NetBSD Problem Report #53752

From martin@duskware.de  Thu Nov 29 11:16:55 2018
Return-Path: <martin@duskware.de>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 7D0E37A1D0
	for <gnats-bugs@gnats.NetBSD.org>; Thu, 29 Nov 2018 11:16:55 +0000 (UTC)
Message-Id: <20181129111644.580AD5CC90B@emmas.aprisoft.de>
Date: Thu, 29 Nov 2018 12:16:44 +0100 (CET)
From: martin@NetBSD.org
Reply-To: martin@NetBSD.org
To: gnats-bugs@NetBSD.org
Subject: crash with thread local destructor
X-Send-Pr-Version: 3.95

>Number:         53752
>Category:       port-evbarm
>Synopsis:       crash with thread local destructor
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    port-evbarm-maintainer
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Nov 29 11:20:00 +0000 2018
>Closed-Date:    Sun Sep 05 08:55:58 +0000 2021
>Last-Modified:  Sun Sep 05 08:55:58 +0000 2021
>Originator:     Martin Husemann
>Release:        NetBSD 8.99.26
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD painkiller.duskware.de 8.99.26 NetBSD 8.99.26 (GENERIC64) #17: Tue Nov 27 12:23:10 CET 2018 martin@seven-days-to-the-wolves.aprisoft.de:/work/src/sys/arch/evbarm/compile/GENERIC64 evbarm
Architecture: aarch64
Machine: evbarm
>Description:

One of the ld.elf_so tests fails on aarch64 due to the helper program catching
a SIGSEGV:

Reading symbols from ./h_thread_local_dtor...Reading symbols from /usr/libdata/debug//usr/tests/libexec/ld.elf_so/h_thread_local_dtor.debug...done.
done.
[New process 2]
[New process 1]
Core was generated by `h_thread_local_d'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  __cxa_thread_run_atexit () at /work/src/lib/libc/stdlib/cxa_thread_atexit.c:56
56      /work/src/lib/libc/stdlib/cxa_thread_atexit.c: No such file or directory.
[Current thread is 1 (process 2)]
(gdb) bt/full
A syntax error in expression, near `/full'.
(gdb) bt full
#0  __cxa_thread_run_atexit () at /work/src/lib/libc/stdlib/cxa_thread_atexit.c:56
        entry = 0x1
#1  0x0000f6d5ee0dc448 in pthread_exit (retval=0x0) at /work/src/lib/libpthread/pthread.c:659
        cleanup = <optimized out>
        name = <optimized out>
        __func__ = "pthread_exit"
#2  0x0000f6d5ee0dc584 in pthread__create_tramp (cookie=0xf6d5edc18000)
    at /work/src/lib/libpthread/pthread.c:595
        self = 0xf6d5edc18000
        retval = <optimized out>
#3  0x0000f6d5edfc0ecc in __mknod50 () from /usr/lib/libc.so.12

(gdb) info reg
x0             0x10     16
x1             0xfffff0d60b4c   281474722302796
x2             0x0      0
x3             0x0      0
x4             0xf6d5ee0cf008   271398682292232
x5             0xf6d5ed200008   271398666764296
x6             0x0      0
x7             0x1      1
x8             0xffffff80       4294967168
x9             0x0      0
x10            0xf6d5ed200008   271398666764296
x11            0x101010101010101        72340172838076673
x12            0x225000 2248704
x13            0xf6d5ee0cf028   271398682292264
x14            0xc      12
x15            0xf6d5ee0bb000   271398682210304
x16            0xf6d5ee0f0810   271398682429456
x17            0xf6d5edfac0ec   271398681100524
x18            0xf6d5ee0bbf40   271398682214208
x19            0xf6d5edc18000   271398677348352
x20            0x800000 8388608
x21            0xf6d5ed400000   271398668861440
x22            0x40     64
x23            0xf6d5edc18188   271398677348744
x24            0xf6d5ee0dc520   271398682346784
x25            0xf6d5edc18000   271398677348352
x26            0xf6d5ee0fe180   271398682485120
x27            0x0      0
x28            0x0      0
x29            0x0      0
x30            0xf6d5ee0dc584   271398682346884
sp             0xf6d5edbfffe0   0xf6d5edbfffe0
pc             0xf6d5ee0dc584   0xf6d5ee0dc584
cpsr           0x60000000       [ EL=0 C Z ]
fpsr           0x0      0
fpcr           0x0      0
(gdb) x/16i $pc-28
   0xf6d5ee0dc568 <pthread__create_tramp+72>:   adrp    x1, 0xf6d5ee0dd000 <pthread__init+744>
   0xf6d5ee0dc56c <pthread__create_tramp+76>:   mov     w0, #0x1                        // #1
   0xf6d5ee0dc570 <pthread__create_tramp+80>:   add     x1, x1, #0xa08
   0xf6d5ee0dc574 <pthread__create_tramp+84>:   bl      0xf6d5ee0d6410 <err@plt>
   0xf6d5ee0dc578 <pthread__create_tramp+88>:   ldp     x1, x0, [x19, #224]
   0xf6d5ee0dc57c <pthread__create_tramp+92>:   blr     x1
   0xf6d5ee0dc580 <pthread__create_tramp+96>:   bl      0xf6d5ee0d6110 <pthread_exit@plt>
=> 0xf6d5ee0dc584:      nop
   0xf6d5ee0dc588 <pthread__cancelled>: stp     x19, x30, [sp, #-16]!
   0xf6d5ee0dc58c <pthread__cancelled+4>:       mrs     x0, tpidr_el0
   0xf6d5ee0dc590 <pthread__cancelled+8>:       ldr     x0, [x0, #8]
   0xf6d5ee0dc594 <pthread__cancelled+12>:      ldr     x19, [x0, #176]
   0xf6d5ee0dc598 <pthread__cancelled+16>:      str     xzr, [x0, #176]
   0xf6d5ee0dc59c <pthread__cancelled+20>:      
    cbz x19, 0xf6d5ee0dc5ac <pthread__cancelled+36>
   0xf6d5ee0dc5a0 <pthread__cancelled+24>:      mov     x0, x19
   0xf6d5ee0dc5a4 <pthread__cancelled+28>:      
    bl  0xf6d5ee0d6320 <pthread_mutex_held_np@plt>


>How-To-Repeat:

cd /usr/tests/libexec/ld.elf_so
./h_thread_local_dtor

>Fix:
n/a

>Release-Note:

>Audit-Trail:
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: port-evbarm/53752 - crash in ld.elf_so test case
Date: Thu, 29 Nov 2018 13:43:49 +0100

 I have Nick's recent swapcontext fix already installed, and here
 is some additional output from gdb:

 (gdb) info frame
 Stack level 0, frame at 0xf6d5edbfffc0:
  pc = 0xf6d5ee025934 in __cxa_thread_run_atexit
     (/work/src/lib/libc/stdlib/cxa_thread_atexit.c:56); 
     saved pc = 0xf6d5ee0dc448
  called by frame at 0xf6d5edbfffe0
  source language c.
  Arglist at 0xf6d5edbfffa0, args: 
  Locals at 0xf6d5edbfffa0, Previous frame's sp is 0xf6d5edbfffc0
  Saved registers:
   x19 at 0xf6d5edbfffa0, x20 at 0xf6d5edbfffa8, x30 at 0xf6d5edbfffb0
 (gdb) x/16i 0xf6d5ee025900
    0xf6d5ee025900 <exit+48>:    mov     w0, w19
    0xf6d5ee025904 <exit+52>:    bl      0xf6d5edf6e8b0 <_exit@plt>
    0xf6d5ee025908 <exit+56>:    
     bl  0xf6d5edf72340 <__cxa_thread_run_atexit@plt>
    0xf6d5ee02590c <exit+60>:    b       0xf6d5ee0258e4 <exit+20>
    0xf6d5ee025910 <__cxa_thread_run_atexit>:    stp     x19, x20, [sp, #-32]!
    0xf6d5ee025914 <__cxa_thread_run_atexit+4>:  mrs     x20, tpidr_el0
    0xf6d5ee025918 <__cxa_thread_run_atexit+8>:  str     x30, [sp, #16]
    0xf6d5ee02591c <__cxa_thread_run_atexit+12>: adrp    x0, 0xf6d5ee0b0000
    0xf6d5ee025920 <__cxa_thread_run_atexit+16>: ldr     x1, [x0, #2048]
    0xf6d5ee025924 <__cxa_thread_run_atexit+20>: add     x0, x0, #0x800
    0xf6d5ee025928 <__cxa_thread_run_atexit+24>: blr     x1
    0xf6d5ee02592c <__cxa_thread_run_atexit+28>: ldr     x19, [x20, x0]
    0xf6d5ee025930 <__cxa_thread_run_atexit+32>: 
     cbz x19, 0xf6d5ee02598c <__cxa_thread_run_atexit+124>
 => 0xf6d5ee025934 <__cxa_thread_run_atexit+36>: ldr     x2, [x19]
    0xf6d5ee025938 <__cxa_thread_run_atexit+40>: adrp    x0, 0xf6d5ee0b0000
    0xf6d5ee02593c <__cxa_thread_run_atexit+44>: ldr     x1, [x0, #2048]


 Martin

State-Changed-From-To: open->feedback
State-Changed-By: skrll@NetBSD.org
State-Changed-When: Sun, 05 Sep 2021 08:32:25 +0000
State-Changed-Why:
test passes for me and in 

https://releng.netbsd.org/b5reports/evbarm-aarch64/

ok to close?


State-Changed-From-To: feedback->closed
State-Changed-By: skrll@NetBSD.org
State-Changed-When: Sun, 05 Sep 2021 08:55:58 +0000
State-Changed-Why:
martin confirmed it's ok to close offline.


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.