SEGV in taskspooler
69 views
Skip to first unread message
Alexander Inyukhin
May 9, 2013, 9:05:21 AM5/9/13
to Lluís Batlle i Rossell, Llista de Task Spooler
Hi!
I found a bug is task-spooler server process recently.
When a job is started with -nf flag and another ts instance
is waiting for that job with -w, then the main ts daemon triggers
a null address access after the job finishes.
This condition is caused by premature cleanup of job state
before notifications are processed.
A GDB output follows.
Program received signal SIGSEGV, Segmentation fault.
check_notify_list (jobid=0) at jobs.c:1113
1113 if (j->state == FINISHED || j->state == SKIPPED)
(gdb) bt
#0 check_notify_list (jobid=0) at jobs.c:1113
#1 0x0804ad6b in client_read (index=0) at server.c:426
#2 server_loop (ls=0) at server.c:261
#3 server_main (notify_fd=5, _path=0x9eb30a0 "/tmp/socket-ts.1000") at server.c:209
#4 0x0804b3ff in fork_server () at server_start.c:128
#5 ensure_server_up () at server_start.c:175
#6 0x0804970e in main (argc=1, argv=0xfff4d704) at main.c:410
(gdb) info locals
n = 0x0
tmp = 0x9eb3150
j = 0x0
(gdb) list
1108 n = n->next;
1109 if (tmp->jobid == jobid)
1110 {
1111 j = get_job(jobid);
1112 /* If the job finishes, notify the waiter */
1113 if (j->state == FINISHED || j->state == SKIPPED)
1114 {
1115 send_waitjob_ok(tmp->socket, j->result.errorlevel);
1116 /* We want to get the next Nofity* before we remove
1117 * the actual 'n'. As s_remove_notification() simply
I found a bug is task-spooler server process recently.
When a job is started with -nf flag and another ts instance
is waiting for that job with -w, then the main ts daemon triggers
a null address access after the job finishes.
This condition is caused by premature cleanup of job state
before notifications are processed.
A GDB output follows.
Program received signal SIGSEGV, Segmentation fault.
check_notify_list (jobid=0) at jobs.c:1113
1113 if (j->state == FINISHED || j->state == SKIPPED)
(gdb) bt
#0 check_notify_list (jobid=0) at jobs.c:1113
#1 0x0804ad6b in client_read (index=0) at server.c:426
#2 server_loop (ls=0) at server.c:261
#3 server_main (notify_fd=5, _path=0x9eb30a0 "/tmp/socket-ts.1000") at server.c:209
#4 0x0804b3ff in fork_server () at server_start.c:128
#5 ensure_server_up () at server_start.c:175
#6 0x0804970e in main (argc=1, argv=0xfff4d704) at main.c:410
(gdb) info locals
n = 0x0
tmp = 0x9eb3150
j = 0x0
(gdb) list
1108 n = n->next;
1109 if (tmp->jobid == jobid)
1110 {
1111 j = get_job(jobid);
1112 /* If the job finishes, notify the waiter */
1113 if (j->state == FINISHED || j->state == SKIPPED)
1114 {
1115 send_waitjob_ok(tmp->socket, j->result.errorlevel);
1116 /* We want to get the next Nofity* before we remove
1117 * the actual 'n'. As s_remove_notification() simply
Lluís Batlle i Rossell
May 9, 2013, 3:24:06 PM5/9/13
to tasks...@googlegroups.com
Thank you, I can reproduce it.
I still don't know how I'll solve it; I think that it's on purpose that "ts -nf"
leaves no trace in the job list.
I'm thinking of keeping track of what jobs are waited for, in that waiting
situation, and clean up only after the waiting clients are notified.
Regards,
Lluís.
> --
> You received this message because you are subscribed to the Google Groups "taskspooler" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to taskspooler...@googlegroups.com.
> To post to this group, send an email to tasks...@googlegroups.com.
> Visit this group at http://groups.google.com/group/taskspooler?hl=en-GB.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
I still don't know how I'll solve it; I think that it's on purpose that "ts -nf"
leaves no trace in the job list.
I'm thinking of keeping track of what jobs are waited for, in that waiting
situation, and clean up only after the waiting clients are notified.
Regards,
Lluís.
> You received this message because you are subscribed to the Google Groups "taskspooler" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to taskspooler...@googlegroups.com.
> To post to this group, send an email to tasks...@googlegroups.com.
> Visit this group at http://groups.google.com/group/taskspooler?hl=en-GB.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
Lluís Batlle i Rossell
May 9, 2013, 3:45:21 PM5/9/13
to tasks...@googlegroups.com
On Thu, May 09, 2013 at 09:24:06PM +0200, Lluís Batlle i Rossell wrote:
> Thank you, I can reproduce it.
>
> I still don't know how I'll solve it; I think that it's on purpose that "ts -nf"
> leaves no trace in the job list.
>
> I'm thinking of keeping track of what jobs are waited for, in that waiting
> situation, and clean up only after the waiting clients are notified.
Alexander,
> Thank you, I can reproduce it.
>
> I still don't know how I'll solve it; I think that it's on purpose that "ts -nf"
> leaves no trace in the job list.
>
> I'm thinking of keeping track of what jobs are waited for, in that waiting
> situation, and clean up only after the waiting clients are notified.
can you try this?
http://viric.name/wsgi-bin/hgweb.wsgi/ts/rev/4a2f6bdca101
Alexander Inyukhin
May 10, 2013, 4:09:16 AM5/10/13
to tasks...@googlegroups.com
On Thu, May 09, 2013 at 09:45:21PM +0200, Llu�s Batlle i Rossell wrote:
Thanks!
> On Thu, May 09, 2013 at 09:24:06PM +0200, Llu�s Batlle i Rossell wrote:
> > Thank you, I can reproduce it.
> >
> > I still don't know how I'll solve it; I think that it's on purpose that "ts -nf"
> > leaves no trace in the job list.
> >
> > I'm thinking of keeping track of what jobs are waited for, in that waiting
> > situation, and clean up only after the waiting clients are notified.
>
> Alexander,
>
> can you try this?
> http://viric.name/wsgi-bin/hgweb.wsgi/ts/rev/4a2f6bdca101
This patch works.
> > Thank you, I can reproduce it.
> >
> > I still don't know how I'll solve it; I think that it's on purpose that "ts -nf"
> > leaves no trace in the job list.
> >
> > I'm thinking of keeping track of what jobs are waited for, in that waiting
> > situation, and clean up only after the waiting clients are notified.
>
> Alexander,
>
> can you try this?
> http://viric.name/wsgi-bin/hgweb.wsgi/ts/rev/4a2f6bdca101
Thanks!
Reply all
Reply to author
Forward
0 new messages