From owner-freebsd-threads@FreeBSD.ORG Fri Sep 14 00:12:55 2007 Return-Path: Delivered-To: freebsd-threads@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 98CFF16A41A for ; Fri, 14 Sep 2007 00:12:55 +0000 (UTC) (envelope-from lavajoe@gentoo.org) Received: from shadow.wildlava.net (shadow.wildlava.net [67.40.138.81]) by mx1.freebsd.org (Postfix) with ESMTP id 67DD113C468 for ; Fri, 14 Sep 2007 00:12:55 +0000 (UTC) (envelope-from lavajoe@gentoo.org) Received: from [67.40.138.82] (crater.wildlava.net [67.40.138.82]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by shadow.wildlava.net (Postfix) with ESMTP id 5F7A98F431 for ; Thu, 13 Sep 2007 17:46:18 -0600 (MDT) Message-ID: <46E9CBC8.3060906@gentoo.org> Date: Thu, 13 Sep 2007 17:46:16 -0600 From: Joe Peterson User-Agent: Thunderbird 2.0.0.6 (X11/20070806) MIME-Version: 1.0 To: freebsd-threads@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Segfault when mapping libpthread -> libthr X-BeenThere: freebsd-threads@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Threading on FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Sep 2007 00:12:55 -0000 I am a developer on the Gentoo/FreeBSD project. For those who don't know, this is basically porting the gentoo tools, package installer, init stuff, etc. to FreeBSD (kernel and userland). I have been investigating a rather challenging crash in libthr with 6.2. We have libpthread and libc_r mapped to libthr (as I understand this is the default for 7.0). I doubt, however, that this issue is gentoo-related, since the system is essentially FreeBSD, but I cannot be 100% sure, of course. In particular, ImageMagick's "mogrify" utility is segfaulting. I have traced this down to the fact that _cur_thread() returns a different address after many mutex locks in pthread (using the libthr library). This causes the mutex linked list in the thread to have zero pointers for first/last, and the crash results. I have verified with a ImageMagick developer that mogrfiy is using only one thread, so this should never happen. Another clue is that the curthread address seems to change sometime shortly before __error (in libthr/sys/thr_error.c) gets called. I now am not sure how to debug this further. The address returned by _get_curthread() is close, but slightly higher (by typically 0x100) than the original thread's address. I can reproduce the problem faithfully on two of my systems, so if any of this rings a bell, or if you have any suggestions for things to try on my end, I'd be extremely appreciative! -Joe