Erlang segfaults in erts_remove_monitor

Erik Søe Sørensen eriksoe@REDACTED
Tue Dec 7 01:34:11 CET 2010 

Hi there -
while working on the distribution subsystem of Erjang, I ran into this: 
beam core dumping, reproducibly.

Setup:
(1) An Erjang node[1] is started as j@REDACTED; an Erlang node (R14B) is 
started as c@REDACTED
(2) (c@REDACTED)1> net_adm:ping(j@REDACTED).
(3) (j@REDACTED)1> global:register_name(foo, self()), throw(x).

Result:

Output from  c@ :

    Segmentation fault

Output from j@ (mostly distribution-related debugging messages):

    sending msg {global_name_server,c@REDACTED} !
    {'$gen_call',{<1.0.52>,{#Ref<j@REDACTED>,c@REDACTED}},{set_lock,{global,<1.0.52>}}}
    sending msg {global_name_server,c@REDACTED} !
    {'$gen_call',{<1.0.52>,{#Ref<j@REDACTED>,c@REDACTED}},{register,foo,<1.0.518>,#Fun<global.0.16294063>}}
    sending msg {global_name_server,c@REDACTED} !
    {'$gen_call',{<1.0.52>,{#Ref<j@REDACTED>,c@REDACTED}},{del_lock,{global,<1.0.52>}}}
    ** exception throw: x
          in function  apply/3
    [snip stack trace]

Reproducing the problem with GDB attached reveals this:

    Program received signal SIGSEGV, Segmentation fault.
    [Switching to Thread 0xb6413b70 (LWP 4282)]
    erts_remove_monitor (root=0x94495b0, ref=587) at beam/erl_monitors.c:615
    615        } else if ((c = CMP_MON_REF(ref,(*this)->ref)) < 0) {

with the stack trace

    #0  erts_remove_monitor (root=0x94495b0, ref=587) at
    beam/erl_monitors.c:615
    #1  0x081021d1 in erts_net_message (prt=0xb75adb60, dep=0x9449530,
    hbuf=0x0,
         hlen=0, buf=0x946aabc "\203D", len=57) at beam/dist.c:1274
    #2  0x080d0b6e in driver_output2 (ix=609, hbuf=0x946aabc "\203D",
    hlen=57,
         buf=0x0, len=0) at beam/io.c:3277
    #3  0x081adede in inet_port_data (desc=0x94a9388, len=61)
         at drivers/common/inet_drv.c:1889
    #4  tcp_reply_data (desc=0x94a9388, len=61) at
    drivers/common/inet_drv.c:3174
    #5  tcp_deliver (desc=0x94a9388, len=61) at
    drivers/common/inet_drv.c:7916
    [snip]


I don't know what to look for here, but...:

    (gdb) print this
    $1 = (ErtsMonitor **) 0x94495b0
    (gdb) print *this
    $2 = (ErtsMonitor *) 0xb761f77c
    (gdb) print (*this)->ref
    $3 = 3076650902
    (gdb) print c
    $4 = <value optimised out>
    (gdb) print ref
    $5 = 587

As far as I can tell, ref is the odd value here (should be pointer-like, 
right?).

Hoping this will make sense to someone,
Erik Søe Sørensen

[1] Erjang version in question is this one: 
https://github.com/eriksoe/erjang/commit/637f9d9fca97901b941a7ef6b1bbba95ddc98094

More information about the erlang-bugs mailing list