Ubuntu
glibc package

SIGFPE in pthread_barrier_destroy in glibc 2.23

Bug #1559842 reported by Steve Langasek
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
glibc (Ubuntu)
Invalid
Critical
Unassigned
Ubuntu ubuntu-16.03
Xenial
Invalid
Critical
Unassigned
Ubuntu ubuntu-16.03
mesa (Ubuntu)
Fix Released
Critical
Unassigned
Xenial
Fix Released
Critical
Unassigned

Bug Description

When running in a VM (but not on my host system), the bluez-qt autopkgtests fail with a floating point exception. The original failure, affecting both amd64 and i386, can be found here: http://autopkgtest.ubuntu.com/packages/b/bluez-qt/xenial/amd64/

To reproduce, build bluez-qt from source and then run:

xvfb-run -a --server-args="-screen 0 1024x768x24+32" sh -c 'cd obj-*/autotests; gdb ./qmltests'

Thread 1 "qmltests" received signal SIGFPE, Arithmetic exception.
0x00007ffff68fef49 in pthread_barrier_destroy (barrier=0x6aff30)
    at pthread_barrier_destroy.c:39
39 pthread_barrier_destroy.c: No such file or directory.
(gdb) thread apply all bt full

Thread 1 (Thread 0x7ffff7e788c0 (LWP 20087)):
#0 0x00007ffff68fef49 in pthread_barrier_destroy (barrier=0x6aff30)
    at pthread_barrier_destroy.c:39
        bar = 0x6aff30
        count = 0
        max_in_before_reset = <optimized out>
        in = <optimized out>
#1 0x00007fffea1c0f8f in ?? ()
   from /usr/lib/x86_64-linux-gnu/dri/swrast_dri.so
No symbol table info available.
#2 0x00007fffea1cca61 in ?? ()
   from /usr/lib/x86_64-linux-gnu/dri/swrast_dri.so
No symbol table info available.
#3 0x00007fffe9e65e6f in ?? ()
   from /usr/lib/x86_64-linux-gnu/dri/swrast_dri.so
No symbol table info available.
#4 0x00007fffe9e65f15 in ?? ()
   from /usr/lib/x86_64-linux-gnu/dri/swrast_dri.so
No symbol table info available.
#5 0x00007fffe9e6434f in ?? ()
   from /usr/lib/x86_64-linux-gnu/dri/swrast_dri.so
No symbol table info available.
#6 0x00007ffff2c82482 in ?? () from /usr/lib/x86_64-linux-gnu/mesa/libGL.so.1
No symbol table info available.
#7 0x00007ffff2c5e466 in ?? () from /usr/lib/x86_64-linux-gnu/mesa/libGL.so.1
No symbol table info available.
#8 0x00007ffff2c5e4e9 in ?? () from /usr/lib/x86_64-linux-gnu/mesa/libGL.so.1
No symbol table info available.
#9 0x00007ffff2c5e63e in ?? () from /usr/lib/x86_64-linux-gnu/mesa/libGL.so.1
No symbol table info available.
#10 0x00007ffff334f642 in XCloseDisplay ()
   from /usr/lib/x86_64-linux-gnu/libX11.so.6
No symbol table info available.
#11 0x00007fffed99c426 in QXcbConnection::~QXcbConnection() ()
   from /usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
No symbol table info available.
#12 0x00007fffed99c789 in QXcbConnection::~QXcbConnection() ()
   from /usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
No symbol table info available.
#13 0x00007fffed99ded6 in QXcbIntegration::~QXcbIntegration() ()
   from /usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
No symbol table info available.
#14 0x00007fffed99dfe9 in QXcbIntegration::~QXcbIntegration() ()
   from /usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5
No symbol table info available.
#15 0x00007ffff557acf3 in QGuiApplicationPrivate::~QGuiApplicationPrivate() ()
   from /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5
No symbol table info available.
#16 0x00007ffff557aed9 in QGuiApplicationPrivate::~QGuiApplicationPrivate() ()
   from /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5
No symbol table info available.
#17 0x00007ffff7515db8 in QObject::~QObject() ()
   from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
No symbol table info available.
#18 0x00007ffff557ab69 in QGuiApplication::~QGuiApplication() ()
   from /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5
No symbol table info available.
#19 0x00007ffff7fa1628 in quick_test_main(int, char**, char const*, char const*) () from /usr/lib/x86_64-linux-gnu/libQt5QuickTest.so.5
No symbol table info available.
#20 0x000000000040929f in main (argc=1, argv=0x7fffffffe4c8)
    at ../../autotests/qmltests.cpp:105
        testsDir = @0x7fffffffe3a0: {static null = {<No data fields>},
          d = 0x635970}
(gdb)

Since the problem is not reproducible on the host system, current guess is that it's related to cpu featureset passthrough on the guest. /proc/cpuinfo from an affected guest:

# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 2
model name : QEMU Virtual CPU version 0.14
stepping : 3
microcode : 0x1
cpu MHz : 2594.108
cache size : 4096 KB
physical id : 0
siblings : 1
core id : 0
cpu cores : 1
apicid : 0
initial apicid : 0
fpu : yes
fpu_exception : yes
cpuid level : 4
wp : yes
flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_good nopl pni vmx cx16 popcnt hypervisor lahf_lm tpr_shadow vnmi flexpriority ept
bogomips : 5188.21
clflush size : 64
cache_alignment : 64
address sizes : 40 bits physical, 48 bits virtual
power management:
#

It could also be related to the use of swrast_dri rather than a hardware-accelerated video driver.

Steve Langasek (vorlon)
Changed in glibc (Ubuntu):
importance: Undecided → Critical
milestone: none → ubuntu-16.03
status: New → Triaged
Revision history for this message
Steve Langasek (vorlon) wrote :

The line in question is:

unsigned int max_in_before_reset = BARRIER_IN_THRESHOLD
                                   - BARRIER_IN_THRESHOLD % count;

count is set the line before it to:

  unsigned int count = bar->count;

(gdb) print bar->count
$2 = 0
(gdb) print count
$3 = 0
(gdb)

Revision history for this message
Steve Langasek (vorlon) wrote :

The pthread_barrier_init manpage specifies that count must be > 0. indeed, pthread_barrier_init() is returning EINVAL, and swrast_dri is ignoring this return value. So this is a latent bug in mesa.

Changed in mesa (Ubuntu Xenial):
status: New → Triaged
importance: Undecided → Critical
Revision history for this message
Steve Langasek (vorlon) wrote :

(critical because it breaks all autopkgtests that exercise LLVMpipe.)

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mesa - 11.1.2-1ubuntu2

---------------
mesa (11.1.2-1ubuntu2) xenial; urgency=medium

  * debian/patches/glibc2.23-pthreads-compat.patch: fix misuse of
    pthread_barrier API. Closes LP: #1559842.

 -- Steve Langasek <email address hidden> Mon, 21 Mar 2016 05:59:56 +0000

Changed in mesa (Ubuntu Xenial):
status: Triaged → Fix Released
Steve Langasek (vorlon)
Changed in glibc (Ubuntu Xenial):
status: Triaged → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.