Created
September 15, 2020 15:47
-
-
Save bstreiff/f5d54142e3dd3bf2ee3c6654056f93f5 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| fixup_pi_state_owner (uaddr=0x120ad38, argowner=0x0 <irq_stack_union>, q=<optimized out>, q=<optimized out>) | |
| at /home/bstreiff/git/linux-rmb-hack/kernel/futex.c:2317 | |
| 2317 /home/bstreiff/git/linux-rmb-hack/kernel/futex.c: No such file or directory. | |
| (gdb) bt | |
| #0 fixup_pi_state_owner (uaddr=0x120ad38, argowner=0x0 <irq_stack_union>, q=<optimized out>, q=<optimized out>) | |
| at /home/bstreiff/git/linux-rmb-hack/kernel/futex.c:2317 | |
| #1 0xffffffff810c0001 in fixup_owner (uaddr=<optimized out>, q=<optimized out>, locked=0) | |
| at /home/bstreiff/git/linux-rmb-hack/kernel/futex.c:2454 | |
| #2 0xffffffff810c1000 in futex_wait_requeue_pi (uaddr=<optimized out>, flags=<optimized out>, val=<optimized out>, | |
| abs_time=<optimized out>, uaddr2=<optimized out>, bitset=<optimized out>) | |
| at /home/bstreiff/git/linux-rmb-hack/kernel/futex.c:3250 | |
| #3 0xffffffff810c2317 in do_futex (uaddr=<optimized out>, op=<optimized out>, val=22270121, timeout=<optimized out>, | |
| uaddr2=0x120ad38, val2=0, val3=4294967295) at /home/bstreiff/git/linux-rmb-hack/kernel/futex.c:3569 | |
| #4 0xffffffff810c2eb4 in SYSC_futex (val3=<optimized out>, uaddr2=<optimized out>, utime=<optimized out>, | |
| val=<optimized out>, op=<optimized out>, uaddr=<optimized out>) | |
| at /home/bstreiff/git/linux-rmb-hack/kernel/futex.c:3610 | |
| #5 SyS_futex (uaddr=-131939454343184, op=<optimized out>, val=<optimized out>, utime=0, uaddr2=<optimized out>, | |
| val3=<optimized out>) at /home/bstreiff/git/linux-rmb-hack/kernel/futex.c:3580 | |
| #6 0xffffffff81001a1b in do_syscall_64 (regs=0xffff880073b127f0) | |
| at /home/bstreiff/git/linux-rmb-hack/arch/x86/entry/common.c:287 | |
| #7 0xffffffff815df246 in entry_SYSCALL64_slow_path () | |
| at /home/bstreiff/git/linux-rmb-hack/arch/x86/entry/entry_64.S:251 | |
| #8 0x0000000000000000 in ?? () | |
| (gdb) print pi_state | |
| $1 = <optimized out> | |
| (gdb) print &pi_state | |
| Can't take address of "pi_state" which isn't an lvalue. | |
| (gdb) print q->pi_state | |
| value has been optimized out | |
| (gdb) up | |
| #1 0xffffffff810c0001 in fixup_owner (uaddr=<optimized out>, q=<optimized out>, locked=0) | |
| at /home/bstreiff/git/linux-rmb-hack/kernel/futex.c:2454 | |
| 2454 in /home/bstreiff/git/linux-rmb-hack/kernel/futex.c | |
| (gdb) up | |
| #2 0xffffffff810c1000 in futex_wait_requeue_pi (uaddr=<optimized out>, flags=<optimized out>, val=<optimized out>, | |
| abs_time=<optimized out>, uaddr2=<optimized out>, bitset=<optimized out>) | |
| at /home/bstreiff/git/linux-rmb-hack/kernel/futex.c:3250 | |
| 3250 in /home/bstreiff/git/linux-rmb-hack/kernel/futex.c | |
| (gdb) print q | |
| $2 = {list = {prio = 100, | |
| prio_list = {next = 0xffffc90004917cf0, prev = 0xffffc90004917cf0}, | |
| node_list = {next = 0xffffc900005fb638, prev = 0xffffc90004917d00}}, | |
| task = 0xffff880076a05240, | |
| lock_ptr = 0xffffc900005fb608, | |
| key = {shared = {pgoff = 18915328, inode = 0xffff88007302c000, offset = 3384}, | |
| private = {address = 18915328, mm = 0xffff88007302c000, offset = 3384}, | |
| both = {word = 18915328, ptr = 0xffff88007302c000, offset = 3384}}, | |
| pi_state = 0xffff880073b127e0, | |
| rt_waiter = 0xffffc9000439fc38, | |
| requeue_pi_key = 0xffffc9000439fc20, | |
| bitset = 4294967295} | |
| (gdb) print q->pi_state | |
| $3 = (struct futex_pi_state *) 0xffff880073b127e0 | |
| (gdb) print *(q->pi_state) | |
| $4 = {list = {next = 0xffff880076a059a8, prev = 0xffff880076a059a8}, | |
| pi_mutex = {wait_lock = {raw_lock = {val = {counter = 257}}}, | |
| waiters = {rb_node = 0xffffc90004917c38}, | |
| waiters_leftmost = 0xffffc90004917c38, | |
| owner = 0x1 <irq_stack_union+1>, | |
| save_state = 0}, | |
| owner = 0xffff880076a05240, | |
| refcount = {counter = 2}, | |
| key = {shared = {pgoff = 18915328, inode = 0xffff88007302c000, offset = 3384}, | |
| private = {address = 18915328, mm = 0xffff88007302c000, offset = 3384}, | |
| both = {word = 18915328, ptr = 0xffff88007302c000, offset = 3384}}} | |
| (gdb) print *(q->rt_waiter) | |
| $25 = {tree_entry = {__rb_parent_color = 18446683600640932920, | |
| rb_right = 0x0 <irq_stack_union>, | |
| rb_left = 0xffffc90004917c38}, | |
| pi_tree_entry = {__rb_parent_color = 18446683600640932944, | |
| rb_right = 0x0 <irq_stack_union>, | |
| rb_left = 0x0 <irq_stack_union>}, | |
| task = 0xffff880076a05240, | |
| lock = 0xffff880073b127f0, | |
| savestate = false, | |
| prio = 120, | |
| deadline = 0} | |
| futex.c:3250 is the fixup_owner call with this comment: | |
| "Fixup the pi_state owner and possibly acquire the lock if we haven't already." | |
| res = fixup_owner(uaddr2, &q, !ret) | |
| "ret" is optimized out so unclear what it is | |
| we're in: | |
| if (q->pi_state->owner == current) { | |
| ret = fixup_pi_state_owner(uaddr, q, NULL); | |
| goto out; | |
| } | |
| "locked" is supposedly 0 (so 'ret' above is nonzero) | |
| oldowner = 0xffff880076a05240 | |
| pi_state->pi_mutex->owner == 0x1 (RT_MUTEX_HAS_WAITERS but with no other bits for an owner?) | |
| supposedly this in the state: "lock is free and has waiters and the top waiter is going to take the lock" | |
| (gdb) p *(struct task_struct*)0xffff880076a05240 | |
| $2 = {thread_info = {flags = 136, preempt_lazy_count = 1}, | |
| state = 0, | |
| saved_state = 0, | |
| stack = 0xffffc9000439c000, | |
| usage = {counter = 2}, | |
| flags = 4210944, | |
| ptrace = 0, | |
| wake_entry = {next = 0x0 <irq_stack_union>}, | |
| on_cpu = 1, | |
| cpu = 0, | |
| wakee_flips = 28, | |
| wakee_flip_decay_ts = 4301997111, | |
| last_wakee = 0xffff8800732fbac0, | |
| wake_cpu = 0, | |
| on_rq = 1, | |
| prio = 120, | |
| static_prio = 120, | |
| normal_prio = 120, | |
| rt_priority = 0, | |
| sched_class = 0xffffffff8160efc0 <fair_sched_class>, | |
| se = {load = {weight = 1048576, inv_weight = 4194304}, | |
| run_node = {__rb_parent_color = 1, rb_right = 0xffff8800732fa3d0, rb_left = 0x0 <irq_stack_union>}, | |
| group_node = {next = 0xffff880069417440, prev = 0xffff8800732fa3e8}, | |
| on_rq = 1, | |
| exec_start = 70617837039446, | |
| sum_exec_runtime = 10317302249532, | |
| vruntime = 15443205636573, | |
| prev_sum_exec_runtime = 10317302249532, | |
| nr_migrations = 281800, | |
| avg = {last_update_time = 70617837039446, load_sum = 32055662, util_sum = 15417826, period_contrib = 274, load_avg = 671, util_avg = 322}}, | |
| rt = {run_list = {next = 0xffff880076a05380, prev = 0xffff880076a05380}, | |
| timeout = 0, | |
| watchdog_stamp = 0, | |
| time_slice = 10, | |
| on_rq = 0, | |
| on_list = 0, | |
| back = 0x0 <irq_stack_union>}, | |
| dl = {rb_node = {__rb_parent_color = 18446612134304437168, rb_right = 0x0 <irq_stack_union>, rb_left = 0x0 <irq_stack_union>}, | |
| dl_runtime = 0, | |
| dl_deadline = 0, | |
| dl_period = 0, | |
| dl_bw = 0, | |
| runtime = 0, | |
| deadline = 0, flags = 0, dl_throttled = 0, dl_boosted = 0, dl_yielded = 0, | |
| dl_timer = {node = {node = {__rb_parent_color = 18446612134304437256, rb_right = 0x0 <irq_stack_union>, rb_left = 0x0 <irq_stack_union>}, | |
| expires = {tv64 = 0}}, | |
| _softexpires = {tv64 = 0}, | |
| function = 0xffffffff81092db0 <dl_task_timer>, | |
| base = 0xffff88006950ff00, | |
| state = 0 '\000', | |
| cb_entry = {next = 0xffff880076a05448, prev = 0xffff880076a05448}, | |
| irqsafe = 1, | |
| is_rel = 0 '\000'}}, | |
| policy = 0, | |
| migrate_disable = 1, | |
| migrate_disable_update = 0, | |
| nr_cpus_allowed = 2, | |
| cpus_allowed = {bits = {3}}, | |
| rcu_read_lock_nesting = 1, | |
| rcu_read_unlock_special = {b = {blocked = 0 '\000', need_qs = 0 '\000', exp_need_qs = 0 '\000', pad = 0 '\000'}, s = 0}, | |
| rcu_node_entry = {next = 0xffff880076a05480, prev = 0xffff880076a05480}, | |
| rcu_blocked_node = 0x0 <irq_stack_union>, | |
| tasks = {next = 0xffff8800739d8258, prev = 0xffff88007300c8d8}, | |
| pushable_tasks = {prio = 93, | |
| prio_list = {next = 0xffff880076a054b0, prev = 0xffff880076a054b0}, | |
| node_list = {next = 0xffff880076a054c0, prev = 0xffff880076a054c0}}, | |
| pushable_dl_tasks = {__rb_parent_color = 18446612134304437456, rb_right = 0x0 <irq_stack_union>, rb_left = 0x0 <irq_stack_union>}, | |
| mm = 0xffff88007302c000, | |
| active_mm = 0xffff88007302c000, | |
| vmacache_seqnum = 225, | |
| vmacache = {0x0 <irq_stack_union>, 0xffff8800731aacf0, 0xffff880073061e60, 0x0 <irq_stack_union>}, | |
| rss_stat = {events = 0, count = {0, 0, 0, 0}}, | |
| exit_state = 0, | |
| exit_code = 0, | |
| exit_signal = 17, | |
| pdeath_signal = 0, | |
| jobctl = 0, | |
| personality = 4194304, | |
| sched_reset_on_fork = 0, | |
| sched_contributes_to_load = 0, | |
| sched_migrated = 0, | |
| sched_remote_wakeup = 0, | |
| in_execve = 0, | |
| in_iowait = 0, | |
| restore_sigmask = 0, | |
| no_cgroup_migration = 0, | |
| atomic_flags = 0, | |
| restart_block = {fn = 0xffffffff81067b80 <do_no_restart_syscall>, | |
| {futex = {uaddr = 0x0 <irq_stack_union>, val = 0, flags = 0, bitset = 0, time = 0, uaddr2 = 0x0 <irq_stack_union>}, | |
| nanosleep = {clockid = 0, rmtp = 0x0 <irq_stack_union>, compat_rmtp = 0x0 <irq_stack_union>, expires = 0}, | |
| poll = {ufds = 0x0 <irq_stack_union>, nfds = 0, has_timeout = 0, tv_sec = 0, tv_nsec = 0}}}, | |
| pid = 1670, | |
| tgid = 1670, | |
| real_parent = 0xffff88007300c680, | |
| parent = 0xffff88007300c680, | |
| children = {next = 0xffff880076a055b0, prev = 0xffff880076a055b0}, | |
| sibling = {next = 0xffff88007300c9f0, prev = 0xffff88007300c9f0}, | |
| group_leader = 0xffff880076a05240, | |
| ptraced = {next = 0xffff880076a055d8, prev = 0xffff880076a055d8}, | |
| ptrace_entry = {next = 0xffff880076a055e8, prev = 0xffff880076a055e8}, | |
| pids = {{node = {next = 0x0 <irq_stack_union>, pprev = 0xffff8800730e5088}, pid = 0xffff8800730e5080}, | |
| {node = {next = 0x0 <irq_stack_union>, pprev = 0xffff8800730e5090}, pid = 0xffff8800730e5080}, | |
| {node = {next = 0x0 <irq_stack_union>, pprev = 0xffff8800730e5098}, pid = 0xffff8800730e5080}}, | |
| thread_group = {next = 0xffff8800731d0400, prev = 0xffff880073ff0fc0}, | |
| thread_node = {next = 0xffff8800731d0410, prev = 0xffff88007253f750}, | |
| vfork_done = 0x0 <irq_stack_union>, | |
| set_child_tid = 0x7f95222f2e90, | |
| clear_child_tid = 0x7f3b033015d0, | |
| utime = 9587100000000, | |
| stime = 766280000000, | |
| utimescaled = 9587100000000, | |
| stimescaled = 766280000000, | |
| gtime = 0, | |
| prev_cputime = {utime = 0, stime = 0, | |
| lock = {raw_lock = {val = {counter = 0}}}}, | |
| vtime_seqcount = {sequence = 0}, | |
| vtime_snap = 0, | |
| vtime_snap_whence = VTIME_INACTIVE, | |
| nvcsw = 37030458, | |
| nivcsw = 27071090, | |
| start_time = 13829344080, | |
| real_start_time = 13829344320, | |
| min_flt = 48121, | |
| maj_flt = 92, | |
| cputime_expires = {utime = 0, stime = 0, sum_exec_runtime = 0}, | |
| cpu_timers = {{next = 0xffff880076a05718, prev = 0xffff880076a05718}, | |
| {next = 0xffff880076a05728, prev = 0xffff880076a05728}, | |
| {next = 0xffff880076a05738, prev = 0xffff880076a05738}}, | |
| posix_timer_list = 0x0 <irq_stack_union>, | |
| ptracer_cred = 0x0 <irq_stack_union>, | |
| real_cred = 0xffff880076437cc0, | |
| cred = 0xffff880076437cc0, | |
| comm = "MainAppThread\000\000", | |
| nameidata = 0x0 <irq_stack_union>, | |
| sysvsem = {undo_list = 0xffff880072c08c00}, | |
| sysvshm = {shm_clist = {next = 0xffff880076a05788, prev = 0xffff880076a05788}}, | |
| fs = 0xffff8800730e5000, | |
| files = 0xffff880072f8f0c0, | |
| nsproxy = 0xffffffff81a47a80 <init_nsproxy>, | |
| signal = 0xffff88007253f740, | |
| sighand = 0xffff8800730daa80, | |
| sigqueue_cache = 0x0 <irq_stack_union>, | |
| blocked = {sig = {0}}, | |
| real_blocked = {sig = {0}}, | |
| saved_sigmask = {sig = {0}}, | |
| pending = {list = {next = 0xffff880076a057e0, prev = 0xffff880076a057e0}, signal = {sig = {0}}}, | |
| forced_info = {si_signo = 0, si_errno = 0, si_code = 0, | |
| _sifields = {_pad = {0 <repeats 28 times>}, | |
| _kill = {_pid = 0, _uid = 0}, | |
| _timer = {_tid = 0, _overrun = 0, _pad = 0xffff880076a05810 "", | |
| _sigval = {sival_int = 0, sival_ptr = 0x0 <irq_stack_union>}, | |
| _sys_private = 0}, | |
| _rt = {_pid = 0, _uid = 0, | |
| _sigval = {sival_int = 0, sival_ptr = 0x0 <irq_stack_union>}}, | |
| _sigchld = {_pid = 0, _uid = 0, _status = 0, _utime = 0, _stime = 0}, | |
| _sigfault = {_addr = 0x0 <irq_stack_union>, _addr_lsb = 0, | |
| {_addr_bnd = {_lower = 0x0 <irq_stack_union>, _upper = 0x0 <irq_stack_union>}, _pkey = 0}}, | |
| _sigpoll = {_band = 0, _fd = 0}, | |
| _sigsys = {_call_addr = 0x0 <irq_stack_union>, _syscall = 0, _arch = 0}}}, | |
| sas_ss_sp = 0, | |
| sas_ss_size = 0, | |
| sas_ss_flags = 2, | |
| task_works = 0x0 <irq_stack_union>, | |
| audit_context = 0xffff8800764ab000, | |
| loginuid = {val = 4294967295}, | |
| sessionid = 4294967295, | |
| seccomp = {mode = 0, filter = 0x0 <irq_stack_union>}, | |
| parent_exec_id = 4, | |
| self_exec_id = 7, | |
| alloc_lock = {lock = {wait_lock = {raw_lock = {val = {counter = 0}}}, | |
| waiters = {rb_node = 0x0 <irq_stack_union>}, | |
| waiters_leftmost = 0x0 <irq_stack_union>, | |
| owner = 0x0 <irq_stack_union>, | |
| save_state = 1}, | |
| break_lock = 0}, | |
| pi_lock = {raw_lock = {val = {counter = 0}}}, | |
| wake_q = {next = 0x0 <irq_stack_union>}, | |
| wake_q_sleeper = {next = 0x0 <irq_stack_union>}, | |
| pi_waiters = {rb_node = 0x0 <irq_stack_union>}, | |
| pi_waiters_leftmost = 0x0 <irq_stack_union>, | |
| pi_top_task = 0x0 <irq_stack_union>, | |
| pi_blocked_on = 0x0 <irq_stack_union>, | |
| journal_info = 0x0 <irq_stack_union>, | |
| bio_list = 0x0 <irq_stack_union>, | |
| plug = 0x0 <irq_stack_union>, | |
| reclaim_state = 0x0 <irq_stack_union>, | |
| backing_dev_info = 0x0 <irq_stack_union>, | |
| io_context = 0xffff880072d32510, | |
| ptrace_message = 0, | |
| last_siginfo = 0x0 <irq_stack_union>, | |
| ioac = {<No data fields>}, | |
| mems_allowed = {bits = {1}}, | |
| mems_allowed_seq = {sequence = 0}, | |
| cpuset_mem_spread_rotor = -1, | |
| cpuset_slab_spread_rotor = -1, | |
| cgroups = 0xffff8800776d8d00, | |
| cg_list = {next = 0xffff880072dd2a88, prev = 0xffff8800776c4208}, | |
| robust_list = 0x7f3b033015e0, | |
| compat_robust_list = 0x0 <irq_stack_union>, | |
| pi_state_list = {next = 0xffff880073b127e0, prev = 0xffff880073b127e0}, | |
| pi_state_cache = 0x0 <irq_stack_union>, | |
| perf_event_ctxp = {0x0 <irq_stack_union>, 0x0 <irq_stack_union>}, | |
| perf_event_mutex = {lock = {wait_lock = {raw_lock = {val = {counter = 0}}}, | |
| waiters = {rb_node = 0x0 <irq_stack_union>}, | |
| waiters_leftmost = 0x0 <irq_stack_union>, | |
| owner = 0x0 <irq_stack_union>, | |
| save_state = 0}}, | |
| perf_event_list = {next = 0xffff880076a059f8, prev = 0xffff880076a059f8}, | |
| mempolicy = 0x0 <irq_stack_union>, | |
| il_next = 0, | |
| pref_node_fork = 0, | |
| tlb_ubc = {cpumask = {bits = {0}}, flush_required = false, writable = false}, | |
| rcu = {next = 0x0 <irq_stack_union>, func = 0x0 <irq_stack_union>}, | |
| splice_pipe = 0x0 <irq_stack_union>, | |
| task_frag = {page = 0x0 <irq_stack_union>, offset = 0, size = 0}, | |
| nr_dirtied = 3, | |
| nr_dirtied_pause = 32, | |
| dirty_paused_when = 0, | |
| timer_slack_ns = 50000, | |
| default_timer_slack_ns = 50000, | |
| curr_ret_stack = -1, | |
| ret_stack = 0x0 <irq_stack_union>, | |
| ftrace_timestamp = 0, | |
| trace_overrun = {counter = 0}, | |
| tracing_graph_pause = {counter = 0}, | |
| trace = 0, | |
| trace_recursion = 0, | |
| put_rcu = {next = 0x0 <irq_stack_union>, func = 0x0 <irq_stack_union>}, | |
| softirq_nestcnt = 0, | |
| softirqs_raised = 0, | |
| xmit_recursion = 0, | |
| pagefault_disabled = 1, | |
| oom_reaper_list = 0x0 <irq_stack_union>, | |
| stack_vm_area = 0xffff880073fd3b40, | |
| stack_refcount = {counter = 1}, | |
| thread = {tls_array = {{{{a = 0, b = 0}, {limit0 = 0, base0 = 0, base1 = 0, type = 0, s = 0, dpl = 0, p = 0, limit = 0, avl = 0, l = 0, d = 0, g = 0, base2 = 0}}}, | |
| {{{a = 0, b = 0}, {limit0 = 0, base0 = 0, base1 = 0, type = 0, s = 0, dpl = 0, p = 0, limit = 0, avl = 0, l = 0, d = 0, g = 0, base2 = 0}}}, | |
| {{{a = 0, b = 0}, {limit0 = 0, base0 = 0, base1 = 0, type = 0, s = 0, dpl = 0, p = 0, limit = 0, avl = 0, l = 0, d = 0, g = 0, base2 = 0}}}}, | |
| sp0 = 18446683600640933888, | |
| sp = 18446683600640932608, | |
| es = 0, ds = 0, fsindex = 0, gsindex = 0, status = 0, | |
| fsbase = 139891433280256, gsbase = 0, ptrace_bps = {0x0 <irq_stack_union>, 0x0 <irq_stack_union>, | |
| 0x0 <irq_stack_union>, 0x0 <irq_stack_union>}, debugreg6 = 0, ptrace_dr7 = 0, cr2 = 0, trap_nr = 0, | |
| error_code = 0, io_bitmap_ptr = 0x0 <irq_stack_union>, iopl = 0, io_bitmap_max = 0, addr_limit = { | |
| seg = 18446744073709551615}, sig_on_uaccess_err = 0, uaccess_err = 0, fpu = {last_cpu = 0, | |
| fpstate_active = 1 '\001', fpregs_active = 1 '\001', counter = 129 '\201', state = {fsave = {cwd = 18875263, | |
| swd = 85655552, twd = 15073426, fip = 32571, fcs = 2088666952, foo = 32767, fos = 8096, st_space = {65535, | |
| 0 <repeats 17 times>, 2147483648, 16383}, status = 0}, fxsave = {cwd = 895, swd = 288, twd = 0, | |
| fop = 1307, {{rip = 139891394871442, rdp = 140735282054984}, {fip = 15073426, fcs = 32571, | |
| foo = 2088666952, fos = 32767}}, mxcsr = 8096, mxcsr_mask = 65535, st_space = {0 <repeats 17 times>, | |
| 2147483648, 16383, 0, 0, 2684354560, 16386, 0, 0, 0, 0, 0, 2985427472, 3681995515, 16414, 0}, | |
| xmm_space = {3313224128, 1062912188, 0, 0, 875626496, 1346782496, 539959364, 1380009305, 12239568, 32571, | |
| 19971744, 0, 0, 0, 0, 0, 27113664, 32571, 19971744, 0, 12238640, 32571, 55209216, 0, 0, 0, 0, 0, | |
| 19971744, 0, 0, 0, 2, 8, 0, 0, 0, 1002227816, 0, 0, 1897492927, 1068188381, 0 <repeats 22 times>}, | |
| padding = {0 <repeats 12 times>}, {padding1 = {0 <repeats 12 times>}, sw_reserved = { | |
| 0 <repeats 12 times>}}}, soft = {cwd = 18875263, swd = 85655552, twd = 15073426, fip = 32571, | |
| fcs = 2088666952, foo = 32767, fos = 8096, st_space = {65535, 0 <repeats 17 times>, 2147483648, 16383}, | |
| ftop = 0 '\000', changed = 0 '\000', lookahead = 0 '\000', no_update = 0 '\000', rm = 0 '\000', | |
| alimit = 0 '\000', info = 0x4002 <gdt_page+2>, entry_eip = 0}, xsave = {i387 = {cwd = 895, swd = 288, | |
| twd = 0, fop = 1307, {{rip = 139891394871442, rdp = 140735282054984}, {fip = 15073426, fcs = 32571, | |
| foo = 2088666952, fos = 32767}}, mxcsr = 8096, mxcsr_mask = 65535, st_space = {0 <repeats 17 times>, | |
| 2147483648, 16383, 0, 0, 2684354560, 16386, 0, 0, 0, 0, 0, 2985427472, 3681995515, 16414, 0}, | |
| xmm_space = {3313224128, 1062912188, 0, 0, 875626496, 1346782496, 539959364, 1380009305, 12239568, 32571, | |
| 19971744, 0, 0, 0, 0, 0, 27113664, 32571, 19971744, 0, 12238640, 32571, 55209216, 0, 0, 0, 0, 0, | |
| 19971744, 0, 0, 0, 2, 8, 0, 0, 0, 1002227816, 0, 0, 1897492927, 1068188381, 0 <repeats 22 times>}, | |
| padding = {0 <repeats 12 times>}, {padding1 = {0 <repeats 12 times>}, sw_reserved = { | |
| 0 <repeats 12 times>}}}, header = {xfeatures = 0, xcomp_bv = 0, reserved = {1, 0, | |
| 18446683600624730112, 9148211621003266, 0, 0}}, extended_state_area = 0xffff880076a05e40 ""}, | |
| __padding = "\177\003 \001\000\000\033\005'\000æ\000;\177\000\000H╪~|ÿ\177\000\000 \037\000\000ÿÿ", | |
| '\000' <repeats 73 times>, "\200ÿ?", '\000' <repeats 13 times>, " \002@", '\000' <repeats 22 times>, | |
| "\020\002ò±ûEvU\036@\000\000\000\000\000\000AÉ{żAZ?\000\000\000\000\000\000\000\000\000\000\061\064 EFPD / YEARDAº\000;\177\000\000"...}}}} | |
| So to get where we are: | |
| do_futex(uaddr=???, op=???, val=22270121, timeout=???, uaddr2=0x120ad38, val2=0, val3=0xFFFFFFFF): | |
| - cmd is FUTEX_WAIT_REQUEUE_PI | |
| futex_wait_requeue_pi(uaddr=uaddr, flags=???, val=???, ktime=???, bitset=???, uaddr2=???): | |
| - gets into the case where q.rt_waiter exists | |
| - calls fixup_owner(uaddr2, &q, !ret) [!ret is 0] | |
| fixup_owner(uaddr, q, locked=0) | |
| - q->pi_state->owner == current, so we call: | |
| fixup_pi_state_owner(uaddr=uaddr, q=q, argowner=NULL) | |
| - oldowner (aka pi_state->owner) is "MainAppThread" | |
| - oldowner == current [implied from branch] | |
| - __rt_mutex_futex_trylock(&pi_state->pi_mutex) returned 0 [implied from branch] | |
| - __rt_mutex_futex_trylock is effectively __rt_mutex_slowtrylock(lock=&pi_state->pi_mutex) | |
| - __rt_mutex_slowtrylock calls try_to_take_rt_mutex(lock=lock, task=current, waiter=NULL) | |
| - this is the same as __try_to_take_rt_mutex(lock=lock, task=current, waiter=NULL, STEAL_NORMAL) | |
| - __try_to_take_rt_mutex sets RT_MUTEX_HAS_WAITERS, then returns (because waiter=NULL, the only path returning 0 is where rt_mutex_owner(lock) is non-NULL) | |
| - __rt_mutex_slowtrylock calls fixup_rt_mutex_waiters | |
| I think this keeps the RT_MUTEX_HAS_WAITERS bit set, because rt_mutex_has_waiters() should be true? | |
| [ !RB_EMPTY_ROOT(&lock->waiters), and waiters = {rb_node = 0xffffc90004917c38} which seems non-empty to me ] | |
| - HOWEVER: we then call rt_mutex_owner(&pi_state->pi_mutex) and that returns NULL? | |
| - pi_state->pi_mutex->owner at time of crash is 0x1 (RT_MUTEX_HAS_WAITERS but with no other bits for an owner?) | |
| - newowner is thus NULL, and we BUG_ON | |
| - NOTE: there is a handle_fault case in fixup_pi_state_owner that gets us back into this block. | |
| ... I don't see a way to verify if we are in this case (checking for newtid having FUTEX_WAITERS set would be one way, | |
| but newtid is optimized out) but given that we have swap disabled and no tasks appear to be dying I don't think we | |
| would be in a page-fault situation? | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment