From 8a06de9e92937f2cb4d2a01d9c51d2485c958646 Mon Sep 17 00:00:00 2001
From: Konstantin Belousov <kib@FreeBSD.org>
Date: Sat, 25 Jun 2016 11:31:25 +0000
Subject: [PATCH] Do not clear robust lists pointers on fork.  The forked child
 thread lists must be functional.

Reported by:	Daniel Engberg <daniel.engberg.lists@pyret.net>,
	Guy Yur <guyyur@gmail.com>
Tested by:	Guy Yur <guyyur@gmail.com>
Sponsored by:	The FreeBSD Foundation
Approved by:	re (gjb), including the KBI change
---
 sys/kern/kern_thr.c | 1 +
 sys/sys/proc.h      | 6 +++---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/sys/kern/kern_thr.c b/sys/kern/kern_thr.c
index 10ccdab9678b..293574c7eda6 100644
--- a/sys/kern/kern_thr.c
+++ b/sys/kern/kern_thr.c
@@ -234,6 +234,7 @@ thread_create(struct thread *td, struct rtprio *rtp,
 	bcopy(&td->td_startcopy, &newtd->td_startcopy,
 	    __rangeof(struct thread, td_startcopy, td_endcopy));
 	newtd->td_proc = td->td_proc;
+	newtd->td_rb_list = newtd->td_rbp_list = newtd->td_rb_inact = 0;
 	thread_cow_get(newtd, td);
 
 	error = initialize_thread(newtd, thunk);
diff --git a/sys/sys/proc.h b/sys/sys/proc.h
index 6d03062c822d..6162a162d6a1 100644
--- a/sys/sys/proc.h
+++ b/sys/sys/proc.h
@@ -282,9 +282,6 @@ struct thread {
 	int		td_no_sleeping;	/* (k) Sleeping disabled count. */
 	int		td_dom_rr_idx;	/* (k) RR Numa domain selection. */
 	void		*td_su;		/* (k) FFS SU private */
-	uintptr_t	td_rb_list;	/* (k) Robust list head. */
-	uintptr_t	td_rbp_list;	/* (k) Robust priv list head. */
-	uintptr_t	td_rb_inact;	/* (k) Current in-action mutex loc. */
 #define	td_endzero td_sigmask
 
 /* Copied during fork1() or create_thread(). */
@@ -298,6 +295,9 @@ struct thread {
 	u_char		td_base_user_pri; /* (t) Base user pri */
 	u_int		td_dbg_sc_code;	/* (c) Syscall code to debugger. */
 	u_int		td_dbg_sc_narg;	/* (c) Syscall arg count to debugger.*/
+	uintptr_t	td_rb_list;	/* (k) Robust list head. */
+	uintptr_t	td_rbp_list;	/* (k) Robust priv list head. */
+	uintptr_t	td_rb_inact;	/* (k) Current in-action mutex loc. */
 #define	td_endcopy td_pcb
 
 /*