NetBSD Problem Report #54913
From www@netbsd.org Sat Feb 1 11:31:34 2020
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 1130C7A166
for <gnats-bugs@gnats.NetBSD.org>; Sat, 1 Feb 2020 11:31:34 +0000 (UTC)
Message-Id: <20200201113132.D8CF87A1E0@mollari.NetBSD.org>
Date: Sat, 1 Feb 2020 11:31:32 +0000 (UTC)
From: n54@gmx.com
Reply-To: n54@gmx.com
To: gnats-bugs@NetBSD.org
Subject: fexecve(2) panics in chroot(8)
X-Send-Pr-Version: www-1.0
>Number: 54913
>Category: kern
>Synopsis: fexecve(2) panics in chroot(8)
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Feb 01 11:35:00 +0000 2020
>Closed-Date: Mon Aug 17 21:25:58 +0000 2020
>Last-Modified: Mon Aug 17 21:25:58 +0000 2020
>Originator: Kamil Rytarowski
>Release: 9.99.44 NetBSD/amd64
>Organization:
TNF
>Environment:
9.99.44 NetBSD/amd64
>Description:
Try to enter chroot and run tests.
I have got null mounted /dev, /dev/pts and /tmp in the chroot environment.
kernel diagnostic assert "rpath != NULL" failed: file kern/kern_exec.c line 326
check_exec()
exec_script_makecmds()
check_exec()
execve_loadvm()
execve1()
sys_fexecve()
syscall()
kernel/t_fexecve (100/849): 2 test cases
fexecve_elf: [0.059260s] Passed.
fexecve_script
>How-To-Repeat:
cd /usr/tests/kernel
atf-run | atf-report
kernel/t_fexecve (100/849): 2 test cases
fexecve_elf: [0.059260s] Passed.
fexecve_script .... panic
>Fix:
N/A
>Release-Note:
>Audit-Trail:
From: Christos Zoulas <christos@zoulas.com>
To: gnats-bugs@netbsd.org
Cc: kern-bug-people@netbsd.org,
gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org
Subject: Re: kern/54913: fexecve(2) panics in chroot(8)
Date: Sat, 1 Feb 2020 14:28:18 -0500
--Apple-Mail=_E61C2FF9-21BC-4346-815D-0A1321C3E030
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
[2:27pm] 1846#chroot root /bin/sh
# ls
bin goodbye hello lib t_fexecve usr
dev h_fexecve hello.c libexec tmp
# df
Filesystem 1024-blocks Used Avail %Cap Mounted on
/dev 335807 228001 91016 71% /dev
/dev/pts 1 1 0 100% /dev/pts
/bin 335807 228001 91016 71% /bin
/libexec 335807 228001 91016 71% /libexec
/lib 335807 228001 91016 71% /lib
/usr 32880996 26826674 4410274 85% /usr
/dev/sd0h 121987988 92245192 23643398 79% /
# ./t_fexecve fexecve_script
t_fexecve: WARNING: Running test cases without atf-run(1) is unsupported
t_fexecve: WARNING: No isolation nor timeout control is being applied; =
you may get unexpected failures; see atf-test-case(4)
Executing command [ chmod +x goodbye ]
Executing command [ ./h_fexecve ./goodbye ]
passed
# ./t_fexecve fexecve_elf
t_fexecve: WARNING: Running test cases without atf-run(1) is unsupported
t_fexecve: WARNING: No isolation nor timeout control is being applied; =
you may get unexpected failures; see atf-test-case(4)
Executing command [ cc -o hello hello.c ]
Executing command [ ./h_fexecve ./hello ]
passed
#
--Apple-Mail=_E61C2FF9-21BC-4346-815D-0A1321C3E030
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iF0EARECAB0WIQS+BJlbqPkO0MDBdsRxESqxbLM7OgUCXjXRUgAKCRBxESqxbLM7
OgupAJ9/DWeZGFmlDaKFwqDmpRAOhOP1VQCfbrChveVLeyB1uWvny7tZja4xkJ8=
=XX2x
-----END PGP SIGNATURE-----
--Apple-Mail=_E61C2FF9-21BC-4346-815D-0A1321C3E030--
From: Kamil Rytarowski <n54@gmx.com>
To: gnats-bugs@netbsd.org, Santhosh Raju <fox@netbsd.org>
Cc:
Subject: Re: kern/54913: fexecve(2) panics in chroot(8)
Date: Mon, 10 Feb 2020 08:40:33 +0100
On 01.02.2020 20:30, Christos Zoulas wrote:
> The following reply was made to PR kern/54913; it has been noted by GNAT=
S.
>
> From: Christos Zoulas <christos@zoulas.com>
> To: gnats-bugs@netbsd.org
> Cc: kern-bug-people@netbsd.org,
> gnats-admin@netbsd.org,
> netbsd-bugs@netbsd.org
> Subject: Re: kern/54913: fexecve(2) panics in chroot(8)
> Date: Sat, 1 Feb 2020 14:28:18 -0500
>
> --Apple-Mail=3D_E61C2FF9-21BC-4346-815D-0A1321C3E030
> Content-Transfer-Encoding: quoted-printable
> Content-Type: text/plain;
> charset=3Dus-ascii
>
> [2:27pm] 1846#chroot root /bin/sh
> # ls
> bin goodbye hello lib t_fexecve usr
> dev h_fexecve hello.c libexec tmp
> # df
> Filesystem 1024-blocks Used Avail %Cap Mounted on
> /dev 335807 228001 91016 71% /dev
> /dev/pts 1 1 0 100% /dev/pts
> /bin 335807 228001 91016 71% /bin
> /libexec 335807 228001 91016 71% /libexec
> /lib 335807 228001 91016 71% /lib
> /usr 32880996 26826674 4410274 85% /usr
> /dev/sd0h 121987988 92245192 23643398 79% /
> # ./t_fexecve fexecve_script
> t_fexecve: WARNING: Running test cases without atf-run(1) is unsupporte=
d
> t_fexecve: WARNING: No isolation nor timeout control is being applied; =
=3D
> you may get unexpected failures; see atf-test-case(4)
> Executing command [ chmod +x goodbye ]
> Executing command [ ./h_fexecve ./goodbye ]
> passed
> # ./t_fexecve fexecve_elf
> t_fexecve: WARNING: Running test cases without atf-run(1) is unsupporte=
d
> t_fexecve: WARNING: No isolation nor timeout control is being applied; =
=3D
> you may get unexpected failures; see atf-test-case(4)
> Executing command [ cc -o hello hello.c ]
> Executing command [ ./h_fexecve ./hello ]
> passed
> #
>
This reproducible for me always.
fox@ also reproduced it (his backtrace):
[ 24695.5921175] panic: kernel diagnostic assertion "rpath !=3D NULL"
failed: file "/home/source/ab/HEAD/src/sys/kern/kern_exec.c", line 326
[ 24695.5921175] cpu3: Begin traceback...
[ 24695.6021339] vpanic() at netbsd:vpanic+0x178
[ 24695.6021339] kern_assert() at netbsd:kern_assert+0x48
[ 24695.6021339] check_exec() at netbsd:check_exec+0x4ea
[ 24695.6021339] exec_script_makecmds() at netbsd:exec_script_makecmds+0x2=
ee
[ 24695.6021339] check_exec() at netbsd:check_exec+0x400
[ 24695.6121372] execve_loadvm() at netbsd:execve_loadvm+0x217
[ 24695.6121372] execve1() at netbsd:execve1+0x3b
[ 24695.6121372] sys_fexecve() at netbsd:sys_fexecve+0x23
[ 24695.6121372] syscall() at netbsd:syscall+0x299
[ 24695.6121372] --- syscall (number 465) ---
[ 24695.6221587] 7f6aea5490ea:
[ 24695.6221587] cpu3: End traceback...
[ 24695.6221587] dumping to dev 19,1 (offset=3D8, size=3D2097055):
[ 24695.6221587] dump fatal page fault in supervisor mode
[ 24695.7423287] trap type 6 code 0 rip 0xffffffff80e41627 cs 0x8 rflags
0x10206 cr2 0xdeadbf17 ilevel 0x6 rsp 0xffff8000ca488d68
[ 24695.7548153] curlwp 0xffffd7fea1b49bc0 pid 1132.1 lowest kstack
0xffff8000ca4852c0
[ 24695.7548153] uvm_fault(0xffffd7fedb377d00, 0xdeadb000, 1) -> e
[ 24695.7548153] fatal page fault in supervisor mode
[ 24695.7548153] trap type 6 code 0 rip 0xffffffff80e41627 cs 0x8 rflags
0x10206 cr2 0xdeadbf17 ilevel 0x8 rsp 0xffff8000c86c0700
[ 24695.7623580] curlwp 0xffffd7fdb59f44c0 pid 1410.1 lowest kstack
0xffff8000c86bd2c0
[ 24695.7623580] Skipping crash dump on recursive panic
[ 24695.7623580] panic: trap
[ 24695.7623580] cpu3: Begin traceback...
[ 24695.7623580] vpanic() at netbsd:vpanic+0x178
[ 24695.7623580] snprintf() at netbsd:snprintf
[ 24695.7724160] startlwp() at netbsd:startlwp
[ 24695.7724160] alltraps() at netbsd:alltraps+0xc3
[ 24695.7724160] ld_virtio_dump() at netbsd:ld_virtio_dump+0x37b
[ 24695.7724160] dk_dump() at netbsd:dk_dump+0x166
[ 24695.7824117] dump_header_flush() at netbsd:dump_header_flush+0x6d
[ 24695.7824117] dump_header_addbytes() at netbsd:dump_header_addbytes+0x4=
0
[ 24695.7824117] dump_header_addseg() at netbsd:dump_header_addseg+0x1e
[ 24695.7824117] dump_seg_iter() at netbsd:dump_seg_iter+0x112
[ 24695.7824117] cpu_dump() at netbsd:cpu_dump+0x6a
[ 24695.7924111] dodumpsys() at netbsd:dodumpsys+0x100
[ 24695.7924111] dumpsys() at netbsd:dumpsys+0x1d
[ 24695.7924111] sys_reboot() at netbsd:sys_reboot
[ 24695.7924111] vpanic() at netbsd:vpanic+0x181
[ 24695.7924111] kern_assert() at netbsd:kern_assert+0x48
[ 24695.8024165] check_exec() at netbsd:check_exec+0x4ea
[ 24695.8024165] exec_script_makecmds() at netbsd:exec_script_makecmds+0x2=
ee
[ 24695.8024165] check_exec() at netbsd:check_exec+0x400
[ 24695.8024165] execve_loadvm() at netbsd:execve_loadvm+0x217
[ 24695.8024165] execve1() at netbsd:execve1+0x3b
[ 24695.8124121] sys_fexecve() at netbsd:sys_fexecve+0x23
[ 24695.8124121] syscall() at netbsd:syscall+0x299
[ 24695.8124121] --- syscall (number 465) ---
[ 24695.8124121] 7f6aea5490ea:
[ 24695.8124121] cpu3: End traceback...
[ 24695.8124121] rebooting...
Steps:
mount -t null /dev /path/to/destdir/dev
mount -t null /dev/pts /path/to/destdir/dev/pts
mount -t null /tmp /path/to/destdir/tmp
chroot /path/to/destdir/
cd /usr/tests/kernel
atf-run t_fexecve
State-Changed-From-To: open->closed
State-Changed-By: kamil@NetBSD.org
State-Changed-When: Mon, 24 Feb 2020 16:01:48 +0100
State-Changed-Why:
Fixed in kern_exec.c 1.491 by christos@.
From: christos@zoulas.com (Christos Zoulas)
To: gnats-bugs@netbsd.org, kern-bug-people@netbsd.org,
netbsd-bugs@netbsd.org, gnats-admin@netbsd.org, kamil@NetBSD.org,
n54@gmx.com
Cc:
Subject: Re: kern/54913 (fexecve(2) panics in chroot(8))
Date: Mon, 24 Feb 2020 14:04:21 -0500
On Feb 24, 3:01pm, kamil@NetBSD.org (kamil@NetBSD.org) wrote:
-- Subject: Re: kern/54913 (fexecve(2) panics in chroot(8))
| Synopsis: fexecve(2) panics in chroot(8)
|
| State-Changed-From-To: open->closed
| State-Changed-By: kamil@NetBSD.org
| State-Changed-When: Mon, 24 Feb 2020 16:01:48 +0100
| State-Changed-Why:
| Fixed in kern_exec.c 1.491 by christos@.
Please re-open. It is still broken in the chroot (but it does not crash).
christos
State-Changed-From-To: closed->open
State-Changed-By: kamil@NetBSD.org
State-Changed-When: Mon, 24 Feb 2020 20:07:55 +0100
State-Changed-Why:
Reopen on demand by Christos Zoulas.
The original problem (kernel crash) is gone but there is room for improvement.
State-Changed-From-To: open->closed
State-Changed-By: christos@NetBSD.org
State-Changed-When: Mon, 17 Aug 2020 17:25:58 -0400
State-Changed-Why:
this is fixed
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.