RANK ORDER fragment_delete_mute acquired after shared_vm_areas: regression from r1533

[derekbruening]

From [email protected] on May 14, 2013 11:55:47

split from issue #1135 [ RUN ] FileStreamTest.Truncate
<rank order violation fragment_delete_mutex(mutex)@/work/dr/git/src/core/fragment.c:2035 acquired after shared_vm_areas(readwrite)@/work/dr/git/src/core/vmareas.c:1536 in tid:2e96>

(gdb) bt
#0 syscall_ready () at /work/dr/git/src/core/x86/x86.asm:1132
#1 0x0000000000000020 in ?? ()
#2 0x00000000712c9688 in read_syscall (fd=0, buf=0x51ced807, nbytes=1) at /work/dr/git/src/core/unix/os.c:3786
#3 0x00000000712c9e1d in os_read (f=0, buf=0x51ced807, count=1) at /work/dr/git/src/core/unix/os.c:3998
#4 0x0000000071116309 in notify (priority=SYSLOG_CRITICAL, internal=true, synch=false, substitution_num=0, prefix=
0x7132839c "SYSLOG_CRITICAL", fmt=0x71328368 "rank order violation %s acquired after %s in tid:%x")
at /work/dr/git/src/core/utils.c:1953
#5 0x0000000071113295 in deadlock_avoidance_lock (lock=0x51c7e6d8, acquired=true, ownable=true) at /work/dr/git/src/core/utils.c:597
#6 0x0000000071113bec in mutex_trylock (lock=0x51c7e6d8) at /work/dr/git/src/core/utils.c:906
#7 0x0000000071113ad2 in mutex_lock (lock=0x51c7e6d8) at /work/dr/git/src/core/utils.c:845
#8 0x00000000710a31db in fragment_get_fragment_delete_mutex (dcontext=0x51c7c8c0) at /work/dr/git/src/core/fragment.c:2642
#9 0x00000000710a4448 in fragment_delete (dcontext=0x51c7c8c0, f=0x521ae340, actions=8) at /work/dr/git/src/core/fragment.c:3050
#10 0x00000000710d4e4b in force_fragment_from_cache (dcontext=0x51c7c8c0, cache=0x51cfae30, victim=0x521ae340)
at /work/dr/git/src/core/fcache.c:2743
#11 0x00000000710d59d4 in replace_fragments (dcontext=0x51c7c8c0, cache=0x51cfae30, unit=0x51ccc840, f=0x51cfb290, fifo=0x5252d480,
slot_size=36) at /work/dr/git/src/core/fcache.c:2800
#12 0x00000000710daf6c in add_fragment_common (dcontext=0x51c7c8c0, cache=0x51cfae30, f=0x51cfb290, slot_size=36)
at /work/dr/git/src/core/fcache.c:3250
#13 0x00000000710e1b94 in fcache_add_fragment (dcontext=0x51c7c8c0, f=0x51cfb290) at /work/dr/git/src/core/fcache.c:3622
#14 0x00000000710a1765 in fragment_create (dcontext=0x51c7c8c0, tag=0x32ed6e490d "H\213<$H\211\302\350\367\253\001", body_size=28,
direct_exits=1, indirect_exits=0, exits_size=0, flags=33554432) at /work/dr/git/src/core/fragment.c:2431
#15 0x000000007110cdd0 in emit_fragment_common (dcontext=0x51c7c8c0, tag=0x32ed6e490d "H\213<$H\211\302\350\367\253\001", ilist=
0x51cf1ec8, flags=33554432, vmlist=0x52541e98, link_fragment=true, add_to_htable=false, replace_fragment=0x0)
at /work/dr/git/src/core/emit.c:633
#16 0x0000000071110d0e in emit_fragment_ex (dcontext=0x51c7c8c0, tag=0x32ed6e490d "H\213<$H\211\302\350\367\253\001", ilist=
0x51cf1ec8, flags=33554432, vmlist=0x52541e98, link=true, visible=false) at /work/dr/git/src/core/emit.c:994
#17 0x000000007126061f in build_basic_block_fragment (dcontext=0x51c7c8c0, start=0x32ed6e490d "H\213<$H\211\302\350\367\253\001",
initial_flags=33554432, link=true, visible=false, for_trace=true, unmangled_ilist=0x0) at /work/dr/git/src/core/x86/interp.c:4500
#18 0x00000000711abc31 in create_private_copy (dcontext=0x51c7c8c0, f=0x52b76ec8) at /work/dr/git/src/core/monitor.c:186
#19 0x00000000711b37f1 in monitor_cache_enter (dcontext=0x51c7c8c0, f=0x52b76ec8) at /work/dr/git/src/core/monitor.c:2124
#20 0x00000000710fb98a in dispatch (dcontext=0x51c7c8c0) at /work/dr/git/src/core/dispatch.c:171

From the code, clearly shared_vm_areas is meant to be acquired before
fragment_delete_mutex. It looks like r1533 broke this by illegally moving
the lock ranks.

Original issue: http://code.google.com/p/dynamorio/issues/detail?id=1157

[derekbruening]

From [email protected] on May 14, 2013 10:19:04

This issue was closed by revision r2084 .

Status: Fixed