Crash in GMP pow_ui on Julia 1.12.0-rc2 #59629
Description
There seem to be a couple of different things happening here. There's a malloc call happening in signal handler context, which should not happen because malloc is not async-signal safe. But the reason that is happening is what looks to be a segfault in GMP?
Here's the stacktrace:
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:44
#1 __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
#2 __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
#3 0x00006100b274827e in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4 0x00006100b272b8ff in __GI_abort () at ./stdlib/abort.c:79
#5 0x00006100b272c7b6 in __libc_message_impl (fmt=fmt@entry=0x6100b28d18d7 "%s\n") at ../sysdeps/posix/libc_fatal.c:134
#6 0x00006100b27abff5 in malloc_printerr (str=str@entry=0x6100b28d4ca0 "malloc(): unaligned fastbin chunk detected") at ./malloc/malloc.c:5772
#7 0x00006100b27aee6c in _int_malloc (av=av@entry=0x6100b2906ac0 <main_arena>, bytes=bytes@entry=40) at ./malloc/malloc.c:3929
#8 0x00006100b27b187e in __libc_calloc (n=<optimized out>, elem_size=<optimized out>) at ./malloc/malloc.c:3754
#9 0x00006100b24fa6a1 in jl_getFunctionInfo_impl (frames_out=0x42124f137180, pointer=25113013664064, skipC=0, noInline=0) at /home/ubuntu/julias/v1.12.0-DEV+RAI/src/debuginfo.cpp:1266
#10 0x00000e425574d49f in jl_print_native_codeloc (pre_str=pre_str@entry=0x42124f1371f0 "signal (11) thread (1) ", ip=25113013664064) at /home/ubuntu/julias/v1.12.0-DEV+RAI/src/stackwalk.c:664
#11 0x00000e425574d9d1 in jl_print_bt_entry_codeloc (sig=sig@entry=11, bt_entry=bt_entry@entry=0x6100b2332010) at /home/ubuntu/julias/v1.12.0-DEV+RAI/src/stackwalk.c:770
#12 0x00000e425575ebbf in jl_critical_error (sig=sig@entry=11, si_code=1, context=context@entry=0x42124f137380, ct=ct@entry=0x44a078bec010) at /home/ubuntu/julias/v1.12.0-DEV+RAI/src/signal-handling.c:652
#13 0x00000e425575ee04 in sigdie_handler (sig=11, info=0x42124f1374b0, context=0x42124f137380) at /home/ubuntu/julias/v1.12.0-DEV+RAI/src/signals-unix.c:233
#14 <signal handler called>
#15 0x000016d714423940 in __gmpz_n_pow_ui () from /home/ubuntu/julias/v1.12.0-DEV+RAI/usr/bin/../lib/libgmp.so.10
#16 0x00006e3761b71c16 in pow_ui! () at gmp.jl:185
#17 julia_pow_ui_59186 () at gmp.jl:186
#18 0x00006e3761d22e7c in ^ () at gmp.jl:629
#19 julia_bigint_pow_59173 () at gmp.jl:650
#20 0x000067f658bea411 in ^ () at gmp.jl:655
#21 ^ () at /home/ubuntu/raicodes/julia-1-12-0-dev/packages/RAI_Primitives/src/numbers/numbers.jl:433
<snip>
This is reproducible in our system and I have an rr trace of this that I will share separately.
I will also try and reproduce this outside of our system.