KSE/ia64: NULL thread pointer in _thr_sig_add()

David Xu davidxu at viatech.com.cn
Sun Aug 10 23:30:26 PDT 2003 

----- Original Message ----- 
From: "Marcel Moolenaar" <marcel at xcllnt.net>
To: <threads at FreeBSD.org>
Sent: Monday, August 11, 2003 8:10 AM
Subject: KSE/ia64: NULL thread pointer in _thr_sig_add()


> Gang,
> 
> There seems to be a bug in libkse where we dereference the thread
> pointer in situations where it's NULL. I suspect this bug is
> specific to platforms that have per-thread thread pointers. I
> have some rough gdb(1) support to help out with the analysis:
> 
> itanium% /nfs/gnu/obj/gdb/gdb kse kse.core
> GNU gdb 5.3
> Copyright 2002 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for details.
> This GDB was configured as "ia64-unknown-freebsd5.1"...
> Core was generated by `kse'.
> Program terminated with signal 4, Illegal instruction.
> #0  _thr_sig_add (pthread=0x600000000010e000, sig=11, info=0x6000000000112a40)
>     at /nfs/freebsd/5.x/src/lib/libpthread/arch/ia64/include/pthread_md.h:189
> 189             return (_tcb->tcb_thread);
> (gdb) l
> 184     }
> 185
> 186     static __inline struct pthread *
> 187     _get_curthread(void)
> 188     {
> 189             return (_tcb->tcb_thread);
> 190     }
> 191
> 192     /*
> 193      * Get the current kse.
> (gdb) bt
> #0  _thr_sig_add (pthread=0x6000000000172000, sig=11, info=0x6000000000176a40)
>     at /nfs/freebsd/5.x/src/lib/libpthread/arch/ia64/include/pthread_md.h:189
> #1  0x40000000000099e0 in kse_check_completed (kse=0x600000000001a000)
>     at /nfs/freebsd/5.x/src/lib/libpthread/thread/thr_kern.c:1556
> #2  0x40000000000063c0 in kse_sched_multi (kmbx=0x600000000001a000)
>     at /nfs/freebsd/5.x/src/lib/libpthread/thread/thr_kern.c:1001
> #3  0x0000000000000000 in ?? ()
> 
> The illegal instruction fault is caused by a NULL thread pointer:
> 
> Dump of assembler code for function _thr_sig_add:
> 0x400000000001eac0 <_thr_sig_add>:      [MII]       alloc r40=ar.pfs,13,10,0
> 0x400000000001eac1 <_thr_sig_add+1>:                adds r12=-80,r12
> 0x400000000001eac2 <_thr_sig_add+2>:                mov r41=r1
> 0x400000000001ead0 <_thr_sig_add+16>:   [MII]       nop.m 0x0
> 0x400000000001ead1 <_thr_sig_add+17>:               mov r39=b0
> 0x400000000001ead2 <_thr_sig_add+18>:               mov r38=r0
> 0x400000000001eae0 <_thr_sig_add+32>:   [MMI]       adds r14=-32,r13;;
> 0x400000000001eae1 <_thr_sig_add+33>:               ld8 r16=[r14]
> 
> The fault is given on the last instruction if the disassembly
> given above (the thread pointer is r13):
> 
> (gdb) info register r13
> r13            0x0      0
> (gdb) info register r14
> r14            0xffffffffffffffe0       -32
> 
> Q: Shouldn't we call _tcb_set() somewhere in the code stream to make
> sure we have a valid thread pointer?
> 

I have a patch trying to fix the problem, I haven't tested it,
http://people.freebsd.org/~davidxu/kse/thr_kern.c.diff
I think some calls of kse_set_curthread is bogus, Dan might need to
rethink it.

> -- 
>  Marcel Moolenaar   USPA: A-39004 marcel at xcllnt.net
> _______________________________________________
> freebsd-threads at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-threads
> To unsubscribe, send any mail to "freebsd-threads-unsubscribe at freebsd.org"

More information about the freebsd-threads mailing list