From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from felloff.net ([199.191.58.38]) by ttr; Thu Aug  7 07:56:58 EDT 2014
Message-ID: <b370d35e690e4ec0db1c9bcd89adab0e@felloff.net>
List-ID: <9front.9front.org>
X-Glyph: ➈
X-Bullshit: grid component shader extension
Date: Thu, 7 Aug 2014 13:56:47 +0200
From: cinap_lenrek@felloff.net
To: 9front@9front.org
Subject: Re: [9front] stats(1) suicide
In-Reply-To: <44fe6f6965c52b3475c55ac98002217a@x301.inri>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit

thanks! i know whats wrong.

network timeout (alarm note) is the trigger. the bug was introduced in:

http://code.google.com/p/plan9front/source/detail?r=a2985da84dc3e147251c75c5839d1d074b1e7506&path=/sys/src/9/pc64/l.s

the problem is that forkret() in l.s doesnt restore BP register from
the ureg (anymore!). the first argument to a function is passed in BP
(also known as RARG). as its not loaded from the ureg, the first argument
to the note handler is garbage. which causes the crash. most note handlers
ignore the ureg argument (so it works all fine with other programs), but
not with this alarm note handler which tries todo a stack unwind with the
note jump.

i'm at work and have no access to amd64 machine right now so i cant
test anything, but you can probably fix it with a single line in
pc64/trap.c, function syscall():


        if(scallnr!=RFORK && (up->procctl || up->nnote)){
                splhi();
                notify(ureg);
+				((void**)&ureg)[-1] = (void*)noteret;	/* restores BP */
        }

--
cinap