This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug nptl/19004] tst-robust8 fails intermittently on x86_64


https://sourceware.org/bugzilla/show_bug.cgi?id=19004

--- Comment #5 from Paulo Andrade <paulo.cesar.pereira.de.andrade at gmail dot com> ---
  Adding extra kernel probes to handle_futex_death, mm_release and
exit_robust_list, it appears the robust list is in an inconsistent
state in exit_robust_list(), passing an invalid "user" pointer to
handle_futex_death(). This appears to happen when "pending" is not
null in exit_robust_list.

  Extra sample log, of the previous working process, and the one
locking:

[1648] > syscall.set_robust_list(head=0x7ff55806fa20 len=0x18)
[1648] < syscall.set_robust_list() return=0x0
[755]  signal.send SIGTERM to 1648
[1648] > __pthread_mutex_lock(mutex=0x7ff558093000)
[755] > __pthread_mutex_lock(mutex=0x7ff558093000)
[1648]  do_exit(code=0xf)
[755] > __pthread_mutex_lock_full(mutex=0x7ff558093000)
[1648]  exit_mm(tsk=0xffff8800d252e780)
[755] < 0x400f98() return=0x0
[1648] > mm_release(tsk=0xffff8800d252e780 mm=0xffff88019a64e400)
[755] < 0x400f98() return=0x0
[755] > syscall.wait4(upid=0x670 stat_addr=0x7ffdb7e2e80c options=0x0 ru=0x0)
[1648] > exit_robust_list(curr=0xffff8800d252e780)
head = 0x7ff55806fa20
entry = 0x7ff558093020
futex_offset = -32
pending = 0x0
[755] > schedule()
[1648] > handle_futex_death(uaddr=0x7ff558093000 curr=0xffff8800d252e780
pi=0x0)
[1648] < handle_futex_death() return=0x0
[1648]   exit_robust_list locals head=? entry=? next_entry=? pending=? limit=?
pi=? pip=0x0 next_pi=? futex_offset=? rc=?
RIP: ffffffff81078553
RSP: ffff880118a63cd0  EFLAGS: 00000282
RAX: 0000000000000000 RBX: ffff88019a64e400 RCX: ffff880118a63fd8
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8800d252e780
RBP: ffff880118a63ce0 R08: 0000000000000000 R09: 000000018020001f
R10: ffffea000c1e6400 R11: 0000000000000004 R12: ffff8800d252e780
R13: ffff8800d252e780 R14: ffff88011df60100 R15: ffff8800d252e780
FS:  00007ff55806f740(0000) GS:ffff88031e280000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ff557955290 CR3: 00000002881d4000 CR4: 00000000001407e0
[1648] < exit_robust_list() 
[1648] < mm_release() 
[1648]  signal.send SIGCHLD to 755
[1648] > schedule()
[755] < schedule() 
[755] < syscall.wait4() return=0x670
[755] > schedule()
[1649] > syscall.set_robust_list(head=0x7ff55806fa20 len=0x18)
[1649] < syscall.set_robust_list() return=0x0
[1649] > __pthread_mutex_lock(mutex=0x7ff558093000)
[1649] > __pthread_mutex_lock_full(mutex=0x7ff558093000)
[1649] > syscall.futex(uaddr=0x7ff558093000 op=0x0 val=0x800002f3 utime=0x0
uaddr2=0x80 val3=0x0)
[1649] > futex_wait(uaddr=0x7ff558093000 flags=0x1 val=0x800002f3 abs_time=0x0
bitset=0xffffffff)
[1649] > futex_wait_setup(uaddr=0x7ff558093000 val=0x800002f3 flags=0x1
q=0xffff8801a2b0bdc8 hb=0xffff8801a2b0bd58)
[1649] < futex_wait() return=0x0
[1649] > futex_wait_queue_me(hb=0xffffc9000189fb00 q=0xffff8801a2b0bdc8
timeout=0x0)
[1649] > schedule()
[755] > pthread_mutex_unlock(mutex=0x7ff558093000)
[755] > pthread_mutex_unlock(decr=0x1 mutex=0x7ff558093000)
[755] > __pthread_mutex_unlock_full(mutex=0x7ff558093000 decr=0x1)
[755] > syscall.futex(uaddr=0x7ff558093000 op=0x1 val=0x1 utime=0x0
uaddr2=0x7ff558093000 val3=0x8)
[755] < syscall.futex() return=0x1
[1649] < schedule() 
[755] < 0x400fed() return=0x0
[755] < 0x400fed() return=0x0
[1649] < futex_wait() 
[1649] < do_futex() return=0x0
[1649] < syscall.futex() return=0x0
[755]  signal.send SIGTERM to 1649
[1649]  do_exit(code=0xf)
[755] > __pthread_mutex_lock(mutex=0x7ff558093000)
[755] > __pthread_mutex_lock_full(mutex=0x7ff558093000)
[1649]  exit_mm(tsk=0xffff8800d252a280)
[755] > syscall.futex(uaddr=0x7ff558093000 op=0x0 val=0x80000671 utime=0x0
uaddr2=0x80 val3=0x0)
[1649] > mm_release(tsk=0xffff8800d252a280 mm=0xffff88019a649f40)
[755] > futex_wait(uaddr=0x7ff558093000 flags=0x1 val=0x80000671 abs_time=0x0
bitset=0xffffffff)
[1649] > exit_robust_list(curr=0xffff8800d252a280)
head = 0x7ff55806fa20
entry = 0x7ff558093020
futex_offset = -32
pending = 0x7ff558093020
[755] > futex_wait_setup(uaddr=0x7ff558093000 val=0x80000671 flags=0x1
q=0xffff880115593dc8 hb=0xffff880115593d58)
[755] < futex_wait() return=0x0
[1649] > handle_futex_death(uaddr=0xffffffffffffffe0 curr=0xffff8800d252a280
pi=0x0)
[755] > futex_wait_queue_me(hb=0xffffc9000189fb00 q=0xffff880115593dc8
timeout=0x0)
[1649] < handle_futex_death() return=0xffffffffffffffff
[755] > schedule()
[1649]   exit_robust_list locals head=? entry=? next_entry=? pending=? limit=?
pi=? pip=0x0 next_pi=? futex_offset=? rc=?
RIP: ffffffff81078553
RSP: ffff8801a2b0bcd0  EFLAGS: 00000282
RAX: 00000000ffffffff RBX: ffff88019a649f40 RCX: ffff8801a2b0bfd8
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffffe0
RBP: ffff8801a2b0bce0 R08: 0000000000000000 R09: 000000018020001e
R10: ffffea000c1e6400 R11: 0000000000000004 R12: ffff8800d252a280
R13: ffff8800d252a280 R14: ffff88011df60100 R15: ffff8800d252a280
FS:  00007ff55806f740(0000) GS:ffff88031e280000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000002a337b000 CR4: 00000000001407e0
[1649] < exit_robust_list() 
[1649] < mm_release() 
[1649]  signal.send SIGCHLD to 755
[1649] > schedule()

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]