FUTEX_CMP_REQUEUE_PI is not quite there

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Ulrich Drepper <drepper@redhat.com>
To: Pierre Peiffer <pierre.peiffer@bull.net>
Cc: Linux Kernel <linux-kernel@vger.kernel.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Dave Jones <davej@redhat.com>
Subject: FUTEX_CMP_REQUEUE_PI is not quite there
Date: Fri, 11 May 2007 23:10:47 -0700	[thread overview]
Message-ID: <46455A67.8040203@redhat.com> (raw)

I hooked up FUTEX_CMP_REQUEUE_PI here and got a kernel crash.  No serial 
console so this is the output of the screen after the machine stopped.

This is of course on x86-64.  Compiled from a rawhide-ified upstream 
kernel from two days ago.

The situation is the we requeue from a non-PI futex to a PI futex.  We 
might now actually want to change the condvar implementation to use
internally a PI futex if the mutex in use is PI, too, but this kind of 
mismatch can still happen.  I can provide binaries if necessary.


There is quite a lot of output from the kernel:

BUG: at kernel/futex.c:1665 set_pi_futex_owner()

Call Trace:
  [<ffffffff80249eee>] futex_lock_pi+0x351/0x685
  [<ffffffff8043b3cb>] _spin_lock_irqsave+0x9/0xe
  [<ffffffff803089ac>] __up_read+0x19/0x7f
  [<ffffffff8022ca81>] default_wake_function+0x0/0xe
  [<ffffffff8024b475>] do_futex+0xa68/0x10e8
  [<ffffffff8024bbe3>] sys_futex+0xee/0x10c
  [<ffffffff8043b399>] _spin_unlock_irq+0x9/0xc
  [<ffffffff80209b9e>] system_call+0x7e/0x83

BUG: at lib/plist.c:78 plist_add()

Call Trace:
  [<ffffffff8030c812>] plist_add+0x3a/0x90
  [<ffffffff80249f24>] futex_lock_pi+0x387/0x685
  [<ffffffff8043b3cb>] _spin_lock_irqsave+0x9/0xe
  [<ffffffff803089ac>] __up_read+0x19/0x7f
  [<ffffffff8022ca81>] default_wake_function+0x0/0xe
  [<ffffffff8024b475>] do_futex+0xa68/0x10e8
  [<ffffffff8024bbe3>] sys_futex+0xee/0x10c
  [<ffffffff8043b399>] _spin_unlock_irq+0x9/0xc
  [<ffffffff80209b9e>] system_call+0x7e/0x83

BUG: at kernel/futex.c:483 exit_pi_state_list()

Call Trace:
  [<ffffffff8024be47>] exit_pi_state_list+0xbe/0x11e
  [<ffffffff80235aad>] do_exit+0x801/0x84e
  [<ffffffff80235b97>] complete_and_exit+0x0/0x16
  [<ffffffff80209b9e>] system_call+0x7e/0x83

list_add corruption. prev->next should be next (ffff81001dda1cb8), but 
was ffff81006c 6e06c8. (prev=ffff81006c6e06c8).
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:33!
invalid opcode: 0000 [1] SMP
CPU 0
Pid: 15097, comm: ld-linux-x86-64 Not tainted 2.6.21-1.3145.fc7 #1
RIP: 0010:[<ffffffff8030c90a>]  [<ffffffff8030c90a>] __list_add+0x47/0x5b
RSP: 0018:ffff81003cc01e78  EFLAGS: 00010092
RAX: 0000000000000079 RBX: ffff81001dda1cb8 RCX: fffffffffffffca9
RDX: 00000000ffffffff RSI: 0000000000000282 RDI: ffffffff80559a50
RBP: ffff81001dda1cb0 R08: 00000000000000a0 R09: 0000000000000010
R10: ffff81000305dd00 R11: 0000000000000000 R12: ffff81001dda1c88
R13: 0000000000000282 R14: ffff81006c6e0080 R15: ffff810075edac78
FS:  0000000000000000(0000) GS:ffffffff8059e000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000040400eb8 CR3: 000000001c40f000 CR4: 00000000000026e0
Process ld-linux-x86-64 (pid: 15097, threadinfo ffff81003cc00000, task 
ffff81006c6e00

Stack:  ffff81006c6e06b0 ffffffff8030c7a2 ffff81006c6e07b0 ffff810075edac50
  ffff81006c6e06b0 ffffffff8043ac19 ffff81006c6e06b0 ffff810075edac40
  ffff81006c6e06b0 ffffffff8070f9f0 ffff81006c6e07b0 ffff81006c6e0080
Call Trace:
  [<ffffffff8030c7a2>] plist_del+0x3a/0x70
  [<ffffffff8043ac19>] rt_mutex_slowunlock+0x8c/0x1cd
  [<ffffffff8024be75>] exit_pi_state_list+0xec/0x11e
  [<ffffffff80235aad>] do_exit+0x801/0x84e
  [<ffffffff80235b97>] complete_and_exit+0x0/0x16
  [<ffffffff80209b9e>] system_call+0x7e/0x83


Code: 0f 0b eb fe 48 89 7e 08 48 89 37 48 89 57 08 48 89 3a 5a c3
RIP  [<ffffffff8030c90a>] __list_add+0x47/0x5b
  RSP <ffff81003cc01e78>

-- 
➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖

next             reply	other threads:[~2007-05-12  6:11 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-05-12  6:10 Ulrich Drepper [this message]
2007-05-12  6:19 ` FUTEX_CMP_REQUEUE_PI is not quite there Andrew Morton
2007-05-12  6:29   ` Ulrich Drepper
2007-06-05 16:58 ` Thomas Gleixner
2007-06-09 18:01   ` Ulrich Drepper

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=46455A67.8040203@redhat.com \
    --to=drepper@redhat.com \
    --cc=akpm@linux-foundation.org \
    --cc=davej@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pierre.peiffer@bull.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox