(add cc's)
On 11/27, caiq...@redhat.com wrote:
>
> I have consistently reproduced the failure with clone-multi-ptrace
> with both the patched and unpatched F13 kernels.
>
> # ./clone-multi-ptrace
> clone-multi-ptrace: clone-multi-ptrace.c:205: try_to_reproduce: Assertion
> `((((__extension__ (((union { __typeof(status) __in; int __i; }) { .__in =
> (status) }).__i))) & 0xff00) >> 8) == 5' failed.
> clone-multi-ptrace: clone-multi-ptrace.c:101: handler_fail: Assertion `0'
> failed.
> Aborted
I can reproduce this on Jan's testing machine (thanks a lot Jan ;).
This has nothing to do with ptrace, perhaps user-space bug. The test
case fails because the traced traced gets SIGILL, but this happens
even without ptrace.
I distilled the code
#include <asm/unistd.h>
#include <stdlib.h>
#include <sys/wait.h>
#include <unistd.h>
#include <assert.h>
#include <stdio.h>
#include <sched.h>
#define THREAD_NUM 2
#define STACK_SIZE (16 * 1024)
static int thread_func(void *unused)
{
syscall(__NR_exit, 22);
return 0;
}
void try_to_reproduce (void)
{
int pid, status, i;
pid = fork();
if (pid == 0) {
for (i = 0; i < THREAD_NUM; i++)
clone(thread_func, malloc(STACK_SIZE) +
STACK_SIZE,
CLONE_VM | // only this flag is
important
CLONE_FS | CLONE_FILES | CLONE_SIGHAND
| CLONE_THREAD | CLONE_SYSVSEM,
NULL);
usleep(1000);
exit(0);
}
assert(pid == waitpid(pid, &status, 0));
if (WIFEXITED(status))
return;
printf("\nERR!! status=%x\n", status);
exit(1);
}
int main(void)
{
for (;;) {
try_to_reproduce();
printf(".");
}
return 0;
}
and it quickly triggers the same problem.
The subthread (and thus the whole child process) is killed by SIGILL,
si_code == 2 (ILL_ILLOPN), the faulting instruction is "vmovdqa"
in /lib64/ld-2.11.so:_dl_x86_64_restore_sse()
Dump of assembler code for function _dl_x86_64_restore_sse:
0x0000003ad1e14950 <_dl_x86_64_restore_sse+0>: cmpl
$0x0,0x20a5f9(%rip) # +0x3ad201ef50
0x0000003ad1e14957 <_dl_x86_64_restore_sse+7>: js 0x3ad1e149aa
<_dl_x86_64_restore_sse+90>
---> 0x0000003ad1e14959 <_dl_x86_64_restore_sse+9>: vmovdqa %fs:0x80,%ymm0
0x0000003ad1e14963 <_dl_x86_64_restore_sse+19>: vmovdqa %fs:0xa0,%ymm1
0x0000003ad1e1496d <_dl_x86_64_restore_sse+29>: vmovdqa %fs:0xc0,%ymm2
0x0000003ad1e14977 <_dl_x86_64_restore_sse+39>: vmovdqa %fs:0xe0,%ymm3
0x0000003ad1e14981 <_dl_x86_64_restore_sse+49>: vmovdqa %fs:0x100,%ymm4
0x0000003ad1e1498b <_dl_x86_64_restore_sse+59>: vmovdqa %fs:0x120,%ymm5
0x0000003ad1e14995 <_dl_x86_64_restore_sse+69>: vmovdqa %fs:0x140,%ymm6
0x0000003ad1e1499f <_dl_x86_64_restore_sse+79>: vmovdqa %fs:0x160,%ymm7
0x0000003ad1e149a9 <_dl_x86_64_restore_sse+89>: retq
0x0000003ad1e149aa <_dl_x86_64_restore_sse+90>: movdqa %fs:0x80,%xmm0
Stack trace:
#0 _dl_x86_64_restore_sse () at ../sysdeps/x86_64/dl-trampoline.S:222
222 vmovdqa %fs:RTLD_SAVESPACE_SSE+0*YMM_SIZE, %ymm0
#0 _dl_x86_64_restore_sse () at ../sysdeps/x86_64/dl-trampoline.S:222
#1 0x0000003ad1e0dbf5 in _dl_fixup (l=<value optimized out>,
reloc_arg=<value optimized out>) at ../elf/dl-runtime.c:126
#2 0x0000003ad1e142e5 in _dl_runtime_resolve () at
../sysdeps/x86_64/dl-trampoline.S:41
#3 0x0000000000400855 in thread_func (unused=<value optimized out>) at
CLONE.c:14
#4 0x0000003ad22ddf3d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:112
glibc-2.11-2.x86_64
kernel 2.6.31.5-127.fc12.x86_64
Oleg.
