Occasional segfault with --threads

[eklitzke]

I am sometimes getting segfaults when using --threads. Here's some info from a core dump:

(env) evan@localhost ~/code/pyflame (276f0c3...) $ gdb python
GNU gdb (GDB) Fedora 7.12.1-46.fc25
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from python...Reading symbols from /usr/lib/debug/usr/bin/python2.7.debug...done.
done.
(gdb) core core.python.6569.localhost.localdomain.1489091075
/home/evan/code/pyflame/core.python.6569.localhost.localdomain.1489091075: No such file or directory.
(gdb) core /tmp/core.python.6569.localhost.localdomain.1489091075
warning: core file may not match specified executable file.
[New LWP 6571]
[New LWP 6570]
[New LWP 6569]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `python tests/threaded_sleeper.py'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f3ef11af959 in futex_abstimed_wait_cancelable (private=0, abstime=0x0, expected=0, futex_word=0x56268986fce0)
    at ../sysdeps/unix/sysv/linux/futex-internal.h:205
205	  int err = lll_futex_timed_wait_bitset (futex_word, expected, abstime,
[Current thread is 1 (Thread 0x7f3ee3fff700 (LWP 6571))]
(gdb) bt
#0  0x00007f3ef11af959 in futex_abstimed_wait_cancelable (private=0, abstime=0x0, expected=0, futex_word=0x56268986fce0)
    at ../sysdeps/unix/sysv/linux/futex-internal.h:205
#1  do_futex_wait (sem=sem@entry=0x56268986fce0, abstime=0x0) at sem_waitcommon.c:111
#2  0x00007f3ef11afa04 in __new_sem_wait_slow (sem=0x56268986fce0, abstime=0x0) at sem_waitcommon.c:181
#3  0x00007f3ef11afaaa in __new_sem_wait (sem=<optimized out>) at sem_wait.c:29
#4  0x00007f3ef14cff15 in PyThread_acquire_lock (lock=0x56268986fce0, waitflag=waitflag@entry=1) at /usr/src/debug/Python-2.7.13/Python/thread_pthread.h:324
#5  0x00007f3ef149bb29 in PyEval_EvalFrameEx (
    f=f@entry=Frame 0x7f3ef17fb730, for file tests/threaded_sleeper.py, line 25, in do_sleep (target=<float at remote 0x562689806608>), throwflag=throwflag@entry=0)
    at /usr/src/debug/Python-2.7.13/Python/ceval.c:1193
#6  0x00007f3ef14a10ae in fast_function (nk=0, na=<optimized out>, n=<optimized out>, pp_stack=0x7f3ee3ffe560, func=<optimized out>)
    at /usr/src/debug/Python-2.7.13/Python/ceval.c:4514
#7  call_function (oparg=<optimized out>, pp_stack=0x7f3ee3ffe560) at /usr/src/debug/Python-2.7.13/Python/ceval.c:4449
#8  PyEval_EvalFrameEx (f=f@entry=Frame 0x7f3ef19456f0, for file tests/threaded_sleeper.py, line 34, in sleep_b (), throwflag=throwflag@entry=0)
    at /usr/src/debug/Python-2.7.13/Python/ceval.c:3063
#9  0x00007f3ef14a4adc in PyEval_EvalCodeEx (co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x7f3ef1960068, argcount=0, 
    kws=kws@entry=0x7f3ef1960068, kwcount=0, defs=0x0, defcount=0, closure=0x0) at /usr/src/debug/Python-2.7.13/Python/ceval.c:3661
#10 0x00007f3ef142d04d in function_call (func=<function at remote 0x7f3ef1800140>, arg=(), kw={}) at /usr/src/debug/Python-2.7.13/Objects/funcobject.c:523
#11 0x00007f3ef1408003 in PyObject_Call (func=func@entry=<function at remote 0x7f3ef1800140>, arg=arg@entry=(), kw=kw@entry={})
    at /usr/src/debug/Python-2.7.13/Objects/abstract.c:2547
#12 0x00007f3ef149f093 in ext_do_call (nk=<optimized out>, na=0, flags=<optimized out>, pp_stack=0x7f3ee3ffe808, func=<function at remote 0x7f3ef1800140>)
    at /usr/src/debug/Python-2.7.13/Python/ceval.c:4743
#13 PyEval_EvalFrameEx (
    f=f@entry=Frame 0x7f3ef17feb00, for file /usr/lib64/python2.7/threading.py, line 757, in run (self=<Thread(_Thread__ident=139908089902848, _Thread__block=<_Condition(_Verbose__verbose=False, _Condition__lock=<thread.lock at remote 0x7f3ef1933190>, acquire=<built-in method acquire of thread.lock object at remote 0x7f3ef1933190>, _Condition__waiters=[], release=<built-in method release of thread.lock object at remote 0x7f3ef1933190>) at remote 0x7f3ef17ff1d0>, _Thread__name='Thread-2', _Thread__daemonic=False, _Thread__started=<_Event(_Verbose__verbose=False, _Event__flag=True, _Event__cond=<_Condition(_Verbose__verbose=False, _Condition__lock=<thread.lock at remote 0x7f3ef1933170>, acquire=<built-in method acquire of thread.lock object at remote 0x7f3ef1933170>, _Condition__waiters=[], release=<built-in method release of thread.lock object at remote 0x7f3ef1933170>) at remote 0x7f3ef17ff190>) at remote 0x7f3ef17ff150>, _Thread__stderr=<file at remote 0x7f3ef19821e0>, _Thread__target=<function at remote 0x7f3ef1800140>, ...(truncated), throwflag=throwflag@entry=0) at /usr/src/debug/Python-2.7.13/Python/ceval.c:3102
#14 0x00007f3ef14a10ae in fast_function (nk=0, na=<optimized out>, n=<optimized out>, pp_stack=0x7f3ee3ffe940, func=<optimized out>)
    at /usr/src/debug/Python-2.7.13/Python/ceval.c:4514
#15 call_function (oparg=<optimized out>, pp_stack=0x7f3ee3ffe940) at /usr/src/debug/Python-2.7.13/Python/ceval.c:4449
#16 PyEval_EvalFrameEx (
    f=f@entry=Frame 0x7f3edc000910, for file /usr/lib64/python2.7/threading.py, line 804, in __bootstrap_inner (self=<Thread(_Thread__ident=139908089902848, _Thread__b---Type <return> to continue, or q <return> ---Type <return> to continue, or q <return> to quit---
lock=<_Condition(_Verbose__verbose=False, _Condition__lock=<thread.lock at remote 0x7f3ef1933190>, acquire=<built-in method acquire of thread.lock object at remote 0x7f3ef1933190>, _Condition__waiters=[], release=<built-in method release of thread.lock object at remote 0x7f3ef1933190>) at remote 0x7f3ef17ff1d0>, _Thread__name='Thread-2', _Thread__daemonic=False, _Thread__started=<_Event(_Verbose__verbose=False, _Event__flag=True, _Event__cond=<_Condition(_Verbose__verbose=False, _Condition__lock=<thread.lock at remote 0x7f3ef1933170>, acquire=<built-in method acquire of thread.lock object at remote 0x7f3ef1933170>, _Condition__waiters=[], release=<built-in method release of thread.lock object at remote 0x7f3ef1933170>) at remote 0x7f3ef17ff190>) at remote 0x7f3ef17ff150>, _Thread__stderr=<file at remote 0x7f3ef19821e0>, _Thread__target=<function at remote 0x7...(truncated), throwflag=throwflag@entry=0) at /usr/src/debug/Python-2.7.13/Python/ceval.c:3063
#17 0x00007f3ef14a10ae in fast_function (nk=0, na=<optimized out>, n=<optimized out>, pp_stack=0x7f3ee3ffea80, func=<optimized out>) at /usr/src/debug/Python-2.7.13/Python/ceval.c:4514
#18 call_function (oparg=<optimized out>, pp_stack=0x7f3ee3ffea80) at /usr/src/debug/Python-2.7.13/Python/ceval.c:4449
#19 PyEval_EvalFrameEx (
    f=f@entry=Frame 0x7f3ef1803210, for file /usr/lib64/python2.7/threading.py, line 777, in __bootstrap (self=<Thread(_Thread__ident=139908089902848, _Thread__block=<_Condition(_Verbose__verbose=False, _Condition__lock=<thread.lock at remote 0x7f3ef1933190>, acquire=<built-in method acquire of thread.lock object at remote 0x7f3ef1933190>, _Condition__waiters=[], release=<built-in method release of thread.lock object at remote 0x7f3ef1933190>) at remote 0x7f3ef17ff1d0>, _Thread__name='Thread-2', _Thread__daemonic=False, _Thread__started=<_Event(_Verbose__verbose=False, _Event__flag=True, _Event__cond=<_Condition(_Verbose__verbose=False, _Condition__lock=<thread.lock at remote 0x7f3ef1933170>, acquire=<built-in method acquire of thread.lock object at remote 0x7f3ef1933170>, _Condition__waiters=[], release=<built-in method release of thread.lock object at remote 0x7f3ef1933170>) at remote 0x7f3ef17ff190>) at remote 0x7f3ef17ff150>, _Thread__stderr=<file at remote 0x7f3ef19821e0>, _Thread__target=<function at remote 0x7f3ef18...(truncated), 
    throwflag=throwflag@entry=0) at /usr/src/debug/Python-2.7.13/Python/ceval.c:3063
#20 0x00007f3ef14a4adc in PyEval_EvalCodeEx (co=<optimized out>, globals=<optimized out>, locals=locals@entry=0x0, args=args@entry=0x7f3ef18a06e8, argcount=1, kws=kws@entry=0x0, kwcount=0, defs=0x0, 
    defcount=0, closure=0x0) at /usr/src/debug/Python-2.7.13/Python/ceval.c:3661
#21 0x00007f3ef142cf6c in function_call (func=<function at remote 0x7f3ef17fd0c8>, 
    arg=(<Thread(_Thread__ident=139908089902848, _Thread__block=<_Condition(_Verbose__verbose=False, _Condition__lock=<thread.lock at remote 0x7f3ef1933190>, acquire=<built-in method acquire of thread.lock object at remote 0x7f3ef1933190>, _Condition__waiters=[], release=<built-in method release of thread.lock object at remote 0x7f3ef1933190>) at remote 0x7f3ef17ff1d0>, _Thread__name='Thread-2', _Thread__daemonic=False, _Thread__started=<_Event(_Verbose__verbose=False, _Event__flag=True, _Event__cond=<_Condition(_Verbose__verbose=False, _Condition__lock=<thread.lock at remote 0x7f3ef1933170>, acquire=<built-in method acquire of thread.lock object at remote 0x7f3ef1933170>, _Condition__waiters=[], release=<built-in method release of thread.lock object at remote 0x7f3ef1933170>) at remote 0x7f3ef17ff190>) at remote 0x7f3ef17ff150>, _Thread__stderr=<file at remote 0x7f3ef19821e0>, _Thread__target=<function at remote 0x7f3ef1800140>, _Thread__kwargs={}, _Verbose__verbose=False, _Thread__args=(), _Thread__stopped=False, _...(truncated), 
    kw=0x0) at /usr/src/debug/Python-2.7.13/Objects/funcobject.c:523
#22 0x00007f3ef1408003 in PyObject_Call (func=func@entry=<function at remote 0x7f3ef17fd0c8>, 
    arg=arg@entry=(<Thread(_Thread__ident=139908089902848, _Thread__block=<_Condition(_Verbose__verbose=False, _Condition__lock=<thread.lock at remote 0x7f3ef1933190>, acquire=<built-in method acquire of thread.lock object at remote 0x7f3ef1933190>, _Condition__waiters=[], release=<built-in method release of thread.lock object at remote 0x7f3ef1933190>) at remote 0x7f3ef17ff1d0>, _Thread__name='Thread-2', _Thread__daemonic=False, _Thread__started=<_Event(_Verbose__verbose=False, _Event__flag=True, _Event__cond=<_Condition(_Verbose__verbose=False, _Condition__lock=<thread.lock at remote 0x7f3ef1933170>, acquire=<built-in method acquire of thread.lock object at remote 0x7f3ef1933170>, _Condition__waiters=[], release=<built-in method release of thread.lock object at remote 0x7f3ef1933170>) at remote 0x7f3ef17ff190>) at remote 0x7f3ef17ff150>, _Thread__stderr=<file at remote 0x7f3ef19821e0>, _Thread__target=<function at remote 0x7f3ef1800140>, _Thread__kwargs={}, _Verbose__verbose=False, _Thread__args=(), _Thread__stopped=False, _...(truncated), kw=kw@entry=0x0) at /usr/src/debug/Python-2.7.13/Objects/abstract.c:2547
#23 0x00007f3ef1416efc in instancemethod_call (func=<function at remote 0x7f3ef17fd0c8>, 
    arg=(<Thread(_Thread__ident=139908089902848, _Thread__block=<_Condition(_Verbose__verbose=False, _Condition__lock=<thread.lock at remote 0x7f3ef1933190>, acquire=<built-in method acquire of thread.lock object at remote 0x7f3ef1933190>, _Condition__waiters=[], release=<built-in method release of thread.lock object at remote 0x7f3ef1933190>) at remote 0x7f3ef17ff1d0>, _Thread__name='Thread-2', _Thread__daemonic=False, _Thread__started=<_Event(_Verbose__verbose=False, _Event__flag=True, _Event__cond=<_Condition(_Verbose__verbose=False, _Condition__lock=<thread.lock at remote 0x7f3ef1933170>, acquire=<built-in method acquire of thread.lock object at remote 0x7f3ef1933170>, _Condition__waiters=[], release=<built-in method release of thread.lock object at remote 0x7f3ef1933170>) at remote 0x7f3ef17ff190>) at remote 0x7f3ef17ff150>, _Thread__stderr=<file at remote 0x7f3ef19821e0>, _Thread__target=<function at remote 0x7f3ef1800140>, _Thread__kwargs={}, _Verbose__verbose=False, _Thread__args=(), _Thread__stopped=False, _...(truncated), 
    kw=0x0) at /usr/src/debug/Python-2.7.13/Objects/classobject.c:2602
#24 0x00007f3ef1408003 in PyObject_Call (func=func@entry=<instancemethod at remote 0x7f3ef186c230>, arg=arg@entry=(), kw=<optimized out>) at /usr/src/debug/Python-2.7.13/Objects/abstract.c:2547
#25 0x00007f3ef149abc7 in PyEval_CallObjectWithKeywords (func=<instancemethod at remote 0x7f3ef186c230>, arg=(), kw=<optimized out>) at /usr/src/debug/Python-2.7.13/Python/ceval.c:4298
#26 0x00007f3ef14d41a2 in t_bootstrap (boot_raw=0x5626898392e0) at /usr/src/debug/Python-2.7.13/Modules/threadmodule.c:620
#27 0x00007f3ef11a76ca in start_thread (arg=0x7f3ee3fff700) at pthread_create.c:333
#28 0x00007f3ef07d1f7f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:105
(gdb) disas
Dump of assembler code for function do_futex_wait:
   0x00007f3ef11af920 <+0>:	push   %r12
   0x00007f3ef11af922 <+2>:	push   %rbp
   0x00007f3ef11af923 <+3>:	mov    %rdi,%rbp
   0x00007f3ef11af926 <+6>:	push   %rbx
   0x00007f3ef11af927 <+7>:	sub    $0x10,%rsp
   0x00007f3ef11af92b <+11>:	mov    0x8(%rdi),%ebx
   0x00007f3ef11af92e <+14>:	callq  0x7f3ef11b0280 <__pthread_enable_asynccancel>
   0x00007f3ef11af933 <+19>:	mov    $0xffffffff,%r9d
   0x00007f3ef11af939 <+25>:	mov    %eax,%r12d
   0x00007f3ef11af93c <+28>:	xor    %r8d,%r8d
   0x00007f3ef11af93f <+31>:	xor    $0x189,%ebx
   0x00007f3ef11af945 <+37>:	xor    %r10d,%r10d
   0x00007f3ef11af948 <+40>:	xor    %edx,%edx
   0x00007f3ef11af94a <+42>:	movslq %ebx,%rsi
   0x00007f3ef11af94d <+45>:	mov    %rbp,%rdi
   0x00007f3ef11af950 <+48>:	mov    $0xca,%eax
   0x00007f3ef11af955 <+53>:	syscall 
   0x00007f3ef11af957 <+55>:	cmp    $0xfffffffffffff000,%rax
   0x00007f3ef11af95d <+61>:	ja     0x7f3ef11af978 <do_futex_wait+88>
   0x00007f3ef11af95f <+63>:	mov    %r12d,%edi
   0x00007f3ef11af962 <+66>:	callq  0x7f3ef11b02e0 <__pthread_disable_asynccancel>
   0x00007f3ef11af967 <+71>:	xor    %eax,%eax
   0x00007f3ef11af969 <+73>:	add    $0x10,%rsp
   0x00007f3ef11af96d <+77>:	pop    %rbx
   0x00007f3ef11af96e <+78>:	pop    %rbp
   0x00007f3ef11af96f <+79>:	pop    %r12
   0x00007f3ef11af971 <+81>:	retq   
   0x00007f3ef11af972 <+82>:	nopw   0x0(%rax,%rax,1)
   0x00007f3ef11af978 <+88>:	mov    %r12d,%edi
   0x00007f3ef11af97b <+91>:	mov    %rax,0x8(%rsp)
   0x00007f3ef11af980 <+96>:	callq  0x7f3ef11b02e0 <__pthread_disable_asynccancel>
   0x00007f3ef11af985 <+101>:	mov    0x8(%rsp),%rax
   0x00007f3ef11af98a <+106>:	cmp    $0xfffffff5,%eax
   0x00007f3ef11af98d <+109>:	je     0x7f3ef11af9a8 <do_futex_wait+136>
   0x00007f3ef11af98f <+111>:	cmp    $0xfffffffc,%eax
   0x00007f3ef11af992 <+114>:	je     0x7f3ef11af9a8 <do_futex_wait+136>
   0x00007f3ef11af994 <+116>:	cmp    $0xffffff92,%eax
   0x00007f3ef11af997 <+119>:	je     0x7f3ef11af9a8 <do_futex_wait+136>
   0x00007f3ef11af999 <+121>:	lea    0x3420(%rip),%rdi        # 0x7f3ef11b2dc0
   0x00007f3ef11af9a0 <+128>:	callq  0x7f3ef11a5630 <__libc_fatal@plt>
   0x00007f3ef11af9a5 <+133>:	nopl   (%rax)
   0x00007f3ef11af9a8 <+136>:	neg    %eax
   0x00007f3ef11af9aa <+138>:	jmp    0x7f3ef11af969 <do_futex_wait+73>
End of assembler dump.
(gdb) info registers
rax            0xfffffffffffffff7	-9
rbx            0x189	393
rcx            0x7f3ef11af959	139908309776729
rdx            0x0	0
rsi            0x189	393
rdi            0x56268986fce0	94723516071136
rbp            0x56268986fce0	0x56268986fce0
rsp            0x7f3ee3ffe2a0	0x7f3ee3ffe2a0
r8             0x0	0
r9             0xffffffff	4294967295
r10            0x0	0
r11            0x246	582
r12            0x0	0
r13            0x562689806620	94723515639328
r14            0x7f3ef18f1c56	139908317387862
r15            0x7f3ef17fb730	139908316378928
rip            0x7f3ef11af959	0x7f3ef11af959 <do_futex_wait+57>
eflags         0x10246	[ PF ZF IF RF ]
cs             0x33	51
ss             0x2b	43
ds             0x0	0
es             0x0	0
fs             0x0	0
gs             0x0	0

What's suspicious here is that %rip is at 0x7f3ef11af959, which is not a valid address. In fact, it's two bytes past a valid address. The syscall instruction is two bytes. So it looks to me like there is an issue where the instruction pointer isn't being restored properly.

[eklitzke]

I have a bunch of these core dumps, and they're always at this offset in this function. Here's another example with a slightly different disassembly:

(gdb) disas
Dump of assembler code for function do_futex_wait:
   0x00007f9c4e419920 <+0>:	push   %r12
   0x00007f9c4e419922 <+2>:	push   %rbp
   0x00007f9c4e419923 <+3>:	mov    %rdi,%rbp
   0x00007f9c4e419926 <+6>:	push   %rbx
   0x00007f9c4e419927 <+7>:	sub    $0x10,%rsp
   0x00007f9c4e41992b <+11>:	mov    0x8(%rdi),%ebx
   0x00007f9c4e41992e <+14>:	callq  0x7f9c4e41a280 <__pthread_enable_asynccancel>
   0x00007f9c4e419933 <+19>:	mov    $0xffffffff,%r9d
   0x00007f9c4e419939 <+25>:	mov    %eax,%r12d
   0x00007f9c4e41993c <+28>:	xor    %r8d,%r8d
   0x00007f9c4e41993f <+31>:	xor    $0x189,%ebx
   0x00007f9c4e419945 <+37>:	xor    %r10d,%r10d
   0x00007f9c4e419948 <+40>:	xor    %edx,%edx
   0x00007f9c4e41994a <+42>:	movslq %ebx,%rsi
   0x00007f9c4e41994d <+45>:	mov    %rbp,%rdi
   0x00007f9c4e419950 <+48>:	mov    $0xca,%eax
   0x00007f9c4e419955 <+53>:	syscall 
   0x00007f9c4e419957 <+55>:	syscall 
=> 0x00007f9c4e419959 <+57>:	add    %al,(%rax)
   0x00007f9c4e41995b <+59>:	add    %al,(%rax)
   0x00007f9c4e41995d <+61>:	add    %al,(%rax)
   0x00007f9c4e41995f <+63>:	mov    %r12d,%edi
   0x00007f9c4e419962 <+66>:	callq  0x7f9c4e41a2e0 <__pthread_disable_asynccancel>
   0x00007f9c4e419967 <+71>:	xor    %eax,%eax
   0x00007f9c4e419969 <+73>:	add    $0x10,%rsp
   0x00007f9c4e41996d <+77>:	pop    %rbx
   0x00007f9c4e41996e <+78>:	pop    %rbp
   0x00007f9c4e41996f <+79>:	pop    %r12
   0x00007f9c4e419971 <+81>:	retq   
   0x00007f9c4e419972 <+82>:	nopw   0x0(%rax,%rax,1)
   0x00007f9c4e419978 <+88>:	mov    %r12d,%edi
   0x00007f9c4e41997b <+91>:	mov    %rax,0x8(%rsp)
   0x00007f9c4e419980 <+96>:	callq  0x7f9c4e41a2e0 <__pthread_disable_asynccancel>
   0x00007f9c4e419985 <+101>:	mov    0x8(%rsp),%rax
   0x00007f9c4e41998a <+106>:	cmp    $0xfffffff5,%eax
   0x00007f9c4e41998d <+109>:	je     0x7f9c4e4199a8 <do_futex_wait+136>
   0x00007f9c4e41998f <+111>:	cmp    $0xfffffffc,%eax
   0x00007f9c4e419992 <+114>:	je     0x7f9c4e4199a8 <do_futex_wait+136>
   0x00007f9c4e419994 <+116>:	cmp    $0xffffff92,%eax
   0x00007f9c4e419997 <+119>:	je     0x7f9c4e4199a8 <do_futex_wait+136>
   0x00007f9c4e419999 <+121>:	lea    0x3420(%rip),%rdi        # 0x7f9c4e41cdc0
   0x00007f9c4e4199a0 <+128>:	callq  0x7f9c4e40f630 <__libc_fatal@plt>
   0x00007f9c4e4199a5 <+133>:	nopl   (%rax)
   0x00007f9c4e4199a8 <+136>:	neg    %eax
   0x00007f9c4e4199aa <+138>:	jmp    0x7f9c4e419969 <do_futex_wait+73>

In this case the pyflame process hit an assertion error which caused it to bail out, I believe before restoring the original code value.

[eklitzke]

I think I understand what is happening now.

When I pyflame the target process, that process could already be blocked in a syscall. In this case, the syscall is futex(2), which blocks. The current code fails in this case. It needs to interrupt the syscall, run the mmap syscall, and then resume the prior syscall.

[eklitzke]

I released v1.3.1, which mitigates this when --threads is not used.

[eklitzke]

This was fixed by #61