NetBSD Problem Report #52696
From martin@duskware.de Sat Nov 4 17:34:10 2017
Return-Path: <martin@duskware.de>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 96AC67A17B
for <gnats-bugs@gnats.NetBSD.org>; Sat, 4 Nov 2017 17:34:10 +0000 (UTC)
From: martin@NetBSD.org
Reply-To: martin@NetBSD.org
To: gnats-bugs@NetBSD.org
Subject: SMAP breaks -current
X-Send-Pr-Version: 3.95
>Number: 52696
>Category: port-amd64
>Synopsis: exec related crash in -current
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: port-amd64-maintainer
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Nov 04 17:35:00 +0000 2017
>Closed-Date: Fri Feb 09 09:48:13 +0000 2018
>Last-Modified: Fri Feb 09 09:48:13 +0000 2018
>Originator: Martin Husemann
>Release: NetBSD 8.99.5
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD 8.99.5 (GENERIC) #165: Sat Nov 4 18:16:58 CET 2017 martin@seven-days-to-the-wolves.aprisoft.de:/work/src/sys/arch/amd64/com
pile/GENERIC
Architecture: x86_64
Machine: amd64
>Description:
Trying to build a kernel I instantly get:
panic: prevented access to 0x800 (SMAP)
fatal breakpoint trap in supervisor mode
trap type 1 code 0 rip 0xffffffff8021cf75 cs 0x8 rflags 0x246 cr2 0x800 ilevel 0
rsp 0xffffe4011e38a850
curlwp 0xffffe4041a65f080 pid 865.1 lowest kstack 0xffffe4011e3882c0
db{3}> bt
breakpoint() at netbsd:breakpoint+0x5
vpanic() at netbsd:vpanic+0x140
snprintf() at netbsd:snprintf
trap() at netbsd:trap+0xa5f
--- trap (number 6) ---
pmap_create() at netbsd:pmap_create+0x134
uvmspace_init() at netbsd:uvmspace_init+0x84
uvmspace_alloc() at netbsd:uvmspace_alloc+0x3e
uvmspace_exec() at netbsd:uvmspace_exec+0x3f
execve_runproc() at netbsd:execve_runproc+0x4a0
execve1() at netbsd:execve1+0x3f
syscall() at netbsd:syscall+0x1bc
--- syscall (number 59) ---
>How-To-Repeat:
Try to build a kernel on -current.
>Fix:
n/a
>Release-Note:
>Audit-Trail:
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: port-amd64/52696: SMAP breaks -current
Date: Sat, 4 Nov 2017 19:49:51 +0100
(gdb) list *(pmap_create+0x134)
0xffffffff8023f887 is in pmap_create (../../../../arch/x86/x86/pmap.c:2361).
2356 try_again:
2357 pmap->pm_pdir = pool_cache_get(&pmap_pdp_cache, PR_WAITOK);
2358
2359 mutex_enter(&pmaps_lock);
2360
2361 if (pmap->pm_pdir[PDIR_SLOT_KERN + nkptp[PTP_LEVELS - 1] - 1] == 0) {
2362 mutex_exit(&pmaps_lock);
cpuctl identify:
cpu0: highest basic info 00000006
cpu0: highest extended info 8000001b
cpu0: "AMD Phenom(tm) II X6 1075T Processor"
cpu0: AMD Family 10h (686-class), 3010.15 MHz
cpu0: family 0x10 model 0xa stepping 0 (id 0x100fa0)
cpu0: features 0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE>
cpu0: features 0x178bfbff<MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT>
cpu0: features1 0x802009<SSE3,MONITOR,CX16,POPCNT>
cpu0: features2 0xefd3fbff<SYSCALL/SYSRET,NOX,MMXX,FFXSR,P1GB,RDTSCP,LONG>
cpu0: features2 0xefd3fbff<3DNOW2,3DNOW>
cpu0: features3 0x37ff<LAHF,CMPLEGACY,SVM,EAPIC,ALTMOVCR0,LZCNT,SSE4A>
cpu0: features3 0x37ff<MISALIGNSSE,3DNOWPREFETCH,OSVW,IBS,SKINIT,WDT>
cpu0: I-cache 64KB 64B/line 2-way, D-cache 64KB 64B/line 2-way
cpu0: L2 cache 512KB 64B/line 16-way
cpu0: L3 cache 6MB 64B/line 48-way
cpu0: ITLB 32 4KB entries fully associative, 16 2MB entries fully associative
cpu0: DTLB 48 4KB entries fully associative, 48 2MB entries fully associative
cpu0: L2 ITLB 512 4KB entries 4-way
cpu0: L2 DTLB 512 4KB entries 4-way, 128 2MB entries 2-way
cpu0: L1 1GB page DTLB 48 1GB entries fully associative
cpu0: L2 1GB page DTLB 16 1GB entries 8-way
cpu0: Initial APIC ID 0
cpu0: AMD Power Management features: 0x3f9<TS,TTP,HTC,STC,100,HWP,TSC,CPB>
cpu0: SVM Rev. 1
cpu0: SVM NASID 64
cpu0: SVM features 0x40f<NP,LbrVirt,SVML,NRIPS,PauseFilter>
cpu0: UCode version: 0x10000bf
Will try to reproduce and get a crashdump next time...
Martin
From: Kamil Rytarowski <n54@gmx.com>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: port-amd64/52696: SMAP breaks -current
Date: Sat, 4 Nov 2017 20:57:30 +0100
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--ou7ilod1VpGJK9jo3cVsNbQGxU0a6wIsC
Content-Type: multipart/mixed; boundary="Mh1dNcukLPV1NFRGiMvEWkbb8U8spxwtx";
protected-headers="v1"
From: Kamil Rytarowski <n54@gmx.com>
To: gnats-bugs@NetBSD.org
Message-ID: <1722de8e-9c5c-7a7a-98af-8705c653da25@gmx.com>
Subject: Re: port-amd64/52696: SMAP breaks -current
References: <pr-port-amd64-52696@gnats.netbsd.org>
<20171104185001.2F56B7A1EC@mollari.NetBSD.org>
In-Reply-To: <20171104185001.2F56B7A1EC@mollari.NetBSD.org>
--Mh1dNcukLPV1NFRGiMvEWkbb8U8spxwtx
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
I've reproduced panic on boot.
Panict string was related to PMAP/UVM subsystem. After reboot I had no
core file or spurs of it in dmesg.
chieftec$ uname -a
NetBSD chieftec 8.99.5 NetBSD 8.99.5 (GENERIC) #3: Sat Nov 4 19:26:03
CET 2017
root@chieftec:/public/netbsd-root/sys/arch/amd64/compile/GENERIC amd64
chieftec$ cpuctl identify 0
Cannot bind to target CPU. Output may not accurately describe the target=
=2E
Run as root to allow binding.
cpu0: highest basic info 0000000d
cpu0: highest extended info 80000008
cpu0: "Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz"
cpu0: Intel Xeon E3-1200v2 and 3rd gen core, Ivy Bridge (686-class),
3392.46 MHz
cpu0: family 0x6 model 0x3a stepping 0x9 (id 0x306a9)
cpu0: features
0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE>
cpu0: features
0xbfebfbff<MCA,CMOV,PAT,PSE36,CLFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2>
cpu0: features 0xbfebfbff<SS,HTT,TM,SBF>
cpu0: features1 0x7fbae3ff<SSE3,PCLMULQDQ,DTES64,MONITOR,DS-CPL,VMX,SMX,E=
ST>
cpu0: features1 0x7fbae3ff<TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE41,SSE42,X2AP=
IC>
cpu0: features1
0x7fbae3ff<POPCNT,DEADLINE,AES,XSAVE,OSXSAVE,AVX,F16C,RDRAND>
cpu0: features2 0x28100800<SYSCALL/SYSRET,XD,RDTSCP,EM64T>
cpu0: features3 0x1<LAHF>
cpu0: features5 0x281<FSGSBASE,SMEP,ERMS>
cpu0: xsave features 0x7<x87,SSE,AVX>
cpu0: xsave instructions 0x1<XSAVEOPT>
cpu0: xsave area size: current 832, maximum 832, xgetbv enabled
cpu0: enabled xsave 0x7<x87,SSE,AVX>
cpu0: I-cache 32KB 64B/line 8-way, D-cache 32KB 64B/line 8-way
cpu0: L2 cache 256KB 64B/line 8-way
cpu0: L3 cache 8MB 64B/line 16-way
cpu0: 64B prefetching
cpu0: ITLB 64 4KB entries 4-way, 2M/4M: 8 entries
cpu0: DTLB 64 4KB entries 4-way, 2M/4M: 32 entries (L0)
cpu0: L2 STLB 512 4KB entries 4-way
cpu0: Initial APIC ID 0
cpu0: Cluster/Package ID 0
cpu0: Core ID 0
cpu0: SMT ID 0
cpu0: DSPM-eax 0x77<DTS,IDA,ARAT,PLN,ECMD,PTM>
cpu0: DSPM-ecx 0x9<HWF,EPB>
cpu0: SEF highest subleaf 00000000
cpu0: microcode version 0x15, platform ID 1
--Mh1dNcukLPV1NFRGiMvEWkbb8U8spxwtx--
--ou7ilod1VpGJK9jo3cVsNbQGxU0a6wIsC
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJZ/huwAAoJEEuzCOmwLnZsx3gP/RVs+Cl3j/7PP3MIOQFMOZNI
4g0p1ZfISbltbU3nv/Qxm4w/QX2iBZCoj8USpAdeNMOvhqXceMkq+SqYU3oqFaGv
AyJcPt7OwfBOAZkttluzk+TpO94D0IhF6+BzV+Lvzngb4FfER/mRfMnYE4NIpva1
RuWPhVdJ2Fy0AGXRtIpFKg9ghKNAWCSWMcx6PK0MPaIqPxOTES+fr0dWTtQwLZSi
WWz+ywayiE7HCXbf8nn0j07SYmxzjo6/ex2+JITdelYV60qgPuMt3m07++7pzPt3
ZU72crFfFgtihZ2ImJL4FREy9c0qhPOakhfH8iwdXiNsGydZHL0qSL1o1plPlxMK
dni5mseQngtJn/wfBNmRGVIl+eJ9ZCfDnQ7R8yUXZBoy4hoat9lLqZbW5i2q/1HU
AT7NyElTa6Es8xqeF8n5oSB9HZz65ARPjSgxkNbUB/mCMe+2DAN5+wHUQvpM7MOr
M92RzNPezbQZP7pjl4xaS2P2oJJa0aC+jbkfvEZ94Xetyu3Z1OBUAzz4IgAZbQt1
e4ZfFdGpr1f7Wah/2BTcWiSHZ3+MjfiDocO+4fpeUGlpA7bQtV1P5w0CDOe+g2Bi
Is2iDBAKx23nc/mpxe2vn57aF5UAtEw/WMsQnXbK6m2NYd9Jlw+4RtpDL9GkKcdT
ecCOdFIZxmDn0qcJB4X2
=NIfL
-----END PGP SIGNATURE-----
--ou7ilod1VpGJK9jo3cVsNbQGxU0a6wIsC--
From: Kamil Rytarowski <n54@gmx.com>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: port-amd64/52696: SMAP breaks -current
Date: Sun, 5 Nov 2017 04:11:18 +0100
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--FwsdgU8AkbTF9PtVBkIBeBg1OAM9t9Xra
Content-Type: multipart/mixed; boundary="xevXnM26Gn43aka3qrUKOdLbDSuMfxsU9";
protected-headers="v1"
From: Kamil Rytarowski <n54@gmx.com>
To: gnats-bugs@NetBSD.org
Message-ID: <6feed1ad-d710-b5f4-7df8-64c6bdd1acb2@gmx.com>
Subject: Re: port-amd64/52696: SMAP breaks -current
References: <pr-port-amd64-52696@gnats.netbsd.org>
<20171104185001.2F56B7A1EC@mollari.NetBSD.org>
<1722de8e-9c5c-7a7a-98af-8705c653da25@gmx.com>
In-Reply-To: <1722de8e-9c5c-7a7a-98af-8705c653da25@gmx.com>
--xevXnM26Gn43aka3qrUKOdLbDSuMfxsU9
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Another panic (today 3rd):
387 void *
388 kmem_alloc(size_t size, km_flag_t kmflags)
389 {
390 void *v;
391
392 KASSERTMSG((!cpu_intr_p() && !cpu_softintr_p()),
393 "kmem(9) should not be used from the interrupt context");
394 v =3D kmem_intr_alloc(size, kmflags);
395 KASSERT(v || (kmflags & KM_NOSLEEP) !=3D 0); /// <-- fired
396 return v;
397 }
-- src/sys/kern/subr_kmem.c
backtrace:
http://netbsd.org/~kamil/panic/IMG00092.JPG
--xevXnM26Gn43aka3qrUKOdLbDSuMfxsU9--
--FwsdgU8AkbTF9PtVBkIBeBg1OAM9t9Xra
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJZ/oFcAAoJEEuzCOmwLnZsGJoQALU6naOj/9HU+96PzRzEkyuP
o4ClpO5ToWrcYgBTJlR3Z9xP6z+mSk+NPyVS+4I7GZEK/vNbDZF1FMe1MgET7CJI
WKrSDF6e1CcgbdXm4JtbS+fZZvqA6UHz91fDz8xnqe+ONcdcthysgT8V8X6vH2iw
Y93NEgFp+dbgMGW8y5RJyqL+5gQWCHIEv9MzUMJ04AGhvQ+zaU0suwtv8n7oLjMm
pE1ltGlBkadi5M+NDQYiMw8i+a/gcqje2LPdFeuq9+2OmmJW/jSYTGiBLRMQrKqb
wiUBtnTiiA7ucQCOohhtbj7fxOMwF+I58E/Yl25tImRzvWlzvvCMwe0X8x1HCebD
CnxcnUBeBUdlVsAgFAsN255sO6YLI49s9Qkvb5Td9OOyIEmKjkbLpRpMNHbjR1b/
8e1MXuHDQZb2e5L0X1ew1gQlyc1nkEGnie5Dwjo7axuSwZZKI1zj/7XYJ2wNRfTp
8HFYjN1rCdhWz6XM6uL9DDeiYEU51v/f1B2AGljX3nEbWAu/HdrgqOEtx8exfxcy
QxWWS4z8s5Ki0y9PBaQa3Efm7sBbnbspHXnMFTUUYb7t8L8NEz0wlUvx6Wc+16Vv
zpiob4WrjwG0AZhlPKz2Z2axDHfJ5z1h25lZWQgWiloeR+jctVbNOMBqjWEziAYY
HYng9D6kmFSQIuMpfJUD
=+oXr
-----END PGP SIGNATURE-----
--FwsdgU8AkbTF9PtVBkIBeBg1OAM9t9Xra--
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: port-amd64/52696: exec related crash in -current
Date: Sun, 5 Nov 2017 11:05:37 +0100
Something seems to be overwriting the exec args pool, this crash happened
when firing off a massive parallel build.
Martin
From: Martin Husemann <martin@duskware.de>
To: Kamil Rytarowski <n54@gmx.com>
Cc: gnats-bugs@NetBSD.org
Subject: Re: port-amd64/52696: SMAP breaks -current
Date: Sun, 5 Nov 2017 11:01:58 +0100
On Sun, Nov 05, 2017 at 03:10:00AM +0000, Kamil Rytarowski wrote:
> 391
> 392 KASSERTMSG((!cpu_intr_p() && !cpu_softintr_p()),
> 393 "kmem(9) should not be used from the interrupt context");
> 394 v =3D kmem_intr_alloc(size, kmflags);
> 395 KASSERT(v || (kmflags & KM_NOSLEEP) !=3D 0); /// <-- fired
Please do not collect random panics in a PR, it makes it hard to close when
(like) two out of four are fixed.
Martin
From: Kamil Rytarowski <n54@gmx.com>
To: Martin Husemann <martin@duskware.de>
Cc: gnats-bugs@NetBSD.org
Subject: Re: port-amd64/52696: SMAP breaks -current
Date: Sun, 5 Nov 2017 17:15:33 +0100
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--tlOvmPOXXsdXEBuV0MCQO965Tr9U9K5h3
Content-Type: multipart/mixed; boundary="ij2q7Npnn1Rhn74td8fJsHJxHX0w5Jgc0";
protected-headers="v1"
From: Kamil Rytarowski <n54@gmx.com>
To: Martin Husemann <martin@duskware.de>
Cc: gnats-bugs@NetBSD.org
Message-ID: <9129948c-fad1-7687-9645-244393b397aa@gmx.com>
Subject: Re: port-amd64/52696: SMAP breaks -current
References: <pr-port-amd64-52696@gnats.netbsd.org>
<20171105031000.BA7137A1DE@mollari.NetBSD.org>
<20171105100158.GB988@mail.duskware.de>
In-Reply-To: <20171105100158.GB988@mail.duskware.de>
--ij2q7Npnn1Rhn74td8fJsHJxHX0w5Jgc0
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
On 05.11.2017 11:01, Martin Husemann wrote:
> On Sun, Nov 05, 2017 at 03:10:00AM +0000, Kamil Rytarowski wrote:
>> 391
>> 392 KASSERTMSG((!cpu_intr_p() && !cpu_softintr_p()),
>> 393 "kmem(9) should not be used from the interrupt context")=
;
>> 394 v =3D3D kmem_intr_alloc(size, kmflags);
>> 395 KASSERT(v || (kmflags & KM_NOSLEEP) !=3D3D 0); /// <-- fired=
>=20
> Please do not collect random panics in a PR, it makes it hard to close =
when
> (like) two out of four are fixed.
>=20
> Martin
>=20
I was observing interleaved two types of panics with SMAP/SMEP messages
and similar to this mentioned above in KASSERT()s. The previous ones
weren't archived (no core creation successful, this time I took a photo).=
I can imagine that returning NULL from an allocator can trigger
SMAP/SMEP failure.
The above one has been fixed:
Module Name: src
Committed By: mlelstv
Date: Sun Nov 5 07:49:45 UTC 2017
Modified Files:
src/sys/kern: subr_pool.c
Log Message:
pool_grow can now fail even when sleeping is ok. Catch this case in pool_=
get
and retry.
To generate a diff of this commit:
cvs rdiff -u -r1.209 -r1.210 src/sys/kern/subr_pool.c
--ij2q7Npnn1Rhn74td8fJsHJxHX0w5Jgc0--
--tlOvmPOXXsdXEBuV0MCQO965Tr9U9K5h3
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQJABAEBCAAqFiEELaxVpweEzw+lMDwuS7MI6bAudmwFAln/OSYMHG41NEBnbXgu
Y29tAAoJEEuzCOmwLnZsZ3kQALYWB3LX4QnXWiAtd21mfsAlrzqvwO76etdk4o7n
k58ckD8tIV2aTcW/XKpucXmhFZeZkbKGNEYU4ELM9pTkRcXcBgXnnsNZ579cdDWk
9/7k6XtfhNyCMoOOOVKCGG5mNbtsnQhBR+L7JkahJd4WOiKotJ9I3t/JCM3ok9WL
pE+MoPCQY0qLy4Cqe6BTgqNUX+5cUDNIXuyw7BiAQsvmJVaa0391OkSkXDUtOznb
XB+2RxhF6XWeV9SInIKZqRHUxjF5WFI3U4NadFjSUUIVYilrARgZvNrWkJ8XpK36
D5jdGNJRLNfMy5OXGCwV2SK7BKft192jORB7YPXtCgm5isxP71V9nJed6ryrQ60u
7/Z9WYCHn2308LxHevRSwQI/9u0cCgjVYzFoLDdSwCunJsssQdFAjkFX5Mj1kyvw
zslPq/oENC0s5LT4J2SupkCigh7NWlxQoM1hAK8wp7zF3DpVSJg149R4oZK1sCdX
Z/dGc7A7Dn1OlJMGmncxc9a4GLI81dSPyo9mxx/i+eOejRkImzG8d5nPknD+XY0s
S9ujFTtmqKwd6v23C3byVhgp7s6xM1p5983+EozWL/t4DJMY7zUWcmBGp5Y8t7Ik
nKdhdHgPJofa20PADcckSTX4eopnpc0Tn6j1dCtssO49a2bONGmeE2RjCYIgxfzz
z1vL
=ImrS
-----END PGP SIGNATURE-----
--tlOvmPOXXsdXEBuV0MCQO965Tr9U9K5h3--
State-Changed-From-To: open->closed
State-Changed-By: martin@NetBSD.org
State-Changed-When: Fri, 09 Feb 2018 09:48:13 +0000
State-Changed-Why:
This has been fixed
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home