Date: Wed, 15 Jul 2015 18:32:13 +0200 From: "Andre Meiser" <ortadur@web.de> To: "Konstantin Belousov" <kostikbel@gmail.com> Cc: freebsd-stable@freebsd.org Subject: Re: Many core dumps in pthread_getspecific. Message-ID: <trinity-54f5f349-442e-4777-b35b-866867b763dc-1436977933500@3capp-webde-bs41> In-Reply-To: <20150703211111.GZ2080@kib.kiev.ua> References: <trinity-d3a62468-a8fd-44c3-ab9c-8b177ca8a366-1433331244003@3capp-webde-bs60> <20150603145838.GX2499@kib.kiev.ua> <trinity-15fcacbd-871c-4ea8-9257-5d11e7862ec0-1434103396559@3capp-webde-bs41> <20150614190504.GT2080@kib.kiev.ua> <trinity-e44527ae-e511-4ff3-bcdf-ee8426fc8a94-1434438565708@3capp-webde-bs53> <20150616073637.GO2080@kib.kiev.ua> <trinity-9d219acd-7aa9-4574-a9ad-458b52374069-1435936910016@3capp-webde-bs27>, <20150703211111.GZ2080@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
no crash from vim or Xorg but from xterm and again at getcontext(uc) after alloca:
% readelf -d xterm | grep NEEDED
0x0000000000000001 (NEEDED) Shared library: [libXinerama.so.1]
0x0000000000000001 (NEEDED) Shared library: [libXft.so.2]
0x0000000000000001 (NEEDED) Shared library: [libfontconfig.so.1]
0x0000000000000001 (NEEDED) Shared library: [libutil.so.9]
0x0000000000000001 (NEEDED) Shared library: [libXaw.so.7]
0x0000000000000001 (NEEDED) Shared library: [libXmu.so.6]
0x0000000000000001 (NEEDED) Shared library: [libXt.so.6]
0x0000000000000001 (NEEDED) Shared library: [libX11.so.6]
0x0000000000000001 (NEEDED) Shared library: [libXpm.so.4]
0x0000000000000001 (NEEDED) Shared library: [libICE.so.6]
0x0000000000000001 (NEEDED) Shared library: [libulog.so.0]
0x0000000000000001 (NEEDED) Shared library: [libncurses.so.8]
0x0000000000000001 (NEEDED) Shared library: [libc.so.7]
(gdb) bt
#0 0x0000000803038642 in check_deferred_signal (curthread=0x805006400)
at /usr/src/lib/libthr/thread/thr_sig.c:332
#1 0x000000080303858d in _thr_ast (curthread=0x805006400)
at /usr/src/lib/libthr/thread/thr_sig.c:265
#2 0x000000080303d367 in _thr_rtld_lock_release (lock=<value optimized out>)
at /usr/src/lib/libthr/thread/thr_rtld.c:162
#3 0x000000080067d94d in _r_debug_postinit () from /libexec/ld-elf.so.1
#4 0x000000080067b15d in .text () from /libexec/ld-elf.so.1
#5 0x0000000000438007 in ?? ()
#6 0x000000000043fe77 in ?? ()
#7 0x000000000041808b in ?? ()
#8 0x0000000000417e0a in ?? ()
#9 0x000000000042e04a in ?? ()
#10 0x000000000040823f in ?? ()
#11 0x0000000800697000 in ?? ()
#12 0x0000000000000000 in ?? ()
(gdb) info locals
act = {__sigaction_u = {__sa_handler = 0x7fff00000001,
__sa_sigaction = 0x7fff00000001}, sa_flags = -6472, sa_mask = {__bits = {
32767, 4198068, 0, 54936355}}}
info = {si_signo = 0, si_errno = 0, si_code = -6472, si_pid = 32767,
si_uid = 4294960256, si_status = 32767, si_addr = 0x800000021, si_value = {
sival_int = -6368, sival_ptr = 0x7fffffffe720, sigval_int = -6368,
sigval_ptr = 0x7fffffffe720}, _reason = {_fault = {_trapno = 15},
_timer = {_timerid = 15, _overrun = 0}, _mesgq = {_mqd = 15}, _poll = {
_band = 15}, __spare__ = {__spare1__ = 15, __spare2__ = {0, 0, 6909952,
8, -6496, 32767, 6806459}}}}
(gdb) info registers
rax 0xf0b470 15774832
rbx 0x805006400 34443650048
rcx 0x0 0
rdx 0xca0000 13238272
rsi 0x7fffffffe6b8 140737488348856
rdi 0x7fffff0f3150 140737472573776
rbp 0x7fffffffe650 0x7fffffffe650
rsp 0x7fffff0f3150 0x7fffff0f3150
r8 0x12 18
r9 0x7fffffffe720 140737488348960
r10 0x4030d0 4206800
r11 0x261 609
r12 0x1 1
r13 0x679320 6787872
r14 0x7fffff0f3150 140737472573776
r15 0x23 35
rip 0x803038642 0x803038642 <check_deferred_signal+82>
eflags 0x10206 66054
cs 0x43 67
ss 0x3b 59
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
(gdb) disassemble
Dump of assembler code for function check_deferred_signal:
0x00000008030385f0 <check_deferred_signal+0>: push %rbp
0x00000008030385f1 <check_deferred_signal+1>: mov %rsp,%rbp
0x00000008030385f4 <check_deferred_signal+4>: push %r15
0x00000008030385f6 <check_deferred_signal+6>: push %r14
0x00000008030385f8 <check_deferred_signal+8>: push %rbx
0x00000008030385f9 <check_deferred_signal+9>: sub $0x78,%rsp
0x00000008030385fd <check_deferred_signal+13>: mov %rdi,%rbx
0x0000000803038600 <check_deferred_signal+16>: cmpl $0x0,0x100(%rbx)
0x0000000803038607 <check_deferred_signal+23>: je 0x803038612 <check_deferred_signal+34>
0x0000000803038609 <check_deferred_signal+25>: cmpl $0x0,0x180(%rbx)
0x0000000803038610 <check_deferred_signal+32>: je 0x80303861d <check_deferred_signal+45>
0x0000000803038612 <check_deferred_signal+34>: lea -0x18(%rbp),%rsp
0x0000000803038616 <check_deferred_signal+38>: pop %rbx
0x0000000803038617 <check_deferred_signal+39>: pop %r14
0x0000000803038619 <check_deferred_signal+41>: pop %r15
0x000000080303861b <check_deferred_signal+43>: pop %rbp
0x000000080303861c <check_deferred_signal+44>: retq
0x000000080303861d <check_deferred_signal+45>: movl $0x1,0x180(%rbx)
0x0000000803038627 <check_deferred_signal+55>: callq 0x803032dfc <__getcontextx_size@plt>
0x000000080303862c <check_deferred_signal+60>: cltq
0x000000080303862e <check_deferred_signal+62>: mov %rsp,%r14
0x0000000803038631 <check_deferred_signal+65>: add $0xf,%rax
0x0000000803038635 <check_deferred_signal+69>: and $0xfffffffffffffff0,%rax
0x0000000803038639 <check_deferred_signal+73>: sub %rax,%r14
0x000000080303863c <check_deferred_signal+76>: mov %r14,%rsp
0x000000080303863f <check_deferred_signal+79>: mov %r14,%rdi
0x0000000803038642 <check_deferred_signal+82>: callq 0x8030331cc <getcontext@plt>
0x0000000803038647 <check_deferred_signal+87>: cmpl $0x0,0x100(%rbx)
0x000000080303864e <check_deferred_signal+94>: je 0x8030386db <check_deferred_signal+235>
0x0000000803038654 <check_deferred_signal+100>: lea 0x100(%rbx),%r15
0x000000080303865b <check_deferred_signal+107>: mov %r14,%rdi
0x000000080303865e <check_deferred_signal+110>: callq 0x80303301c <__fillcontextx2@plt>
0x0000000803038663 <check_deferred_signal+115>: movups 0x160(%rbx),%xmm0
0x000000080303866a <check_deferred_signal+122>: movups 0x170(%rbx),%xmm1
0x0000000803038671 <check_deferred_signal+129>: movaps %xmm1,-0x30(%rbp)
0x0000000803038675 <check_deferred_signal+133>: movaps %xmm0,-0x40(%rbp)
0x0000000803038679 <check_deferred_signal+137>: movups 0x150(%rbx),%xmm0
0x0000000803038680 <check_deferred_signal+144>: movups %xmm0,(%r14)
0x0000000803038684 <check_deferred_signal+148>: movups 0x40(%r15),%xmm0
0x0000000803038689 <check_deferred_signal+153>: movaps %xmm0,-0x50(%rbp)
0x000000080303868d <check_deferred_signal+157>: movups (%r15),%xmm0
0x0000000803038691 <check_deferred_signal+161>: movups 0x10(%r15),%xmm1
0x0000000803038696 <check_deferred_signal+166>: movups 0x20(%r15),%xmm2
0x000000080303869b <check_deferred_signal+171>: movups 0x30(%r15),%xmm3
0x00000008030386a0 <check_deferred_signal+176>: movaps %xmm3,-0x60(%rbp)
0x00000008030386a4 <check_deferred_signal+180>: movaps %xmm2,-0x70(%rbp)
0x00000008030386a8 <check_deferred_signal+184>: movaps %xmm1,-0x80(%rbp)
0x00000008030386ac <check_deferred_signal+188>: movaps %xmm0,-0x90(%rbp)
0x00000008030386b3 <check_deferred_signal+195>: movl $0x0,0x100(%rbx)
0x00000008030386bd <check_deferred_signal+205>: mov -0x90(%rbp),%esi
0x00000008030386c3 <check_deferred_signal+211>: lea -0x40(%rbp),%rdi
0x00000008030386c7 <check_deferred_signal+215>: lea -0x90(%rbp),%rdx
0x00000008030386ce <check_deferred_signal+222>: mov %r14,%rcx
0x00000008030386d1 <check_deferred_signal+225>: callq 0x803039330 <handle_signal>
0x00000008030386d6 <check_deferred_signal+230>: jmpq 0x803038612 <check_deferred_signal+34>
0x00000008030386db <check_deferred_signal+235>: movl $0x0,0x180(%rbx)
0x00000008030386e5 <check_deferred_signal+245>: jmpq 0x803038612 <check_deferred_signal+34>
End of assembler dump.
I like the system, but this thread library smells fishy... :(
Sincerely yours Andre.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?trinity-54f5f349-442e-4777-b35b-866867b763dc-1436977933500>