[Gc] Segfault in GC_mark_from

Klaus Treichel ktreichel at web.de
Sun Oct 12 09:17:05 PDT 2008


Hi,

i finally managed to reproduce the segfault on one of my boxes running
a x86 Linux.

libgc is built with assertions enabled but without mmap and munmap.


Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb69b7b90 (LWP 6451)]
GC_mark_from (mark_stack_top=0x819c110, mark_stack=0x819c000,
    mark_stack_limit=0x81a4000) at mark.c:795
795               deferred = *(word *)limit;
(gdb) print limit
$1 = 0x83f20b8 <Address 0x83f20b8 out of bounds>
(gdb) print mark_stack_top[0]
$4 = {mse_start = 0x83f20bc <Address 0x83f20bc out of bounds>,
  mse_descr = 2064244}

(gdb) call GC_dump()
***Static roots:
Total size: 0

***Heap sections:
Total heap size: 1761280
Section 0 from 0x81a4000 to 0x81b4000 0/16 blacklisted
Section 1 from 0x81c4000 to 0x81d4000 0/16 blacklisted
Section 2 from 0x8264000 to 0x8274000 0/16 blacklisted
Section 3 from 0x8274000 to 0x828d000 0/25 blacklisted
Section 4 from 0x828d000 to 0x82ac000 0/31 blacklisted
Section 5 from 0x82ac000 to 0x82f3000 0/71 blacklisted
Section 6 from 0x82f3000 to 0x835b000 0/104 blacklisted
Section 7 from 0x835b000 to 0x83f2000 0/151 blacklisted

***Free blocks:
Free list 5 (Total size 20480):
        0x829a000 size 20480 not black listed
Free list 6 (Total size 24576):
        0x82ca000 size 24576 not black listed
Free list 19 (Total size 77824):
        0x82d6000 size 77824 not black listed
Free list 54 (Total size 868352):
        0x831e000 size 868352 not black listed
Total of 991232 bytes on free list

***Blocks in use:
(kind(0=ptrfree,1=normal,2=unc.):size_in_bytes, #_marks_set)
(4:208920,1)(1:64,2)(4:21520,0)(4:34832,0)(4:129048,0)(1:136,0)(0:8,26)(0:16,190)(2:10248,1)(2:32776,1)(1:56,1)(2:10248,1)(2:32776,1)(2:10248,1)(2:32776,1)(4:64,0)(1:448,4)(2:10248,1)(2:32776,1)(4:4112,0)(4:32,0)(4:2064,1)(4:72,0)(4:48,0)(1:48,0)(4:24,2)(4:16,1)(4:40,0)(2:4080,1)(4:136,1)(1:24,1)(1:16,1)(4:56,0)(2:10248,1)(0:1360,2)(1:56,17)(2:32776,1)(2:136,5!=486)(1:32,5)(1:8,1)(1:216,1)(2:24,2!=343)
blocks = 42, bytes = 770048

***Finalization statistics:
18 finalization table entries; 0 disappearing links
0 objects are eligible for immediate finalization
(gdb)

This is the bt of an other thread.
I don't know if that's something important.

#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb7d58d77 in sigsuspend () from /lib/libc.so.6
#2  0x0810c5f2 in GC_suspend_handler_inner (
    sig_arg=0x1e <Address 0x1e out of bounds>, context=0xb71b77dc)
    at pthread_stop_world.c:202
#3  0x0810c657 in GC_suspend_handler (sig=30, info=0xb71b775c,
    context=0xb71b77dc) at pthread_stop_world.c:142
#4  <signal handler called>
#5  0xb7d9d1f7 in memset () from /lib/libc.so.6
#6  0x08100eac in GC_generic_malloc (lb=208915, k=4) at malloc.c:189
#7  0x08108eb1 in GC_malloc_explicitly_typed (lb=208915, d=1073741825)
    at typd_mlc.c:611

Any Hints where to look at ?

Klaus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://napali.hpl.hp.com/pipermail/gc/attachments/20081012/0a0ed857/attachment.pgp


More information about the Gc mailing list