Hide Forgot
libreport version: 2.0.8 abrt_version: 2.0.7 backtrace_rating: 4 cmdline: atlantis -root crash_function: slow2 executable: /usr/libexec/xscreensaver/atlantis kernel: 3.3.0-4.fc16.x86_64 pid: 3018 pwd: /home/fabian reason: Process /usr/libexec/xscreensaver/atlantis was killed by signal 11 (SIGSEGV) time: lun 09 abr 2012 19:43:05 ART uid: 1000 username: fabian xsession_errors: xscreensaver: 19:43:05: 0: child pid 3018 (atlantis) terminated with signal 11. backtrace: Text file, 106227 bytes maps: Text file, 17677 bytes build_ids: :7343d35696ce251688ece0a26e457e61ca805cfd :1c6a95451ee19617be5abea3d121f0226d21ddda :dc998e8c1e1dc44c684b9b86e753945a868e134a :fd8a00c88eb1fd6872e45001f9ed4e5c6172995e :f6c579b56080c9f819289e84629816eec09165cb :8f97b7e8e322ddce21f364b96e6752d4719fe0f3 :e3c88cb9ea428bd61f4064dbd53acae2d396a1ec :83ecebde12fbdca06b42acb8020b6bd3add804ea :e730cb9963ad0687288086b805011b2ee2216ca8 :d0c6e13f00a20952a72a945c929efb175fd760e3 :3ba5302e34546a45e9a85ac3429e7bc6ed624011 :46ba746e6b57754a4cfae0c9db662e687d692b7a :638db099ff5fb986d1a092629d1bb1dca5be4904 :e5429e0905bedecc534b057783916ba43e06a66e :36a149d1e2c29890b616402f6bc5e3f69ca2738e :578e66700318d8cec8e5f03778c434743a55e153 :1a212c7f1515542b310ba92f6109efc9b5bf2b6e :aaff54d66aa533d6cf7f22582420a7edc69aea67 :0f0c9eed63ed279ceb0aef109eff8bcbb351e4bb :25b834f4c4dc534708635ff1064e2fe02a366a62 :163b323da65b708418226eb5fa8b057c731d1475 :bb442681cac85880538d218a90e4969a57ca6888 :48aea888319e1848137073c9cbde54a4c2a731c9 :4b4285058f7f6b39b7e7c45df83fd36c6833bfe4 :40dc5e32f96a3d6d6728301becc415c9af4a68bb :dacf32a9a2f2b5077ba944e7b835cca6f637f78f :4c842320387ff7f6f91b7842b223c16518be909f :399acd228adedc75aae4d2e35d1e7c26aa7089f3 :71abd4ec83f255a0767af3be2dda73455bbc2ad9 :b9d3a4213a482d034bebc7dc1ed2901a734a894d :7994f114cf7189e482f2665fae8e351ed8bc05e3 :3bbe4d98714c66cda2944cd39900eea5d348df18 :e2d68a0ee0872365dcc8c6640b7cd7b94c8276f2 :040f78c63e49df93936f710287bdc74ae83111c0 :104acb94d709263f8e1e4b2381829551aeb4dc32 :4eef8d712372d96004bac84956a6890146772f5f :a0c04c3f1026a6ab4f2f4c7334655b5392074417 :75eaece6e0d1e075520cdfad5c398fdab4370846 :0d039828591f6fe108db1d5458ca340cbfc4ff6d :ee2f04900ae1f07517d91eba300ef385fccab1b8 :50e0538b22a0baf6f774534e80192f74c75ab1f5 :11e343f1da2a0c5c61502657909b8c4fe5e21b72 dso_list: :/lib64/libm-2.14.90.so glibc-2.14.90-24.fc16.6.x86_64 (Fedora Project) 1333084308 :/usr/lib64/libxcb.so.1.1.0 libxcb-1.7-3.fc16.x86_64 (Fedora Project) 1320287358 :/usr/lib64/libdrm.so.2.4.0 libdrm-2.4.30-1.fc16.x86_64 (Fedora Project) 1333084869 :/usr/lib64/libgdk_pixbuf-2.0.so.0.2400.1 gdk-pixbuf2-2.24.1-1.fc16.x86_64 (Fedora Project) 1333084349 :/usr/lib64/llvm/libLLVM-2.9.so llvm-libs-2.9-9.fc16.x86_64 (Fedora Project) 1333124225 :/lib64/libresolv-2.14.90.so glibc-2.14.90-24.fc16.6.x86_64 (Fedora Project) 1333084308 :/usr/lib64/libffi.so.5.0.10 libffi-3.0.10-1.fc16.x86_64 (Fedora Project) 1320287359 :/usr/lib64/libGL.so.1.2 mesa-libGL-7.11.2-3.fc16.x86_64 (Fedora Project) 1333084874 :/lib64/libgobject-2.0.so.0.3000.3 glib2-2.30.3-1.fc16.x86_64 (Fedora Project) 1333124223 :/usr/lib64/dri/nouveau_dri.so mesa-dri-drivers-7.11.2-3.fc16.x86_64 (Fedora Project) 1333084874 :/usr/lib64/libSM.so.6.0.1 libSM-1.2.0-2.fc15.x86_64 (Fedora Project) 1320287357 :/lib64/libpthread-2.14.90.so glibc-2.14.90-24.fc16.6.x86_64 (Fedora Project) 1333084308 :/lib64/libexpat.so.1.5.2 expat-2.0.1-11.fc15.x86_64 (Fedora Project) 1320287357 :/usr/lib64/libXfixes.so.3.1.0 libXfixes-5.0-1.fc16.x86_64 (Fedora Project) 1320287358 :/lib64/libgio-2.0.so.0.3000.3 glib2-2.30.3-1.fc16.x86_64 (Fedora Project) 1333124223 :/lib64/libglib-2.0.so.0.3000.3 glib2-2.30.3-1.fc16.x86_64 (Fedora Project) 1333124223 :/usr/lib64/libX11.so.6.3.0 libX11-1.4.3-1.fc16.x86_64 (Fedora Project) 1320287358 :/usr/lib64/libXdamage.so.1.1.0 libXdamage-1.1.3-2.fc15.x86_64 (Fedora Project) 1320287358 :/lib64/libdl-2.14.90.so glibc-2.14.90-24.fc16.6.x86_64 (Fedora Project) 1333084308 :/usr/lib64/libgdk_pixbuf_xlib-2.0.so.0.2400.1 gdk-pixbuf2-2.24.1-1.fc16.x86_64 (Fedora Project) 1333084349 :/usr/lib64/libpng12.so.0.48.0 libpng-2:1.2.48-1.fc16.x86_64 (Fedora Project) 1333084325 :/lib64/libuuid.so.1.3.0 libuuid-2.20.1-2.2.fc16.x86_64 (Fedora Project) 1333084329 :/usr/libexec/xscreensaver/atlantis xscreensaver-gl-extras-1:5.15-3.fc16.x86_64 (Fedora Project) 1333084882 :/usr/lib64/libGLU.so.1.3.071100 mesa-libGLU-7.11.2-3.fc16.x86_64 (Fedora Project) 1333084880 :/lib64/libc-2.14.90.so glibc-2.14.90-24.fc16.6.x86_64 (Fedora Project) 1333084308 :/lib64/librt-2.14.90.so glibc-2.14.90-24.fc16.6.x86_64 (Fedora Project) 1333084308 :/usr/lib64/libICE.so.6.3.0 libICE-1.0.7-1.fc16.x86_64 (Fedora Project) 1320287357 :/usr/lib64/libXxf86vm.so.1.0.0 libXxf86vm-1.1.1-2.fc15.x86_64 (Fedora Project) 1320287358 :/usr/lib64/libXau.so.6.0.0 libXau-1.0.6-2.fc15.x86_64 (Fedora Project) 1320287358 :/lib64/libgcc_s-4.6.3-20120306.so.1 libgcc-4.6.3-2.fc16.x86_64 (Fedora Project) 1333084218 :/lib64/libz.so.1.2.5 zlib-1.2.5-6.fc16.x86_64 (Fedora Project) 1333084311 :/usr/lib64/libXpm.so.4.11.0 libXpm-3.5.8-3.fc15.x86_64 (Fedora Project) 1320287358 :/lib64/ld-2.14.90.so glibc-2.14.90-24.fc16.6.x86_64 (Fedora Project) 1333084308 :/usr/lib64/libXext.so.6.4.0 libXext-1.3.0-1.fc16.x86_64 (Fedora Project) 1333084316 :/usr/lib64/gdk-pixbuf-2.0/2.10.0/loaders/libpixbufloader-xpm.so gdk-pixbuf2-2.24.1-1.fc16.x86_64 (Fedora Project) 1333084349 :/usr/lib64/libstdc++.so.6.0.16 libstdc++-4.6.3-2.fc16.x86_64 (Fedora Project) 1333084315 :/lib64/libgthread-2.0.so.0.3000.3 glib2-2.30.3-1.fc16.x86_64 (Fedora Project) 1333124223 :/usr/lib64/libdrm_nouveau.so.1.0.0 libdrm-2.4.30-1.fc16.x86_64 (Fedora Project) 1333084869 :/lib64/libgmodule-2.0.so.0.3000.3 glib2-2.30.3-1.fc16.x86_64 (Fedora Project) 1333124223 :/usr/lib64/libXt.so.6.0.0 libXt-1.1.1-1.fc16.x86_64 (Fedora Project) 1320287358 :/lib64/libselinux.so.1 libselinux-2.1.6-6.fc16.x86_64 (Fedora Project) 1333084310 :/usr/lib64/libXmu.so.6.2.0 libXmu-1.1.0-2.fc15.x86_64 (Fedora Project) 1320287358 environ: :XDG_VTNR=1 :XDG_SESSION_ID=2 :SSH_AGENT_PID=1742 :HOSTNAME=fabianpc1 :IMSETTINGS_INTEGRATE_DESKTOP=yes :GPG_AGENT_INFO=/home/fabian/.gnupg/S.gpg-agent:1764:1 :GLADE_PIXMAP_PATH=: :XDG_MENU_PREFIX=xfce- :TERM=dumb :SHELL=/bin/bash :HISTSIZE=1000 :XDG_SESSION_COOKIE=97d98437a4a53b20bcaec2f20000000f-1334000899.981920-656393230 :GNOME_KEYRING_CONTROL=/tmp/keyring-lAs3I2 :IMSETTINGS_MODULE=none :USER=fabian :GLADE_MODULE_PATH=: :SSH_AUTH_SOCK=/tmp/ssh-HwzeLrjy1610/agent.1610 :USERNAME=fabian :XDG_CONFIG_DIRS=/etc/xdg :MAIL=/var/spool/mail/fabian :DESKTOP_SESSION=xfce :PATH=/usr/libexec/xscreensaver:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/fabian/.local/bin:/home/fabian/bin :QT_IM_MODULE=xim :PWD=/home/fabian :XMODIFIERS=@im=none :KDE_IS_PRELINKED=1 :LANG=es_ES.UTF-8 :GNOME_KEYRING_PID=1606 :KDEDIRS=/usr :GDMSESSION=xfce :SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass :HISTCONTROL=ignoredups :SHLVL=2 :XDG_SEAT=seat0 :HOME=/home/fabian :LOGNAME=fabian :DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-X8ARWzE9HV,guid=6cc497f085c3d2769ac310cf00000043 :XDG_DATA_DIRS=/usr/local/share:/usr/share :'LESSOPEN=||/usr/bin/lesspipe.sh %s' :WINDOWPATH=1 :DISPLAY=:0.0 :XDG_RUNTIME_DIR=/run/user/fabian :GLADE_CATALOG_PATH=: :LIBGLADE_MODULE_PATH=: :XAUTHORITY=/var/run/gdm/auth-for-fabian-LBI4qS/database :_=/usr/bin/xscreensaver :XSCREENSAVER_WINDOW=0x800008 smolt_data: : : :General :================================= :UUID: 12879aad-ba83-4708-b825-5b24ff3f1b85 :SO: Fedora release 16 (Verne) :Nivel de ejecución por defecto: Unknown :Idioma: es_ES.UTF-8 :Plataforma: x86_64 :BogoMIPS: 5415.37 :Fabricante de CPU: AuthenticAMD :Modelo de CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ :Paso del UCP: 2 :Familia de UCP: 15 :Número de Modelo de CPU: 107 :Número de CPUs: 2 :Velocidad del CPU: 2700 :Memoria del Sistema: 3955 :Intercambio (swap) del Sistema: 99 :Vendedor: System manufacturer :Sistema: System Product Name System Version :Factor de forma: Desktop :Kernel: 3.3.0-4.fc16.x86_64 :SELinux Habilitado: 1 :Política de SELinux: targeted :SELinux Obligado: Enforcing :MythTV Remote: Unknown :MythTV Role: Unknown :MythTV Theme: Unknown :MythTV Plugin: :MythTV Tuner: -1 : : :Dispositivos :================================= :(4098:22908:4163:33619) pci, pcieport, PCI/PCI, RD790 PCI to PCI bridge (PCI express gpp port C) :(4098:17296:4163:33519) pci, ahci, STORAGE, M3A78-EH Motherboard :(4281:21049:4281:21049) pci, ehci_hcd, USB, ASRock 939Dual-SATA2 Motherboard :(4281:21047:4281:21047) pci, ohci_hcd, USB, ASRock 939Dual-SATA2 Motherboard :(4098:22871:4163:33619) pci, None, HOST/PCI, RX780/RX790 Chipset Host Bridge :(4281:21047:4281:21047) pci, ohci_hcd, USB, ASRock 939Dual-SATA2 Motherboard :(4281:21047:4281:21047) pci, ohci_hcd, USB, ASRock 939Dual-SATA2 Motherboard :(4098:22904:4163:33619) pci, pcieport, PCI/PCI, RD790 PCI to PCI bridge (external gfx0 port A) :(4332:33128:4163:33669) pci, r8169, ETHERNET, RTL8111/8168B PCI Express Gigabit Ethernet controller :(4130:4352:0:0) pci, None, HOST/PCI, K8 [Athlon64/Opteron] HyperTransport Technology Configuration :(4130:4355:0:0) pci, k8temp, HOST/PCI, K8 [Athlon64/Opteron] Miscellaneous Control :(4130:4354:0:0) pci, None, HOST/PCI, K8 [Athlon64/Opteron] DRAM Controller :(4130:4353:0:0) pci, None, HOST/PCI, K8 [Athlon64/Opteron] Address Map :(4098:17308:4163:33519) pci, pata_atiixp, STORAGE, M3A78-EH Motherboard :(4098:17285:4163:33519) pci, None, SERIAL, M3A78-EH Motherboard :(4098:17309:4163:33519) pci, None, PCI/ISA, M3A78-EH Motherboard :(4098:17283:4163:33659) pci, snd_hda_intel, MULTIMEDIA, SBx00 Azalia (Intel HDA) :(4098:17305:4163:33519) pci, ohci_hcd, USB, M3A78-EH Motherboard :(4098:17284:0:0) pci, None, PCI/PCI, SBx00 PCI to PCI Bridge :(4332:33081:4332:33081) pci, 8139too, ETHERNET, RTL-8139/8139C/8139C+ :(4098:17302:4163:33519) pci, ehci_hcd, USB, M3A78-EH Motherboard :(4318:1058:5762:8978) pci, nouveau, VIDEO, G86 [GeForce 8400 GS] :(4098:17303:4163:33519) pci, ohci_hcd, USB, M3A78-EH Motherboard :(4098:17304:4163:33519) pci, ohci_hcd, USB, M3A78-EH Motherboard :(4098:17302:4163:33519) pci, ehci_hcd, USB, M3A78-EH Motherboard :(4098:17304:4163:33519) pci, ohci_hcd, USB, M3A78-EH Motherboard :(4098:17303:4163:33519) pci, ohci_hcd, USB, M3A78-EH Motherboard : : :Información relacionada con el sistema de archivos :================================= :device mtpt type bsize frsize blocks bfree bavail file ffree favail :------------------------------------------------------------------- :/dev/sda1 / ext4 4096 4096 39007942 34261115 33870753 9764864 9490887 9490887 :/dev/sdb1 WITHHELD fuseblk 4096 4096 39072255 22979199 22979199 92047868 91925215 91925215 : var_log_messages: :Apr 9 19:43:05 fabianpc1 kernel: [10552.857276] atlantis[3018]: segfault at 38fb439040 ip 000000358681ce80 sp 00007fff8127a430 error 4 in libm-2.14.90.so[3586800000+83000] :Apr 9 19:43:05 fabianpc1 abrt[3020]: Saved core dump of pid 3018 (/usr/libexec/xscreensaver/atlantis) to /var/spool/abrt/ccpp-2012-04-09-19:43:05-3018 (21540864 bytes)
Created attachment 576334 [details] File: maps
Created attachment 576335 [details] File: backtrace
Looks like calling sin(-1.5705) caused segfault?? Once asking glibc maintainer for help.
Well, I certainly can't trigger that behaviour with the obvious testcase. It's possible the -1.5707 isn't the actual value causing the problem. What's strange here is for -1.5705 we shouldn't get into the "slow2" routine to start with, at least not with my testing. Once in slow2, the actual fault occurs because an index to the sin/cos table is out of range. => 0x000000358681ce80 <+3104>: movsd (%rax,%rcx,8),%xmm14 rax 0x35868725c0 229890270656 rcx 0x6e978d50 1855425872 $rax corresponds to the sin/cos table; $rcx should be the index into the table. The effective address is $rcx * 8 + rax, 0x35fb439040 which isn't part of any mapped area. The table ought to be contained within this address range: 3586800000-3586883000 r-xp 00000000 08:01 3793 /lib64/libm-2.14.90.so Looking backwards from the fault we have: 0x000000358681ce6b <+3083>: movslq %edx,%rcx $rdx has the value: rdx 0x6e978d50 1855425872 Continuing working backwards in the insn stream we have: 0x000000358681ce57 <+3063>: mov 0x8(%rsp),%rdx 0x000000358681ce68 <+3080>: shl $0x2,%edx Which looks like a standard index computation using whatever was at $rsp + 0x8. 0x000000358681ce4c <+3052>: movsd %xmm1,0x8(%rsp) Where %xmm1 is the result of arithmetic on other xmm regs. Unfortunately the backtrace file doesn't include the xmm register data. Is there still a core file anywhere we could use to extract that information? The core file would also tell us if -1.5705 is the actual value causing the problem or some value very close to -1.5705. FWIW, I can't trigger the failure using -1.5705. Is there any chance the rounding mode has been changed by atlantis or its component libraries?
*** Bug 810687 has been marked as a duplicate of this bug. ***
*** Bug 808846 has been marked as a duplicate of this bug. ***
*** Bug 808847 has been marked as a duplicate of this bug. ***
*** Bug 810684 has been marked as a duplicate of this bug. ***
Could you possibly bundle up the contents of /var/spool/abrt and attach them to this BZ or send it to me privately (law). There's information I need to debug this further that is in those files but not provided by abrt.
Inserted blank DVD+R. Selected Open CD/DVD Creator at prompt. Was working in CD/DVD Creator when ABRT displayed gnome-system-monitor crash message. backtrace_rating: 4 Package: gnome-system-monitor-3.2.1-2.fc16 OS Release: Fedora release 16 (Verne)
Created attachment 578769 [details] File: backtrace
Bob, what I really need are the contents of /var/spool/abrt. The backtraces produced by the abrt tool are missing information that is critical to fully analyzing this problem. I really can't make any more progress without the actual core dumps.
*** Bug 813724 has been marked as a duplicate of this bug. ***
Bob sent me a core dump offline and it's been very helpful, but I still don't know exactly what's happening. The analysis will be specific to the core dump Bob sent, but I'm confident the whatever the underlying problem is common to all these bug reports. Looking at the relevant source in sin.c we have: 134 else if (k < 0x400368fd ) { 136 y = (m>0)? hp0.x-x:hp0.x+x; 137 if (y>=0) { 138 u.x = big.x+y; 139 y = (y-(u.x-big.x))+hp1.x; 140 } [ ... ] 148 k=u.i[LOW_HALF]<<2; 149 sn=sincos.x[k]; 150 ssn=sincos.x[k+1]; 151 cs=sincos.x[k+2]; 152 ccs=sincos.x[k+3]; It's worth noting line #136, #138 & #148. I'm actually going to work backwards from the fault point which occurs when we access the sincos array. The fault is because of an out-of-range memory access due to a bogus index into the sincos array. 0x3679c1c4e8 <__sin+648>: shl $0x2,%edx [ ... ] 0x3679c1c50f <__sin+687>: lea 0x2(%rdx),%esi [ ... ] 0x3679c1c528 <__sin+712>: movslq %esi,%rsi => 0x3679c1c52b <__sin+715>: movsd (%rax,%rsi,8),%xmm14 $rsi has the value: $65 = 0xffffffffe0b5cd9a $rsi was set at __sin+712 where %esi the value: $67 = 0xe0b5cd9a %rsi was set at __sin+687 where %rdx had the value $68 = 0xe0b5cd98 %rdx had been set at _sin+648 and we can deduce its prior value to be $73 = 0x382d7366 ($68 >> 2) The value in %edx should come from __sin+2645: 0x3679c1cc98 <__sin+2616>: movapd %xmm1,%xmm0 0x3679c1cc9c <__sin+2620>: movsd 0x2855b(%rip),%xmm12 # 0x3679c45200 <hpi1> 0x3679c1cca5 <__sin+2629>: addsd %xmm11,%xmm0 0x3679c1ccaa <__sin+2634>: movsd %xmm0,0x8(%rsp) 0x3679c1ccb0 <__sin+2640>: subsd %xmm11,%xmm0 0x3679c1ccb5 <__sin+2645>: mov 0x8(%rsp),%rdx 0x3679c1ccba <__sin+2650>: subsd %xmm0,%xmm1 0x3679c1ccbe <__sin+2654>: addsd %xmm12,%xmm1 0x3679c1ccc3 <__sin+2659>: jmpq 0x3679c1c4e3 <__sin+643> And the value *($sp + 8) is: 0x7fffe144fec8: 0x382d7366 We can see that *(sp + 8) was set from $xmm0, which is unfortunate as $xmm0 can't be recovered. However, $xmm11 is still available and is particularly interesting. $xmm11 should be the value "big" as set at __sin+569: 0x3679c1c499 <__sin+569>: movsd 0x560ee(%rip),%xmm11 # 0x3679c72590 <big> 0x3679c1c4a2 <__sin+578>: ucomisd %xmm3,%xmm1 0x3679c1c4a6 <__sin+582>: jae 0x3679c1cc98 <__sin+2616> (gdb) p $xmm11 $74 = {v4_float = {0, 0, 0, 0}, v2_double = {0, 0}, v16_int8 = { 0 <repeats 16 times>}, v8_int16 = {0, 0, 0, 0, 0, 0, 0, 0}, v4_int32 = {0, 0, 0, 0}, v2_int64 = {0, 0}, uint128 = 0} And to verify the value of big in memory is correct: (gdb) p big $75 = {i = {0, 1120403456}, x = 52776558133248} (gdb) p &big $76 = (const mynumber *) 0x3679c72590 Yow! I've confirmed there should be no path from when we set $xmm11 to using it for "big" where it could possibly be clobbered. This is very significant. Continuing the process of working backwards: The value at *(sp + 8) is (gdb) p *(double *)($sp + 8) $61 = 0.52359877559829893 Which coincidentally is hp0.x - x (see line #136) (gdb) p hp0.x - x $78 = 0.52359877559829893 Which is exactly the value I would expect given the incorrect value in $xmm11. So in effect, by clobbering $xmm11 line #138 becomes a copy from y into u.x. The only conclusion I can reach given this data is that something has clobbered the value of $xmm11 between the point where we loaded it at address sin+569 and its use at sin+2629. It's the clobbering of $xmm11 which causes the computations to produce the wrong result, ultimately producing a wrong index into the sincos array. Now it may look like sin+569 to sin+2629 is a large window. But in terms of actual instructions executed it's just 6 actual instructions (after loading $xmm11 we branch to sin+2616). This really looks like register $xmm11 is getting clobbered by another thread/process and not getting properly restored by the kernel. The 2 reporters are using an AMD 5200 and AMD 4200 (there's 4 reports, but 2 unique reporters). So perhaps it's something specific to that line of AMD processors. Reassigning to the kernel team. I can be contacted offline for the core dump used in this analysis.
Does this start with a particular kernel version? There was a big rework of the x86 FPU layers by Linus recently.
related to bug 810668 ?
can you reproduce this with the current kernel update ?