libkse and bus error

Sun Nov 23 10:48:41 PST 2003

As a separate data point, I'm seeing occasional bus errors on some of my own code, also in pthread_testcancel.  If I could find a way to reproduce it, I'd post, but there I haven't found any consistent way to make it happen.

-Chris

________________________________

From: owner-freebsd-threads at freebsd.org on behalf of Morten Rodal
Sent: Sun 11/23/2003 11:23 AM
To: Daniel Eischen
Cc: threads at freebsd.org
Subject: Re: libkse and bus error

Morten Rodal wrote: 
> Daniel Eischen wrote: 
> 
>> On Sun, 19 Oct 2003, Morten Rodal wrote: 
>> 
>>> On Sun, Oct 19, 2003 at 02:16:27PM -0400, Daniel Eischen wrote: 
>>> 
>>>> On Sun, 19 Oct 2003, Morten Rodal wrote: 
>>>> 
>>>>> I seem to be able to crash almost every pthread program that uses 
>>>>> pthread_mutex'es.  First I thought it was a problem with 
>>>>> pthread_testcancel(), until I compiled libkse with DEBUG_FLAGS=-g on 
>>>>> one of machines. 
>>>>> 
>>>>> Backtrace from a machine with DEBUG_FLAGS=-g and libkse: 
>>>>> 
>>>>> #0  0x28e6ed1b in kse_thr_interrupt () at {standard input}:15 
>>>>> #1  0x28e5f990 in _thr_sig_add (pthread=0x81fab00, sig=136293172, 
>>>>> info=0x0) 
>>>>>    at /usr/src/lib/libpthread/thread/thr_sig.c:885 
>>>>> #2  0x28e687cb in kse_check_completed (kse=0x81fab00) 
>>>>>    at /usr/src/lib/libpthread/thread/thr_kern.c:1558 
>>>>> #3  0x28e6721c in kse_sched_multi (kmbx=0x17e) 
>>>>>    at /usr/src/lib/libpthread/thread/thr_kern.c:1021 
>>>> 
>>>> 
>>>> This is a problem.  The mailbox pointer is invalid. 
>>>> 
>>> 
>>> I thought it looked a bit strange.  Any clues to what might have 
>>> caused this? 
>> 
>> 
>> 
>> When I've seen it before, it's when %gs becomes corrupted.  Nvidia 
>> uses static ldt allocation and this can screw things up.  If you 
>> are getting any static ldt allocations out of the kernel, that is 
>> the problem. 
>> 
> 
> I hate to rip up in old mails, but I am now able to crash Mozilla 
> Firebird at command.  It dies with the same strange traceback as I got 
> with dc++ (which this thread originally addressed). 
> 
> When ordering a airplane ticket from www.scandinavian.net Mozilla 
> Firebird will crash when confirming the payment with a signal 10. This 
> happens on three completly different computers; 
> 
>  * Dual Pentium II 300MHz, libkse, kernel from Nov 19 
>  * Pentium III 933MHz, libkse, kernel from Nov  3 
>  * Pentium 4 1.7GHz, libkse, kernel from Nov 21 
> 
> Only the Dual Pentium is running nvidia drivers.  The others are running 
> X11 drivers. 
> 
> All of them produce a MozillaFirebird-bin.core which has this backtrace 
> (cut down to an absolute minimum since it is rather huge): 
> 
> #0  0x288c2ebb in pthread_testcancel () from /usr/lib/libkse.so.1 
> #1  0x288bc91b in pthread_mutexattr_init () from /usr/lib/libkse.so.1 
> #2  0x288bb36c in pthread_mutexattr_init () from /usr/lib/libkse.so.1 
> #3  0x09b8d000 in ?? () 
> #4  0x283c5cac in gtk_widget_hide () from 
> /usr/X11R6/lib/libgtk-x11-2.0.so.200 
> 
> I will recompile libkse with DEBUG_FLAGS=-g and see if I cant get any 
> more accurate info than this. 
> 

Backtrace with debugging symbols in libkse: 

#0  0x288c2f4b in kse_thr_interrupt () at /var/tmp//cc4HnJI9.s:15 
#1  0x288b3b3d in _thr_sig_add (pthread=0x805e000, sig=134574132, info=0x0) 
     at /usr/src/lib/libpthread/thread/thr_sig.c:885 
#2  0x288bc9ab in kse_check_completed (kse=0x8057000) 
     at /usr/src/lib/libpthread/thread/thr_kern.c:1558 
#3  0x288bb3fc in kse_sched_multi (kmbx=0x17e) 
     at /usr/src/lib/libpthread/thread/thr_kern.c:1021 
#4  0x08287000 in ?? () 
#5  0x283c5cac in gtk_widget_hide () from 
/usr/X11R6/lib/libgtk-x11-2.0.so.200 

This is taken from the Pentium III machine, which has a ATI card with 
X11 drivers.  I have never seen any mention of usage of static ldt 
entries in the dmesg. 

-- 
Morten Rodal 