val@entry=0x7fffffffd9d8) at ../../libpoke/pkl.c:363
#3 0x00007ffff7f16f49 in pk_compile_statement (pkc=0x447380,
buffer=buffer@entry=0x103f3a0 "btf_dump (btf);",
end=end@entry=0x7fffffffda00,
valp=valp@entry=0x7fffffffda08) at ../../libpoke/libpoke.c:132
#4 0x00000000004079bd in pk_cmd_exec (str=<optimized out>,
str@entry=0xdb9900 "btf_dump (btf)")
at ../../poke/pk-cmd.c:644
#5 0x0000000000406a0b in pk_repl () at ../../poke/pk-repl.c:387
#6 0x0000000000405272 in main (argc=1, argv=<optimized out>) at
../../poke/poke.c:754
(gdb)
poke-fault.c
Description: Text Data
poke-fault.o
Description: Binary data
- pvm_execute_or_initialize SEGV with reproducer,
David Faust <=