[#4194] [ltp] A bug in LTP test case cause execve05 crashed in smp kernel

Document created by Aaronwu Employee on Aug 29, 2013
Version 1Show Document
  • View in full screen mode

[#4194] [ltp] A bug in LTP test case cause execve05 crashed in smp kernel

Submitted By: Vivi Li

Open Date

2008-06-24 22:16:57     Close Date

2009-03-02 05:11:02

Priority:

Medium     Assignee:

Sonic Zhang

Status:

Closed     Fixed In Release:

N/A

Found In Release:

N/A     Release:

Category:

N/A     Board:

N/A

Processor:

BF561     Silicon Revision:

Is this bug repeatable?:

Yes     Resolution:

Fixed

Uboot version or rev.:

    Toolchain version or rev.:

08r1.5-11

App binary format:

N/A     

Summary: [ltp] A bug in LTP test case cause execve05 crashed in smp kernel

Details:

 

For smp kernel enabled with write through and slob options, ltp test case execve05 crashed.

 

This ltp case is not compiled with -mstack-check-l1 option.

 

--

root:/> export PATH=$PATH:/bin

root:/> export TMP=/tmp

root:/> echo $PATH

/bin:/usr/bin:/etc:/sbin:/usr/sbin:/bin

root:/> chmod 777 /tmp

root:/>

root:/> execve05 -F /bin/test3

NULL pointer access (probably) from 0x00240e02 on CPU0

Defered Exception context

CURRENT PROCESS:

COMM=test3 PID=109

TEXT = 0x00240040-0x00240f60        DATA = 0x00240f64-0x00241104

BSS = 0x00241104-0x00241354  USER-STACK = 0x00249fe4

 

return address: [0x00240e02]; contents of:

0x00240de0:  0010  434b  c682  8043  5603  c682  8280  e146

0x00240df0:  7efe  e147  8101  3212  5748  e106  feff  e107

0x00240e00:  0100 [9012] 5032  43d1  5808  5438  0c00  1408

0x00240e10:  5815  5070  43c0  5841  5479  0c01  1ff3  e491

 

SEQUENCER STATUS:               Not tainted

SEQSTAT: 00002027  IPEND: 0030  SYSCFG: 0036

  HWERRCAUSE: 0x0

  EXCAUSE   : 0x27

RETE: <0x00000000> /* Maybe null pointer? */

RETN: <0x00256000> /* unknown address */

RETX: <0x00240e02> [ test3 + 0xdc2 ]

RETS: <0x00240be0> [ test3 + 0xba0 ]

PC  : <0x00240e02> [ test3 + 0xdc2 ]

DCPLB_FAULT_ADDR: <0x00000000> /* Maybe null pointer? */

ICPLB_FAULT_ADDR: <0x00240e02> [ test3 + 0xdc2 ]

 

PROCESSOR STATE:

R0 : 00002f2f    R1 : 2f2f0000    R2 : 00000000    R3 : 0000002f

R4 : 00240140    R5 : 2f2f2f2f    R6 : 7efefeff    R7 : 81010100

P0 : 00249f5d    P1 : 00000003    P2 : 00000000    P3 : 00249fe8

P4 : 0094c2d4    P5 : 00240f64    FP : 00249f68    SP : 00255f24

LB0: 00240aa5    LT0: 00240aa4    LC0: 00000000

LB1: 03211c9d    LT1: 03211c96    LC1: 00000000

B0 : 00000000    L0 : 00000000    M0 : 00000000    I0 : 00249efd

B1 : 00000000    L1 : 00000000    M1 : 00000000    I1 : 00958f58

B2 : 00000000    L2 : 00000000    M2 : 00000000    I2 : 00000000

B3 : 00000000    L3 : 00000000    M3 : 00000000    I3 : 00000000

A0.w: 00000000   A0.x: 00000000   A1.w: 00000000   A1.x: 00000000

USP : 00249f68  ASTAT: 02002020

 

Hardware Trace:

   0 Target : <0x00004f4c> { _trap_c + 0x0 }

     Source : <0x00009d40> { _exception_to_level5 + 0xc0 }

   1 Target : <0x00009d00> { _exception_to_level5 + 0x80 }

     Source : <0x00009cf6> { _exception_to_level5 + 0x76 }

   2 Target : <0x00009c80> { _exception_to_level5 + 0x0 }

     Source : <0x00009bd8> { _ex_trap_c + 0x68 }

   3 Target : <0x00009bb2> { _ex_trap_c + 0x42 }

     Source : <0x00009ba8> { _ex_trap_c + 0x38 }

   4 Target : <0x00009b70> { _ex_trap_c + 0x0 }

     Source : <0x0000990a> { _ex_workaround_261 + 0x3a }

   5 Target : <0x000098f2> { _ex_workaround_261 + 0x22 }

     Source : <0x000098e8> { _ex_workaround_261 + 0x18 }

   6 Target : <0x000098d0> { _ex_workaround_261 + 0x0 }

     Source : <0x00009e0c> { _trap + 0x64 }

   7 Target : <0x00009dec> { _trap + 0x44 }

     Source : <0x00009ddc> { _trap + 0x34 }

   8 Target : <0x00009dd4> { _trap + 0x2c }

     Source : <0x00009de0> { _trap + 0x38 }

   9 Target : <0x00009dde> { _trap + 0x36 }

     Source : <0x00009dcc> { _trap + 0x24 }

  10 Target : <0x00009da8> { _trap + 0x0 }

     Source : <0x00009b12> { _bfin_return_from_exception + 0xe }

  11 Target : <0x00009b04> { _bfin_return_from_exception + 0x0 }

     Source : <0x000098fa> { _ex_workaround_261 + 0x2a }

  12 Target : <0x000098f2> { _ex_workaround_261 + 0x22 }

     Source : <0x000098e8> { _ex_workaround_261 + 0x18 }

  13 Target : <0x000098d0> { _ex_workaround_261 + 0x0 }

     Source : <0x00009e0c> { _trap + 0x64 }

  14 Target : <0x00009dec> { _trap + 0x44 }

     Source : <0x00009ddc> { _trap + 0x34 }

  15 Target : <0x00009dd4> { _trap + 0x2c }

     Source : <0x00009de0> { _trap + 0x38 }

Stack from 00255f04:

        00000000 00009d44 ffb00028 ffb00028 ffb00024 00249f5c 00240140 0024082c

        00240e02 00000030 00002027 00000000 00256000 00240e02 00240e02 00240be0

        00002f2f 02002020 03211c9d 00240aa5 03211c96 00240aa4 00000000 00000000

        00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

        00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000

        00000000 00000000 00958f58 00249efd 00249f68 00249f68 00240f64 0094c2d4

 

Call Trace:

[<00002f2f>] _do_rt_sigreturn+0x7e7/0x888

[<00002f2f>] _do_rt_sigreturn+0x7e7/0x888

 

--

 

Follow-ups

 

--- Graf Yang                                                2008-06-27 07:25:55

This is not the kernel bug.

execve05.c have two issues:

1.Assume firstly forked thread will run before secondly forked thread, this

cause s the test maybe fail.

2.When test fail, it will call execve(test_name, argv, env) with argv[0]=0,

this causes the NULL pointer dump.

 

--- Robin Getz                                               2008-06-27 10:21:47

If this is a test case issue - it still needs to get fixed - but I would think

that it would have been found on other SMP machines. ?

 

 

--- Mike Frysinger                                           2008-06-27 11:41:49

the point of the sync pipe logic is to prevent any race conditions.  so it

doesnt matter what order things run in initially as the sync pipe will force

explicit order.

 

the crash due to argv[0] being NULL is a bug in uClibc, not the test case

 

--- Mike Frysinger                                           2008-06-27 15:14:16

ive committed a fix for the argv[0] = NULL bug in uClibc

 

--- Graf Yang                                                2008-06-28 02:11:24

Hi Mike, What is the 'sync pipe'? Is it related with execve05.c?

I found the thread child2 sometimes call execve(test_name,...) prior to thread

child1 opening test_name. In this case test failed. Otherwise it pass.

 

Hi Robin, I tested execve05 on my Dell-D630(Intel Core2 cpu), all passed. In

all the cases the child1 will opening 'test_name' prior to child2, and child2

get the error ETXTBSY, it's just the expected result of execve05.c.

If I add a sleep(1) in the child1 (before it call open(test_name, O_WRONLY)),

the test not pass.

 

I guess the execve05.c just want to get the ETXTBSY which returned by

execve(test_name,...), when the file have been opened with O_WRONLY flag. But it

seems execve05.c can't ensure the file be opened before it is execved. Maybe we

can add a sleep(1) before execve(test_name, ...) to ensure the open operation is

prior to execve().

 

What's your opion?

 

--- Mike Frysinger                                           2008-06-28 05:29:07

i was looking at the execve05.c that we have in ltp trunk.  it uses sync pipes

to force strict ordering.  it seems the old version of ltp we're using does not

have this code, so it fails.

 

--- Robin Getz                                               2009-01-08 14:41:44

It sounds like this should go away when we update to latest LTP?

 

?

 

--- Vivi Li                                                  2009-01-08 23:06:31

Cause there is SMP boot problem at present, I will test it after this bug is

fixed.

 

--- Sonic Zhang                                              2009-01-14 22:16:00

Fixed. Don't add l1 stack check flag for SMP kernel.

Also add proper file open flags and modes.

 

--- Vivi Li                                                  2009-03-02 05:11:02

OK, close it. Thanks!

 

 

 

    Files

    Changes

    Commits

    Dependencies

    Duplicates

    Associations

    Tags

 

File Name     File Type     File Size     Posted By

No Files Were Found

Attachments

    Outcomes