From owner-freebsd-stable Tue Dec 5 8:58:42 2000 From owner-freebsd-stable@FreeBSD.ORG Tue Dec 5 08:58:39 2000 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from wall.polstra.com (rtrwan160.accessone.com [206.213.115.74]) by hub.freebsd.org (Postfix) with ESMTP id EF52B37B400; Tue, 5 Dec 2000 08:58:38 -0800 (PST) Received: from vashon.polstra.com (vashon.polstra.com [206.213.73.13]) by wall.polstra.com (8.9.3/8.9.3) with ESMTP id IAA15105; Tue, 5 Dec 2000 08:58:19 -0800 (PST) (envelope-from jdp@wall.polstra.com) Received: (from jdp@localhost) by vashon.polstra.com (8.11.1/8.11.0) id eB5GwHU25440; Tue, 5 Dec 2000 08:58:17 -0800 (PST) (envelope-from jdp) Date: Tue, 5 Dec 2000 08:58:17 -0800 (PST) Message-Id: <200012051658.eB5GwHU25440@vashon.polstra.com> To: stable@freebsd.org From: John Polstra Reply-To: stable@freebsd.org Cc: mreimer@vpop.net Subject: Re: Mysql segfaults; is the culprit libstdc++, pthread, regex ...? In-Reply-To: <3A2C40DD.3E0E5746@vpop.net> References: <3A2C40DD.3E0E5746@vpop.net> Organization: Polstra & Co., Seattle, WA Sender: jdp@wall.polstra.com Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In article <3A2C40DD.3E0E5746@vpop.net>, Matthew Reimer wrote: > We've been having problems with mysql segfaulting. It seems to occur > when it tries to return from a function, so maybe the stack is getting > stomped. Sergey Osokin recently reported a very similar problem on a different threaded C++ program. See message ID <20001124174554.A473@freebsd.org.ru> in the -hackers archives -- it contains a small test case. I spent a few hours looking at it last weekend, but I wasn't able to solve the problem. The failure occurs in a function like this: void SS::run() { string s; // !!! string s1; // !!! sleep(1); } Upon returning from the function, the destructors for s1 and s get called, in that order. The first one seems to corrupt the stack or a register somehow, such that the code leading up to the call of the second destructor dereferences a garbage pointer. In Sergey's case, merely re-ordering two declarations in a different function makes the problem appear or disappear: void SS::spawn() { #ifdef BAD int rc; Guard guard(m1); // !!! #else Guard guard(m1); // !!! int rc; #endif According to Sergey, the problem arose in -stable some time around 12 November 2000. Sergey has been doing some further investigation to narrow down the changes that caused the problem. I haven't had time to digest his findings yet, and due to work pressures I may not find time soon. In any case, this appears to be a genuine bug that we (FreeBSD) introduced. John -- John Polstra jdp@polstra.com John D. Polstra & Co., Inc. Seattle, Washington USA "Disappointment is a good sign of basic intelligence." -- Chögyam Trungpa To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message