This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/20061] New: backtrace() is not async signal safe (malloc in _dl_load_cache_lookup)
- From: "dx at dxzone dot com.ar" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Sun, 08 May 2016 17:09:14 +0000
- Subject: [Bug libc/20061] New: backtrace() is not async signal safe (malloc in _dl_load_cache_lookup)
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=20061
Bug ID: 20061
Summary: backtrace() is not async signal safe (malloc in
_dl_load_cache_lookup)
Product: glibc
Version: 2.23
Status: NEW
Severity: normal
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: dx at dxzone dot com.ar
CC: drepper.fsp at gmail dot com
Target Milestone: ---
Created attachment 9241
--> https://sourceware.org/bugzilla/attachment.cgi?id=9241&action=edit
test case
I was fixing the segfault handler of an application to avoid malloc() calls,
but found that glibc's own backtrace() includes calls to malloc.
I made a test case that:
1. Sets a SIGSEGV handler to a function that only calls backtrace()
2. Calls malloc() in main() to give gdb a place to break
3. When gdb breaks in _int_malloc() and raises SIGSEGV, it deadlocks
It seems to need to dlopen libgcc_s.so.1, and _dl_load_cache_lookup() includes
a call to strdup().
Log follows, test file attached.
--------------------------------------------------------------------------------
$ gcc backtracetest.c
$ gdb -ex 'set br p on' -ex 'b _int_malloc' -ex 'run' -ex 'sig 11' ./a.out
[...]
Breakpoint 1, _int_malloc (av=av@entry=0x7ffff7dd4b00 <main_arena>,
bytes=bytes@entry=1024) at malloc.c:3350
3350 checked_request2size (bytes, nb);
Continuing with signal SIGSEGV.
[deadlock happens here]
^C
Program received signal SIGINT, Interrupt.
__lll_lock_wait_private () at
../sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:95
95 2: movl %edx, %eax
(gdb) bt
#0 __lll_lock_wait_private () at
../sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:95
#1 0x00007ffff7ab4faf in __GI___libc_malloc (bytes=140737351863040) at
malloc.c:2912
#2 0x00007ffff7df4712 in __strdup (s=<optimized out>) at strdup.c:42
#3 0x00007ffff7df04b1 in _dl_load_cache_lookup (name=name@entry=0x7ffff7ba0206
"libgcc_s.so.1") at dl-cache.c:305
#4 0x00007ffff7de266d in _dl_map_object (loader=loader@entry=0x7ffff7ff7068,
name=<optimized out>, name@entry=0x7ffff7ba0206 "libgcc_s.so.1",
type=type@entry=2, trace_mode=trace_mode@entry=0, mode=mode@entry=-1879048191,
nsid=<optimized out>) at dl-load.c:2105
#5 0x00007ffff7ded59d in dl_open_worker (a=a@entry=0x7fffffffd8a0) at
dl-open.c:226
#6 0x00007ffff7de8ee2 in _dl_catch_error
(objname=objname@entry=0x7fffffffd898,
errstring=errstring@entry=0x7fffffffd890,
mallocedp=mallocedp@entry=0x7fffffffd88f, operate=operate@entry=0x7ffff7ded496
<dl_open_worker>, args=args@entry=0x7fffffffd8a0) at dl-error.c:187
#7 0x00007ffff7ded02c in _dl_open (file=0x7ffff7ba0206 "libgcc_s.so.1",
mode=-2147483647, caller_dlopen=0x7ffff7b30e34 <init+42>, nsid=-2, argc=1,
argv=0x7fffffffe608, env=0x7fffffffe618) at dl-open.c:649
#8 0x00007ffff7b59341 in do_dlopen (ptr=ptr@entry=0x7fffffffdac0) at
dl-libc.c:87
#9 0x00007ffff7de8ee2 in _dl_catch_error (objname=0x7fffffffdaa8,
errstring=0x7fffffffdaa0, mallocedp=0x7fffffffda9f, operate=0x7ffff7b592f3
<do_dlopen>, args=0x7fffffffdac0) at dl-error.c:187
#10 0x00007ffff7b5940d in dlerror_run (operate=operate@entry=0x7ffff7b592f3
<do_dlopen>, args=args@entry=0x7fffffffdac0) at dl-libc.c:46
#11 0x00007ffff7b59482 in __GI___libc_dlopen_mode
(name=name@entry=0x7ffff7ba0206 "libgcc_s.so.1", mode=mode@entry=-2147483647)
at dl-libc.c:163
#12 0x00007ffff7b30e34 in init () at ../sysdeps/x86_64/backtrace.c:52
#13 0x00007ffff7b30f1e in __GI___backtrace (array=<optimized out>,
size=<optimized out>) at ../sysdeps/x86_64/backtrace.c:105
#14 0x00005555555548a2 in handler ()
#15 <signal handler called>
#16 _int_malloc (av=av@entry=0x7ffff7dd4b00 <main_arena>,
bytes=bytes@entry=1024) at malloc.c:3350
#17 0x00007ffff7ab4fc1 in __GI___libc_malloc (bytes=bytes@entry=1024) at
malloc.c:2914
#18 0x00007ffff7ab63a7 in malloc_hook_ini (sz=1024, caller=<optimized out>) at
hooks.c:32
#19 0x00007ffff7ab4f65 in __GI___libc_malloc (bytes=1024) at malloc.c:2910
#20 0x0000555555554929 in main ()
--
You are receiving this mail because:
You are on the CC list for the bug.