tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

posix_spawn() bug ? [Re: try KMGUARD]



[ redirected to tech-kern. I ran into this while trying to get more infos
about occasional crashes when runnning tests ]

Another one, this time with a -g kernel:
fatal page fault in supervisor mode
trap type 6 code 0 rip ffffffff80610bce cs 8 rflags 10246 cr2  0 cpl 8 rsp 
fffffe810c867ae0
kernel: page fault trap, code=0
Stopped in pid 23593.1 (t_fileactions) at       netbsd:pmap_deactivate+0x93:    
m
ovq     0(%rax),%rbx
db{0}> tr
pmap_deactivate() at netbsd:pmap_deactivate+0x93
mi_switch() at netbsd:mi_switch+0x2c5
kpreempt() at netbsd:kpreempt+0xe2
Xpreemptrecurse() at netbsd:Xpreemptrecurse+0x15
spawn_return() at netbsd:spawn_return+0x1f8

pmap_deactivate+0x93 is:
2837            pmap = vm_map_pmap(&l->l_proc->p_vmspace->vm_map);

db{0}> call x86_curlwp
fffffe81b139ac00
db{0}> x/Lx 0xfffffe81b139ada8
fffffe81b139ada8:       fffffe81adc422a0
db{0}> x/Lx 0xfffffe81adc42328
fffffe81adc42328:       0

l is fffffe81b139ac00, l->l_proc is fffffe81adc422a0, l->l_proc->p_vmspace
is NULL.

PID    LID S CPU     FLAGS       STRUCT LWP *               NAME WAIT
23593    1 2   0         0   fffffe81b139ac00      t_fileactions
26681>   1 7   0         0   fffffe81919c2000      t_fileactions

PID     COMMAND      STRUCT PROC *            UAREA *     VMSPACE/VM_MAP
23593t_fileacti   fffffe81adc422a0   fffffe810c867d80                  0
26681t_fileacti   fffffe81b3608318   fffffe810c84bd80   fffffe81b1d885e8

AFAIK these processes have a single thread. Other CPUs are idle.
dump of (struct proc *)fffffe81adc422a0:
db{0}> x/Lx 0xfffffe81adc422a0,0x80
fffffe81adc422a0:       fffffe81b3608318        ffffffff80e427c0        0
fffffe81adc422b8:       fffffe811f800680        801                     0
fffffe81adc422d0:       0                       fffffe81adc422d0        
ffffffff80b119e3        0                       fffffe81adc422e8        
ffffffff80b2a30dfffffe81adc42300:       fffffe81b7e50f00        
fffffe81b540f180        fffffe81b57c6080
fffffe81adc42318:       fffffe81a34021c8        ffffffff80e8bf60        0
fffffe81adc42330:       fffffe81b348f018        0                       0
fffffe81adc42348:       0                       0                       14
fffffe81adc42360:       0                       2                       
5c2900000002            0                       fffffe81b36083f0        
fffffe81b3608318 0                       fffffe81b3608418        0
fffffe81adc423a8:       fffffe81b139ac00        0                       1
fffffe81adc423c0:       1                       100000000               0
fffffe81adc423d8:       0                       0                       
7e9400000000            31d                     0                       0
fffffe81adc42408:       0                       0                       0
fffffe81adc42420:       0                       0                       0
fffffe81adc42438:       0                       0                       
ffffffff80e24b80        0                       ffffffff80dcdec0        0
fffffe81adc42468:       0                       fffffe81adc42470        
fffffe81adc42470        0                       0                       0
fffffe81adc42498:       6839                    0                       0
fffffe81adc424b0:       0                       98488000                0
fffffe81adc424c8:       0                       0                       
61656c69665f7414        736e6f697463            0                       
ffff8000166a4fe8 7f7fffffffe0            1000000000000           0
fffffe81adc42510:       ffffffff80742810        7f8000000000            0
fffffe81adc42528:       0                       ffffffff80e42800        
fffffffffffffff0        fffffe81b73a7780        fffffffffffffff0        0
fffffe81adc42558:       0                       fffffe81adc42558        
ffffffff80a662b0        0                       fffffe81adc42570        
ffffffff80a662b0 fffffe81b7e50f00        fffffe810cbc53c0        0
fffffe81adc425a0:       fffffe81a3402388        ffffffff80e8bf60        
ffffffff80e8bc20        fffffe81bc7a5050        0                       0
fffffe81adc425d0:       0                       fffffffffffffff0        
400000000014            2000                    2                       
381300000001
fffffe81adc42600:       0                       ffff8000221eafe8        
fffffe810bfe2ca8        fffffe81bb460298        fffffe810bfe2da8        0
fffffe81adc42630:       fffffe81b41cc800        0                       
100000001               0                       4600000000              0
fffffe81adc42660:       0                       0                       
64ec00000000            2b1                     0                       0
fffffe81adc42690:       0                       230e6ec0a16c3c5e

other pointers around p_vmspace looks valid.

Parent is fffffe81b3608318, the other t_fileaction process.
db{0}> tr/a 0xfffffe81919c2000
trace: pid 26681 lid 1 at 0xfffffe810c84bb00
sleepq_block() at netbsd:sleepq_block+0xa4
cv_wait() at netbsd:cv_wait+0x101
sys_posix_spawn() at netbsd:sys_posix_spawn+0x773
syscall() at netbsd:syscall+0xac

So the process with the NULL vm_space is being created, isn't it ?
I had a quick lock, and coudln't see where the p_vmspace is allocated
in sys_posix_spawn(). Is p_vmspace allocated while running under the
new process's context ? If so, could this new process be interrupted,
in one way or another, while p_vmspace is still not set up ?

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--


Home | Main Index | Thread Index | Old Index