From owner-freebsd-current@freebsd.org Thu Aug 24 16:09:48 2017 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A35FBDE2EEB for ; Thu, 24 Aug 2017 16:09:48 +0000 (UTC) (envelope-from tijl@freebsd.org) Received: from mailrelay111.isp.belgacom.be (mailrelay111.isp.belgacom.be [195.238.20.138]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (Client CN "relay.skynet.be", Issuer "GlobalSign Organization Validation CA - SHA256 - G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7B0928210C; Thu, 24 Aug 2017 16:09:46 +0000 (UTC) (envelope-from tijl@freebsd.org) X-Belgacom-Dynamic: yes IronPort-PHdr: =?us-ascii?q?9a23=3A7JkUyxGxAvvGJNfuwxPRCZ1GYnF86YWxBRYc798d?= =?us-ascii?q?s5kLTJ78pMmwAkXT6L1XgUPTWs2DsrQf2rqQ6/iocFdDyK7JiGoFfp1IWk1Nou?= =?us-ascii?q?QttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZr?= =?us-ascii?q?KeTpAI7SiNm82/yv95HJbQhFgDmwbaluIBmqsA7cqtQYjYx+J6gr1xDHuGFIe+?= =?us-ascii?q?NYxWNpIVKcgRPx7dqu8ZBg7ipdpesv+9ZPXqvmcas4S6dYDCk9PGAu+MLrrxjD?= =?us-ascii?q?QhCR6XYaT24bjwBHAwnB7BH9Q5fxri73vfdz1SWGIcH7S60/VDK/5KlpVRDokj?= =?us-ascii?q?8KOTA5/m/Jl8J+j6BUoByuqBNjzIDZe52VOfhicq/BYd8WWXRNU8BMXCJBGIO8?= =?us-ascii?q?aI4PAvIfM+ZZrYn9o0YFoAW5BQmrH+Pg1DpIiWXw3a0hzu8sFh3G3A0iH9IKq3?= =?us-ascii?q?narM/1O7kMXu2o0afGwy/Pb/RM2Tfy8YXFdA0qr/KUXb9ocsfd1FMjGx3Kg1iQ?= =?us-ascii?q?s4DpIjGY2+AXv2SG7edsSeSigHM9pQ5ruDig3MIsh5HMhoIS11/L6z10wJ0wJd?= =?us-ascii?q?2kUE57ZsOkEIdIuyGaKYR2RsQiTnlruCkgzr0GuJu7czYQyJQg3RLfd/2Hc4qM?= =?us-ascii?q?4h75SOmRJjB4hGl7d7K6nRmy91Ogxvf7Vsmu31ZGtitFkt/SuXARzxHe6dWLRu?= =?us-ascii?q?Fj8kqu2TuDzR3f5+NALEwuiKbWKYItzqY1lpUJsETDGiH2mF/xjK+Tbkgk5umo?= =?us-ascii?q?6+bjYrj9qJ+cLZF7hR/lPaQ1h8OzG+M4MhIBX2SD4+SzyKXj/VHlQLVNlvA2ka?= =?us-ascii?q?7ZsIvGJcQapa62GBFa0oI45hawCjepytUYnX0dIF1ZfxKHituhB1abA/f+Fuu2?= =?us-ascii?q?hUitln9ByvTBI6bmHN2ZLX/YjLbid7t5w0FZwQs3i9tY4sQHJKsGJafPW031/P?= =?us-ascii?q?ffCQQ0NgWy2K6zFNR/0qswQ2+CKJS1dqTIvgnbtaoUP+CQadpN637GIP8/6qu2?= =?us-ascii?q?gA=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A2CcBgCY+Z5Z/6qz9VFdGwEBAQMBAQEJA?= =?us-ascii?q?QEBFwEBBAEBCgEBgy9UgSWPCI8hAQGBby8BiAmNbIIShUcChE9CFgEBAQEBAQE?= =?us-ascii?q?BAQEBaiiCMyKCRAEFOhwjEAsOCgklDxIYHgYTihkDGbErhzkNhBEBAQEBAQEEA?= =?us-ascii?q?QEBASSDKoUxgyeCV4gQBYl+lh88j0+EaX+RckiLeYlvJgMugQpTMQhJhRccgWk?= =?us-ascii?q?+NosiAQEB?= X-IPAS-Result: =?us-ascii?q?A2CcBgCY+Z5Z/6qz9VFdGwEBAQMBAQEJAQEBFwEBBAEBCgE?= =?us-ascii?q?Bgy9UgSWPCI8hAQGBby8BiAmNbIIShUcChE9CFgEBAQEBAQEBAQEBaiiCMyKCR?= =?us-ascii?q?AEFOhwjEAsOCgklDxIYHgYTihkDGbErhzkNhBEBAQEBAQEEAQEBASSDKoUxgye?= =?us-ascii?q?CV4gQBYl+lh88j0+EaX+RckiLeYlvJgMugQpTMQhJhRccgWk+NosiAQEB?= Received: from 170.179-245-81.adsl-dyn.isp.belgacom.be (HELO kalimero.tijl.coosemans.org) ([81.245.179.170]) by relay.skynet.be with ESMTP; 24 Aug 2017 18:08:31 +0200 Received: from kalimero.tijl.coosemans.org (kalimero.tijl.coosemans.org [127.0.0.1]) by kalimero.tijl.coosemans.org (8.15.2/8.15.2) with ESMTP id v7OG8VLp095373; Thu, 24 Aug 2017 18:08:31 +0200 (CEST) (envelope-from tijl@FreeBSD.org) Date: Thu, 24 Aug 2017 18:08:30 +0200 From: Tijl Coosemans To: Konstantin Belousov Cc: freebsd-current@FreeBSD.org, gerald@FreeBSD.org Subject: Re: Segfault in _Unwind_* code called from pthread_exit Message-ID: <20170824180830.199885b0@kalimero.tijl.coosemans.org> In-Reply-To: <20170824154235.GD1700@kib.kiev.ua> References: <20170823163707.096f93ab@kalimero.tijl.coosemans.org> <20170824154235.GD1700@kib.kiev.ua> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Aug 2017 16:09:48 -0000 On Thu, 24 Aug 2017 18:42:35 +0300 Konstantin Belousov wrote: > On Wed, Aug 23, 2017 at 04:37:07PM +0200, Tijl Coosemans wrote: >> The following program segfaults for me on amd64 when linked like this: >> >> cc -o test test.c -lpthread -L/usr/local/lib/gcc5 -lgcc_s -rpath /usr/local/lib/gcc5 >> >> -------------------------------- >> #include >> #include >> >> void * >> thr( void *arg ) { >> return( NULL ); >> } >> >> int >> main( void ) { >> pthread_t thread; >> >> for( int i = 1; i < 20; i++ ) { >> fprintf( stderr, "%d\n", i ); >> pthread_create( &thread, NULL, thr, NULL ); >> pthread_join( thread, NULL ); >> } >> return( 0 ); >> } >> -------------------------------- >> >> The backtrace looks like this: >> >> Thread 7 received signal SIGSEGV, Segmentation fault. >> [Switching to LWP 100511 of process 1886] >> uw_frame_state_for (context=context@entry=0x7fffdfffddc0, >> fs=fs@entry=0x7fffdfffdb10) >> at /usr/ports/lang/gcc5/work/gcc-5.4.0/libgcc/unwind-dw2.c:1249 >> 1249 /usr/ports/lang/gcc5/work/gcc-5.4.0/libgcc/unwind-dw2.c: No such file or directory. >> (gdb) bt >> #0 uw_frame_state_for (context=context@entry=0x7fffdfffddc0, >> fs=fs@entry=0x7fffdfffdb10) >> at /usr/ports/lang/gcc5/work/gcc-5.4.0/libgcc/unwind-dw2.c:1249 >> #1 0x0000000800a66ecb in _Unwind_ForcedUnwind_Phase2 ( >> exc=exc@entry=0x800658730, context=context@entry=0x7fffdfffddc0) >> at /usr/ports/lang/gcc5/work/gcc-5.4.0/libgcc/unwind.inc:155 >> #2 0x0000000800a67200 in _Unwind_ForcedUnwind (exc=0x800658730, >> stop=0x8008428b0 , stop_argument=0x0) >> at /usr/ports/lang/gcc5/work/gcc-5.4.0/libgcc/unwind.inc:207 >> #3 0x0000000800842224 in _Unwind_ForcedUnwind (ex=0x800658730, >> stop_func=0x8008428b0 , stop_arg=0x0) >> at /usr/src/lib/libthr/thread/thr_exit.c:106 >> #4 0x000000080084269f in thread_unwind () >> at /usr/src/lib/libthr/thread/thr_exit.c:172 >> #5 0x00000008008424d6 in _pthread_exit_mask (status=0x0, mask=0x0) >> at /usr/src/lib/libthr/thread/thr_exit.c:254 >> #6 0x0000000800842359 in _pthread_exit (status=0x0) >> at /usr/src/lib/libthr/thread/thr_exit.c:206 >> #7 0x000000080082ccb1 in thread_start (curthread=0x800658500) >> at /usr/src/lib/libthr/thread/thr_create.c:289 >> #8 0x00007fffdfdfe000 in ?? () >> Backtrace stopped: Cannot access memory at address 0x7fffdfffe000 >> >> >> It happens with gcc6 as well, but not with base libgcc_s. >> Can anyone reproduce this? Have there been any changes to stack >> unwinding recently (last few months)? > > I can reproduce this, and there was a change in gcc unwinder, it seems. > Below is a patch which I did not even compiled. Still, it should give > an idea how it might be approached. The patch is against gcc head. Currently I'm thinking to patch our cpu_set_upcall in vm_machdep.c to set the return address for the thread entry point to NULL (#8 in the backtrace above). For new stacks this is implicitly NULL, but "Thread 7" (as gdb calls it) uses a recycled stack and libthr stores a 'struct stack' at the end of such stacks (to keep them in a linked list). I'm still looking at how base libgcc_s which uses LLVM libunwind avoids this problem.