From owner-freebsd-stable@freebsd.org  Sun Jul 19 20:57:28 2015
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C30619A50A6
 for <freebsd-stable@mailman.ysv.freebsd.org>;
 Sun, 19 Jul 2015 20:57:28 +0000 (UTC)
 (envelope-from kostikbel@gmail.com)
Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1])
 (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 68B5119AD
 for <freebsd-stable@freebsd.org>; Sun, 19 Jul 2015 20:57:28 +0000 (UTC)
 (envelope-from kostikbel@gmail.com)
Received: from tom.home (kostik@localhost [127.0.0.1])
 by kib.kiev.ua (8.15.2/8.15.2) with ESMTPS id t6JKvMoa027228
 (version=TLSv1 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO);
 Sun, 19 Jul 2015 23:57:22 +0300 (EEST)
 (envelope-from kostikbel@gmail.com)
DKIM-Filter: OpenDKIM Filter v2.9.2 kib.kiev.ua t6JKvMoa027228
Received: (from kostik@localhost)
 by tom.home (8.15.2/8.15.2/Submit) id t6JKvMQX027227;
 Sun, 19 Jul 2015 23:57:22 +0300 (EEST)
 (envelope-from kostikbel@gmail.com)
X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com
 using -f
Date: Sun, 19 Jul 2015 23:57:22 +0300
From: Konstantin Belousov <kostikbel@gmail.com>
To: Andre Meiser <ortadur@web.de>
Cc: freebsd-stable@freebsd.org
Subject: Re: Many core dumps in pthread_getspecific.
Message-ID: <20150719205722.GT2404@kib.kiev.ua>
References: <trinity-d3a62468-a8fd-44c3-ab9c-8b177ca8a366-1433331244003@3capp-webde-bs60>
 <20150603145838.GX2499@kib.kiev.ua>
 <trinity-15fcacbd-871c-4ea8-9257-5d11e7862ec0-1434103396559@3capp-webde-bs41>
 <20150614190504.GT2080@kib.kiev.ua>
 <trinity-e44527ae-e511-4ff3-bcdf-ee8426fc8a94-1434438565708@3capp-webde-bs53>
 <20150616073637.GO2080@kib.kiev.ua>
 <trinity-9d219acd-7aa9-4574-a9ad-458b52374069-1435936910016@3capp-webde-bs27>
 <20150703211111.GZ2080@kib.kiev.ua>
 <trinity-54f5f349-442e-4777-b35b-866867b763dc-1436977933500@3capp-webde-bs41>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <trinity-54f5f349-442e-4777-b35b-866867b763dc-1436977933500@3capp-webde-bs41>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00,
 DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no
 autolearn_force=no version=3.4.1
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on tom.home
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Jul 2015 20:57:28 -0000

On Wed, Jul 15, 2015 at 06:32:13PM +0200, Andre Meiser wrote:
> Hi,
> 
> no crash from vim or Xorg but from xterm and again at getcontext(uc) after alloca:
> 
> % readelf -d xterm | grep NEEDED
>  0x0000000000000001 (NEEDED)             Shared library: [libXinerama.so.1]
>  0x0000000000000001 (NEEDED)             Shared library: [libXft.so.2]
>  0x0000000000000001 (NEEDED)             Shared library: [libfontconfig.so.1]
>  0x0000000000000001 (NEEDED)             Shared library: [libutil.so.9]
>  0x0000000000000001 (NEEDED)             Shared library: [libXaw.so.7]
>  0x0000000000000001 (NEEDED)             Shared library: [libXmu.so.6]
>  0x0000000000000001 (NEEDED)             Shared library: [libXt.so.6]
>  0x0000000000000001 (NEEDED)             Shared library: [libX11.so.6]
>  0x0000000000000001 (NEEDED)             Shared library: [libXpm.so.4]
>  0x0000000000000001 (NEEDED)             Shared library: [libICE.so.6]
>  0x0000000000000001 (NEEDED)             Shared library: [libulog.so.0]
>  0x0000000000000001 (NEEDED)             Shared library: [libncurses.so.8]
>  0x0000000000000001 (NEEDED)             Shared library: [libc.so.7]
> 
> 
> 
> (gdb) bt
> #0  0x0000000803038642 in check_deferred_signal (curthread=0x805006400)
>     at /usr/src/lib/libthr/thread/thr_sig.c:332
> #1  0x000000080303858d in _thr_ast (curthread=0x805006400)
>     at /usr/src/lib/libthr/thread/thr_sig.c:265
> #2  0x000000080303d367 in _thr_rtld_lock_release (lock=<value optimized out>)
>     at /usr/src/lib/libthr/thread/thr_rtld.c:162
> #3  0x000000080067d94d in _r_debug_postinit () from /libexec/ld-elf.so.1
> #4  0x000000080067b15d in .text () from /libexec/ld-elf.so.1
> #5  0x0000000000438007 in ?? ()
> #6  0x000000000043fe77 in ?? ()
> #7  0x000000000041808b in ?? ()
> #8  0x0000000000417e0a in ?? ()
> #9  0x000000000042e04a in ?? ()
> #10 0x000000000040823f in ?? ()
> #11 0x0000000800697000 in ?? ()
> #12 0x0000000000000000 in ?? ()
> 
> 
> 
> (gdb) info locals
> act = {__sigaction_u = {__sa_handler = 0x7fff00000001, 
>     __sa_sigaction = 0x7fff00000001}, sa_flags = -6472, sa_mask = {__bits = {
>       32767, 4198068, 0, 54936355}}}
> info = {si_signo = 0, si_errno = 0, si_code = -6472, si_pid = 32767, 
>   si_uid = 4294960256, si_status = 32767, si_addr = 0x800000021, si_value = {
>     sival_int = -6368, sival_ptr = 0x7fffffffe720, sigval_int = -6368, 
>     sigval_ptr = 0x7fffffffe720}, _reason = {_fault = {_trapno = 15}, 
>     _timer = {_timerid = 15, _overrun = 0}, _mesgq = {_mqd = 15}, _poll = {
>       _band = 15}, __spare__ = {__spare1__ = 15, __spare2__ = {0, 0, 6909952, 
>         8, -6496, 32767, 6806459}}}}
> 
> 
> 
> (gdb) info registers
> rax            0xf0b470 15774832
> rbx            0x805006400      34443650048
> rcx            0x0      0
> rdx            0xca0000 13238272
> rsi            0x7fffffffe6b8   140737488348856
> rdi            0x7fffff0f3150   140737472573776
> rbp            0x7fffffffe650   0x7fffffffe650
> rsp            0x7fffff0f3150   0x7fffff0f3150
> r8             0x12     18
> r9             0x7fffffffe720   140737488348960
> r10            0x4030d0 4206800
> r11            0x261    609
> r12            0x1      1
> r13            0x679320 6787872
> r14            0x7fffff0f3150   140737472573776
> r15            0x23     35
> rip            0x803038642      0x803038642 <check_deferred_signal+82>
> eflags         0x10206  66054
> cs             0x43     67
> ss             0x3b     59
> ds             0x0      0
> es             0x0      0
> fs             0x0      0
> gs             0x0      0
> 
> 
> 
> (gdb) disassemble
> Dump of assembler code for function check_deferred_signal:
> 0x00000008030385f0 <check_deferred_signal+0>:   push   %rbp
> 0x00000008030385f1 <check_deferred_signal+1>:   mov    %rsp,%rbp
> 0x00000008030385f4 <check_deferred_signal+4>:   push   %r15
> 0x00000008030385f6 <check_deferred_signal+6>:   push   %r14
> 0x00000008030385f8 <check_deferred_signal+8>:   push   %rbx
> 0x00000008030385f9 <check_deferred_signal+9>:   sub    $0x78,%rsp
> 0x00000008030385fd <check_deferred_signal+13>:  mov    %rdi,%rbx
> 0x0000000803038600 <check_deferred_signal+16>:  cmpl   $0x0,0x100(%rbx)
> 0x0000000803038607 <check_deferred_signal+23>:  je     0x803038612 <check_deferred_signal+34>
> 0x0000000803038609 <check_deferred_signal+25>:  cmpl   $0x0,0x180(%rbx)
> 0x0000000803038610 <check_deferred_signal+32>:  je     0x80303861d <check_deferred_signal+45>
> 0x0000000803038612 <check_deferred_signal+34>:  lea    -0x18(%rbp),%rsp
> 0x0000000803038616 <check_deferred_signal+38>:  pop    %rbx
> 0x0000000803038617 <check_deferred_signal+39>:  pop    %r14
> 0x0000000803038619 <check_deferred_signal+41>:  pop    %r15
> 0x000000080303861b <check_deferred_signal+43>:  pop    %rbp
> 0x000000080303861c <check_deferred_signal+44>:  retq   
> 0x000000080303861d <check_deferred_signal+45>:  movl   $0x1,0x180(%rbx)
> 0x0000000803038627 <check_deferred_signal+55>:  callq  0x803032dfc <__getcontextx_size@plt>
> 0x000000080303862c <check_deferred_signal+60>:  cltq   
> 0x000000080303862e <check_deferred_signal+62>:  mov    %rsp,%r14
> 0x0000000803038631 <check_deferred_signal+65>:  add    $0xf,%rax
> 0x0000000803038635 <check_deferred_signal+69>:  and    $0xfffffffffffffff0,%rax
> 0x0000000803038639 <check_deferred_signal+73>:  sub    %rax,%r14
> 0x000000080303863c <check_deferred_signal+76>:  mov    %r14,%rsp
> 0x000000080303863f <check_deferred_signal+79>:  mov    %r14,%rdi
> 0x0000000803038642 <check_deferred_signal+82>:  callq  0x8030331cc <getcontext@plt>
> 0x0000000803038647 <check_deferred_signal+87>:  cmpl   $0x0,0x100(%rbx)
> 0x000000080303864e <check_deferred_signal+94>:  je     0x8030386db <check_deferred_signal+235>
> 0x0000000803038654 <check_deferred_signal+100>: lea    0x100(%rbx),%r15
> 0x000000080303865b <check_deferred_signal+107>: mov    %r14,%rdi
> 0x000000080303865e <check_deferred_signal+110>: callq  0x80303301c <__fillcontextx2@plt>
> 0x0000000803038663 <check_deferred_signal+115>: movups 0x160(%rbx),%xmm0
> 0x000000080303866a <check_deferred_signal+122>: movups 0x170(%rbx),%xmm1
> 0x0000000803038671 <check_deferred_signal+129>: movaps %xmm1,-0x30(%rbp)
> 0x0000000803038675 <check_deferred_signal+133>: movaps %xmm0,-0x40(%rbp)
> 0x0000000803038679 <check_deferred_signal+137>: movups 0x150(%rbx),%xmm0
> 0x0000000803038680 <check_deferred_signal+144>: movups %xmm0,(%r14)
> 0x0000000803038684 <check_deferred_signal+148>: movups 0x40(%r15),%xmm0
> 0x0000000803038689 <check_deferred_signal+153>: movaps %xmm0,-0x50(%rbp)
> 0x000000080303868d <check_deferred_signal+157>: movups (%r15),%xmm0
> 0x0000000803038691 <check_deferred_signal+161>: movups 0x10(%r15),%xmm1
> 0x0000000803038696 <check_deferred_signal+166>: movups 0x20(%r15),%xmm2
> 0x000000080303869b <check_deferred_signal+171>: movups 0x30(%r15),%xmm3
> 0x00000008030386a0 <check_deferred_signal+176>: movaps %xmm3,-0x60(%rbp)
> 0x00000008030386a4 <check_deferred_signal+180>: movaps %xmm2,-0x70(%rbp)
> 0x00000008030386a8 <check_deferred_signal+184>: movaps %xmm1,-0x80(%rbp)
> 0x00000008030386ac <check_deferred_signal+188>: movaps %xmm0,-0x90(%rbp)
> 0x00000008030386b3 <check_deferred_signal+195>: movl   $0x0,0x100(%rbx)
> 0x00000008030386bd <check_deferred_signal+205>: mov    -0x90(%rbp),%esi
> 0x00000008030386c3 <check_deferred_signal+211>: lea    -0x40(%rbp),%rdi
> 0x00000008030386c7 <check_deferred_signal+215>: lea    -0x90(%rbp),%rdx
> 0x00000008030386ce <check_deferred_signal+222>: mov    %r14,%rcx
> 0x00000008030386d1 <check_deferred_signal+225>: callq  0x803039330 <handle_signal>
> 0x00000008030386d6 <check_deferred_signal+230>: jmpq   0x803038612 <check_deferred_signal+34>
> 0x00000008030386db <check_deferred_signal+235>: movl   $0x0,0x180(%rbx)
> 0x00000008030386e5 <check_deferred_signal+245>: jmpq   0x803038612 <check_deferred_signal+34>
> End of assembler dump.
> 
> 
> I like the system, but this thread library smells fishy... :(

It seems that besides sigreturn(), ucontext symbols must be pre-resolved
as well.  Try this update (it includes the previous change).

diff --git a/lib/libthr/thread/thr_rtld.c b/lib/libthr/thread/thr_rtld.c
index 5d89988..cb20098 100644
--- a/lib/libthr/thread/thr_rtld.c
+++ b/lib/libthr/thread/thr_rtld.c
@@ -185,7 +185,9 @@ _thr_rtld_init(void)
 {
 	struct RtldLockInfo	li;
 	struct pthread		*curthread;
+	ucontext_t *uc;
 	long dummy = -1;
+	int uc_len;
 
 	curthread = _get_curthread();
 
@@ -231,4 +233,9 @@ _thr_rtld_init(void)
 	_thr_signal_block(curthread);
 	_rtld_thread_init(&li);
 	_thr_signal_unblock(curthread);
+
+	uc_len = __getcontextx_size();
+	uc = alloca(uc_len);
+	getcontext(uc);
+	__fillcontextx2((char *)uc);
 }
diff --git a/lib/libthr/thread/thr_sig.c b/lib/libthr/thread/thr_sig.c
index a6d021f..ebb6c58 100644
--- a/lib/libthr/thread/thr_sig.c
+++ b/lib/libthr/thread/thr_sig.c
@@ -30,6 +30,7 @@
 #include <sys/param.h>
 #include <sys/types.h>
 #include <sys/signalvar.h>
+#include <sys/syscall.h>
 #include <signal.h>
 #include <errno.h>
 #include <stdlib.h>
@@ -257,7 +258,7 @@ handle_signal(struct sigaction *actp, int sig, siginfo_t *info, ucontext_t *ucp)
 	/* reschedule cancellation */
 	check_cancel(curthread, &uc2);
 	errno = err;
-	__sys_sigreturn(&uc2);
+	syscall(SYS_sigreturn, &uc2);
 }
 
 void