Bug 15969 - Segmentation fault on thread abort
Summary: Segmentation fault on thread abort
Alias: None
Product: Runtime
Classification: Mono
Component: JIT ()
Version: unspecified
Hardware: PC Linux
: --- normal
Target Milestone: ---
Assignee: Bugzilla
Depends on:
Reported: 2013-11-06 12:49 UTC by Gery Vessere
Modified: 2013-11-07 09:49 UTC (History)
3 users (show)

Is this bug a regression?: ---
Last known good build:

mono crasher (1.31 KB, text/plain)
2013-11-06 12:49 UTC, Gery Vessere

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.

Please create a new report on GitHub or Developer Community with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:

Description Gery Vessere 2013-11-06 12:49:10 UTC
Created attachment 5352 [details]
mono crasher

Description of Problem:
Mono fails with a segmentation fault when I run the code in the attached file.

Steps to reproduce the problem:
1. compile attached file (mcs Program.cs)
2. run it (mono Program.exe)

Actual Results:
Segmentation Fault

Expected Results:
Program runs without failure

How often does this happen? 
-always on amazon linux (cc2.8xlarge instance - others not tried).
-always on Ubuntu under virtual box (windows 8 host machine), however there is no crash if I enable trace information in this environment
-never on Mac OS X (10.7)
-never on .NET

Additional Information:
-uncommenting the catch clause in this code makes the crash go away, however it might just be because it re-establishes proper timing of things.
-crash does not occur in windows however it looks like threads are never aborted (Process Explorer shows an accumulation of threads and the command "mono --trace=N:nothing Program.exe" never shows a ThreadAbortException)
also the finally clause doesn't get executed in windows, as if things are frozen before that.

-I reproduced the crash in the following environments:
Linux precise64 3.8.0-31-generic #46~precise1-Ubuntu SMP Wed Sep 11 18:21:16 UTC 2013 x84_64 x84_64 x84_64 GNU/Linux
Linux ip-10-148-229-175 3.2.30-49.59.amzn1.x86_64 #1 SMP Wed Oct 3 19:54:33 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
occurs on all versions of mono (tested 2.10 up to 3.2.3)

-I can reproduce this bug by doing other things than Interlocked.Exchange. Spinwait-ing outside of a try catch statement in the threadLogic function produces the same bug in amazon
linux however is harder to reproduce in other environments.

-From this stack trace it looks like we are calling pthread_exit() from a signal handler in the same thread, this may not be legit according to this article and results in Undefined behavior. (http://stackoverflow.com/questions/4766768/unhandled-forced-unwind-causes-abort)

Gdb output

[ec2-user@ip-10-148-229-175 tv]$ gdb --args mono Program.exe
GNU gdb (GDB) Amazon Linux (7.2-60.13.amzn1)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-amazon-linux-gnu".
For bug reporting instructions, please see:
Reading symbols from /usr/local/bin/mono...done.
Mono support loaded.
(gdb) r
Starting program: /usr/local/bin/mono Program.exe
[Thread debugging using libthread_db enabled]
[New Thread 0x7fffef352700 (LWP 3923)]
[New Thread 0x7fffef151700 (LWP 3924)]
[New Thread 0x7fffeef50700 (LWP 3925)]
Missing separate debuginfo for /lib64/libgcc_s.so.1
Try: yum --disablerepo='*' --enablerepo='*-debug*' install /usr/lib/debug/.build-id/7d/6b1a6d6419f4258188f20adca8bf956aa784f8.debug

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffef151700 (LWP 3924)]
0x00007fffeeb4a290 in ?? () from /lib64/libgcc_s.so.1
(gdb) bt
#0  0x00007fffeeb4a290 in ?? () from /lib64/libgcc_s.so.1
#1  0x00007fffeeb4a7bb in ?? () from /lib64/libgcc_s.so.1
#2  0x00007fffeeb4ac32 in _Unwind_ForcedUnwind () from /lib64/libgcc_s.so.1
#3  0x00007ffff7542260 in __pthread_unwind (buf=<value optimized out>) at unwind.c:130
#4  0x00007ffff753cc65 in __do_cancel (value=<value optimized out>) at pthreadP.h:265
#5  __pthread_exit (value=<value optimized out>) at pthread_exit.c:30
#6  0x00000000005cc151 in mono_gc_pthread_exit (retval=0x0) at sgen-gc.c:4259
#7  0x00000000006145f6 in thread_exit (exitcode=4294967295) at wthreads.c:214
#8  ExitThread (exitcode=4294967295) at wthreads.c:562
#9  0x000000000057e79a in mono_thread_exit () at threads.c:1076
#10 0x00000000004aa781 in mono_handle_exception_internal (ctx=0x7fffef1509d0, obj=0x7ffff0c08988, resume=0, out_ji=0x0) at mini-exceptions.c:1680
#11 0x00000000004ff105 in handle_signal_exception (obj=0x7ffff0c08988) at exceptions-amd64.c:771
#12 0x2020202020202020 in ?? ()
#13 0x2020002020000000 in ?? ()
#14 0x0000000000a818e8 in ?? ()
#15 0x0000000000a818e8 in ?? ()
#16 0x0000000000a818e8 in ?? ()
#17 0x00007fffe00025d0 in ?? ()
#18 0x00007fffef150880 in ?? ()
#19 0x00007fffef150bc0 in ?? ()
#20 0x00007fffef150da0 in ?? ()
#21 0x00007ffff0c08200 in ?? ()
#22 0x0000000000000000 in ?? ()
Comment 1 Zoltan Varga 2013-11-06 22:35:19 UTC
We return from a signal handler before calling handle_signal_exception (), so calling pthread_exit () should be ok.
Comment 2 Zoltan Varga 2013-11-06 22:57:29 UTC
Fixed in mono master 79e0856ffda4c2566314ba31677fe55f2d7f53f2.
Comment 3 Gery Vessere 2013-11-07 09:49:36 UTC
thanks, it works!