I've been receiving crashes with weechat since 0.4.2. I had hoped 0.4.3 would fix things, but it does not. The latest version I can run is 0.4.1. When weechat starts, it segfaults and prints this message: weechat: ../nptl/pthread_mutex_lock.c:350: __pthread_mutex_lock_full: Assertion `(-(e)) != 3 || !robust' failed. Aborted or weechat: tpp.c:62: __pthread_tpp_change_priority: Assertion `new_prio == -1 || (new_prio >= __sched_fifo_min_prio && new_prio <= __sched_fifo_max_prio)' failed. Aborted Othertimes it exits with "illegal instruction" and this in dmesg "[558232.781319] traps: weechat[25733] trap invalid opcode ip:6a2866c6aad4 sp:7173723bd320 error:0 in libpthread-2.18.so[6a2866c58000+19000]", and othertimes with simply "Aborted". I suppose there's some sort of race I'm hitting. This occurs on Gentoo Hardened. Reproducible: Always
Happens only when python plugin is enabled. Various different backtraces: (gdb) bt #0 0x00006448f718fad4 in __lll_lock_elision () from /lib64/libpthread.so.0 #1 0x00006448fa98e8be in ?? () from /usr/lib64/libgnutls.so.28 #2 0x00006448faa2c16e in ?? () from /usr/lib64/libgnutls.so.28 #3 0x00006448fa972218 in ?? () from /usr/lib64/libgnutls.so.28 #4 0x00006448fa97261a in ?? () from /usr/lib64/libgnutls.so.28 #5 0x00006448fa974116 in ?? () from /usr/lib64/libgnutls.so.28 #6 0x00006448fa976928 in gnutls_handshake () from /usr/lib64/libgnutls.so.28 #7 0x00000e43a73e14d1 in network_connect_child_read_cb () #8 0x00000e43a73d8a46 in hook_fd_exec () #9 0x00000e43a73734fe in gui_main_loop () #10 0x00000e43a7368820 in main () (gdb) bt #0 0x000074975344fe8e in raise () from /lib64/libc.so.6 #1 0x00007497534515df in abort () from /lib64/libc.so.6 #2 0x000074975428f324 in ?? () from /usr/lib64/libgnutls.so.28 #3 0x00007497541d5218 in ?? () from /usr/lib64/libgnutls.so.28 #4 0x00007497541d561a in ?? () from /usr/lib64/libgnutls.so.28 #5 0x00007497541d7116 in ?? () from /usr/lib64/libgnutls.so.28 #6 0x00007497541d9928 in gnutls_handshake () from /usr/lib64/libgnutls.so.28 #7 0x00000fbe153084d1 in network_connect_child_read_cb () #8 0x00000fbe152ffa46 in hook_fd_exec () #9 0x00000fbe1529a4fe in gui_main_loop () #10 0x00000fbe1528f820 in main () (gdb) bt #0 0x0000736ab354aad4 in __lll_lock_elision () from /lib64/libpthread.so.0 #1 0x0000736ab8c6d8be in ?? () from /usr/lib64/libgnutls.so.28 #2 0x0000736ab8d0b16e in ?? () from /usr/lib64/libgnutls.so.28 #3 0x0000736ab8c4c7ae in ?? () from /usr/lib64/libgnutls.so.28 #4 0x0000736ab8c477b8 in ?? () from /usr/lib64/libgnutls.so.28 #5 0x0000736ab8c49b92 in gnutls_record_send () from /usr/lib64/libgnutls.so.28 #6 0x0000736ab4c7e80c in irc_server_send () from /usr/lib64/weechat/plugins/irc.so #7 0x0000736ab4c7f130 in irc_server_send_one_msg () from /usr/lib64/weechat/plugins/irc.so #8 0x0000736ab4c7f953 in irc_server_sendf () from /usr/lib64/weechat/plugins/irc.so #9 0x0000736ab4c5cbfc in irc_input_send_user_message () from /usr/lib64/weechat/plugins/irc.so #10 0x0000736ab4c5cdfb in irc_input_data () from /usr/lib64/weechat/plugins/irc.so #11 0x00000909fff0eccd in input_data () #12 0x00000909ffec73ff in gui_input_return () #13 0x00000909ffee1f90 in command_input () #14 0x00000909fff06fc4 in hook_command_exec () #15 0x00000909fff0e951 in input_exec_command () #16 0x00000909fff0ed04 in input_data () #17 0x00000909ffecbb5f in gui_key_pressed () #18 0x00000909ffea1122 in gui_key_flush () #19 0x00000909ffea165e in gui_key_read_cb () #20 0x00000909fff07a46 in hook_fd_exec () #21 0x00000909ffea24fe in gui_main_loop () #22 0x00000909ffe97820 in main ()
(gdb) bt #0 0x0000744315fa2e8e in raise () from /lib64/libc.so.6 #1 0x0000744315fa45df in abort () from /lib64/libc.so.6 #2 0x0000744316de2324 in wrap_nettle_rnd () from /usr/lib64/libgnutls.so.28 #3 0x0000744316d28218 in _gnutls_tls_create_random () from /usr/lib64/libgnutls.so.28 #4 0x0000744316d2861a in _gnutls_set_client_random () from /usr/lib64/libgnutls.so.28 #5 0x0000744316d2a116 in _gnutls_send_hello () from /usr/lib64/libgnutls.so.28 #6 0x0000744316d2c928 in gnutls_handshake () from /usr/lib64/libgnutls.so.28 #7 0x000000c2d34924d1 in network_connect_child_read_cb () #8 0x000000c2d3489a46 in hook_fd_exec () #9 0x000000c2d34244fe in gui_main_loop () #10 0x000000c2d3419820 in main () wrap_nettle_rnd seems to be calling abort() due to a mutex: if (gnutls_mutex_unlock(&rnd_mutex)!=0) abort()
#0 0x000069ec221d0e8e in raise () from /lib64/libc.so.6 #1 0x000069ec221d25df in abort () from /lib64/libc.so.6 #2 0x000069ec230586c5 in wrap_nettle_rnd (_ctx=0x0, level=0, data=0x556db2fbeab, datasize=29) at rnd.c:441 #3 0x000069ec22f5c62d in _gnutls_rnd (level=GNUTLS_RND_NONCE, data=0x556db2fbeab, len=29) at ./random.h:37 #4 0x000069ec22f5cbdb in _gnutls_tls_create_random (dst=0x556db2fbea8 "R\373", <incomplete sequence \365\237>) at gnutls_handshake.c:206 #5 0x000069ec22f5cce2 in _gnutls_set_client_random (session=0x556db2fbe60, rnd=0x0) at gnutls_handshake.c:231 #6 0x000069ec22f62168 in _gnutls_send_client_hello (session=0x556db2fbe60, again=0) at gnutls_handshake.c:1990 #7 0x000069ec22f62b26 in _gnutls_send_hello (session=0x556db2fbe60, again=0) at gnutls_handshake.c:2203 #8 0x000069ec22f63892 in _gnutls_handshake_client (session=0x556db2fbe60) at gnutls_handshake.c:2656 #9 0x000069ec22f635ea in gnutls_handshake (session=0x556db2fbe60) at gnutls_handshake.c:2527 #10 0x00000556d7277581 in network_connect_child_read_cb (arg_hook_connect=0x556db2f9c90, fd=14) at /var/tmp/portage/net-irc/weechat-0.4.3/work/weechat-0.4.3/src/core/wee-network.c:1484 #11 0x00000556d726966d in hook_fd_exec (read_fds=0x72851c083090, write_fds=0x72851c083110, exception_fds=0x72851c083190) at /var/tmp/portage/net-irc/weechat-0.4.3/work/weechat-0.4.3/src/core/wee-hook.c:1329 #12 0x00000556d71eb0f2 in gui_main_loop () at /var/tmp/portage/net-irc/weechat-0.4.3/work/weechat-0.4.3/src/gui/curses/gui-curses-main.c:501 #13 0x00000556d72358cf in main (argc=1, argv=0x72851c083358)
#0 0x00006cc0a1495e8e in raise () from /lib64/libc.so.6 #1 0x00006cc0a14975df in abort () from /lib64/libc.so.6 #2 0x00006cc0a148e2b2 in ?? () from /lib64/libc.so.6 #3 0x00006cc0a148e376 in __assert_fail () from /lib64/libc.so.6 #4 0x00006cc09ea2fec0 in __pthread_tpp_change_priority () from /lib64/libpthread.so.0 #5 0x00006cc09ea23ed8 in __pthread_mutex_lock_full () from /lib64/libpthread.so.0 #6 0x00006cc0a224ac8c in gnutls_system_mutex_lock (priv=0x6cc0a25583b8 <rnd_mutex>) at system.c:228 #7 0x00006cc0a231d6fc in wrap_nettle_rnd (_ctx=0x0, level=0, data=0xfc3f4a5207b, datasize=29) at rnd.c:441 #8 0x00006cc0a222162d in _gnutls_rnd (level=GNUTLS_RND_NONCE, data=0xfc3f4a5207b, len=29) at ./random.h:37 #9 0x00006cc0a2221bdb in _gnutls_tls_create_random (dst=0xfc3f4a52078 "R\373\370y") at gnutls_handshake.c:206 #10 0x00006cc0a2221ce2 in _gnutls_set_client_random (session=0xfc3f4a52030, rnd=0x0) at gnutls_handshake.c:231 #11 0x00006cc0a2227168 in _gnutls_send_client_hello (session=0xfc3f4a52030, again=0) at gnutls_handshake.c:1990 #12 0x00006cc0a2227b26 in _gnutls_send_hello (session=0xfc3f4a52030, again=0) at gnutls_handshake.c:2203 #13 0x00006cc0a2228892 in _gnutls_handshake_client (session=0xfc3f4a52030) at gnutls_handshake.c:2656 #14 0x00006cc0a22285ea in gnutls_handshake (session=0xfc3f4a52030) at gnutls_handshake.c:2527 #15 0x00000fc3f1c82581 in network_connect_child_read_cb (arg_hook_connect=0xfc3f4a51470, fd=12) at /var/tmp/portage/net-irc/weechat-0.4.3/work/weechat-0.4.3/src/core/wee-network.c:1484 #16 0x00000fc3f1c7466d in hook_fd_exec (read_fds=0x724715d46df0, write_fds=0x724715d46e70, exception_fds=0x724715d46ef0) at /var/tmp/portage/net-irc/weechat-0.4.3/work/weechat-0.4.3/src/core/wee-hook.c:1329 #17 0x00000fc3f1bf60f2 in gui_main_loop () at /var/tmp/portage/net-irc/weechat-0.4.3/work/weechat-0.4.3/src/gui/curses/gui-curses-main.c:501 #18 0x00000fc3f1c408cf in main (argc=1, argv=0x724715d470b8) at /var/tmp/portage/net-irc/weechat-0.4.3/work/weechat-0.4.3/src/core/weechat.c:477
pthread_lock_mutex is failing with EINVAL The mutex was created with the protocol attribute having the value PTHREAD_PRIO_PROTECT and the calling thread's priority is higher than the mutex's current priority ceiling.
Created attachment 370258 [details, diff] This is a horrible patch for gnutls-3.2.10 that makes it work with weechat >= 0.4.2. This is a horrible patch for gnutls-3.2.10 that makes it work with weechat >= 0.4.2. I wouldn't recommend anybody use this in production, as it's touching code related to crypto things.
Fixed it. +*weechat-0.4.3-r1 (13 Feb 2014) + + 13 Feb 2014; Jason A. Donenfeld <zx2c4@gentoo.org> + +files/weechat-0.4.3-always-link-against-pthreads.patch, + +weechat-0.4.3-r1.ebuild, -weechat-0.4.3.ebuild: + Fix crash with gnutls and pthreaded plugins. +
Created attachment 370316 [details, diff] This patch actually fixes things correctly.
The CMakeLists.txt has a section in it that only adds “-lpthread” on OpenBSD platforms. For all other platforms, libpthread is not linked. However, gnutls uses libpthread. The glibc developers were clever and set things up such that if you don't explicitly link against libpthread, and library code still uses the functions from it, you'll instead wind up using functions that all return 0. This is so that single-threaded programs aren't burdened with the overhead of mutexes and such, when they aren't needed. So when weechat was loaded, it would also load gnutls. Gnutls would then make several calls to pthread_mutex_init. Since libpthread wasn't loaded, this function would be hitting the code inside libc, which would simply return 0. So the mutex would never be initialized and instead it would contain uninitialized junk from malloc(). This was fine, since all the other pthread functions that libc implements do the same – return 0 – so nothing bad happens since that data is never touched. However, later in the weechat initialization, the python plugin is loaded. This plugin directly or indirectly links in the proper libpthread. This means that after this point, all function calls to pthread_mutex_lock and pthread_mutex_unlock are hitting the real pthread code, that actually works with the data and does a lot more than simply return 0. But because these mutexes were not initialized before with the zero-returning pthread_mutex_init, the lock and unlock functions are dealing with uninitialized random malloc() data. And so, in lots of cases, we crash, or abort(). My patch simply removes the “if OpenBSD” guard and links against libpthread always.
