tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
posix_spawn() bug ? [Re: try KMGUARD]
[ redirected to tech-kern. I ran into this while trying to get more infos
about occasional crashes when runnning tests ]
Another one, this time with a -g kernel:
fatal page fault in supervisor mode
trap type 6 code 0 rip ffffffff80610bce cs 8 rflags 10246 cr2 0 cpl 8 rsp
fffffe810c867ae0
kernel: page fault trap, code=0
Stopped in pid 23593.1 (t_fileactions) at netbsd:pmap_deactivate+0x93:
m
ovq 0(%rax),%rbx
db{0}> tr
pmap_deactivate() at netbsd:pmap_deactivate+0x93
mi_switch() at netbsd:mi_switch+0x2c5
kpreempt() at netbsd:kpreempt+0xe2
Xpreemptrecurse() at netbsd:Xpreemptrecurse+0x15
spawn_return() at netbsd:spawn_return+0x1f8
pmap_deactivate+0x93 is:
2837 pmap = vm_map_pmap(&l->l_proc->p_vmspace->vm_map);
db{0}> call x86_curlwp
fffffe81b139ac00
db{0}> x/Lx 0xfffffe81b139ada8
fffffe81b139ada8: fffffe81adc422a0
db{0}> x/Lx 0xfffffe81adc42328
fffffe81adc42328: 0
l is fffffe81b139ac00, l->l_proc is fffffe81adc422a0, l->l_proc->p_vmspace
is NULL.
PID LID S CPU FLAGS STRUCT LWP * NAME WAIT
23593 1 2 0 0 fffffe81b139ac00 t_fileactions
26681> 1 7 0 0 fffffe81919c2000 t_fileactions
PID COMMAND STRUCT PROC * UAREA * VMSPACE/VM_MAP
23593t_fileacti fffffe81adc422a0 fffffe810c867d80 0
26681t_fileacti fffffe81b3608318 fffffe810c84bd80 fffffe81b1d885e8
AFAIK these processes have a single thread. Other CPUs are idle.
dump of (struct proc *)fffffe81adc422a0:
db{0}> x/Lx 0xfffffe81adc422a0,0x80
fffffe81adc422a0: fffffe81b3608318 ffffffff80e427c0 0
fffffe81adc422b8: fffffe811f800680 801 0
fffffe81adc422d0: 0 fffffe81adc422d0
ffffffff80b119e3 0 fffffe81adc422e8
ffffffff80b2a30dfffffe81adc42300: fffffe81b7e50f00
fffffe81b540f180 fffffe81b57c6080
fffffe81adc42318: fffffe81a34021c8 ffffffff80e8bf60 0
fffffe81adc42330: fffffe81b348f018 0 0
fffffe81adc42348: 0 0 14
fffffe81adc42360: 0 2
5c2900000002 0 fffffe81b36083f0
fffffe81b3608318 0 fffffe81b3608418 0
fffffe81adc423a8: fffffe81b139ac00 0 1
fffffe81adc423c0: 1 100000000 0
fffffe81adc423d8: 0 0
7e9400000000 31d 0 0
fffffe81adc42408: 0 0 0
fffffe81adc42420: 0 0 0
fffffe81adc42438: 0 0
ffffffff80e24b80 0 ffffffff80dcdec0 0
fffffe81adc42468: 0 fffffe81adc42470
fffffe81adc42470 0 0 0
fffffe81adc42498: 6839 0 0
fffffe81adc424b0: 0 98488000 0
fffffe81adc424c8: 0 0
61656c69665f7414 736e6f697463 0
ffff8000166a4fe8 7f7fffffffe0 1000000000000 0
fffffe81adc42510: ffffffff80742810 7f8000000000 0
fffffe81adc42528: 0 ffffffff80e42800
fffffffffffffff0 fffffe81b73a7780 fffffffffffffff0 0
fffffe81adc42558: 0 fffffe81adc42558
ffffffff80a662b0 0 fffffe81adc42570
ffffffff80a662b0 fffffe81b7e50f00 fffffe810cbc53c0 0
fffffe81adc425a0: fffffe81a3402388 ffffffff80e8bf60
ffffffff80e8bc20 fffffe81bc7a5050 0 0
fffffe81adc425d0: 0 fffffffffffffff0
400000000014 2000 2
381300000001
fffffe81adc42600: 0 ffff8000221eafe8
fffffe810bfe2ca8 fffffe81bb460298 fffffe810bfe2da8 0
fffffe81adc42630: fffffe81b41cc800 0
100000001 0 4600000000 0
fffffe81adc42660: 0 0
64ec00000000 2b1 0 0
fffffe81adc42690: 0 230e6ec0a16c3c5e
other pointers around p_vmspace looks valid.
Parent is fffffe81b3608318, the other t_fileaction process.
db{0}> tr/a 0xfffffe81919c2000
trace: pid 26681 lid 1 at 0xfffffe810c84bb00
sleepq_block() at netbsd:sleepq_block+0xa4
cv_wait() at netbsd:cv_wait+0x101
sys_posix_spawn() at netbsd:sys_posix_spawn+0x773
syscall() at netbsd:syscall+0xac
So the process with the NULL vm_space is being created, isn't it ?
I had a quick lock, and coudln't see where the p_vmspace is allocated
in sys_posix_spawn(). Is p_vmspace allocated while running under the
new process's context ? If so, could this new process be interrupted,
in one way or another, while p_vmspace is still not set up ?
--
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
NetBSD: 26 ans d'experience feront toujours la difference
--
Home |
Main Index |
Thread Index |
Old Index