Bug 344337

Summary: unhandled syscall: mach:41 (_kernelrpc_mach_port_guard_trap)
Product: [Developer tools] valgrind Reporter: lou.salkind
Component: memcheckAssignee: Rhys Kidd <rhyskidd>
Status: RESOLVED FIXED    
Severity: crash CC: rhyskidd
Priority: NOR    
Version: 3.10 SVN   
Target Milestone: ---   
Platform: Compiled Sources   
OS: macOS   
See Also: https://bugs.kde.org/show_bug.cgi?id=339745
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: Proposed patch

Description lou.salkind 2015-02-19 06:38:55 UTC 
A freepascal/lazarus 32 bit program running on a Mac Mini generates an unhandled syscall warning.  Log attached.

Reproducible: Always


Actual Results:  
Eventually I get in the output:

==9794== 
--9794-- UNKNOWN host message [id 412, to mach_host_self(), reply 0x40f]
--9794-- UNKNOWN host message [id 222, to mach_host_self(), reply 0x40f]
--9794-- UNKNOWN mach_msg unhandled MACH_SEND_TRAILER option
--9794-- UNKNOWN mach_msg unhandled MACH_SEND_TRAILER option (repeated 2 times)
--9794-- UNKNOWN mach_msg unhandled MACH_SEND_TRAILER option (repeated 4 times)
--9794-- UNKNOWN __pthread_sigmask is unsupported.
--9794-- UNKNOWN mach_msg unhandled MACH_SEND_TRAILER option (repeated 8 times)
--9794-- UNKNOWN mach_msg unhandled MACH_SEND_TRAILER option (repeated 16 times)
==9794== Conditional jump or move depends on uninitialised value(s)
==9794==    at 0x7CAE6F5: strcpy (in /usr/lib/system/libsystem_c.dylib)
==9794==    by 0x7F53EA0: xpc_connection_create (in /usr/lib/system/libxpc.dylib)
==9794==    by 0x7F53E4F: xpc_connection_create_mach_service (in /usr/lib/system/libxpc.dylib)
==9794==    by 0x59593D5: _CFPrefsWithDaemonConnection (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==9794==    by 0x59238DC: __80-[CFPrefsSearchListSource generationCountFromListOfSources:count:allowFetching:]_block_invoke (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==9794==    by 0x59237B0: -[CFPrefsSearchListSource generationCountFromListOfSources:count:allowFetching:] (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==9794==    by 0x57C85B9: -[CFPrefsSearchListSource alreadylocked_copyDictionary] (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==9794==    by 0x57C2DFA: -[CFPrefsSearchListSource alreadylocked_copyValueForKey:] (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==9794==    by 0x595A1EC: ___CFPreferencesCopyAppValueWithContainer_block_invoke (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==9794==    by 0x5922424: +[CFPrefsSearchListSource withSearchListForIdentifier:container:perform:] (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==9794==    by 0x595A175: _CFPreferencesCopyAppValueWithContainer (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==9794==    by 0x57BBB7F: CFPreferencesCopyAppValue (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
--9794-- WARNING: unhandled syscall: mach:41
--9794-- You may be able to write your own handler.
--9794-- Read the file README_MISSING_SYSCALL_OR_IOCTL.
--9794-- Nevertheless we consider this a bug.  Please report
--9794-- it at http://valgrind.org/support/bug_reports.html.
eq_SyscallStatus:
  {78 0 43}
  {78 0 40}

valgrind: m_syswrap/syswrap-main.c:384 (Bool eq_SyscallStatus(SyscallStatus *, SyscallStatus *)): the 'impossible' happened.

host stacktrace:
==9794==    at 0x38040608: ???
==9794==    by 0x380409AF: ???
==9794==    by 0x38040983: ???
==9794==    by 0x380D0E1F: ???
==9794==    by 0x380D03C1: ???
==9794==    by 0x380CE57E: ???
==9794==    by 0x380CC78D: ???
==9794==    by 0x380DE465: ???

sched status:
  running_tid=1

Thread 1: status = VgTs_Runnable
==9794==    at 0x7DF7A3A: _kernelrpc_mach_port_guard_trap (in /usr/lib/system/libsystem_kernel.dylib)
==9794==    by 0x7F55BC1: _xpc_mach_port_guard (in /usr/lib/system/libxpc.dylib)
==9794==    by 0x7F55B62: _xpc_connection_setup_reply_port (in /usr/lib/system/libxpc.dylib)
==9794==    by 0x7F56CDF: xpc_connection_send_message_with_reply (in /usr/lib/system/libxpc.dylib)
==9794==    by 0x5923985: __80-[CFPrefsSearchListSource generationCountFromListOfSources:count:allowFetching:]_block_invoke_2 (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==9794==    by 0x595943D: _CFPrefsWithDaemonConnection (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==9794==    by 0x59238DC: __80-[CFPrefsSearchListSource generationCountFromListOfSources:count:allowFetching:]_block_invoke (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==9794==    by 0x59237B0: -[CFPrefsSearchListSource generationCountFromListOfSources:count:allowFetching:] (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==9794==    by 0x57C85B9: -[CFPrefsSearchListSource alreadylocked_copyDictionary] (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==9794==    by 0x57C2DFA: -[CFPrefsSearchListSource alreadylocked_copyValueForKey:] (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==9794==    by 0x595A1EC: ___CFPreferencesCopyAppValueWithContainer_block_invoke (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==9794==    by 0x5922424: +[CFPrefsSearchListSource withSearchListForIdentifier:container:perform:] (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==9794==    by 0x595A175: _CFPreferencesCopyAppValueWithContainer (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==9794==    by 0x57BBB7F: CFPreferencesCopyAppValue (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==9794==    by 0x57D69C8: ___CFBundleCopyUserLanguages_block_invoke (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==9794==    by 0x7C180B4: dispatch_once_f (in /usr/lib/system/libdispatch.dylib)
==9794==    by 0x7C190D7: dispatch_once (in /usr/lib/system/libdispatch.dylib)
==9794==    by 0x5830768: CFBundleCopyLocalizationsForPreferences (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==9794==    by 0x21D7F0: LAZUTF8$_$LAZGETLANGUAGEIDS$ANSISTRING$ANSISTRING_$$_GETLANGUAGE$$BOOLEAN (lazutf8.pas:3356)
==9794==    by 0x21D763: LAZUTF8_$$_LAZGETLANGUAGEIDS$ANSISTRING$ANSISTRING (lazutf8.pas:3385)
==9794==    by 0x80538: FORMS$_$TAPPLICATION_$__$$_CREATE$TCOMPONENT$$TAPPLICATION (application.inc:118)
==9794==    by 0x88FE6: INIT$_$FORMS (forms.pp:2120)
==9794==    by 0x19FD3: FPC_INITIALIZEUNITS (in /Users/lou/xxx)
==9794==    by 0x26B14: SYSTEM_$$_FPC_SYSTEMMAIN$LONGINT$PPCHAR$PPCHAR (in /Users/lou/xxx)
==9794==    by 0x216C: (below main) (in /Users/lou/xxx)

Thread 2: status = VgTs_WaitSys
==9794==    at 0x7DFE8CE: kevent64 (in /usr/lib/system/libsystem_kernel.dylib)
==9794==    by 0x7C1B3A1: _dispatch_mgr_thread (in /usr/lib/system/libdispatch.dylib)


Note: see also the FAQ in the source distribution.
It contains workarounds to several common problems.
In particular, if Valgrind aborted or crashed after
identifying problems in your program, there's a good chance
that fixing those problems will prevent Valgrind aborting or
crashing, especially if it happened in m_mallocfree.c.

If that doesn't help, please report this bug to: www.valgrind.org

In the bug report, send all the above text, the valgrind
version, and what OS and version you are using.  Thanks.
Comment 1 Rhys Kidd 2015-02-21 13:20:02 UTC 
Refer related bug: https://bugs.kde.org/show_bug.cgi?id=339745
Comment 2 Rhys Kidd 2015-03-07 06:37:33 UTC 
To solve this properly (as the PRE handler is already there in SVN trunk):
1. Review the comment after vg_assert(eq_SyscallStatus( &sci->status, &test_status )) at coregrind/m_syswrap/syswrap-main.c:1825 , and
2. Review the implementation of thread_fast_set_cthread_self.
Comment 3 Rhys Kidd 2015-05-30 03:19:08 UTC 
Created attachment 92918 [details]
Proposed patch
Comment 4 Rhys Kidd 2015-05-30 03:20:08 UTC 
After reviewing osfmk/kern/syscall_sw.c and osfmk/mach/syscall_sw.h across OS X 10.8 - 10.10 it appears the #ifdef guard logic in Valgrind for the Mach syscalls across the interval [41,43] is incorrect.

Am testing a proposed patch across each of those OS X releases, and may be able to simplify the logic further on OS X 10.9 specifically.
Comment 5 lou.salkind 2015-05-30 04:27:21 UTC 
Good news:  I no longer get the unhandled syscall: mach:41 error with the patch.
Bad news:  valgrind now aborts later on because it can't decode an instruction:

vex x86->IR: unhandled instruction bytes: 0x66 0xF 0x3A 0xB
==67715== valgrind: Unrecognised instruction at address 0x7ebb046.
==67715==    at 0x7EBB046: __tanpi (in /usr/lib/system/libsystem_m.dylib)
==67715==    by 0x58071F1: __CFBasicHashAddValue (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==67715==    by 0x5806BE5: CFBasicHashSetValue (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==67715==    by 0x5805F5C: CFDictionarySetValue (in /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation)
==67715==    by 0x6F9F3C3: ___ZN18LSSharedMemoryPage16CopyForSessionIDE11LSSessionIDb_block_invoke11 (in /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices)
==67715==    by 0x7CAE56F: _dispatch_barrier_sync_f_invoke (in /usr/lib/system/libdispatch.dylib)
==67715==    by 0x7CAE536: dispatch_barrier_sync_f (in /usr/lib/system/libdispatch.dylib)
==67715==    by 0x7CB73D0: dispatch_barrier_sync (in /usr/lib/system/libdispatch.dylib)
==67715==    by 0x6F9E71B: LSSharedMemoryPage::CopyForSessionID(LSSessionID, bool) (in /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices)
==67715==    by 0x6F9E482: LSSharedMemoryCopyForSessionID(LSSessionID, bool) (in /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices)
==67715==    by 0x6FAAE85: _LSCopyApplicationInformationItem (in /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices)
==67715==    by 0x8785032: __CGSNewConnection_block_invoke (in /System/Library/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics)
==67715== Your program just tried to execute an instruction that Valgrind
==67715== did not recognise.  There are two possible reasons for this.
==67715== 1. Your program has a bug and erroneously jumped to a non-code
==67715==    location.  If you are running Memcheck and you just saw a
==67715==    warning about a bad jump, it's probably your program's fault.
==67715== 2. The instruction is legitimate but Valgrind doesn't handle it,
==67715==    i.e. it's Valgrind's fault.  If you think this is the case or
==67715==    you are not sure, please let us know and we'll try to fix it.
==67715== Either way, Valgrind will now raise a SIGILL signal which will
==67715== probably kill your program.
==67715== 
==67715== Process terminating with default action of signal 11 (SIGSEGV)
==67715==  Access not within mapped region at address 0xBF7FFFF4
==67715==    at 0x27794: SYSTEM_$$_REENABLE_SIGNAL$LONGINT$$BOOLEAN (in /Users/lou/idtest/build/ImageBrowser/i386-darwin-carbon/IDimagerSU)
==67715==  If you believe this happened as a result of a stack
==67715==  overflow in your program's main thread (unlikely but
==67715==  possible), you can try to increase the size of the
==67715==  main thread stack using the --main-stacksize= flag.
==67715==  The main thread stack size used in this run was 8388608.
Comment 6 Rhys Kidd 2015-05-30 05:02:13 UTC 
Lou, great to confirm.
That later issue is already being tracked in this bug report: https://bugs.kde.org/show_bug.cgi?id=346023.
Comment 7 Rhys Kidd 2015-05-30 09:00:14 UTC 
Resolved in r15297.