thr3ads.net - freebsd stable - Many core dumps in pthread

If this information is useful, please help other people find it:
Share via:

Andre Meiser

2015-Jul-22 09:46 UTC

Many core dumps in pthread_getspecific.

On Sun, Jul 19, 2015 at 22:57 +0200, Konstantin Belousov
wrote:> It seems that besides sigreturn(), ucontext symbols must be pre-resolved
> as well.  Try this update (it includes the previous change).
thanks for looking into this, but this patch wasn't funny at all.  Did you
tested your patch?  Almost every programme crashed with a core dump.  Here the
example for simply starting vim:

% readelf -d vim | grep NEEDED
 0x0000000000000001 (NEEDED)             Shared library: [libm.so.5]
 0x0000000000000001 (NEEDED)             Shared library: [libncurses.so.8]
 0x0000000000000001 (NEEDED)             Shared library: [libintl.so.8]
 0x0000000000000001 (NEEDED)             Shared library: [libpython2.7.so.1]
 0x0000000000000001 (NEEDED)             Shared library: [libthr.so.3]
 0x0000000000000001 (NEEDED)             Shared library: [libc.so.7]


(gdb) bt
#0  0x00000008014a30d4 in _thr_rtld_init () at
/usr/src/lib/libthr/thread/thr_rtld.c:239
#1  0x00000008014a2f03 in _libpthread_init (curthread=<value optimized
out>) at /usr/src/lib/libthr/thread/thr_init.c:372
#2  0x00000008014a5c22 in _thread_printf () from /lib/libthr.so.3
#3  0x0000000801498d06 in _init () from /lib/libthr.so.3
#4  0x00007fffffffe000 in ?? ()
#5  0x000000080083d6bf in r_debug_state () from /libexec/ld-elf.so.1
#6  0x000000080083cd17 in __tls_get_addr () from /libexec/ld-elf.so.1
#7  0x000000080083b129 in .text () from /libexec/ld-elf.so.1
#8  0x0000000000000000 in ?? ()


(gdb) info locals
li = {rtli_version = 0, lock_create = 0x8014a30f0 <_thr_rtld_lock_create>,
lock_destroy = 0x8014a3160 <_thr_rtld_lock_destroy>,
  rlock_acquire = 0x8014a31b0 <_thr_rtld_rlock_acquire>, wlock_acquire =
0x8014a3270 <_thr_rtld_wlock_acquire>,
  lock_release = 0x8014a3300 <_thr_rtld_lock_release>, thread_set_flag =
0x8014a33c0 <_thr_rtld_set_flag>,
  thread_clr_flag = 0x8014a33d0 <_thr_rtld_clr_flag>, at_fork = 0}
dummy = -1
curthread = (struct pthread *) 0x7fffff0f2650
uc_len = <value optimized out


(gdb) info registers
rax            0xf0b470 15774832
rbx            0x7fffff0f2650   140737472570960
rcx            0x0  0
rdx            0xca0000 13238272
rsi            0x8024064e8  34397512936
rdi            0x7fffff0f2650   140737472570960
rbp            0x7fffffffdb20   0x7fffffffdb20
rsp            0x7fffff0f2650   0x7fffff0f2650
r8             0x0  0
r9             0xfffff8000e35f4c0   -8795854605120
r10            0x0  0
r11            0x246    582
r12            0x800a54a28  34370570792
r13            0x800a545b0  34370569648
r14            0x1  1
r15            0x800855420  34368476192
rip            0x8014a30d4  0x8014a30d4 <_thr_rtld_init+244>
eflags         0x10206  66054
cs             0x43 67
ss             0x3b 59
ds             0x0  0
es             0x0  0
fs             0x0  0
gs             0x0  0


(gdb) disassemble
Dump of assembler code for function _thr_rtld_init:
0x00000008014a2fe0 <_thr_rtld_init+0>:  push   %rbp
0x00000008014a2fe1 <_thr_rtld_init+1>:  mov    %rsp,%rbp
0x00000008014a2fe4 <_thr_rtld_init+4>:  push   %rbx
0x00000008014a2fe5 <_thr_rtld_init+5>:  sub    $0x58,%rsp
0x00000008014a2fe9 <_thr_rtld_init+9>:  movq  
$0xffffffffffffffff,-0x58(%rbp)
0x00000008014a2ff1 <_thr_rtld_init+17>: mov    %fs:0x10,%rbx
0x00000008014a2ffa <_thr_rtld_init+26>: lea    -0x58(%rbp),%rdi
0x00000008014a2ffe <_thr_rtld_init+30>: mov    $0x3,%esi
0x00000008014a3003 <_thr_rtld_init+35>: mov    $0x1,%edx
0x00000008014a3008 <_thr_rtld_init+40>: xor    %ecx,%ecx
0x00000008014a300a <_thr_rtld_init+42>: xor    %r8d,%r8d
0x00000008014a300d <_thr_rtld_init+45>: callq  0x8014a5890
<_umtx_op_err>
0x00000008014a3012 <_thr_rtld_init+50>: callq  0x80149916c <__error at
plt>
0x00000008014a3017 <_thr_rtld_init+55>: xor    %edi,%edi
0x00000008014a3019 <_thr_rtld_init+57>: xor    %esi,%esi
0x00000008014a301b <_thr_rtld_init+59>: xor    %edx,%edx
0x00000008014a301d <_thr_rtld_init+61>: callq  0x8014990ac <mprotect at
plt>
0x00000008014a3022 <_thr_rtld_init+66>: callq  0x8014991ac
<_rtld_get_stack_prot at plt>
0x00000008014a3027 <_thr_rtld_init+71>: lea    0xc2(%rip),%rax        #
0x8014a30f0 <_thr_rtld_lock_create>
0x00000008014a302e <_thr_rtld_init+78>: mov    %rax,-0x48(%rbp)
0x00000008014a3032 <_thr_rtld_init+82>: lea    0x127(%rip),%rax        #
0x8014a3160 <_thr_rtld_lock_destroy>
0x00000008014a3039 <_thr_rtld_init+89>: mov    %rax,-0x40(%rbp)
0x00000008014a303d <_thr_rtld_init+93>: lea    0x16c(%rip),%rax        #
0x8014a31b0 <_thr_rtld_rlock_acquire>
0x00000008014a3044 <_thr_rtld_init+100>:    mov    %rax,-0x38(%rbp)
0x00000008014a3048 <_thr_rtld_init+104>:    lea    0x221(%rip),%rax       
# 0x8014a3270 <_thr_rtld_wlock_acquire>
0x00000008014a304f <_thr_rtld_init+111>:    mov    %rax,-0x30(%rbp)
0x00000008014a3053 <_thr_rtld_init+115>:    lea    0x2a6(%rip),%rax       
# 0x8014a3300 <_thr_rtld_lock_release>
0x00000008014a305a <_thr_rtld_init+122>:    mov    %rax,-0x28(%rbp)
0x00000008014a305e <_thr_rtld_init+126>:    lea    0x35b(%rip),%rax       
# 0x8014a33c0 <_thr_rtld_set_flag>
0x00000008014a3065 <_thr_rtld_init+133>:    mov    %rax,-0x20(%rbp)
0x00000008014a3069 <_thr_rtld_init+137>:    lea    0x360(%rip),%rax       
# 0x8014a33d0 <_thr_rtld_clr_flag>
0x00000008014a3070 <_thr_rtld_init+144>:    mov    %rax,-0x18(%rbp)
0x00000008014a3074 <_thr_rtld_init+148>:    movq   $0x0,-0x10(%rbp)
0x00000008014a307c <_thr_rtld_init+156>:    xor    %edi,%edi
0x00000008014a307e <_thr_rtld_init+158>:    callq  0x8014991dc
<_rtld_atfork_pre at plt>
0x00000008014a3083 <_thr_rtld_init+163>:    xor    %edi,%edi
0x00000008014a3085 <_thr_rtld_init+165>:    callq  0x801498dbc
<_rtld_atfork_post at plt>
0x00000008014a308a <_thr_rtld_init+170>:    callq  0x801498e3c
<_malloc_prefork at plt>
0x00000008014a308f <_thr_rtld_init+175>:    callq  0x80149919c
<_malloc_postfork at plt>
0x00000008014a3094 <_thr_rtld_init+180>:    mov    $0x14,%edi
0x00000008014a3099 <_thr_rtld_init+185>:    xor    %eax,%eax
0x00000008014a309b <_thr_rtld_init+187>:    callq  0x8014990fc <syscall
at plt>
0x00000008014a30a0 <_thr_rtld_init+192>:    mov    %rbx,%rdi
0x00000008014a30a3 <_thr_rtld_init+195>:    callq  0x80149e4f0
<_thr_signal_block>
0x00000008014a30a8 <_thr_rtld_init+200>:    lea    -0x50(%rbp),%rdi
0x00000008014a30ac <_thr_rtld_init+204>:    callq  0x801498f3c
<_rtld_thread_init at plt>
0x00000008014a30b1 <_thr_rtld_init+209>:    mov    %rbx,%rdi
0x00000008014a30b4 <_thr_rtld_init+212>:    callq  0x80149e530
<_thr_signal_unblock>
0x00000008014a30b9 <_thr_rtld_init+217>:    callq  0x801498dfc
<__getcontextx_size at plt>
0x00000008014a30be <_thr_rtld_init+222>:    cltq
0x00000008014a30c0 <_thr_rtld_init+224>:    mov    %rsp,%rbx
0x00000008014a30c3 <_thr_rtld_init+227>:    add    $0xf,%rax
0x00000008014a30c7 <_thr_rtld_init+231>:    and   
$0xfffffffffffffff0,%rax
0x00000008014a30cb <_thr_rtld_init+235>:    sub    %rax,%rbx
0x00000008014a30ce <_thr_rtld_init+238>:    mov    %rbx,%rsp
0x00000008014a30d1 <_thr_rtld_init+241>:    mov    %rbx,%rdi
0x00000008014a30d4 <_thr_rtld_init+244>:    callq  0x8014991cc
<getcontext at plt>
0x00000008014a30d9 <_thr_rtld_init+249>:    mov    %rbx,%rdi
0x00000008014a30dc <_thr_rtld_init+252>:    callq  0x80149901c
<__fillcontextx2 at plt>
0x00000008014a30e1 <_thr_rtld_init+257>:    lea    -0x8(%rbp),%rsp
0x00000008014a30e5 <_thr_rtld_init+261>:    pop    %rbx
0x00000008014a30e6 <_thr_rtld_init+262>:    pop    %rbp
0x00000008014a30e7 <_thr_rtld_init+263>:    retq
End of assembler dump.


Sincerely yours Andre.

Konstantin Belousov

2015-Jul-22 10:20 UTC

head link

Many core dumps in pthread_getspecific.

On Wed, Jul 22, 2015 at 11:46:35AM +0200, Andre Meiser
wrote:> On Sun, Jul 19, 2015 at 22:57 +0200, Konstantin Belousov wrote:
> > It seems that besides sigreturn(), ucontext symbols must be
pre-resolved
> > as well.  Try this update (it includes the previous change).
> 
> thanks for looking into this, but this patch wasn't funny at all.  Did
you tested your patch?  Almost every programme crashed with a core dump.  Here
the example for simply starting vim:
> 
> % readelf -d vim | grep NEEDED
>  0x0000000000000001 (NEEDED)             Shared library: [libm.so.5]
>  0x0000000000000001 (NEEDED)             Shared library: [libncurses.so.8]
>  0x0000000000000001 (NEEDED)             Shared library: [libintl.so.8]
>  0x0000000000000001 (NEEDED)             Shared library:
[libpython2.7.so.1]
>  0x0000000000000001 (NEEDED)             Shared library: [libthr.so.3]
>  0x0000000000000001 (NEEDED)             Shared library: [libc.so.7]
> 
> 
> (gdb) bt
> #0  0x00000008014a30d4 in _thr_rtld_init () at
/usr/src/lib/libthr/thread/thr_rtld.c:239
> #1  0x00000008014a2f03 in _libpthread_init (curthread=<value optimized
out>) at /usr/src/lib/libthr/thread/thr_init.c:372
> #2  0x00000008014a5c22 in _thread_printf () from /lib/libthr.so.3
> #3  0x0000000801498d06 in _init () from /lib/libthr.so.3
> #4  0x00007fffffffe000 in ?? ()
> #5  0x000000080083d6bf in r_debug_state () from /libexec/ld-elf.so.1
> #6  0x000000080083cd17 in __tls_get_addr () from /libexec/ld-elf.so.1
> #7  0x000000080083b129 in .text () from /libexec/ld-elf.so.1
> #8  0x0000000000000000 in ?? ()
> 
> 
> (gdb) info locals
> li = {rtli_version = 0, lock_create = 0x8014a30f0
<_thr_rtld_lock_create>, lock_destroy = 0x8014a3160
<_thr_rtld_lock_destroy>,
>   rlock_acquire = 0x8014a31b0 <_thr_rtld_rlock_acquire>,
wlock_acquire = 0x8014a3270 <_thr_rtld_wlock_acquire>,
>   lock_release = 0x8014a3300 <_thr_rtld_lock_release>,
thread_set_flag = 0x8014a33c0 <_thr_rtld_set_flag>,
>   thread_clr_flag = 0x8014a33d0 <_thr_rtld_clr_flag>, at_fork = 0}
> dummy = -1
> curthread = (struct pthread *) 0x7fffff0f2650
> uc_len = <value optimized out
> 
> 
> (gdb) info registers
> rax            0xf0b470 15774832
> rbx            0x7fffff0f2650   140737472570960
> rcx            0x0  0
> rdx            0xca0000 13238272
> rsi            0x8024064e8  34397512936
> rdi            0x7fffff0f2650   140737472570960
> rbp            0x7fffffffdb20   0x7fffffffdb20
> rsp            0x7fffff0f2650   0x7fffff0f2650
> r8             0x0  0
> r9             0xfffff8000e35f4c0   -8795854605120
> r10            0x0  0
> r11            0x246    582
> r12            0x800a54a28  34370570792
> r13            0x800a545b0  34370569648
> r14            0x1  1
> r15            0x800855420  34368476192
> rip            0x8014a30d4  0x8014a30d4 <_thr_rtld_init+244>
> eflags         0x10206  66054
> cs             0x43 67
> ss             0x3b 59
> ds             0x0  0
> es             0x0  0
> fs             0x0  0
> gs             0x0  0%rbp-%rsp == 0xf0b4d0 == 15774928

Can you do the following:
1. Compile and run the program at the end of the message and send me
the output.
2. Also send me the first 40 lines of the dmesg for bootverbose boot.
3. (Optional) Install x86info program, compiled from the sources on
github, https://github.com/dankamongmen/x86info, then run, as root
	kldload cpuctl
	x86info -a

#include <stdio.h>
extern int __getcontextx_size(void);
int main(void)
{
	printf("%#x\n", __getcontextx_size());
}

freebsd stable - Jul 2015 - Many core dumps in pthread_getspecific.

Many core dumps in pthread_getspecific.

Many core dumps in pthread_getspecific.