Bug 444560

Summary: accept(2) return EINVAL on s390x
Product: Red Hat Enterprise Linux 4 Reporter: Qian Cai <qcai>
Component: kernelAssignee: Red Hat Kernel Manager <kernel-mgr>
Status: CLOSED NOTABUG QA Contact: Martin Jenner <mjenner>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.6.zCC: drepper
Target Milestone: rc   
Target Release: ---   
Hardware: s390x   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-04-29 04:04:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
testr.c
none
testw.c none

Description Qian Cai 2008-04-29 03:48:38 UTC 
Description of problem:
While communicating through unix domain socket (AF_UNIX, SOCK_STREAM), accept(2)
returns EINVAL. This has only been observed on s390x, and it breaks POSIX. CCed
Ulrich Drepper, as this might be a glibc issue.

Version-Release number of selected component (if applicable):
RHEL4U6
kernel-2.6.9-67.0.7.EL
glibc-headers-2.3.4-2.39.s390x

How reproducible:
Always on s390x

Steps to Reproduce:
1. compile testr.c and run
2. compile testw.c and run

Additional info:
strace from both programs,

[root@z207 435122]# strace ./testr
execve("./r", ["./r"], [/* 21 vars */]) = 0
uname({sys="Linux", node="z207.z900.redhat.com", ...}) = 0
brk(0)                                  = 0x80003000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x2000001a000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=36766, ...}) = 0
mmap(NULL, 36766, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2000001b000
close(3)                                = 0
open("/lib64/tls/libc.so.6", O_RDONLY)  = 3
read(3, "\177ELF\2\2\1\0\0\0\0\0\0\0\0\0\0\3\0\26\0\0\0\1\0\0\0\0\0\1\361d"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1748512, ...}) = 0
mmap(NULL, 1431936, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x20000024000
mmap(0x20000179000, 20480, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x154000) = 0x20000179000
mmap(0x2000017e000, 14720, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2000017e000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x20000182000
mprotect(0x20000179000, 12288, PROT_READ) = 0
mprotect(0x20000018000, 4096, PROT_READ) = 0
munmap(0x2000001b000, 36766)            = 0
unlink("./.sockfile")                   = 0
socket(PF_FILE, SOCK_STREAM, 0)         = 3
bind(3, {sa_family=AF_FILE, path="./.sockfile"}, 110) = 0
listen(3, 5)                            = 0
select(4, [3], NULL, NULL, NULL)        = 1 (in [3])
accept(3, 0x3fffffff718, [9223841047283499008]) = -1 EINVAL (Invalid argument)
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x2000001b000
write(1, "accept error (22)\n", 18accept error (22)
)     = 18
exit_group(22)                          = ?

[root@z207 435122]# strace ./testw
execve("./w", ["./w"], [/* 21 vars */]) = 0
uname({sys="Linux", node="z207.z900.redhat.com", ...}) = 0
brk(0)                                  = 0x80002000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x2000001a000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=36766, ...}) = 0
mmap(NULL, 36766, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2000001b000
close(3)                                = 0
open("/lib64/tls/libc.so.6", O_RDONLY)  = 3
read(3, "\177ELF\2\2\1\0\0\0\0\0\0\0\0\0\0\3\0\26\0\0\0\1\0\0\0\0\0\1\361d"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1748512, ...}) = 0
mmap(NULL, 1431936, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0x20000024000
mmap(0x20000179000, 20480, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x154000) = 0x20000179000
mmap(0x2000017e000, 14720, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2000017e000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x20000182000
mprotect(0x20000179000, 12288, PROT_READ) = 0
mprotect(0x20000018000, 4096, PROT_READ) = 0
munmap(0x2000001b000, 36766)            = 0
socket(PF_FILE, SOCK_STREAM, 0)         = 3
connect(3, {sa_family=AF_FILE, path="./.sockfile"}, 110) = 0
write(3, "ABCDEFGH", 8)                 = 8
close(3)                                = 0
socket(PF_FILE, SOCK_STREAM, 0)         = 3
connect(3, {sa_family=AF_FILE, path="./.sockfile"}, 110) = 0
write(3, "ABCDEFGH", 8)                 = 8
close(3)                                = 0
socket(PF_FILE, SOCK_STREAM, 0)         = 3
connect(3, {sa_family=AF_FILE, path="./.sockfile"}, 110) = 0
write(3, "ABCDEFGH", 8)                 = 8
close(3)                                = 0
socket(PF_FILE, SOCK_STREAM, 0)         = 3
connect(3, {sa_family=AF_FILE, path="./.sockfile"}, 110) = 0
write(3, "ABCDEFGH", 8)                 = -1 EPIPE (Broken pipe)
--- SIGPIPE (Broken pipe) @ 0 (0) ---
+++ killed by SIGPIPE +++
Comment 1 Qian Cai 2008-04-29 03:48:38 UTC 
Created attachment 304061 [details]
testr.c
Comment 2 Qian Cai 2008-04-29 03:49:06 UTC 
Created attachment 304062 [details]
testw.c
Comment 3 Ulrich Drepper 2008-04-29 04:04:46 UTC 
The program is invalid.  The variable len is not initialized.  This can cause
the EINVAL error.