From: Jonny Grant <jg@jguk.org>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: gcc-help <gcc-help@gcc.gnu.org>
Subject: Re: Recursive SIGSEGV question
Date: Wed, 20 Mar 2019 08:11:00 -0000 [thread overview]
Message-ID: <a10003b1-f1c8-8acf-0b49-1658467aa481@jguk.org> (raw)
In-Reply-To: <877ecuikq9.fsf@mid.deneb.enyo.de>
On 19/03/2019 22:05, Florian Weimer wrote:
> * Jonny Grant:
>
>> Wanted to ask opinion about the following.
>>
>> Compiling with g++ 8.2.0 and saw the following. The program was in a
>> recursive function call (bug). My test case is attached, although could
>> not reproduce exactly same backtrace.
>>
>> I had a look at https://github.com/lattera/glibc/blob/master/malloc/malloc.c
>>
>> Is there an issue in _int_malloc? or was it most likely just out of
>> memory? Do out of memory issues normally show up as SIGSEGV? I had
>> expected some sort of "out of memory"
>
> This isn't really a GCC question, _int_malloc looks like something
> that would be part of glibc.
>
>> This is the log from own software (not attached) :-
>>
>> Program terminated with signal SIGSEGV, Segmentation fault.
>> #0 0x00007faa0e37b30e in _int_malloc (av=av@entry=0x7fa980000020,
>> bytes=bytes@entry=45) at malloc.c:3557
>> 3557 malloc.c: No such file or directory.
>> [Current thread is 1 (Thread 0x7fa997860700 (LWP 20571))]
>> (gdb) bt
>> #0 0x00007faa0e37b30e in _int_malloc (av=av@entry=0x7fa980000020,
>> bytes=bytes@entry=45) at malloc.c:3557
>> #1 0x00007faa0e37e2ed in __GI___libc_malloc (bytes=45) at malloc.c:3065
>> #2 0x00007faa0eba21a8 in operator new(unsigned long) ()
>> from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
>
> How does hit go on after that? Where does the fault actually happen?
>
> See:
>
> (gdb) print $_siginfo._sifields._sigfault
>
> Usually that's heap corruption. For example, the application might
> have overrun a buffer overwritten some internal malloc data
> structures.
>
> If you can reproduce it at will, valgrind is a great diagnostic tool
> for such issues.
>
>> I tried to create a test case, but got slightly different messages, they
>> actually vary. Is there a gdb bug if the same program has different
>> backtraces?
>> GNU gdb (Ubuntu 8.1-0ubuntu3) 8.1.0.20180409-git
>>
>> Core was generated by `./loop'.
>> Program terminated with signal SIGSEGV, Segmentation fault.
>> #0 0x00007fc10dee51e7 in void std::__cxx11::basic_string<char,
>> std::char_traits<char>, std::allocator<char>
>> >::_M_construct<char*>(char*, char*, std::forward_iterator_tag) ()
>> from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
>> (gdb) bt
>> #0 0x00007fc10dee51e7 in void std::__cxx11::basic_string<char,
>> std::char_traits<char>, std::allocator<char>
>> >::_M_construct<char*>(char*, char*, std::forward_iterator_tag) ()
>> from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
>> #1 0x00005592fbb669d7 in func (f="a", g=0) at loop.cpp:7
>> #2 0x00005592fbb669e8 in func (f="a", g=0) at loop.cpp:7
>> #3 0x00005592fbb669e8 in func (f="a", g=0) at loop.cpp:7
>
> This looks like a very different thing. Due to the deep recursion,
> the code faults when accessing the guard page below the stack.
>
Thanks for your reply Florian.
I guess I was just expecting GCC to generate code that avoided
overrunning the stack (or heap) and exiting gracefully. I don't know if
that is gcc, glibc, or kernel. Or if it's just down the program!
I'll look into this a bit more.
Jonny
next prev parent reply other threads:[~2019-03-20 6:34 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-19 22:05 Jonny Grant
2019-03-20 4:02 ` Florian Weimer
2019-03-20 8:11 ` Jonny Grant [this message]
2019-03-25 13:23 ` Jonny Grant
2019-03-25 13:27 ` Jonathan Wakely
2019-03-25 13:56 ` Florian Weimer
2019-03-25 14:01 ` Xi Ruoyao
2019-03-25 15:47 ` Florian Weimer
2019-03-25 16:10 ` Andrew Haley
2019-03-25 16:13 ` Jonny Grant
2019-03-25 16:23 ` Jonathan Wakely
2019-03-25 18:51 ` Florian Weimer
2019-03-25 20:39 ` Jonny Grant
2019-03-26 6:50 ` Xi Ruoyao
2019-03-27 0:29 ` Jonathan Wakely
2019-03-27 21:34 ` Jonny Grant
2019-03-27 23:43 ` Jonathan Wakely
2019-03-27 23:51 ` Jonny Grant
2019-03-28 8:26 ` Xi Ruoyao
2019-03-28 11:52 ` Jonathan Wakely
2019-03-29 2:24 ` Jonny Grant
2019-03-30 17:32 ` Jonny Grant
2023-02-19 21:21 ` Jonny Grant
2023-02-19 21:34 ` Jonny Grant
2019-03-28 13:55 ` Jonathan Wakely
2019-03-28 14:39 ` Jonny Grant
2019-03-28 14:39 ` Jonathan Wakely
2019-03-25 20:28 ` Segher Boessenkool
2019-03-25 18:56 ` Segher Boessenkool
2019-03-25 22:05 ` Jonny Grant
2019-03-26 10:20 ` Xi Ruoyao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a10003b1-f1c8-8acf-0b49-1658467aa481@jguk.org \
--to=jg@jguk.org \
--cc=fw@deneb.enyo.de \
--cc=gcc-help@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).