DeathHandler icon indicating copy to clipboard operation
DeathHandler copied to clipboard

Published 20 hours ago verified publisher icon vmarkovtsev

Free in death_handler.cpp:93 enless loop?

Open hrehfeld opened this issue 4 years ago • 4 comments

My program is rather complex, so I'm not sure this is caused by deathhandler exclusively. I'm also using asan. Any ideas why this might happen?

What's good info to provide?

$ gdb -ex run myapp
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff396a4d4 in dlsym () from /usr/lib/libdl.so.2
(gdb) bt
#0  0x00007ffff396a4d4 in dlsym () from /usr/lib/libdl.so.2
#1  0x0000555555dea1c6 in free (ptr=0x7ffff76fb840 <alloc_memory_for_dlsym+32>) at /home/hrehfeld/projects/mplan-repos3-git/mplan/ext/DeathHandler/death_handler.cc:93
#2  0x00007ffff396abad in ?? () from /usr/lib/libdl.so.2
#3  0x00007ffff396a520 in dlsym () from /usr/lib/libdl.so.2
#4  0x0000555555dea1c6 in free (ptr=0x7ffff76fb840 <alloc_memory_for_dlsym+32>) at /home/hrehfeld/projects/mplan-repos3-git/mplan/ext/DeathHandler/death_handler.cc:93
#5  0x00007ffff396abad in ?? () from /usr/lib/libdl.so.2
#6  0x00007ffff396a520 in dlsym () from /usr/lib/libdl.so.2
#7  0x0000555555dea1c6 in free (ptr=0x7ffff76fb840 <alloc_memory_for_dlsym+32>) at /home/hrehfeld/projects/mplan-repos3-git/mplan/ext/DeathHandler/death_handler.cc:93
#8  0x00007ffff396abad in ?? () from /usr/lib/libdl.so.2
#9  0x00007ffff396a520 in dlsym () from /usr/lib/libdl.so.2
#10 0x0000555555dea1c6 in free (ptr=0x7ffff76fb840 <alloc_memory_for_dlsym+32>) at /home/hrehfeld/projects/mplan-repos3-git/mplan/ext/DeathHandler/death_handler.cc:93
#11 0x00007ffff396abad in ?? () from /usr/lib/libdl.so.2
#12 0x00007ffff396a520 in dlsym () from /usr/lib/libdl.so.2
#13 0x0000555555dea1c6 in free (ptr=0x7ffff76fb840 <alloc_memory_for_dlsym+32>) at /home/hrehfeld/projects/mplan-repos3-git/mplan/ext/DeathHandler/death_handler.cc:93
#14 0x00007ffff396abad in ?? () from /usr/lib/libdl.so.2
#15 0x00007ffff396a520 in dlsym () from /usr/lib/libdl.so.2
#16 0x0000555555dea1c6 in free (ptr=0x7ffff76fb840 <alloc_memory_for_dlsym+32>) at /home/hrehfeld/projects/mplan-repos3-git/mplan/ext/DeathHandler/death_handler.cc:93
#17 0x00007ffff396abad in ?? () from /usr/lib/libdl.so.2
#18 0x00007ffff396a520 in dlsym () from /usr/lib/libdl.so.2
#19 0x0000555555dea1c6 in free (ptr=0x7ffff76fb840 <alloc_memory_for_dlsym+32>) at /home/hrehfeld/projects/mplan-repos3-git/mplan/ext/DeathHandler/death_handler.cc:93
#20 0x00007ffff396abad in ?? () from /usr/lib/libdl.so.2
#21 0x00007ffff396a520 in dlsym () from /usr/lib/libdl.so.2
#22 0x0000555555dea1c6 in free (ptr=0x7ffff76fb840 <alloc_memory_for_dlsym+32>) at /home/hrehfeld/projects/mplan-repos3-git/mplan/ext/DeathHandler/death_handler.cc:93
#23 0x00007ffff396abad in ?? () from /usr/lib/libdl.so.2
#24 0x00007ffff396a520 in dlsym () from /usr/lib/libdl.so.2
#25 0x0000555555dea1c6 in free (ptr=0x7ffff76fb840 <alloc_memory_for_dlsym+32>) at /home/hrehfeld/projects/mplan-repos3-git/mplan/ext/DeathHandler/death_handler.cc:93
#26 0x00007ffff396abad in ?? () from /usr/lib/libdl.so.2
#27 0x00007ffff396a520 in dlsym () from /usr/lib/libdl.so.2
#28 0x0000555555dea1c6 in free (ptr=0x7ffff76fb840 <alloc_memory_for_dlsym+32>) at /home/hrehfeld/projects/mplan-repos3-git/mplan/ext/DeathHandler/death_handler.cc:93
#29 0x00007ffff396abad in ?? () from /usr/lib/libdl.so.2
#30 0x00007ffff396a520 in dlsym () from /usr/lib/libdl.so.2
#31 0x0000555555dea1c6 in free (ptr=0x7ffff76fb840 <alloc_memory_for_dlsym+32>) at /home/hrehfeld/projects/mplan-repos3-git/mplan/ext/DeathHandler/death_handler.cc:93
#32 0x00007ffff396abad in ?? () from /usr/lib/libdl.so.2
#33 0x00007ffff396a520 in dlsym () from /usr/lib/libdl.so.2
#34 0x0000555555dea1c6 in free (ptr=0x7ffff76fb840 <alloc_memory_for_dlsym+32>) at /home/hrehfeld/projects/mplan-repos3-git/mplan/ext/DeathHandler/death_handler.cc:93
#35 0x00007ffff396abad in ?? () from /usr/lib/libdl.so.2
#36 0x00007ffff396a520 in dlsym () from /usr/lib/libdl.so.2
#37 0x0000555555dea1c6 in free (ptr=0x7ffff76fb840 <alloc_memory_for_dlsym+32>) at /home/hrehfeld/projects/mplan-repos3-git/mplan/ext/DeathHandler/death_handler.cc:93
#38 0x00007ffff396abad in ?? () from /usr/lib/libdl.so.2
#39 0x00007ffff396a520 in dlsym () from /usr/lib/libdl.so.2
#40 0x0000555555dea1c6 in free (ptr=0x7ffff76fb840 <alloc_memory_for_dlsym+32>) at /home/hrehfeld/projects/mplan-repos3-git/mplan/ext/DeathHandler/death_handler.cc:93
#41 0x00007ffff396abad in ?? () from /usr/lib/libdl.so.2
#42 0x00007ffff396a520 in dlsym () from /usr/lib/libdl.so.2
#43 0x0000555555dea1c6 in free (ptr=0x7ffff76fb840 <alloc_memory_for_dlsym+32>) at /home/hrehfeld/projects/mplan-repos3-git/mplan/ext/DeathHandler/death_handler.cc:93
#44 0x00007ffff396abad in ?? () from /usr/lib/libdl.so.2
...

hrehfeld avatar May 12 '21 20:05 hrehfeld

Fair enough, it crashes inside the first attempt to load the original free(). I need to have a flag to break the crash loop in that case. Thanks for the report. On the other hand, since it fails to allocate memory, I am not sure that we'll succeed writing any signaling output.

vmarkovtsev avatar May 13 '21 05:05 vmarkovtsev

But why does this happen in the first place? ASAN? CUDA? Everything seems fine when I just comment out the constructor:

//Debug::DeathHandler dh;

This is on Archlinux with g++ (GCC) 10.2.0

hrehfeld avatar May 15 '21 21:05 hrehfeld

You see, alloc_memory_for_dlsym suggests that dlsym uses dynamic memory, but DeathHandler overwrites malloc and free to call dlsym during the first invocation. Chicken and egg. It was different back in 2013 when I was a fresh graduate and wrote this project, hehe.

vmarkovtsev avatar May 16 '21 21:05 vmarkovtsev

How about now?

The current code does not support ASLR, so you'll probably not see the line numbers. I will eventually fix that, too.

vmarkovtsev avatar May 16 '21 22:05 vmarkovtsev