clone bug (glibc?) (Was: clone-multi-ptrace test failure)

Oleg Nesterov oleg at redhat.com
Sat Nov 28 19:04:02 UTC 2009 

(add cc's)

On 11/27, caiqian at redhat.com wrote:
>
> I have consistently reproduced the failure with clone-multi-ptrace
> with both the patched and unpatched F13 kernels.
>
> # ./clone-multi-ptrace
> clone-multi-ptrace: clone-multi-ptrace.c:205: try_to_reproduce: Assertion `((((__extension__ (((union { __typeof(status) __in; int __i; }) { .__in = (status) }).__i))) & 0xff00) >> 8) == 5' failed.
> clone-multi-ptrace: clone-multi-ptrace.c:101: handler_fail: Assertion `0' failed.
> Aborted

I can reproduce this on Jan's testing machine (thanks a lot Jan ;).

This has nothing to do with ptrace, perhaps user-space bug. The test
case fails because the traced traced gets SIGILL, but this happens
even without ptrace.

I distilled the code

	#include <asm/unistd.h>
	#include <stdlib.h>
	#include <sys/wait.h>
	#include <unistd.h>
	#include <assert.h>
	#include <stdio.h>
	#include <sched.h>

	#define THREAD_NUM	2
	#define STACK_SIZE	(16 * 1024)

	static int thread_func(void *unused)
	{
		syscall(__NR_exit, 22);
		return 0;
	}

	void try_to_reproduce (void)
	{
		int pid, status, i;

		pid = fork();
		if (pid == 0) {
			for (i = 0; i < THREAD_NUM; i++)
				clone(thread_func, malloc(STACK_SIZE) + STACK_SIZE,
					CLONE_VM | // only this flag is important
					CLONE_FS | CLONE_FILES | CLONE_SIGHAND | CLONE_THREAD | CLONE_SYSVSEM,
					NULL);

			usleep(1000);
			exit(0);
		}

		assert(pid == waitpid(pid, &status, 0));
		if (WIFEXITED(status))
			return;

		printf("\nERR!! status=%x\n", status);
		exit(1);
	}

	int main(void)
	{
		for (;;) {
			try_to_reproduce();
			printf(".");
		}

		return 0;
	}

and it quickly triggers the same problem.

The subthread (and thus the whole child process) is killed by SIGILL,
si_code == 2 (ILL_ILLOPN), the faulting instruction is "vmovdqa"
in /lib64/ld-2.11.so:_dl_x86_64_restore_sse()

        Dump of assembler code for function _dl_x86_64_restore_sse:
        0x0000003ad1e14950 <_dl_x86_64_restore_sse+0>:  cmpl   $0x0,0x20a5f9(%rip)	# +0x3ad201ef50
        0x0000003ad1e14957 <_dl_x86_64_restore_sse+7>:  js     0x3ad1e149aa <_dl_x86_64_restore_sse+90>
--->    0x0000003ad1e14959 <_dl_x86_64_restore_sse+9>:  vmovdqa %fs:0x80,%ymm0
        0x0000003ad1e14963 <_dl_x86_64_restore_sse+19>: vmovdqa %fs:0xa0,%ymm1
        0x0000003ad1e1496d <_dl_x86_64_restore_sse+29>: vmovdqa %fs:0xc0,%ymm2
        0x0000003ad1e14977 <_dl_x86_64_restore_sse+39>: vmovdqa %fs:0xe0,%ymm3
        0x0000003ad1e14981 <_dl_x86_64_restore_sse+49>: vmovdqa %fs:0x100,%ymm4
        0x0000003ad1e1498b <_dl_x86_64_restore_sse+59>: vmovdqa %fs:0x120,%ymm5
        0x0000003ad1e14995 <_dl_x86_64_restore_sse+69>: vmovdqa %fs:0x140,%ymm6
        0x0000003ad1e1499f <_dl_x86_64_restore_sse+79>: vmovdqa %fs:0x160,%ymm7
        0x0000003ad1e149a9 <_dl_x86_64_restore_sse+89>: retq
        0x0000003ad1e149aa <_dl_x86_64_restore_sse+90>: movdqa %fs:0x80,%xmm0

Stack trace:

	#0  _dl_x86_64_restore_sse () at ../sysdeps/x86_64/dl-trampoline.S:222
	222		vmovdqa %fs:RTLD_SAVESPACE_SSE+0*YMM_SIZE, %ymm0
	#0  _dl_x86_64_restore_sse () at ../sysdeps/x86_64/dl-trampoline.S:222
	#1  0x0000003ad1e0dbf5 in _dl_fixup (l=<value optimized out>, reloc_arg=<value optimized out>) at ../elf/dl-runtime.c:126
	#2  0x0000003ad1e142e5 in _dl_runtime_resolve () at ../sysdeps/x86_64/dl-trampoline.S:41
	#3  0x0000000000400855 in thread_func (unused=<value optimized out>) at CLONE.c:14
	#4  0x0000003ad22ddf3d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112

glibc-2.11-2.x86_64
kernel 2.6.31.5-127.fc12.x86_64

Oleg.

More information about the utrace-devel mailing list