Date: Thu, 12 Dec 2024 19:38:11 +0000
On Thu, 12 Dec 2024 at 19:36, Jonathan Wakely <cxx_at_[hidden]> wrote:
>
>
> On Thu, 12 Dec 2024 at 18:34, Phil Bouchard via Std-Proposals <
> std-proposals_at_[hidden]> wrote:
>
>> Yeah thanks. I am able to reproduce it as well with some derived code.
>>
>> The problem with GNU Bugzilla is all my email addresses are filtered out
>> by their SpamAssassin for some reason.
>>
>
> What does that mean?
>
I don't know what "the GNU Bugzilla" is, but you already have an account in
GCC's bugzilla. I don't know about the Glibc bugzilla at sourceware (I
don't have admin rights on that one to check).
>
>>
>> So anybody else is welcome to report this bug otherwise I'll try again
>> tonight.
>>
>>
>> Thanks a lot,
>>
>> --
>> [image: Logo] <https://www.fornux.com/>
>> *Phil Bouchard* [image: facebook icon]
>> <https://www.linkedin.com/in/phil-bouchard-5723a910/>
>> Founder & CEO
>> T: (819) 328-4743
>> E: phil_at_[hidden] | www.fornux.com
>> 320-345 de la Gauchetière Ouest | Montréal (Qc), H2Z 0A2 Canada
>> [image: Banner] <https://static.fornux.com/c-superset/>Le message
>> ci-dessus, ainsi que les documents l'accompagnant, sont destinés uniquement
>> aux personnes identifiées et peuvent contenir des informations
>> privilégiées, confidentielles ou ne pouvant être divulguées. Si vous avez
>> reçu ce message par erreur, veuillez le détruire.
>> This communication (and/or the attachments) is intended for named
>> recipients only and may contain privileged or confidential information
>> which is not to be disclosed. If you received this communication by mistake
>> please destroy all copies.
>>
>> On Dec 12, 2024, at 8:47 AM, Thiago Macieira via Std-Proposals <
>> std-proposals_at_[hidden]> wrote:
>>
>> On Thursday 12 December 2024 00:33:28 Brasilia Standard Time Jeremy
>> Rifkin via
>> Std-Proposals wrote:
>>
>> I was able to get it to segfault a couple times. So, there does seem to be
>>
>> something here but it does not seem to be a standards issue.
>>
>>
>> So could I. It took 15 minutes running to get to one, but I did get a
>> crash.
>>
>> Program terminated with signal SIGSEGV, Segmentation fault.
>> #0 ___pthread_detach (th=140624175019712) at pthread_detach.c:48
>>
>> https://codebrowser.dev/glibc/glibc/nptl/pthread_detach.c.html#48
>>
>> 0x00007fe5af499490 <+18>: lock cmpxchg %rdi,0x620(%rdi)
>> 0x00007fe5af499499 <+27>: jne 0x7fe5af4994c6
>> => 0x00007fe5af49949b <+29>: testb $0x10,0x308(%rdi)
>>
>> Given we executed that cmpxchg on %rdi+0x620, %rdi was valid on function
>> entry, but has become invalid between those two instructions.
>>
>> There's indeed another thread which GDB identifies as having this
>> pthread_t id,
>> that is exiting and is in madvise()
>> (gdb) bt
>> #0 0x00007fe5af518c8b in __GI_madvise () at ../sysdeps/unix/syscall-
>> template.S:117
>> #1 0x00007fe5af49840a in advise_stack_range (mem=0x7fe56d7fb000,
>> size=8392704, pd=140623369713344, guardsize=<optimized out>)
>> at /usr/src/debug/glibc-2.40/nptl/allocatestack.c:194
>> #2 start_thread (arg=<optimized out>) at pthread_create.c:553
>>
>> The value of pd matches this pthread_detach.
>>
>> I don't think the race is with the madvise(), unless we have a kernel
>> bug.
>> __madvise (mem, freesize - PTHREAD_STACK_MIN, MADV_DONTNEED);
>>
>> MADV_DONTNEED says a new access will be successful and the addresses it
>> advised on are nowhere near the crashing address.
>>
>> There may be a three-way race instead because the TCBs are reused.
>>
>> Anyway, Phil needs to file a bug.
>>
>> --
>> Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
>> Principal Engineer - Intel DCAI Platform & System Engineering
>>
>>
>>
>> --
>> Std-Proposals mailing list
>> Std-Proposals_at_[hidden]
>> https://lists.isocpp.org/mailman/listinfo.cgi/std-proposals
>>
>> --
>> Std-Proposals mailing list
>> Std-Proposals_at_[hidden]
>> https://lists.isocpp.org/mailman/listinfo.cgi/std-proposals
>>
>
>
>
> On Thu, 12 Dec 2024 at 18:34, Phil Bouchard via Std-Proposals <
> std-proposals_at_[hidden]> wrote:
>
>> Yeah thanks. I am able to reproduce it as well with some derived code.
>>
>> The problem with GNU Bugzilla is all my email addresses are filtered out
>> by their SpamAssassin for some reason.
>>
>
> What does that mean?
>
I don't know what "the GNU Bugzilla" is, but you already have an account in
GCC's bugzilla. I don't know about the Glibc bugzilla at sourceware (I
don't have admin rights on that one to check).
>
>>
>> So anybody else is welcome to report this bug otherwise I'll try again
>> tonight.
>>
>>
>> Thanks a lot,
>>
>> --
>> [image: Logo] <https://www.fornux.com/>
>> *Phil Bouchard* [image: facebook icon]
>> <https://www.linkedin.com/in/phil-bouchard-5723a910/>
>> Founder & CEO
>> T: (819) 328-4743
>> E: phil_at_[hidden] | www.fornux.com
>> 320-345 de la Gauchetière Ouest | Montréal (Qc), H2Z 0A2 Canada
>> [image: Banner] <https://static.fornux.com/c-superset/>Le message
>> ci-dessus, ainsi que les documents l'accompagnant, sont destinés uniquement
>> aux personnes identifiées et peuvent contenir des informations
>> privilégiées, confidentielles ou ne pouvant être divulguées. Si vous avez
>> reçu ce message par erreur, veuillez le détruire.
>> This communication (and/or the attachments) is intended for named
>> recipients only and may contain privileged or confidential information
>> which is not to be disclosed. If you received this communication by mistake
>> please destroy all copies.
>>
>> On Dec 12, 2024, at 8:47 AM, Thiago Macieira via Std-Proposals <
>> std-proposals_at_[hidden]> wrote:
>>
>> On Thursday 12 December 2024 00:33:28 Brasilia Standard Time Jeremy
>> Rifkin via
>> Std-Proposals wrote:
>>
>> I was able to get it to segfault a couple times. So, there does seem to be
>>
>> something here but it does not seem to be a standards issue.
>>
>>
>> So could I. It took 15 minutes running to get to one, but I did get a
>> crash.
>>
>> Program terminated with signal SIGSEGV, Segmentation fault.
>> #0 ___pthread_detach (th=140624175019712) at pthread_detach.c:48
>>
>> https://codebrowser.dev/glibc/glibc/nptl/pthread_detach.c.html#48
>>
>> 0x00007fe5af499490 <+18>: lock cmpxchg %rdi,0x620(%rdi)
>> 0x00007fe5af499499 <+27>: jne 0x7fe5af4994c6
>> => 0x00007fe5af49949b <+29>: testb $0x10,0x308(%rdi)
>>
>> Given we executed that cmpxchg on %rdi+0x620, %rdi was valid on function
>> entry, but has become invalid between those two instructions.
>>
>> There's indeed another thread which GDB identifies as having this
>> pthread_t id,
>> that is exiting and is in madvise()
>> (gdb) bt
>> #0 0x00007fe5af518c8b in __GI_madvise () at ../sysdeps/unix/syscall-
>> template.S:117
>> #1 0x00007fe5af49840a in advise_stack_range (mem=0x7fe56d7fb000,
>> size=8392704, pd=140623369713344, guardsize=<optimized out>)
>> at /usr/src/debug/glibc-2.40/nptl/allocatestack.c:194
>> #2 start_thread (arg=<optimized out>) at pthread_create.c:553
>>
>> The value of pd matches this pthread_detach.
>>
>> I don't think the race is with the madvise(), unless we have a kernel
>> bug.
>> __madvise (mem, freesize - PTHREAD_STACK_MIN, MADV_DONTNEED);
>>
>> MADV_DONTNEED says a new access will be successful and the addresses it
>> advised on are nowhere near the crashing address.
>>
>> There may be a three-way race instead because the TCBs are reused.
>>
>> Anyway, Phil needs to file a bug.
>>
>> --
>> Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
>> Principal Engineer - Intel DCAI Platform & System Engineering
>>
>>
>>
>> --
>> Std-Proposals mailing list
>> Std-Proposals_at_[hidden]
>> https://lists.isocpp.org/mailman/listinfo.cgi/std-proposals
>>
>> --
>> Std-Proposals mailing list
>> Std-Proposals_at_[hidden]
>> https://lists.isocpp.org/mailman/listinfo.cgi/std-proposals
>>
>
Received on 2024-12-12 19:39:32