(add cc's) On 11/27, caiq...@redhat.com wrote: > > I have consistently reproduced the failure with clone-multi-ptrace > with both the patched and unpatched F13 kernels. > > # ./clone-multi-ptrace > clone-multi-ptrace: clone-multi-ptrace.c:205: try_to_reproduce: Assertion > `((((__extension__ (((union { __typeof(status) __in; int __i; }) { .__in = > (status) }).__i))) & 0xff00) >> 8) == 5' failed. > clone-multi-ptrace: clone-multi-ptrace.c:101: handler_fail: Assertion `0' > failed. > Aborted
I can reproduce this on Jan's testing machine (thanks a lot Jan ;). This has nothing to do with ptrace, perhaps user-space bug. The test case fails because the traced traced gets SIGILL, but this happens even without ptrace. I distilled the code #include <asm/unistd.h> #include <stdlib.h> #include <sys/wait.h> #include <unistd.h> #include <assert.h> #include <stdio.h> #include <sched.h> #define THREAD_NUM 2 #define STACK_SIZE (16 * 1024) static int thread_func(void *unused) { syscall(__NR_exit, 22); return 0; } void try_to_reproduce (void) { int pid, status, i; pid = fork(); if (pid == 0) { for (i = 0; i < THREAD_NUM; i++) clone(thread_func, malloc(STACK_SIZE) + STACK_SIZE, CLONE_VM | // only this flag is important CLONE_FS | CLONE_FILES | CLONE_SIGHAND | CLONE_THREAD | CLONE_SYSVSEM, NULL); usleep(1000); exit(0); } assert(pid == waitpid(pid, &status, 0)); if (WIFEXITED(status)) return; printf("\nERR!! status=%x\n", status); exit(1); } int main(void) { for (;;) { try_to_reproduce(); printf("."); } return 0; } and it quickly triggers the same problem. The subthread (and thus the whole child process) is killed by SIGILL, si_code == 2 (ILL_ILLOPN), the faulting instruction is "vmovdqa" in /lib64/ld-2.11.so:_dl_x86_64_restore_sse() Dump of assembler code for function _dl_x86_64_restore_sse: 0x0000003ad1e14950 <_dl_x86_64_restore_sse+0>: cmpl $0x0,0x20a5f9(%rip) # +0x3ad201ef50 0x0000003ad1e14957 <_dl_x86_64_restore_sse+7>: js 0x3ad1e149aa <_dl_x86_64_restore_sse+90> ---> 0x0000003ad1e14959 <_dl_x86_64_restore_sse+9>: vmovdqa %fs:0x80,%ymm0 0x0000003ad1e14963 <_dl_x86_64_restore_sse+19>: vmovdqa %fs:0xa0,%ymm1 0x0000003ad1e1496d <_dl_x86_64_restore_sse+29>: vmovdqa %fs:0xc0,%ymm2 0x0000003ad1e14977 <_dl_x86_64_restore_sse+39>: vmovdqa %fs:0xe0,%ymm3 0x0000003ad1e14981 <_dl_x86_64_restore_sse+49>: vmovdqa %fs:0x100,%ymm4 0x0000003ad1e1498b <_dl_x86_64_restore_sse+59>: vmovdqa %fs:0x120,%ymm5 0x0000003ad1e14995 <_dl_x86_64_restore_sse+69>: vmovdqa %fs:0x140,%ymm6 0x0000003ad1e1499f <_dl_x86_64_restore_sse+79>: vmovdqa %fs:0x160,%ymm7 0x0000003ad1e149a9 <_dl_x86_64_restore_sse+89>: retq 0x0000003ad1e149aa <_dl_x86_64_restore_sse+90>: movdqa %fs:0x80,%xmm0 Stack trace: #0 _dl_x86_64_restore_sse () at ../sysdeps/x86_64/dl-trampoline.S:222 222 vmovdqa %fs:RTLD_SAVESPACE_SSE+0*YMM_SIZE, %ymm0 #0 _dl_x86_64_restore_sse () at ../sysdeps/x86_64/dl-trampoline.S:222 #1 0x0000003ad1e0dbf5 in _dl_fixup (l=<value optimized out>, reloc_arg=<value optimized out>) at ../elf/dl-runtime.c:126 #2 0x0000003ad1e142e5 in _dl_runtime_resolve () at ../sysdeps/x86_64/dl-trampoline.S:41 #3 0x0000000000400855 in thread_func (unused=<value optimized out>) at CLONE.c:14 #4 0x0000003ad22ddf3d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 glibc-2.11-2.x86_64 kernel 2.6.31.5-127.fc12.x86_64 Oleg.