From owner-freebsd-current@freebsd.org Thu Aug 24 15:42:42 2017 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 27127DE2269 for ; Thu, 24 Aug 2017 15:42:42 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B01DA80FA3; Thu, 24 Aug 2017 15:42:41 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from tom.home (kib@localhost [127.0.0.1]) by kib.kiev.ua (8.15.2/8.15.2) with ESMTPS id v7OFgZiT096278 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 24 Aug 2017 18:42:35 +0300 (EEST) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.10.3 kib.kiev.ua v7OFgZiT096278 Received: (from kostik@localhost) by tom.home (8.15.2/8.15.2/Submit) id v7OFgZ2Z096277; Thu, 24 Aug 2017 18:42:35 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Thu, 24 Aug 2017 18:42:35 +0300 From: Konstantin Belousov To: Tijl Coosemans Cc: freebsd-current@FreeBSD.org, gerald@FreeBSD.org Subject: Re: Segfault in _Unwind_* code called from pthread_exit Message-ID: <20170824154235.GD1700@kib.kiev.ua> References: <20170823163707.096f93ab@kalimero.tijl.coosemans.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170823163707.096f93ab@kalimero.tijl.coosemans.org> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on tom.home X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Aug 2017 15:42:42 -0000 On Wed, Aug 23, 2017 at 04:37:07PM +0200, Tijl Coosemans wrote: > Hi, > > The following program segfaults for me on amd64 when linked like this: > > cc -o test test.c -lpthread -L/usr/local/lib/gcc5 -lgcc_s -rpath /usr/local/lib/gcc5 > > -------------------------------- > #include > #include > > void * > thr( void *arg ) { > return( NULL ); > } > > int > main( void ) { > pthread_t thread; > > for( int i = 1; i < 20; i++ ) { > fprintf( stderr, "%d\n", i ); > pthread_create( &thread, NULL, thr, NULL ); > pthread_join( thread, NULL ); > } > return( 0 ); > } > -------------------------------- > > The backtrace looks like this: > > Thread 7 received signal SIGSEGV, Segmentation fault. > [Switching to LWP 100511 of process 1886] > uw_frame_state_for (context=context@entry=0x7fffdfffddc0, > fs=fs@entry=0x7fffdfffdb10) > at /usr/ports/lang/gcc5/work/gcc-5.4.0/libgcc/unwind-dw2.c:1249 > 1249 /usr/ports/lang/gcc5/work/gcc-5.4.0/libgcc/unwind-dw2.c: No such file or directory. > (gdb) bt > #0 uw_frame_state_for (context=context@entry=0x7fffdfffddc0, > fs=fs@entry=0x7fffdfffdb10) > at /usr/ports/lang/gcc5/work/gcc-5.4.0/libgcc/unwind-dw2.c:1249 > #1 0x0000000800a66ecb in _Unwind_ForcedUnwind_Phase2 ( > exc=exc@entry=0x800658730, context=context@entry=0x7fffdfffddc0) > at /usr/ports/lang/gcc5/work/gcc-5.4.0/libgcc/unwind.inc:155 > #2 0x0000000800a67200 in _Unwind_ForcedUnwind (exc=0x800658730, > stop=0x8008428b0 , stop_argument=0x0) > at /usr/ports/lang/gcc5/work/gcc-5.4.0/libgcc/unwind.inc:207 > #3 0x0000000800842224 in _Unwind_ForcedUnwind (ex=0x800658730, > stop_func=0x8008428b0 , stop_arg=0x0) > at /usr/src/lib/libthr/thread/thr_exit.c:106 > #4 0x000000080084269f in thread_unwind () > at /usr/src/lib/libthr/thread/thr_exit.c:172 > #5 0x00000008008424d6 in _pthread_exit_mask (status=0x0, mask=0x0) > at /usr/src/lib/libthr/thread/thr_exit.c:254 > #6 0x0000000800842359 in _pthread_exit (status=0x0) > at /usr/src/lib/libthr/thread/thr_exit.c:206 > #7 0x000000080082ccb1 in thread_start (curthread=0x800658500) > at /usr/src/lib/libthr/thread/thr_create.c:289 > #8 0x00007fffdfdfe000 in ?? () > Backtrace stopped: Cannot access memory at address 0x7fffdfffe000 > > > It happens with gcc6 as well, but not with base libgcc_s. > Can anyone reproduce this? Have there been any changes to stack > unwinding recently (last few months)? I can reproduce this, and there was a change in gcc unwinder, it seems. Below is a patch which I did not even compiled. Still, it should give an idea how it might be approached. The patch is against gcc head. Index: libgcc/config/i386/freebsd-unwind.h =================================================================== --- libgcc/config/i386/freebsd-unwind.h (revision 251293) +++ libgcc/config/i386/freebsd-unwind.h (working copy) @@ -28,6 +28,8 @@ see the files COPYING3 and COPYING.RUNTIME respect #include #include +#include +#include #include #include @@ -42,7 +44,29 @@ x86_64_freebsd_fallback_frame_state { struct sigframe *sf; long new_cfa; +#ifdef KERN_PROC_SIGTRAMP + static long sigtramp_addr = 0; + if (sigtramp_addr == 0) { + struct kinfo_sigtramp kst; + int error, mib[4]; + size_t len; + + mib[0] = CTL_KERN; + mib[1] = KERN_PROC; + mib[2] = KERN_PROC_SIGTRAMP; + mib[3] = getpid(); + len = sizeof(kst); + error = sysctl(mib, sizeof(mib) / sizeof(mib[0]), &kst, &len, NULL, 0); + if (error == 0) + sigtramp_addr = kst.ksigtramp_start; + } + + if (sigtramp_addr != 0 && (uintptr_t)(context->ra) == sigtramp_addr) + ; + else +#endif + /* Prior to FreeBSD 9, the signal trampoline was located immediately before the ps_strings. To support non-executable stacks on AMD64, the sigtramp was moved to a shared page for FreeBSD 9. Unfortunately