Comment # 1
on bug 1055
from Frank Ch. Eigler
Another likely race condition instance seen in the wild:
pmwebd -M16 on 4-core machine, with some hundreds of archives
in the job queue:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x2aaabcab6700 (LWP 30465)]
__strncmp_sse42 () at ../sysdeps/x86_64/multiarch/strcmp-sse42.S:236
236 movdqa (%rsi), %xmm1
Missing separate debuginfos, use: debuginfo-install
cyrus-sasl-lib-2.1.26-10.fc19.x86_64 freetype-freeworld-2.4.11-3.fc19.x86_64
gnome-keyring-3.8.2-1.fc19.x86_64 libtasn1-3.6-1.fc19.x86_64
mesa-libEGL-9.2.4-1.20131128.fc19.x86_64
mesa-libgbm-9.2.4-1.20131128.fc19.x86_64
mesa-libglapi-9.2.4-1.20131128.fc19.x86_64 nettle-2.6-2.fc19.x86_64
p11-kit-0.18.7-1.fc19.x86_64 p11-kit-trust-0.18.7-1.fc19.x86_64
(gdb) bt
#0 __strncmp_sse42 () at ../sysdeps/x86_64/multiarch/strcmp-sse42.S:236
#1 0x00002aaaaace9a82 in locate (name=<optimized out>, root=<optimized out>)
at pmns.c:1324
#2 0x00002aaaaaceb80d in pmLookupName (numpmid=1, namelist=0x2aaabcab59e0,
pmidlist=0x2aaabcab59d0) at pmns.c:1484
#3 0x000055555556d01e in pmgraphite_fetch_series (spec=0x5555558ea960) at
pmgraphite.cxx:790
#4 0x00005555555768f8 in
fetch_series_jobqueue<fetch_series_jobspec>::thread_main (cls=0x7fffffffbc10)
at pmgraphite.cxx:638
#5 0x00002aaaac52ac53 in start_thread (arg=0x2aaabcab6700) at
pthread_create.c:308
#6 0x00002aaaac257dbd in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:113
(gdb) frame 2
#2 0x00002aaaaaceb80d in pmLookupName (numpmid=1, namelist=0x2aaabcab59e0,
pmidlist=0x2aaabcab59d0) at pmns.c:1484
1484 np = locate(namelist[i], curr_pmns->root);
(gdb) p namelist
$1 = (char **) 0x2aaabcab59e0
(gdb) p i
$2 = <optimized out>
(gdb) down
#1 0x00002aaaaace9a82 in locate (name=<optimized out>, root=<optimized out>)
at pmns.c:1324
1324 if (strncmp(name, np->name, (int)nch) == 0 && np->name[(int)nch] ==
'\0' &&
(gdb) p name
$3 = <optimized out>
(gdb) p np
$4 = (__pmnsNode *) 0x555556f02f80
(gdb) p *np
$5 = {parent = 0x7a0, next = 0x40, first = 0x555556f02fe0, hash =
0xfcfcfcfcfcfcfcfc,
name = 0xfcfcfcfcfcfcfcfc <Address 0xfcfcfcfcfcfcfcfc out of bounds>, pmid =
4244438268}
(gdb) bt
#0 __strncmp_sse42 () at ../sysdeps/x86_64/multiarch/strcmp-sse42.S:236
#1 0x00002aaaaace9a82 in locate (name=<optimized out>, root=<optimized out>)
at pmns.c:1324
#2 0x00002aaaaaceb80d in pmLookupName (numpmid=1, namelist=0x2aaabcab59e0,
pmidlist=0x2aaabcab59d0) at pmns.c:1484
#3 0x000055555556d01e in pmgraphite_fetch_series (spec=0x5555558ea960) at
pmgraphite.cxx:790
#4 0x00005555555768f8 in
fetch_series_jobqueue<fetch_series_jobspec>::thread_main (cls=0x7fffffffbc10)
at pmgraphite.cxx:638
#5 0x00002aaaac52ac53 in start_thread (arg=0x2aaabcab6700) at
pthread_create.c:308
#6 0x00002aaaac257dbd in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:113
(gdb) frame 2
#2 0x00002aaaaaceb80d in pmLookupName (numpmid=1, namelist=0x2aaabcab59e0,
pmidlist=0x2aaabcab59d0) at pmns.c:1484
1484 np = locate(namelist[i], curr_pmns->root);
(gdb) l
1479 /*
1480 * if we locate the name and it is a leaf in the PMNS
1481 * this is good
1482 */
1483 PM_LOCK(__pmLock_libpcp);
1484 np = locate(namelist[i], curr_pmns->root);
1485 PM_UNLOCK(__pmLock_libpcp);
1486 if (np != NULL ) {
1487 if (np->first == NULL)
1488 pmidlist[i] = np->pmid;
(gdb) p curr_pmns
$6 = (__pmnsTree *) 0x555556f02740
(gdb) p * curr_pmns
$7 = {root = 0x555556f02ed0, htab = 0xfcfcfcfcfcfcfcfc, htabsize = -50529028,
symbol = 0xfcfcfcfcfcfcfcfc <Address 0xfcfcfcfcfcfcfcfc out of bounds>,
contiguous = -50529028, mark_state = -50529028}