NetBSD Problem Report #42787
From mark@ecs.vuw.ac.nz Thu Feb 11 07:15:47 2010
Return-Path: <mark@ecs.vuw.ac.nz>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id 28B9363B896
for <gnats-bugs@gnats.NetBSD.org>; Thu, 11 Feb 2010 07:15:47 +0000 (UTC)
Message-Id: <201002110715.o1B7FfMO019100@turakirae.ecs.vuw.ac.nz>
Date: Thu, 11 Feb 2010 20:15:41 +1300 (NZDT)
From: mark@ecs.vuw.ac.nz
Reply-To: mark@ecs.vuw.ac.nz
To: gnats-bugs@gnats.NetBSD.org
Subject: short assember program panics system
X-Send-Pr-Version: 3.95
>Number: 42787
>Category: port-i386
>Synopsis: short assember program panics system
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: port-i386-maintainer
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Feb 11 07:20:00 +0000 2010
>Closed-Date: Sat Feb 20 20:06:01 +0000 2010
>Last-Modified: Sat Feb 20 20:06:01 +0000 2010
>Originator: Mark Davies
>Release: NetBSD 5.0_STABLE
>Organization:
ECS, Victoria Uni. of Wellington, New Zealand.
>Environment:
System: NetBSD turakirae.ecs.vuw.ac.nz 5.0_STABLE NetBSD 5.0_STABLE (ECS_WORKSTATION) #6: Fri Jan 29 14:49:01 NZDT 2010 mark@turakirae.ecs.vuw.ac.nz:/local/SAVE/build.obj/src/work/5/src/sys/arch/i386/compile/ECS_WORKSTATION i386
Architecture: i386
Machine: i386
>Description:
While looking at assembler tutorials for use in a course one of our
lecturers was working through the examples in
http://www.muppetlabs.com/~breadbox/software/tiny/teensy.html
Running the 4 line assembler program from page 5 causes the machine
to panic with
kernel: supervisor trap page fault, code = 0
stopped in pid 1180.1(a.out) at netbsd:alltraps+0x9d: mov 0(%esp),%gs
>How-To-Repeat:
Create a file "tiny.asm" with this content:
; tiny.asm
BITS 32
GLOBAL _start
SECTION .text
_start:
mov eax, 1
mov ebx, 42
int 0x80
Build and run with
nasm -f elf tiny.asm
ld -s tiny.o
./a.out
Watch the machine fall over.
>Fix:
Don't know.
>Release-Note:
>Audit-Trail:
From: Mark Davies <mark@ecs.vuw.ac.nz>
To: gnats-bugs@netbsd.org, Martin Husemann <martin@duskware.de>
Cc:
Subject: Re: port-i386/42787: short assember program panics system
Date: Thu, 11 Feb 2010 23:22:02 +1300
--Boundary-00=_Lp9cLc3WfXl7PCM
Content-Type: Text/Plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
On Thursday 11 February 2010 22:11:02 you wrote:
> > kernel: supervisor trap page fault, code = 0
> > stopped in pid 1180.1(a.out) at netbsd:alltraps+0x9d: mov 0(%esp),%gs
>
> Could you add a backtrace from that panic and/or make the binary
> available?
I don't have a working keyboard in ddb on the machines I tried this on so
ddb.commandonenter=bt produced:
uvm_fault(0xc09ad100, 0xcd7f7000, 1) -> 0xe
fatal page fault in supervisor mode
trap type 6 code 0 eip c010cbcd cs 8 eftags 10246 cr2 cd7f7080 .level0
kernel: supervisor trap page fault, code = 0
stopped in pid 653.1(a.out) at netbsd:alltraps+0x9d: mov 0(%esp),%gs
the 324 byte binary is attached.
cheers
mark
--Boundary-00=_Lp9cLc3WfXl7PCM
Content-Type: application/x-executable;
name="a.out"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="a.out"
f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAAgIAECDQAAACkAAAAAAAAADQAIAABACgABAADAAEAAAAA
AAAAAIAECACABAiMAAAAjAAAAAUAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAC4AQAAALsqAAAAzYAALnNoc3RydGFiAC50ZXh0AC5ic3MAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwAAAAEAAAAGAAAAgIAECIAAAAAMAAAA
AAAAAAAAAAAQAAAAAAAAABEAAAAIAAAAAQAAAIyQBAiMAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAB
AAAAAwAAAAAAAAAAAAAAjAAAABYAAAAAAAAAAAAAAAEAAAAAAAAA
--Boundary-00=_Lp9cLc3WfXl7PCM--
From: Matthias Drochner <M.Drochner@fz-juelich.de>
To: <mark@ecs.vuw.ac.nz>
Cc: <gnats-bugs@netbsd.org>, <martin@duskware.de>
Subject: Re: port-i386/42787: short assember program panics system
Date: Thu, 11 Feb 2010 16:51:40 +0100
--==_Exmh_17032476277530
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
To check whether it is a native or an emulation issue,
can you try to add an ident section, like in the appended file?
best regards
Matthias
---------------------------------------------------------------------------=
---------------------
---------------------------------------------------------------------------=
---------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
---------------------------------------------------------------------------=
---------------------
---------------------------------------------------------------------------=
---------------------
--==_Exmh_17032476277530
Content-Type: text/plain; name="tiny.asm"; charset="us-ascii"
Content-Description: tiny.asm
Content-Disposition: attachment; filename="tiny.asm"
BITS 32
SECTION .note.netbsd.ident
dd 7,4,1
db "NetBSD",0
align 4
dd 500000000
GLOBAL _start
SECTION .text
_start:
mov eax, 1
mov ebx, 42
int 0x80
--==_Exmh_17032476277530--
From: Mark Davies <mark@ecs.vuw.ac.nz>
To: M.Drochner@fz-juelich.de
Cc: gnats-bugs@netbsd.org, martin@duskware.de
Subject: Re: port-i386/42787: short assember program panics system
Date: Fri, 12 Feb 2010 08:43:44 +1300
On Friday 12 February 2010 04:51:40 you wrote:
> To check whether it is a native or an emulation issue,
> can you try to add an ident section, like in the appended file?
With the ident section it doesn't crash - so its an emulation issue.
cheers
mark
From: Matthias Drochner <M.Drochner@fz-juelich.de>
To: Mark Davies <mark@ecs.vuw.ac.nz>
Cc: <gnats-bugs@netbsd.org>, <martin@duskware.de>
Subject: Re: port-i386/42787: short assember program panics system
Date: Thu, 11 Feb 2010 23:41:01 +0100
mark@ecs.vuw.ac.nz said:
> With the ident section it doesn't crash - so its an emulation issue.
OK -- now it would be interesting to know which
emulation triggers this.
I couldn't reproduce the problem so far because I couldn't
even get the executable to execute (without the .ident),
neither on -current nor on a box running some pre-5.0 snapshot.
So either I didn't pull in the right emulation options, or
the exec format probing of that emulation got stricter between 5.0
and -current.
So can you either instrument the kernel or try with kernels
which less emulations enabled to narrow this down?
best regards
Matthias
---------------------------------------------------------------------------=
---------------------
---------------------------------------------------------------------------=
---------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
---------------------------------------------------------------------------=
---------------------
---------------------------------------------------------------------------=
---------------------
From: Mark Davies <mark@ecs.vuw.ac.nz>
To: M.Drochner@fz-juelich.de
Cc: gnats-bugs@netbsd.org, martin@duskware.de
Subject: Re: port-i386/42787: short assember program panics system
Date: Sat, 13 Feb 2010 10:25:06 +1300
On Friday 12 February 2010 11:41:01 Matthias Drochner wrote:
> OK -- now it would be interesting to know which
> emulation triggers this.
Looks like its COMPAT_SVR4
cheers
mark
From: Matthias Drochner <drochner@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/42787 CVS commit: src/sys/arch/i386/i386
Date: Sun, 14 Feb 2010 11:09:55 +0000
Module Name: src
Committed By: drochner
Date: Sun Feb 14 11:09:54 UTC 2010
Modified Files:
src/sys/arch/i386/i386: ibcs2_machdep.c svr4_machdep.c
Log Message:
fix confused CS selector, fixes the panic reported by Mark Davis
per PR port-i386/42787 (the panic happens due to a GPF when a
privileged descriptor is tried to be loaded with the UPL bit set)
The original bug is very old (pre-2.0, i386/svr4_machdep.c rev. 1.69),
but it was relatively harmless until the order of GDT entries was
shuffled (pre-5.0, i386/segments.h rev. 1.42). Before, it caused
a userlevel data selector to be used for CS which broke the emulation
(likely the reason of PR port-i386/32424). The shuffle made that
a privileged selector was used, causing the GPF.
(recent -current doesn't panic on that GPF which seems to be a
side effect of another change)
To generate a diff of this commit:
cvs rdiff -u -r1.39 -r1.40 src/sys/arch/i386/i386/ibcs2_machdep.c
cvs rdiff -u -r1.95 -r1.96 src/sys/arch/i386/i386/svr4_machdep.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Markus W Kilbinger <mk@kilbi.de>
To: gnats-bugs@NetBSD.org
Cc: port-i386-maintainer@netbsd.org,
gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org,
mark@ecs.vuw.ac.nz
Subject: Re: PR/42787 CVS commit: src/sys/arch/i386/i386
Date: Mon, 15 Feb 2010 10:21:45 +0100
>>>>> "Matthias" == Matthias Drochner <drochner@netbsd.org> writes:
Matthias> Module Name: src Committed By: drochner Date: Sun Feb
Matthias> 14 11:09:54 UTC 2010
Matthias> To generate a diff of this commit:
Matthias> cvs rdiff -u -r1.39 -r1.40 src/sys/arch/i386/i386/ibcs2_machdep.c
Matthias> cvs rdiff -u -r1.95 -r1.96 src/sys/arch/i386/i386/svr4_machdep.c
Will this be pulled up to netbsd-5?
Maybe it helps PR #42585, too...
Markus.
From: David Holland <dholland-bugs@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: PR/42787 CVS commit: src/sys/arch/i386/i386
Date: Mon, 15 Feb 2010 19:06:10 +0000
On Mon, Feb 15, 2010 at 09:25:02AM +0000, Markus W Kilbinger wrote:
> Maybe it helps PR #42585, too...
That was in compat_linux...
--
David A. Holland
dholland@netbsd.org
From: Matthias Drochner <M.Drochner@fz-juelich.de>
To: <mk@kilbi.de>
Cc: <gnats-bugs@NetBSD.org>
Subject: Re: PR/42787 CVS commit: src/sys/arch/i386/i386
Date: Tue, 16 Feb 2010 12:17:34 +0100
david@l8s.co.uk said:
> Will this be pulled up to netbsd-5?
Yes, I'll request a pullup in a minute.
> Maybe it helps PR #42585, too...
No, as David said, this is unrelated.
best regards
Matthias
---------------------------------------------------------------------------=
---------------------
---------------------------------------------------------------------------=
---------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzende des Aufsichtsrats: MinDir'in Baerbel Brumme-Bothe
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
---------------------------------------------------------------------------=
---------------------
---------------------------------------------------------------------------=
---------------------
From: Manuel Bouyer <bouyer@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/42787 CVS commit: [netbsd-5] src/sys/arch/i386/i386
Date: Tue, 16 Feb 2010 21:24:15 +0000
Module Name: src
Committed By: bouyer
Date: Tue Feb 16 21:24:15 UTC 2010
Modified Files:
src/sys/arch/i386/i386 [netbsd-5]: ibcs2_machdep.c svr4_machdep.c
Log Message:
Pull up following revision(s) (requested by drochner in ticket #1307):
sys/arch/i386/i386/svr4_machdep.c: revision 1.96
sys/arch/i386/i386/ibcs2_machdep.c: revision 1.40
fix confused CS selector, fixes the panic reported by Mark Davis
per PR port-i386/42787 (the panic happens due to a GPF when a
privileged descriptor is tried to be loaded with the UPL bit set)
The original bug is very old (pre-2.0, i386/svr4_machdep.c rev. 1.69),
but it was relatively harmless until the order of GDT entries was
shuffled (pre-5.0, i386/segments.h rev. 1.42). Before, it caused
a userlevel data selector to be used for CS which broke the emulation
(likely the reason of PR port-i386/32424). The shuffle made that
a privileged selector was used, causing the GPF.
(recent -current doesn't panic on that GPF which seems to be a
side effect of another change)
To generate a diff of this commit:
cvs rdiff -u -r1.36 -r1.36.10.1 src/sys/arch/i386/i386/ibcs2_machdep.c
cvs rdiff -u -r1.92 -r1.92.4.1 src/sys/arch/i386/i386/svr4_machdep.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Manuel Bouyer <bouyer@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/42787 CVS commit: [netbsd-5-0] src/sys/arch/i386/i386
Date: Tue, 16 Feb 2010 21:24:22 +0000
Module Name: src
Committed By: bouyer
Date: Tue Feb 16 21:24:22 UTC 2010
Modified Files:
src/sys/arch/i386/i386 [netbsd-5-0]: ibcs2_machdep.c svr4_machdep.c
Log Message:
Pull up following revision(s) (requested by drochner in ticket #1307):
sys/arch/i386/i386/svr4_machdep.c: revision 1.96
sys/arch/i386/i386/ibcs2_machdep.c: revision 1.40
fix confused CS selector, fixes the panic reported by Mark Davis
per PR port-i386/42787 (the panic happens due to a GPF when a
privileged descriptor is tried to be loaded with the UPL bit set)
The original bug is very old (pre-2.0, i386/svr4_machdep.c rev. 1.69),
but it was relatively harmless until the order of GDT entries was
shuffled (pre-5.0, i386/segments.h rev. 1.42). Before, it caused
a userlevel data selector to be used for CS which broke the emulation
(likely the reason of PR port-i386/32424). The shuffle made that
a privileged selector was used, causing the GPF.
(recent -current doesn't panic on that GPF which seems to be a
side effect of another change)
To generate a diff of this commit:
cvs rdiff -u -r1.36 -r1.36.16.1 src/sys/arch/i386/i386/ibcs2_machdep.c
cvs rdiff -u -r1.92 -r1.92.6.1 src/sys/arch/i386/i386/svr4_machdep.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Sat, 20 Feb 2010 20:06:01 +0000
State-Changed-Why:
Fixed and pulled up. Thanks for bringing this to our attention...
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home