Subject: lib/31218: segv in _setcontext_u_xmm
To: None <lib-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <yamt@mwd.biglobe.ne.jp>
List: netbsd-bugs
Date: 09/08/2005 12:33:00
>Number:         31218
>Category:       lib
>Synopsis:       segv in _setcontext_u_xmm
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Sep 08 12:33:00 +0000 2005
>Originator:     YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
>Release:        NetBSD 3.99.8
>Organization:

>Environment:
	
	
System: NetBSD kaeru 3.99.8
Architecture: i386
Machine: i386
>Description:

	running a program which has 32 threads doing network i/o heavily,
	i sometimes get segv in _setcontext_u_xmm.

	it's P4 HT enabled (1 physical cpu, 2 logical cpus.),
	running MP kernel.  no PTHREAD_CONCURRENCY set.

	it seems the fpu context was overwritten.  see below.

#0  0xbdbe629d in _setcontext_u_xmm () from /usr/lib/libpthread.so.0
(gdb) inf thr
  34 Thread 1 ()  0xbdbde21b in pthread__locked_switch ()
   from /usr/lib/libpthread.so.0
  33 Thread 22 ()  0xbdb2ee67 in poll () from /usr/lib/libc.so.12
  32 Thread 23 ()  0xbdb2ee67 in poll () from /usr/lib/libc.so.12
  31 Thread 25 ()  0xbdb2ee67 in poll () from /usr/lib/libc.so.12
  30 Thread 26 ()  0xbdb2edfb in read () from /usr/lib/libc.so.12
  29 Thread 27 ()  0xbdb2ee67 in poll () from /usr/lib/libc.so.12
  28 Thread 31 ()  0xbdb2ee67 in poll () from /usr/lib/libc.so.12
  27 Thread 32 ()  0xbdb2ee67 in poll () from /usr/lib/libc.so.12
  26 Thread 33 ()  0xbdb2ee67 in poll () from /usr/lib/libc.so.12
  25 Thread 35 ()  0xbdb2ee67 in poll () from /usr/lib/libc.so.12
  24 Thread 36 ()  0xbdbe629d in _setcontext_u_xmm ()
   from /usr/lib/libpthread.so.0
  23 Thread 37 ()  0xbdb2ee67 in poll () from /usr/lib/libc.so.12
  22 Thread 38 ()  0xbdb2edfb in read () from /usr/lib/libc.so.12
  21 Thread 41 ()  0xbdb2ee67 in poll () from /usr/lib/libc.so.12
  20 Thread 42 ()  0xbdb2edfb in read () from /usr/lib/libc.so.12
  19 Thread 43 ()  0xbdb2ee67 in poll () from /usr/lib/libc.so.12
  18 Thread 44 ()  0xbdb2ee67 in poll () from /usr/lib/libc.so.12
  17 Thread 45 ()  0xbdb2ee67 in poll () from /usr/lib/libc.so.12
  16 Thread 48 ()  0xbdb2ee67 in poll () from /usr/lib/libc.so.12
  15 Thread 49 ()  0xbdb2ee67 in poll () from /usr/lib/libc.so.12
  14 Thread 50 ()  0xbdb2edfb in read () from /usr/lib/libc.so.12
  13 Thread 52 ()  0xbdb2ee67 in poll () from /usr/lib/libc.so.12
  12 LWP 25  0xbdb2ee67 in poll () from /usr/lib/libc.so.12
  11 LWP 31  0xbdb2ee67 in poll () from /usr/lib/libc.so.12
  10 LWP 9  0xbdb2ee67 in poll () from /usr/lib/libc.so.12
  9 LWP 30  0xbdb2ee67 in poll () from /usr/lib/libc.so.12
  8 LWP 8  0xbdb2ee67 in poll () from /usr/lib/libc.so.12
  7 LWP 16  0xbdb2ee67 in poll () from /usr/lib/libc.so.12
  6 LWP 2  0xbdb2ee67 in poll () from /usr/lib/libc.so.12
  5 LWP 28  0xbdb2ee67 in poll () from /usr/lib/libc.so.12
  4 LWP 22  0xbdb2ee67 in poll () from /usr/lib/libc.so.12
  3 LWP 29  0xbdb2ee67 in poll () from /usr/lib/libc.so.12
  2 LWP 18  0xbdb2ee67 in poll () from /usr/lib/libc.so.12
  1 LWP 17  0xbdbe629d in _setcontext_u_xmm () from /usr/lib/libpthread.so.0
(gdb) thr 1
[Switching to thread 1 (LWP 17)]#0  0xbdbe629d in _setcontext_u_xmm ()
   from /usr/lib/libpthread.so.0
(gdb) bt
#0  0xbdbe629d in _setcontext_u_xmm () from /usr/lib/libpthread.so.0
#1  0xbdbde2c0 in pthread__upcall_switch () from /usr/lib/libpthread.so.0
#2  0xbdbe0549 in pthread__upcall () from /usr/lib/libpthread.so.0
(gdb) inf reg
eax            0x4000000c       1073741836
ecx            0xb95ef910       -1184958192
edx            0xb95ef910       -1184958192
ebx            0xbdbe97b0       -1111582800
esp            0xb95ef8e8       0xb95ef8e8
ebp            0xbbfffc3c       0xbbfffc3c
esi            0xb95ef910       -1184958192
edi            0xbbe00000       -1142947840
eip            0xbdbe629d       0xbdbe629d
eflags         0x10247  66119
cs             0x23     35
ss             0x2b     43
ds             0x2b     43
es             0x2b     43
fs             0x2b     43
gs             0x2b     43
fctrl          0x127f   4735
fstat          0x0      0
ftag           0xffff   65535
fiseg          0x0      0
fioff          0x0      0
foseg          0x0      0
fooff          0x0      0
fop            0x0      0
mxcsr          0x0      0
(gdb) disas _setcontext_u_xmm
Dump of assembler code for function _setcontext_u_xmm:
0xbdbe6290 <_setcontext_u_xmm>: mov    0x4(%esp,1),%ecx
0xbdbe6294 <_setcontext_u_xmm+4>:       mov    0x0(%ecx),%eax
0xbdbe6297 <_setcontext_u_xmm+7>:       bt     $0x1e,%eax
0xbdbe629b <_setcontext_u_xmm+11>:
    jae    0xbdbe62c0 <_setcontext_u_xmm+48>
0xbdbe629d <_setcontext_u_xmm+13>:      fxrstor 0x70(%ecx)
0xbdbe62a1 <_setcontext_u_xmm+17>:      movl   0x24(%ecx),%gs
0xbdbe62a4 <_setcontext_u_xmm+20>:      movl   0x28(%ecx),%fs
0xbdbe62a7 <_setcontext_u_xmm+23>:      mov    0x34(%ecx),%edi
0xbdbe62aa <_setcontext_u_xmm+26>:      mov    0x38(%ecx),%esi
0xbdbe62ad <_setcontext_u_xmm+29>:      mov    0x3c(%ecx),%ebp
0xbdbe62b0 <_setcontext_u_xmm+32>:      mov    0x44(%ecx),%ebx
0xbdbe62b3 <_setcontext_u_xmm+35>:      mov    0x68(%ecx),%edx
0xbdbe62b6 <_setcontext_u_xmm+38>:      mov    0x5c(%ecx),%eax
0xbdbe62b9 <_setcontext_u_xmm+41>:      mov    %eax,0xfffffffc(%edx)
0xbdbe62bc <_setcontext_u_xmm+44>:      lea    0xfffffffc(%edx),%esp
0xbdbe62bf <_setcontext_u_xmm+47>:      ret
0xbdbe62c0 <_setcontext_u_xmm+48>:      btl    $0x8,0x64(%ecx)
0xbdbe62c5 <_setcontext_u_xmm+53>:
    jae    0xbdbe62ce <_setcontext_u_xmm+62>
0xbdbe62c7 <_setcontext_u_xmm+55>:      push   %ecx
0xbdbe62c8 <_setcontext_u_xmm+56>:      call   *0x2c4(%ebx)
0xbdbe62ce <_setcontext_u_xmm+62>:      and    $0x8,%eax
0xbdbe62d1 <_setcontext_u_xmm+65>:
    je     0xbdbe62d7 <_setcontext_u_xmm+71>
0xbdbe62d3 <_setcontext_u_xmm+67>:      fxrstor 0x70(%ecx)
0xbdbe62d7 <_setcontext_u_xmm+71>:      movl   0x24(%ecx),%gs
0xbdbe62da <_setcontext_u_xmm+74>:      movl   0x28(%ecx),%fs
0xbdbe62dd <_setcontext_u_xmm+77>:      movl   0x2c(%ecx),%es
0xbdbe62e0 <_setcontext_u_xmm+80>:      mov    0x34(%ecx),%edi
0xbdbe62e3 <_setcontext_u_xmm+83>:      mov    0x38(%ecx),%esi
0xbdbe62e6 <_setcontext_u_xmm+86>:      mov    0x3c(%ecx),%ebp
0xbdbe62e9 <_setcontext_u_xmm+89>:      mov    0x44(%ecx),%ebx
0xbdbe62ec <_setcontext_u_xmm+92>:      mov    0x68(%ecx),%edx
0xbdbe62ef <_setcontext_u_xmm+95>:      mov    0x60(%ecx),%eax
0xbdbe62f2 <_setcontext_u_xmm+98>:      mov    %eax,0xfffffffc(%edx)
0xbdbe62f5 <_setcontext_u_xmm+101>:     mov    0x5c(%ecx),%eax
0xbdbe62f8 <_setcontext_u_xmm+104>:     mov    %eax,0xfffffff8(%edx)
0xbdbe62fb <_setcontext_u_xmm+107>:     mov    0x30(%ecx),%eax
0xbdbe62fe <_setcontext_u_xmm+110>:     mov    %eax,0xfffffff4(%edx)
0xbdbe6301 <_setcontext_u_xmm+113>:     mov    0x48(%ecx),%eax
0xbdbe6304 <_setcontext_u_xmm+116>:     mov    %eax,0xfffffff0(%edx)
0xbdbe6307 <_setcontext_u_xmm+119>:     mov    0x4c(%ecx),%eax
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) x/512 0xb95ef910
0xb95ef910:     0x4000000c      0x0000002b      0x0000002b      0x0000002b
0xb95ef920:     0x0000002e      0x00000000      0x00000000      0x00000000
0xb95ef930:     0x00000000      0x0000002b      0xbfc0002b      0x00200000
0xb95ef940:     0x00000000      0xb95ef910      0xb9400000      0xb95efc30
0xb95ef950:     0x0000002b      0xbdbe97b0      0xb95efca8      0xb95efc50
0xb95ef960:     0xb95efc34      0xbdbe97b0      0x00000000      0xbdbde11c
0xb95ef970:     0x00000000      0x00000003      0xb95ef904      0xbdb5dcbf
0xb95ef980:     0x0000127f      0x00000000      0x00000000      0x00000000
0xb95ef990:     0x00000000      0x00000000      0xbdbde11b      0xb95ef9c0
0xb95ef9a0:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95ef9b0:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95ef9c0:     0x0000002e      0x00000000      0x00000000      0x00000000
0xb95ef9d0:     0x00000000      0x00000000      0xbfc00000      0x00200000
0xb95ef9e0:     0x00000000      0x0000002b      0x0000002b      0x0000002b
0xb95ef9f0:     0x0000002b      0xb9400000      0xb9400000      0xb95efcf0
0xb95efa00:     0xb95efcd4      0xbdbe97b0      0xbba00000      0xb95efdc8
0xb95efa10:     0xbdbea200      0x00000003      0x00000000      0xbdbde0c0
0xb95efa20:     0x00000023      0x00000206      0xb95efcd4      0x0000002b
0xb95efa30:     0x0000127f      0x00000000      0x00000000      0x00000000
0xb95efa40:     0x00000000      0x00000000      0x00001f80      0x0000ffff
0xb95efa50:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efa60:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efa70:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efa80:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efa90:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efaa0:     0xe35a14bd      0xaabaa0e3      0x00003fff      0x00000000
0xb95efab0:     0x00000000      0x800bf600      0x00004015      0x00000000
0xb95efac0:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efad0:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efae0:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efaf0:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efb00:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efb10:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efb20:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efb30:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efb40:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efb50:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efb60:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efb70:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efb80:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efb90:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efba0:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efbb0:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efbc0:     0x00000000      0x00000000      0x00000000      0x00000000
---Type <return> to continue, or q <return> to quit---
0xb95efbd0:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efbe0:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efbf0:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efc00:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efc10:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efc20:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efc30:     0x46464646      0x46464646      0x46464646      0x46464646
0xb95efc40:     0x46464646      0x46464646      0x46464646      0x46464646
0xb95efc50:     0x46464646      0x46464646      0x46464646      0x46464646
0xb95efc60:     0x46464646      0x46464646      0x46464646      0x46464646
0xb95efc70:     0x46464646      0x46464646      0x46464646      0x46464646
0xb95efc80:     0x46464646      0x46464646      0x46464646      0x46464646
0xb95efc90:     0x46464646      0x46464646      0x46464646      0x46464646
0xb95efca0:     0x46464646      0x46464646      0x46464646      0x46464646
0xb95efcb0:     0x46464646      0x46464646      0x46464646      0x46464646
0xb95efcc0:     0x46464646      0x46464646      0x0000002b      0xbdbb4437
0xb95efcd0:     0xb95efcf0      0xbdbe35b1      0xb9400000      0xbba00000
0xb95efce0:     0x00000000      0xbdbe355a      0xbdbe97b0      0x00000000
0xb95efcf0:     0xb95efe00      0xbdbdf9f7      0xb9400000      0xb94000ac
0xb95efd00:     0x00000000      0xbdbdf6f1      0x00000000      0x00000000
0xb95efd10:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efd20:     0x00000000      0xb95efdd8      0xbdbe9b44      0xb95efd48
0xb95efd30:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efd40:     0xb95efdc8      0xb94000ac      0x00000000      0x00000000
0xb95efd50:     0x00000000      0x000058be      0x00000000      0x00000000
0xb95efd60:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efd70:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efd80:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efd90:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efda0:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efdb0:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efdc0:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efdd0:     0x00000000      0x00000000      0x00000000      0x00000000
0xb95efde0:     0x00000000      0x00000000      0x46464646      0x46464646
0xb95efdf0:     0x46464646      0xbdbc6cb0      0x00000000      0x0807dd80
0xb95efe00:     0xb95efe60      0xbdb7da21      0x00000003      0xb95efe28
0xb95efe10:     0xb95efe38      0xbdbe2f7d      0x00006710      0x00000000
0xb95efe20:     0xb95efe28      0xb95efe38      0xffffffff      0xffffffff
0xb95efe30:     0xffffffff      0xffffffff      0x00000000      0x00000000
0xb95efe40:     0x00000000      0x00000000      0x46464646      0x00000000
0xb95efe50:     0xb95efe70      0x08051660      0x00000000      0xb95eff20
0xb95efe60:     0xb95efe80      0x08049922      0x08051660      0x0804d308
0xb95efe70:     0xb95efe98      0x08051660      0xb95efe98      0x00008000
0xb95efe80:     0xb95eff60      0x0804a2b0      0x0804d308      0xb95efe98
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb)
(gdb) x/512 0xb95ef910
0xb95ef910:     0x4000000c      0x2b    0x2b    0x2b
0xb95ef920:     0x2e    0x0     0x0     0x0
0xb95ef930:     0x0     0x2b    0xbfc0002b      0x200000
0xb95ef940:     0x0     0xb95ef910      0xb9400000      0xb95efc30
0xb95ef950:     0x2b    0xbdbe97b0 <pthread__static_lib_binder+240>     0xb95efca8      0xb95efc50
0xb95ef960:     0xb95efc34      0xbdbe97b0 <pthread__static_lib_binder+240>     0x0     0xbdbde11c <pthread__switch_return_point>
0xb95ef970:     0x0     0x3     0xb95ef904      0xbdb5dcbf <getuid+7>
0xb95ef980:     0x127f  0x0     0x0     0x0
0xb95ef990:     0x0     0x0     0xbdbde11b <pthread__switch+91> 0xb95ef9c0
0xb95ef9a0:     0x0     0x0     0x0     0x0
0xb95ef9b0:     0x0     0x0     0x0     0x0
0xb95ef9c0:     0x2e    0x0     0x0     0x0
0xb95ef9d0:     0x0     0x0     0xbfc00000      0x200000
0xb95ef9e0:     0x0     0x2b    0x2b    0x2b
0xb95ef9f0:     0x2b    0xb9400000      0xb9400000      0xb95efcf0
0xb95efa00:     0xb95efcd4      0xbdbe97b0 <pthread__static_lib_binder+240>     0xbba00000      0xb95efdc8
0xb95efa10:     0xbdbea200 <pthread__debug_counters>    0x3     0x0     0xbdbde0c0 <pthread__switch>
0xb95efa20:     0x23    0x206   0xb95efcd4      0x2b
0xb95efa30:     0x127f  0x0     0x0     0x0
0xb95efa40:     0x0     0x0     0x1f80  0xffff
0xb95efa50:     0x0     0x0     0x0     0x0
0xb95efa60:     0x0     0x0     0x0     0x0
0xb95efa70:     0x0     0x0     0x0     0x0
0xb95efa80:     0x0     0x0     0x0     0x0
0xb95efa90:     0x0     0x0     0x0     0x0
0xb95efaa0:     0xe35a14bd      0xaabaa0e3      0x3fff  0x0
0xb95efab0:     0x0     0x800bf600      0x4015  0x0
0xb95efac0:     0x0     0x0     0x0     0x0
0xb95efad0:     0x0     0x0     0x0     0x0
0xb95efae0:     0x0     0x0     0x0     0x0
0xb95efaf0:     0x0     0x0     0x0     0x0
0xb95efb00:     0x0     0x0     0x0     0x0
0xb95efb10:     0x0     0x0     0x0     0x0
0xb95efb20:     0x0     0x0     0x0     0x0
0xb95efb30:     0x0     0x0     0x0     0x0
0xb95efb40:     0x0     0x0     0x0     0x0
0xb95efb50:     0x0     0x0     0x0     0x0
0xb95efb60:     0x0     0x0     0x0     0x0
0xb95efb70:     0x0     0x0     0x0     0x0
0xb95efb80:     0x0     0x0     0x0     0x0
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb)

>How-To-Repeat:
	
>Fix:
	

>Unformatted: