Subject: lib/31218: segv in _setcontext_u_xmm
To: None <lib-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <yamt@mwd.biglobe.ne.jp>
List: netbsd-bugs
Date: 09/08/2005 12:33:00
>Number: 31218
>Category: lib
>Synopsis: segv in _setcontext_u_xmm
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: lib-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Sep 08 12:33:00 +0000 2005
>Originator: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
>Release: NetBSD 3.99.8
>Organization:
>Environment:
System: NetBSD kaeru 3.99.8
Architecture: i386
Machine: i386
>Description:
running a program which has 32 threads doing network i/o heavily,
i sometimes get segv in _setcontext_u_xmm.
it's P4 HT enabled (1 physical cpu, 2 logical cpus.),
running MP kernel. no PTHREAD_CONCURRENCY set.
it seems the fpu context was overwritten. see below.
#0 0xbdbe629d in _setcontext_u_xmm () from /usr/lib/libpthread.so.0
(gdb) inf thr
34 Thread 1 () 0xbdbde21b in pthread__locked_switch ()
from /usr/lib/libpthread.so.0
33 Thread 22 () 0xbdb2ee67 in poll () from /usr/lib/libc.so.12
32 Thread 23 () 0xbdb2ee67 in poll () from /usr/lib/libc.so.12
31 Thread 25 () 0xbdb2ee67 in poll () from /usr/lib/libc.so.12
30 Thread 26 () 0xbdb2edfb in read () from /usr/lib/libc.so.12
29 Thread 27 () 0xbdb2ee67 in poll () from /usr/lib/libc.so.12
28 Thread 31 () 0xbdb2ee67 in poll () from /usr/lib/libc.so.12
27 Thread 32 () 0xbdb2ee67 in poll () from /usr/lib/libc.so.12
26 Thread 33 () 0xbdb2ee67 in poll () from /usr/lib/libc.so.12
25 Thread 35 () 0xbdb2ee67 in poll () from /usr/lib/libc.so.12
24 Thread 36 () 0xbdbe629d in _setcontext_u_xmm ()
from /usr/lib/libpthread.so.0
23 Thread 37 () 0xbdb2ee67 in poll () from /usr/lib/libc.so.12
22 Thread 38 () 0xbdb2edfb in read () from /usr/lib/libc.so.12
21 Thread 41 () 0xbdb2ee67 in poll () from /usr/lib/libc.so.12
20 Thread 42 () 0xbdb2edfb in read () from /usr/lib/libc.so.12
19 Thread 43 () 0xbdb2ee67 in poll () from /usr/lib/libc.so.12
18 Thread 44 () 0xbdb2ee67 in poll () from /usr/lib/libc.so.12
17 Thread 45 () 0xbdb2ee67 in poll () from /usr/lib/libc.so.12
16 Thread 48 () 0xbdb2ee67 in poll () from /usr/lib/libc.so.12
15 Thread 49 () 0xbdb2ee67 in poll () from /usr/lib/libc.so.12
14 Thread 50 () 0xbdb2edfb in read () from /usr/lib/libc.so.12
13 Thread 52 () 0xbdb2ee67 in poll () from /usr/lib/libc.so.12
12 LWP 25 0xbdb2ee67 in poll () from /usr/lib/libc.so.12
11 LWP 31 0xbdb2ee67 in poll () from /usr/lib/libc.so.12
10 LWP 9 0xbdb2ee67 in poll () from /usr/lib/libc.so.12
9 LWP 30 0xbdb2ee67 in poll () from /usr/lib/libc.so.12
8 LWP 8 0xbdb2ee67 in poll () from /usr/lib/libc.so.12
7 LWP 16 0xbdb2ee67 in poll () from /usr/lib/libc.so.12
6 LWP 2 0xbdb2ee67 in poll () from /usr/lib/libc.so.12
5 LWP 28 0xbdb2ee67 in poll () from /usr/lib/libc.so.12
4 LWP 22 0xbdb2ee67 in poll () from /usr/lib/libc.so.12
3 LWP 29 0xbdb2ee67 in poll () from /usr/lib/libc.so.12
2 LWP 18 0xbdb2ee67 in poll () from /usr/lib/libc.so.12
1 LWP 17 0xbdbe629d in _setcontext_u_xmm () from /usr/lib/libpthread.so.0
(gdb) thr 1
[Switching to thread 1 (LWP 17)]#0 0xbdbe629d in _setcontext_u_xmm ()
from /usr/lib/libpthread.so.0
(gdb) bt
#0 0xbdbe629d in _setcontext_u_xmm () from /usr/lib/libpthread.so.0
#1 0xbdbde2c0 in pthread__upcall_switch () from /usr/lib/libpthread.so.0
#2 0xbdbe0549 in pthread__upcall () from /usr/lib/libpthread.so.0
(gdb) inf reg
eax 0x4000000c 1073741836
ecx 0xb95ef910 -1184958192
edx 0xb95ef910 -1184958192
ebx 0xbdbe97b0 -1111582800
esp 0xb95ef8e8 0xb95ef8e8
ebp 0xbbfffc3c 0xbbfffc3c
esi 0xb95ef910 -1184958192
edi 0xbbe00000 -1142947840
eip 0xbdbe629d 0xbdbe629d
eflags 0x10247 66119
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x2b 43
gs 0x2b 43
fctrl 0x127f 4735
fstat 0x0 0
ftag 0xffff 65535
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
mxcsr 0x0 0
(gdb) disas _setcontext_u_xmm
Dump of assembler code for function _setcontext_u_xmm:
0xbdbe6290 <_setcontext_u_xmm>: mov 0x4(%esp,1),%ecx
0xbdbe6294 <_setcontext_u_xmm+4>: mov 0x0(%ecx),%eax
0xbdbe6297 <_setcontext_u_xmm+7>: bt $0x1e,%eax
0xbdbe629b <_setcontext_u_xmm+11>:
jae 0xbdbe62c0 <_setcontext_u_xmm+48>
0xbdbe629d <_setcontext_u_xmm+13>: fxrstor 0x70(%ecx)
0xbdbe62a1 <_setcontext_u_xmm+17>: movl 0x24(%ecx),%gs
0xbdbe62a4 <_setcontext_u_xmm+20>: movl 0x28(%ecx),%fs
0xbdbe62a7 <_setcontext_u_xmm+23>: mov 0x34(%ecx),%edi
0xbdbe62aa <_setcontext_u_xmm+26>: mov 0x38(%ecx),%esi
0xbdbe62ad <_setcontext_u_xmm+29>: mov 0x3c(%ecx),%ebp
0xbdbe62b0 <_setcontext_u_xmm+32>: mov 0x44(%ecx),%ebx
0xbdbe62b3 <_setcontext_u_xmm+35>: mov 0x68(%ecx),%edx
0xbdbe62b6 <_setcontext_u_xmm+38>: mov 0x5c(%ecx),%eax
0xbdbe62b9 <_setcontext_u_xmm+41>: mov %eax,0xfffffffc(%edx)
0xbdbe62bc <_setcontext_u_xmm+44>: lea 0xfffffffc(%edx),%esp
0xbdbe62bf <_setcontext_u_xmm+47>: ret
0xbdbe62c0 <_setcontext_u_xmm+48>: btl $0x8,0x64(%ecx)
0xbdbe62c5 <_setcontext_u_xmm+53>:
jae 0xbdbe62ce <_setcontext_u_xmm+62>
0xbdbe62c7 <_setcontext_u_xmm+55>: push %ecx
0xbdbe62c8 <_setcontext_u_xmm+56>: call *0x2c4(%ebx)
0xbdbe62ce <_setcontext_u_xmm+62>: and $0x8,%eax
0xbdbe62d1 <_setcontext_u_xmm+65>:
je 0xbdbe62d7 <_setcontext_u_xmm+71>
0xbdbe62d3 <_setcontext_u_xmm+67>: fxrstor 0x70(%ecx)
0xbdbe62d7 <_setcontext_u_xmm+71>: movl 0x24(%ecx),%gs
0xbdbe62da <_setcontext_u_xmm+74>: movl 0x28(%ecx),%fs
0xbdbe62dd <_setcontext_u_xmm+77>: movl 0x2c(%ecx),%es
0xbdbe62e0 <_setcontext_u_xmm+80>: mov 0x34(%ecx),%edi
0xbdbe62e3 <_setcontext_u_xmm+83>: mov 0x38(%ecx),%esi
0xbdbe62e6 <_setcontext_u_xmm+86>: mov 0x3c(%ecx),%ebp
0xbdbe62e9 <_setcontext_u_xmm+89>: mov 0x44(%ecx),%ebx
0xbdbe62ec <_setcontext_u_xmm+92>: mov 0x68(%ecx),%edx
0xbdbe62ef <_setcontext_u_xmm+95>: mov 0x60(%ecx),%eax
0xbdbe62f2 <_setcontext_u_xmm+98>: mov %eax,0xfffffffc(%edx)
0xbdbe62f5 <_setcontext_u_xmm+101>: mov 0x5c(%ecx),%eax
0xbdbe62f8 <_setcontext_u_xmm+104>: mov %eax,0xfffffff8(%edx)
0xbdbe62fb <_setcontext_u_xmm+107>: mov 0x30(%ecx),%eax
0xbdbe62fe <_setcontext_u_xmm+110>: mov %eax,0xfffffff4(%edx)
0xbdbe6301 <_setcontext_u_xmm+113>: mov 0x48(%ecx),%eax
0xbdbe6304 <_setcontext_u_xmm+116>: mov %eax,0xfffffff0(%edx)
0xbdbe6307 <_setcontext_u_xmm+119>: mov 0x4c(%ecx),%eax
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb) x/512 0xb95ef910
0xb95ef910: 0x4000000c 0x0000002b 0x0000002b 0x0000002b
0xb95ef920: 0x0000002e 0x00000000 0x00000000 0x00000000
0xb95ef930: 0x00000000 0x0000002b 0xbfc0002b 0x00200000
0xb95ef940: 0x00000000 0xb95ef910 0xb9400000 0xb95efc30
0xb95ef950: 0x0000002b 0xbdbe97b0 0xb95efca8 0xb95efc50
0xb95ef960: 0xb95efc34 0xbdbe97b0 0x00000000 0xbdbde11c
0xb95ef970: 0x00000000 0x00000003 0xb95ef904 0xbdb5dcbf
0xb95ef980: 0x0000127f 0x00000000 0x00000000 0x00000000
0xb95ef990: 0x00000000 0x00000000 0xbdbde11b 0xb95ef9c0
0xb95ef9a0: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95ef9b0: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95ef9c0: 0x0000002e 0x00000000 0x00000000 0x00000000
0xb95ef9d0: 0x00000000 0x00000000 0xbfc00000 0x00200000
0xb95ef9e0: 0x00000000 0x0000002b 0x0000002b 0x0000002b
0xb95ef9f0: 0x0000002b 0xb9400000 0xb9400000 0xb95efcf0
0xb95efa00: 0xb95efcd4 0xbdbe97b0 0xbba00000 0xb95efdc8
0xb95efa10: 0xbdbea200 0x00000003 0x00000000 0xbdbde0c0
0xb95efa20: 0x00000023 0x00000206 0xb95efcd4 0x0000002b
0xb95efa30: 0x0000127f 0x00000000 0x00000000 0x00000000
0xb95efa40: 0x00000000 0x00000000 0x00001f80 0x0000ffff
0xb95efa50: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efa60: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efa70: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efa80: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efa90: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efaa0: 0xe35a14bd 0xaabaa0e3 0x00003fff 0x00000000
0xb95efab0: 0x00000000 0x800bf600 0x00004015 0x00000000
0xb95efac0: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efad0: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efae0: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efaf0: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efb00: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efb10: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efb20: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efb30: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efb40: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efb50: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efb60: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efb70: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efb80: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efb90: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efba0: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efbb0: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efbc0: 0x00000000 0x00000000 0x00000000 0x00000000
---Type <return> to continue, or q <return> to quit---
0xb95efbd0: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efbe0: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efbf0: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efc00: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efc10: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efc20: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efc30: 0x46464646 0x46464646 0x46464646 0x46464646
0xb95efc40: 0x46464646 0x46464646 0x46464646 0x46464646
0xb95efc50: 0x46464646 0x46464646 0x46464646 0x46464646
0xb95efc60: 0x46464646 0x46464646 0x46464646 0x46464646
0xb95efc70: 0x46464646 0x46464646 0x46464646 0x46464646
0xb95efc80: 0x46464646 0x46464646 0x46464646 0x46464646
0xb95efc90: 0x46464646 0x46464646 0x46464646 0x46464646
0xb95efca0: 0x46464646 0x46464646 0x46464646 0x46464646
0xb95efcb0: 0x46464646 0x46464646 0x46464646 0x46464646
0xb95efcc0: 0x46464646 0x46464646 0x0000002b 0xbdbb4437
0xb95efcd0: 0xb95efcf0 0xbdbe35b1 0xb9400000 0xbba00000
0xb95efce0: 0x00000000 0xbdbe355a 0xbdbe97b0 0x00000000
0xb95efcf0: 0xb95efe00 0xbdbdf9f7 0xb9400000 0xb94000ac
0xb95efd00: 0x00000000 0xbdbdf6f1 0x00000000 0x00000000
0xb95efd10: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efd20: 0x00000000 0xb95efdd8 0xbdbe9b44 0xb95efd48
0xb95efd30: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efd40: 0xb95efdc8 0xb94000ac 0x00000000 0x00000000
0xb95efd50: 0x00000000 0x000058be 0x00000000 0x00000000
0xb95efd60: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efd70: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efd80: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efd90: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efda0: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efdb0: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efdc0: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efdd0: 0x00000000 0x00000000 0x00000000 0x00000000
0xb95efde0: 0x00000000 0x00000000 0x46464646 0x46464646
0xb95efdf0: 0x46464646 0xbdbc6cb0 0x00000000 0x0807dd80
0xb95efe00: 0xb95efe60 0xbdb7da21 0x00000003 0xb95efe28
0xb95efe10: 0xb95efe38 0xbdbe2f7d 0x00006710 0x00000000
0xb95efe20: 0xb95efe28 0xb95efe38 0xffffffff 0xffffffff
0xb95efe30: 0xffffffff 0xffffffff 0x00000000 0x00000000
0xb95efe40: 0x00000000 0x00000000 0x46464646 0x00000000
0xb95efe50: 0xb95efe70 0x08051660 0x00000000 0xb95eff20
0xb95efe60: 0xb95efe80 0x08049922 0x08051660 0x0804d308
0xb95efe70: 0xb95efe98 0x08051660 0xb95efe98 0x00008000
0xb95efe80: 0xb95eff60 0x0804a2b0 0x0804d308 0xb95efe98
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb)
(gdb) x/512 0xb95ef910
0xb95ef910: 0x4000000c 0x2b 0x2b 0x2b
0xb95ef920: 0x2e 0x0 0x0 0x0
0xb95ef930: 0x0 0x2b 0xbfc0002b 0x200000
0xb95ef940: 0x0 0xb95ef910 0xb9400000 0xb95efc30
0xb95ef950: 0x2b 0xbdbe97b0 <pthread__static_lib_binder+240> 0xb95efca8 0xb95efc50
0xb95ef960: 0xb95efc34 0xbdbe97b0 <pthread__static_lib_binder+240> 0x0 0xbdbde11c <pthread__switch_return_point>
0xb95ef970: 0x0 0x3 0xb95ef904 0xbdb5dcbf <getuid+7>
0xb95ef980: 0x127f 0x0 0x0 0x0
0xb95ef990: 0x0 0x0 0xbdbde11b <pthread__switch+91> 0xb95ef9c0
0xb95ef9a0: 0x0 0x0 0x0 0x0
0xb95ef9b0: 0x0 0x0 0x0 0x0
0xb95ef9c0: 0x2e 0x0 0x0 0x0
0xb95ef9d0: 0x0 0x0 0xbfc00000 0x200000
0xb95ef9e0: 0x0 0x2b 0x2b 0x2b
0xb95ef9f0: 0x2b 0xb9400000 0xb9400000 0xb95efcf0
0xb95efa00: 0xb95efcd4 0xbdbe97b0 <pthread__static_lib_binder+240> 0xbba00000 0xb95efdc8
0xb95efa10: 0xbdbea200 <pthread__debug_counters> 0x3 0x0 0xbdbde0c0 <pthread__switch>
0xb95efa20: 0x23 0x206 0xb95efcd4 0x2b
0xb95efa30: 0x127f 0x0 0x0 0x0
0xb95efa40: 0x0 0x0 0x1f80 0xffff
0xb95efa50: 0x0 0x0 0x0 0x0
0xb95efa60: 0x0 0x0 0x0 0x0
0xb95efa70: 0x0 0x0 0x0 0x0
0xb95efa80: 0x0 0x0 0x0 0x0
0xb95efa90: 0x0 0x0 0x0 0x0
0xb95efaa0: 0xe35a14bd 0xaabaa0e3 0x3fff 0x0
0xb95efab0: 0x0 0x800bf600 0x4015 0x0
0xb95efac0: 0x0 0x0 0x0 0x0
0xb95efad0: 0x0 0x0 0x0 0x0
0xb95efae0: 0x0 0x0 0x0 0x0
0xb95efaf0: 0x0 0x0 0x0 0x0
0xb95efb00: 0x0 0x0 0x0 0x0
0xb95efb10: 0x0 0x0 0x0 0x0
0xb95efb20: 0x0 0x0 0x0 0x0
0xb95efb30: 0x0 0x0 0x0 0x0
0xb95efb40: 0x0 0x0 0x0 0x0
0xb95efb50: 0x0 0x0 0x0 0x0
0xb95efb60: 0x0 0x0 0x0 0x0
0xb95efb70: 0x0 0x0 0x0 0x0
0xb95efb80: 0x0 0x0 0x0 0x0
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb)
>How-To-Repeat:
>Fix:
>Unformatted: