Mailing List Archive

#1026: varnishd immediate segfault on armv7, seeminly strict-aliasing violations
#1026: varnishd immediate segfault on armv7, seeminly strict-aliasing violations
--------------------------------------+-------------------------------------
Reporter: hno | Type: defect
Status: new | Priority: normal
Milestone: | Component: varnishd
Version: 3.0.0 | Severity: normal
Keywords: strict-aliasing segfault |
--------------------------------------+-------------------------------------
varnish 1.2.5 and 3.0.1 both crashes on armv7 gcc 4.6.1 in early
initialization.

The crash is in bin/varnishd/cache_ban.c:BAN_Insert() when it uses the
VTAILQ_LAST macro.

405 be = VTAILQ_LAST(&ban_head, banhead_s);

and seen when code is compiled with -fstrict-aliasing -fschedule-insns
optimizations enabled on armv7 (default enabled by -O2).

Compiling with -Wstrict-aliasing=1 gives an strict-aliasing warning on the
same line and other places where this macro is used.

{{{
cache_ban.c: In function 'BAN_Insert':
cache_ban.c:330:19: warning: dereferencing type-punned pointer might break
strict-aliasing rules [-Wstrict-aliasing]
cache_ban.c: In function 'BAN_CheckLast':
cache_ban.c:381:18: warning: dereferencing type-punned pointer might break
strict-aliasing rules [-Wstrict-aliasing]
cache_ban.c: In function 'ban_lurker':
cache_ban.c:522:20: warning: dereferencing type-punned pointer might break
strict-aliasing rules [-Wstrict-aliasing]
cache_ban.c: In function 'BAN_TailRef':
cache_ban.c:573:18: warning: dereferencing type-punned pointer might break
strict-aliasing rules [-Wstrict-aliasing]
cache_ban.c: In function 'ccf_purge_list':
cache_ban.c:759:20: warning: dereferencing type-punned pointer might break
strict-aliasing rules [-Wstrict-aliasing]
}}}

VTAILQ_LAST is used on all the above lines.



Backtrace of the crash:

{{{
#0 0x0001d3b0 in BAN_Insert (b=0x40850448) at cache_ban.c:405
#1 0x0001f8a4 in BAN_Init () at cache_ban.c:970
#2 0x00045238 in child_main () at cache_main.c:122
#3 0x00062a60 in start_child (cli=0x408690a4) at mgt_child.c:345
#4 0x00063e30 in mcf_server_startstop (cli=0x408690a4, av=0x40805180,
priv=0x0) at mgt_child.c:620
#5 0x4005e84c in cls_dispatch (ac=1082560648, av=0x40072528, clp=0xa17c0,
cli=0x408690a4) at cli_serve.c:228
#6 cls_vlu2 (priv=0x40805180, av=0x40072528) at cli_serve.c:284
#7 0x4005edf8 in cls_vlu (priv=0x40869088, p=0x408aa000 "start") at
cli_serve.c:339
#8 0x400635d8 in LineUpProcess (l=0x40816d80) at vlu.c:154
#9 0x4005fc30 in VCLS_PollFd (cs=0x40817448, fd=<optimized out>,
timeout=0) at cli_serve.c:489
#10 0x00064e48 in mgt_cli_callback2 (e=0x4084c1f0, what=1) at
mgt_cli.c:370
#11 0x40062ac4 in vev_schedule_one (evb=0x40817420) at vev.c:498
#12 0x40062fbc in vev_schedule (evb=0x40817420) at vev.c:363
#13 0x00063d28 in MGT_Run () at mgt_child.c:602
#14 0x0007d19c in main (argc=0, argv=0xbeacbb34) at varnishd.c:650
}}}

A full backtrace is attached.

--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1026>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

_______________________________________________
varnish-bugs mailing list
varnish-bugs@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs
Re: #1026: varnishd immediate segfault on armv7, seeminly strict-aliasing violations [ In reply to ]
#1026: varnishd immediate segfault on armv7, seeminly strict-aliasing violations
--------------------------------------+-------------------------------------
Reporter: hno | Type: defect
Status: new | Priority: normal
Milestone: | Component: varnishd
Version: 3.0.0 | Severity: normal
Keywords: strict-aliasing segfault |
--------------------------------------+-------------------------------------

Comment(by hno):

And this is the gcc warnings from 3.0.1: (I accidenlty pasted the same
warnings from 2.1.5 earlier)

{{
cache_ban.c: In function 'ban_CheckLast':
cache_ban.c:157:6: warning: dereferencing type-punned pointer might break
strict-aliasing rules [-Wstrict-aliasing]
cache_ban.c: In function 'BAN_TailRef':
cache_ban.c:180:6: warning: dereferencing type-punned pointer might break
strict-aliasing rules [-Wstrict-aliasing]
cache_ban.c: In function 'BAN_Insert':
cache_ban.c:405:7: warning: dereferencing type-punned pointer might break
strict-aliasing rules [-Wstrict-aliasing]
cache_ban.c: In function 'ban_lurker_work':
cache_ban.c:764:6: warning: dereferencing type-punned pointer might break
strict-aliasing rules [-Wstrict-aliasing]
}}

--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1026#comment:1>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

_______________________________________________
varnish-bugs mailing list
varnish-bugs@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs
Re: #1026: varnishd immediate segfault on armv7, seeminly strict-aliasing violations [ In reply to ]
#1026: varnishd immediate segfault on armv7, seeminly strict-aliasing violations
--------------------------------------+-------------------------------------
Reporter: hno | Type: defect
Status: new | Priority: normal
Milestone: | Component: varnishd
Version: 3.0.0 | Severity: normal
Keywords: strict-aliasing segfault |
--------------------------------------+-------------------------------------

Comment(by hno):

And formatted correctly

{{{
cache_ban.c: In function 'ban_CheckLast':
cache_ban.c:157:6: warning: dereferencing type-punned pointer might break
strict-aliasing rules [-Wstrict-aliasing]
cache_ban.c: In function 'BAN_TailRef':
cache_ban.c:180:6: warning: dereferencing type-punned pointer might break
strict-aliasing rules [-Wstrict-aliasing]
cache_ban.c: In function 'BAN_Insert':
cache_ban.c:405:7: warning: dereferencing type-punned pointer might break
strict-aliasing rules [-Wstrict-aliasing]
cache_ban.c: In function 'ban_lurker_work':
cache_ban.c:764:6: warning: dereferencing type-punned pointer might break
strict-aliasing rules [-Wstrict-aliasing]
}}}

--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1026#comment:2>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

_______________________________________________
varnish-bugs mailing list
varnish-bugs@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs
Re: #1026: varnishd immediate segfault on armv7, seeminly strict-aliasing violations [ In reply to ]
#1026: varnishd immediate segfault on armv7, seeminly strict-aliasing violations
--------------------------------------+-------------------------------------
Reporter: hno | Type: defect
Status: new | Priority: normal
Milestone: | Component: varnishd
Version: 3.0.0 | Severity: normal
Keywords: strict-aliasing segfault |
--------------------------------------+-------------------------------------

Comment(by phk):

Sorry about the delay in getting to this.

I don't have an arm platform to test this on, so I'm a little bit
handicapped with respect to reproducing the bug.

I am pretty certain that the TAILQ_LAST macro works in FreeBSD on the arm
platform, so I am not quite sure what to make of this panic.

It is true that TAILQ_LAST does some non-nice pointer-gymnastics, but as
far as I know, they are strictly pointer to pointer, so they should be
safe.

Can I get you to pull down a -trunk source tree, and use the autoconf.des
file and see what happens then ?

--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1026#comment:3>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

_______________________________________________
varnish-bugs mailing list
varnish-bugs@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs
Re: #1026: varnishd immediate segfault on armv7, seeminly strict-aliasing violations [ In reply to ]
#1026: varnishd immediate segfault on armv7, seeminly strict-aliasing violations
--------------------------------------+-------------------------
Reporter: hno | Owner:
Type: defect | Status: closed
Priority: normal | Milestone:
Component: varnishd | Version: 3.0.0
Severity: normal | Resolution: worksforme
Keywords: strict-aliasing segfault |
--------------------------------------+-------------------------
Changes (by phk):

* status: new => closed
* resolution: => worksforme


Comment:

time out this ticket...

--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1026#comment:4>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

_______________________________________________
varnish-bugs mailing list
varnish-bugs@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs