[erlang-bugs] port_info crashes when called concurrently by two processes
Heinz Nikolaus Gies
heinz@REDACTED
Wed Mar 11 19:12:28 CET 2015
Adding more information,
this is related to SMP, if starting the erlang VM with -smp disable it does not crash.
---
Cheers,
Heinz Nikolaus Gies
heinz@REDACTED
> On Mar 11, 2015, at 17:15, Ryan Zezeski <rzezeski@REDACTED> wrote:
>
>
>
> On Wed, Mar 11, 2015 at 11:53 AM, Heinz Nikolaus Gies <heinz@REDACTED <mailto:heinz@REDACTED>> wrote:
> Hi there is a problem with port_info it segfaults the erlang VM when two processes are executing it in parallel. We’ve been tracking this for the last two days and condensed the a crashing test down to this:
>
> https://gist.github.com/Licenser/41a7ffe5ca52f57a169c <https://gist.github.com/Licenser/41a7ffe5ca52f57a169c>
>
> Ryan has some crash dumps:
>
> fffffd7ff6406670 collect_heap_frags.isra.7+0x90()
> fffffd7ff6406ba0 erts_garbage_collect+0x28f()
> fffffd7ff6406bd0 erts_gc_after_bif_call+0xa4()
> fffffd7ff6406f10 process_main+0x45da()
> fffffd7ff6406f70 sched_thread_func+0xef()
> fffffd7ff6406fb0 thr_wrapper+0x73()
> fffffd7ff6406fe0 libc.so.1`_thrp_setup+0x8a(fffffd7ffd2a5a40)
> fffffd7ff6406ff0 libc.so.1`_lwp_start()
> fffffd7ff6207af0 copy_struct+0xb5()
> fffffd7ff6207ba0 erts_port_info+0x292()
> fffffd7ff6207bd0 erts_internal_port_info_1+0xeb()
> fffffd7ff6207f10 process_main+0x45a9()
> fffffd7ff6207f70 sched_thread_func+0xef()
> fffffd7ff6207fb0 thr_wrapper+0x73()
> fffffd7ff6207fe0 libc.so.1`_thrp_setup+0x8a(fffffd7ffd2a6240)
> fffffd7ff6207ff0 libc.so.1`_lwp_start()
> fffffd7ff73fe670 sweep_one_area+0x58()
> fffffd7ff73feba0 erts_garbage_collect+0x985()
> fffffd7ff73febd0 erts_gc_after_bif_call+0xa4()
> fffffd7ff73fef10 process_main+0x45da()
> fffffd7ff73fef70 sched_thread_func+0xef()
> fffffd7ff73fefb0 thr_wrapper+0x73()
> fffffd7ff73fefe0 libc.so.1`_thrp_setup+0x8a(fffffd7ffd2a1a40)
> fffffd7ff73feff0 libc.so.1`_lwp_start()
> ```
>
> zezeski <https://lucera.slack.com/team/rzezeski>[14:4
>
>
>
>
> Just to give more information: here's some info from a crash dump of the simple reproducer Heinz linked above. I simply used the chunter erl (16B02) to run this program, the chunter application is not actually running.
>
> This is the situation we see most often but occasionally I've seen the copy.c `copy_struct` function try to reference an address that is _above_ the stack, i.e. not even legal.
>
> > ::status
> debugging core file of beam.smp (64-bit) from sys76
> file: /opt/chunter/erts-5.10.3/bin/beam.smp
> initial argv: /opt/chunter/erts-5.10.3/bin/beam.smp -- -root /opt/chunter -progname erl -- -h
> threading model: native threads
> status: process terminated by SIGSEGV (Segmentation Fault), addr=fffffd7ffc540000
>
> > $C
> fffffd7ff8805670 collect_heap_frags.isra.7+0x95()
> fffffd7ff8805ba0 erts_garbage_collect+0x115c()
> fffffd7ff8805bd0 erts_gc_after_bif_call+0xa4()
> fffffd7ff8805f10 process_main+0x45da()
> fffffd7ff8805f70 sched_thread_func+0xef()
> fffffd7ff8805fb0 thr_wrapper+0x73()
> fffffd7ff8805fe0 libc.so.1`_thrp_setup+0x8a(fffffd7ffee6a240)
> fffffd7ff8805ff0 libc.so.1`_lwp_start()
>
> > ::stacks
> THREAD STATE SOBJ COUNT
> 4 PARKED CV 10
> libc.so.1`cond_wait_queue+0x5b
> libc.so.1`__cond_wait+0xb3
> libc.so.1`cond_wait+0x2a
> libc.so.1`pthread_cond_wait+0x15
> ethr_event_wait+0x63
> async_main+0x275
> thr_wrapper+0x73
> libc.so.1`_thrp_setup+0x8a
> libc.so.1`_lwp_start
>
> f PARKED CV 9
> libc.so.1`cond_wait_queue+0x5b
> libc.so.1`__cond_wait+0xb3
> libc.so.1`cond_wait+0x2a
> libc.so.1`pthread_cond_wait+0x15
> ethr_event_wait+0x63
> schedule+0x220d
> process_main+0x143
> sched_thread_func+0xef
> thr_wrapper+0x73
> libc.so.1`_thrp_setup+0x8a
> libc.so.1`_lwp_start
>
> 16 UNPARKED <NONE> 1
> erts_garbage_collect+0x115c
> erts_gc_after_bif_call+0xa4
> process_main+0x45da
> sched_thread_func+0xef
> thr_wrapper+0x73
> libc.so.1`_thrp_setup+0x8a
> libc.so.1`_lwp_start
>
> 17 UNPARKED <NONE> 1
> libc.so.1`mutex_lock_impl+0x189
> libc.so.1`mutex_lock+0x13
> spawn_start+0x46c
> erts_open_driver+0x21e
> open_port+0xa52
> open_port_2+0x2d
> process_main+0x45a9
> sched_thread_func+0xef
> thr_wrapper+0x73
> libc.so.1`_thrp_setup+0x8a
> libc.so.1`_lwp_start
>
> 1 UNPARKED <NONE> 1
> libc.so.1`pselect+0x1cb
> libc.so.1`select+0x5a
> erts_sys_main_thread+0x20
> erl_start+0xcfe
> main+9
> _start+0x6c
>
> e UNPARKED <NONE> 1
> libc.so.1`waitpid+0x3b
> child_waiter+0x30
> thr_wrapper+0x73
> libc.so.1`_thrp_setup+0x8a
> libc.so.1`_lwp_start
>
> 2 UNPARKED <NONE> 1
> signal_dispatcher_thread_func+0x29
> thr_wrapper+0x73
> libc.so.1`_thrp_setup+0x8a
> libc.so.1`_lwp_start
>
> 15 UNPARKED <NONE> 1
> spawn_start+0x60b
> erts_open_driver+0x21e
> open_port+0xa52
> open_port_2+0x2d
> process_main+0x45a9
> sched_thread_func+0xef
> thr_wrapper+0x73
> libc.so.1`_thrp_setup+0x8a
> libc.so.1`_lwp_start
>
> 3 PARKED CV 1
> libc.so.1`cond_wait_queue+0x5b
> libc.so.1`__cond_wait+0xb3
> libc.so.1`cond_wait+0x2a
> libc.so.1`pthread_cond_wait+0x15
> ethr_cond_wait+9
> sys_msg_dispatcher_func+0xdf
> thr_wrapper+0x73
> libc.so.1`_thrp_setup+0x8a
> libc.so.1`_lwp_start
>
> 1b PARKED CV 1
> libc.so.1`cond_wait_queue+0x5b
> libc.so.1`__cond_wait+0xb3
> libc.so.1`cond_wait+0x2a
> libc.so.1`pthread_cond_wait+0x15
> ethr_event_wait+0x63
> aux_thread+0x1cd
> thr_wrapper+0x73
> libc.so.1`_thrp_setup+0x8a
> libc.so.1`_lwp_start
>
>
> And finally here's the VA space mapping:
>
> # pmap /cores/core.beam.smp.92077
> core '/cores/core.beam.smp.92077' of 92077: /opt/chunter/erts-5.10.3/bin/beam.smp -- -root /opt/chunter -progname
> 0000000000400000 2652K r-x-- /opt/chunter/erts-5.10.3/bin/beam.smp
> 00000000006A6000 296K rw--- /opt/chunter/erts-5.10.3/bin/beam.smp
> 00000000006F0000 1276K rw--- [ heap ]
> FFFFFD7FF6000000 2560K rw--- [ anon ]
> FFFFFD7FF6A00000 8192K rw--- [ anon ]
> FFFFFD7FF72C0000 1024K rw--- [ anon ]
> FFFFFD7FF7A00000 1024K rw--- [ anon ]
> FFFFFD7FF7E0A000 4K rw--- [ stack tid=27 ]
> FFFFFD7FF8009000 4K rw--- [ stack tid=26 ]
> FFFFFD7FF8208000 4K rw--- [ stack tid=25 ]
> FFFFFD7FF8407000 4K rw--- [ stack tid=24 ]
> FFFFFD7FF85FB000 8K rw--- [ anon ]
> FFFFFD7FF8604000 12K rw--- [ stack tid=23 ]
> FFFFFD7FF8804000 8K rw--- [ stack tid=22 ]
> FFFFFD7FF8A03000 8K rw--- [ stack tid=21 ]
> FFFFFD7FF8C02000 8K rw--- [ stack tid=20 ]
> FFFFFD7FF8E02000 4K rw--- [ stack tid=19 ]
> FFFFFD7FF9001000 4K rw--- [ stack tid=18 ]
> FFFFFD7FF9200000 4K rw--- [ stack tid=17 ]
> FFFFFD7FF93FF000 4K rw--- [ stack tid=16 ]
> FFFFFD7FF95FE000 4K rw--- [ stack tid=15 ]
> FFFFFD7FF9600000 4096K rw--- [ anon ]
> FFFFFD7FF9AC0000 256K rw--- [ anon ]
> FFFFFD7FF9C00000 4096K rw--- [ anon ]
> FFFFFD7FFA1FE000 4K rw--- [ stack tid=3 ]
> FFFFFD7FFA200000 2048K rw--- [ anon ]
> FFFFFD7FFA4C0000 256K rw--- [ anon ]
> FFFFFD7FFA540000 1024K rw--- [ anon ]
> FFFFFD7FFA83E000 4K rw--- [ stack tid=2 ]
> FFFFFD7FFA840000 512K rw--- [ anon ]
> FFFFFD7FFA900000 256K rw--- [ anon ]
> FFFFFD7FFA980000 256K rw--- [ anon ]
> FFFFFD7FFAA00000 256K rw--- [ anon ]
> FFFFFD7FFAA80000 256K rw--- [ anon ]
> FFFFFD7FFAB00000 256K rw--- [ anon ]
> FFFFFD7FFAB80000 256K rw--- [ anon ]
> FFFFFD7FFAC00000 256K rw--- [ anon ]
> FFFFFD7FFAC80000 256K rw--- [ anon ]
> FFFFFD7FFAD00000 256K rw--- [ anon ]
> FFFFFD7FFAD80000 256K rw--- [ anon ]
> FFFFFD7FFAE00000 256K rw--- [ anon ]
> FFFFFD7FFAE80000 256K rw--- [ anon ]
> FFFFFD7FFAF00000 256K rw--- [ anon ]
> FFFFFD7FFAF80000 256K rw--- [ anon ]
> FFFFFD7FFB000000 256K rw--- [ anon ]
> FFFFFD7FFB080000 256K rw--- [ anon ]
> FFFFFD7FFB100000 256K rw--- [ anon ]
> FFFFFD7FFB180000 256K rw--- [ anon ]
> FFFFFD7FFB200000 256K rw--- [ anon ]
> FFFFFD7FFB280000 256K rw--- [ anon ]
> FFFFFD7FFB300000 256K rw--- [ anon ]
> FFFFFD7FFB380000 256K rw--- [ anon ]
> FFFFFD7FFB400000 256K rw--- [ anon ]
> FFFFFD7FFB480000 256K rw--- [ anon ]
> FFFFFD7FFB500000 256K rw--- [ anon ]
> FFFFFD7FFB580000 256K rw--- [ anon ]
> FFFFFD7FFB600000 256K rw--- [ anon ]
> FFFFFD7FFB680000 256K rw--- [ anon ]
> FFFFFD7FFB700000 256K rw--- [ anon ]
> FFFFFD7FFB780000 256K rw--- [ anon ]
> FFFFFD7FFB800000 256K rw--- [ anon ]
> FFFFFD7FFB880000 256K rw--- [ anon ]
> FFFFFD7FFB900000 256K rw--- [ anon ]
> FFFFFD7FFB980000 256K rw--- [ anon ]
> FFFFFD7FFBA00000 256K rw--- [ anon ]
> FFFFFD7FFBA80000 256K rw--- [ anon ]
> FFFFFD7FFBB00000 256K rw--- [ anon ]
> FFFFFD7FFBB80000 256K rw--- [ anon ]
> FFFFFD7FFBC00000 256K rw--- [ anon ]
> FFFFFD7FFBC80000 256K rw--- [ anon ]
> FFFFFD7FFBD00000 256K rw--- [ anon ]
> FFFFFD7FFBD80000 256K rw--- [ anon ]
> FFFFFD7FFBE00000 256K rw--- [ anon ]
> FFFFFD7FFBE80000 256K rw--- [ anon ]
> FFFFFD7FFBF00000 256K rw--- [ anon ]
> FFFFFD7FFBF80000 256K rw--- [ anon ]
> FFFFFD7FFC000000 256K rw--- [ anon ]
> FFFFFD7FFC080000 256K rw--- [ anon ]
> FFFFFD7FFC100000 256K rw--- [ anon ]
> FFFFFD7FFC180000 256K rw--- [ anon ]
> FFFFFD7FFC200000 256K rw--- [ anon ]
> FFFFFD7FFC280000 256K rw--- [ anon ]
> FFFFFD7FFC300000 256K rw--- [ anon ]
> FFFFFD7FFC380000 256K rw--- [ anon ]
> FFFFFD7FFC400000 256K rw--- [ anon ]
> FFFFFD7FFC480000 256K rw--- [ anon ]
> FFFFFD7FFC500000 256K rw--- [ anon ]
> FFFFFD7FFC580000 256K rw--- [ anon ]
> FFFFFD7FFC600000 256K rw--- [ anon ]
> FFFFFD7FFC680000 256K rw--- [ anon ]
> FFFFFD7FFC700000 256K rw--- [ anon ]
> FFFFFD7FFC780000 256K rw--- [ anon ]
> FFFFFD7FFC800000 4096K rw--- [ anon ]
> FFFFFD7FFCC40000 256K rw--- [ anon ]
> FFFFFD7FFCCC0000 256K rw--- [ anon ]
> FFFFFD7FFCD40000 256K rw--- [ anon ]
> FFFFFD7FFCDC0000 256K rw--- [ anon ]
> FFFFFD7FFCE40000 256K rw--- [ anon ]
> FFFFFD7FFCEC0000 256K rw--- [ anon ]
> FFFFFD7FFCF40000 256K rw--- [ anon ]
> FFFFFD7FFCFC0000 256K rw--- [ anon ]
> FFFFFD7FFD040000 256K rw--- [ anon ]
> FFFFFD7FFD0C0000 256K rw--- [ anon ]
> FFFFFD7FFD140000 256K rw--- [ anon ]
> FFFFFD7FFD1C0000 256K rw--- [ anon ]
> FFFFFD7FFD240000 256K rw--- [ anon ]
> FFFFFD7FFD2C0000 256K rw--- [ anon ]
> FFFFFD7FFD340000 256K rw--- [ anon ]
> FFFFFD7FFD3C0000 256K rw--- [ anon ]
> FFFFFD7FFD440000 256K rw--- [ anon ]
> FFFFFD7FFD4C0000 256K rw--- [ anon ]
> FFFFFD7FFD540000 256K rw--- [ anon ]
> FFFFFD7FFD5C0000 256K rw--- [ anon ]
> FFFFFD7FFD640000 256K rw--- [ anon ]
> FFFFFD7FFD6C0000 256K rw--- [ anon ]
> FFFFFD7FFD740000 256K rw--- [ anon ]
> FFFFFD7FFD7C0000 1024K rw--- [ anon ]
> FFFFFD7FFD900000 1024K rw--- [ anon ]
> FFFFFD7FFDA40000 1024K rw--- [ anon ]
> FFFFFD7FFDB80000 1024K rw--- [ anon ]
> FFFFFD7FFDCC0000 1024K rw--- [ anon ]
> FFFFFD7FFDE00000 1024K rw--- [ anon ]
> FFFFFD7FFDF40000 1024K rw--- [ anon ]
> FFFFFD7FFE080000 1024K rw--- [ anon ]
> FFFFFD7FFE1C0000 1024K rw--- [ anon ]
> FFFFFD7FFE2D0000 352K r-x-- /usr/gnu/lib/amd64/libncurses.so.5.7
> FFFFFD7FFE337000 20K rw--- /usr/gnu/lib/amd64/libncurses.so.5.7
> FFFFFD7FFE340000 32K r-x-- /lib/amd64/librtld_db.so.1
> FFFFFD7FFE358000 4K rw--- /lib/amd64/librtld_db.so.1
> FFFFFD7FFE380000 580K r-x-- /usr/lib/amd64/libdtrace.so.1
> FFFFFD7FFE421000 84K rw--- /usr/lib/amd64/libdtrace.so.1
> FFFFFD7FFE436000 12K rw--- /usr/lib/amd64/libdtrace.so.1
> FFFFFD7FFE440000 4K r-x-- /lib/amd64/libsendfile.so.1
> FFFFFD7FFE451000 4K rw--- /lib/amd64/libsendfile.so.1
> FFFFFD7FFE480000 256K rw--- [ anon ]
> FFFFFD7FFE500000 1024K rw--- [ anon ]
> FFFFFD7FFE630000 8K r-x-- /lib/amd64/libkstat.so.1
> FFFFFD7FFE642000 4K rw--- /lib/amd64/libkstat.so.1
> FFFFFD7FFE680000 256K rw--- [ anon ]
> FFFFFD7FFE6E0000 20K r-x-- /lib/amd64/libmp.so.2
> FFFFFD7FFE6F5000 4K rw--- /lib/amd64/libmp.so.2
> FFFFFD7FFE700000 60K r-x-- /usr/lib/amd64/libgcc_s.so.1
> FFFFFD7FFE71E000 4K rw--- /usr/lib/amd64/libgcc_s.so.1
> FFFFFD7FFE71F000 4K r-x-- /lib/amd64/libdl.so.1
> FFFFFD7FFE730000 4K rwx-- [ anon ]
> FFFFFD7FFE740000 32K r-x-- /lib/amd64/libmd.so.1
> FFFFFD7FFE758000 4K rw--- /lib/amd64/libmd.so.1
> FFFFFD7FFE760000 8K r-x-- /usr/lib/amd64/libsctp.so.1
> FFFFFD7FFE772000 4K rw--- /usr/lib/amd64/libsctp.so.1
> FFFFFD7FFE780000 1024K rw--- [ anon ]
> FFFFFD7FFE8BE000 4K rw--- [ stack tid=13 ]
> FFFFFD7FFE8C0000 1024K rw--- [ anon ]
> FFFFFD7FFE9EB000 4K rw--- [ stack tid=12 ]
> FFFFFD7FFE9ED000 12K r-x-- /lib/amd64/libpthread.so.1
> FFFFFD7FFEA1B000 4K rw--- [ stack tid=11 ]
> FFFFFD7FFEA3E000 4K rw--- [ stack tid=10 ]
> FFFFFD7FFEA40000 28K r-x-- /lib/amd64/libdlpi.so.1
> FFFFFD7FFEA57000 4K rw--- /lib/amd64/libdlpi.so.1
> FFFFFD7FFEA60000 68K r-x-- /lib/amd64/libsocket.so.1
> FFFFFD7FFEA81000 4K rw--- /lib/amd64/libsocket.so.1
> FFFFFD7FFEABE000 4K rw--- [ stack tid=9 ]
> FFFFFD7FFEAC0000 1024K rw--- [ anon ]
> FFFFFD7FFEBE0000 476K r-x-- /lib/amd64/libumem.so.1
> FFFFFD7FFEC66000 4K rwx-- /lib/amd64/libumem.so.1
> FFFFFD7FFEC77000 144K rw--- /lib/amd64/libumem.so.1
> FFFFFD7FFEC9B000 44K rw--- /lib/amd64/libumem.so.1
> FFFFFD7FFECC0000 4K rwx-- [ anon ]
> FFFFFD7FFECEB000 4K rw--- [ stack tid=8 ]
> FFFFFD7FFED0E000 4K rw--- [ stack tid=7 ]
> FFFFFD7FFED10000 532K r-x-- /lib/amd64/libnsl.so.1
> FFFFFD7FFEDA5000 12K rw--- /lib/amd64/libnsl.so.1
> FFFFFD7FFEDA8000 32K rw--- /lib/amd64/libnsl.so.1
> FFFFFD7FFEDDB000 4K rw--- [ stack tid=6 ]
> FFFFFD7FFEDFE000 4K rw--- [ stack tid=5 ]
> FFFFFD7FFEE00000 256K rw--- [ anon ]
> FFFFFD7FFEE50000 4K rwx-- [ anon ]
> FFFFFD7FFEE60000 64K rwx-- [ anon ]
> FFFFFD7FFEE80000 256K rw--- [ anon ]
> FFFFFD7FFEED5000 4K rw--- [ stack tid=14 ]
> FFFFFD7FFEEE0000 396K r-x-- /lib/amd64/libm.so.2
> FFFFFD7FFEF53000 8K rw--- /lib/amd64/libm.so.2
> FFFFFD7FFEF7E000 4K rw--- [ stack tid=4 ]
> FFFFFD7FFEF80000 256K rw--- [ anon ]
> FFFFFD7FFEFD0000 4K r----* [ anon ]
> FFFFFD7FFEFE0000 64K rw--- [ anon ]
> FFFFFD7FFF000000 256K rw--- [ anon ]
> FFFFFD7FFF052000 128K rw--- [ anon ]
> FFFFFD7FFF073000 4K rwx-- [ anon ]
> FFFFFD7FFF080000 64K rwx-- [ anon ]
> FFFFFD7FFF0A0000 4K rwx-- [ anon ]
> FFFFFD7FFF0B0000 24K rwx-- [ anon ]
> FFFFFD7FFF0C0000 4K rwx-- [ anon ]
> FFFFFD7FFF0D0000 4K rwx-- [ anon ]
> FFFFFD7FFF0E0000 1516K r-x-- /lib/amd64/libc.so.1
> FFFFFD7FFF26B000 44K rw--- /lib/amd64/libc.so.1
> FFFFFD7FFF276000 16K rw--- /lib/amd64/libc.so.1
> FFFFFD7FFF280000 4K rw--- [ anon ]
> FFFFFD7FFF290000 4K rwx-- [ anon ]
> FFFFFD7FFF2A0000 4K rwx-- [ anon ]
> FFFFFD7FFF2B0000 4K rw--- [ anon ]
> FFFFFD7FFF2C0000 4K rwx-- [ anon ]
> FFFFFD7FFF2D0000 4K rwx-- [ anon ]
> FFFFFD7FFF2E0000 4K rwx-- [ anon ]
> FFFFFD7FFF2F0000 4K rwx-- [ anon ]
> FFFFFD7FFF300000 4K rwx-- [ anon ]
> FFFFFD7FFF310000 4K rwx-- [ anon ]
> FFFFFD7FFF320000 4K rwx-- [ anon ]
> FFFFFD7FFF330000 4K rwx-- [ anon ]
> FFFFFD7FFF340000 4K rwx-- [ anon ]
> FFFFFD7FFF350000 4K rwx-- [ anon ]
> FFFFFD7FFF360000 4K rw--- [ anon ]
> FFFFFD7FFF370000 4K rw--- [ anon ]
> FFFFFD7FFF380000 4K rwx-- [ anon ]
> FFFFFD7FFF390000 4K rwx-- [ anon ]
> FFFFFD7FFF398000 332K r-x-- /lib/amd64/ld.so.1
> FFFFFD7FFF3FB000 8K rwx-- /lib/amd64/ld.so.1
> FFFFFD7FFF3FD000 8K rwx-- /lib/amd64/ld.so.1
> FFFFFD7FFFDFD000 12K rw--- [ stack ]
> total 75540K
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20150311/62ce61a3/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://erlang.org/pipermail/erlang-bugs/attachments/20150311/62ce61a3/attachment.bin>
More information about the erlang-bugs
mailing list