[Bug 233414] [PowerPC64] OPTIONS DEBUG_MEMGUARD results in unbootable kernel
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Nov 30 18:38:35 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233414
--- Comment #3 from Leandro Lupori <leandro.lupori at gmail.com> ---
I started taking a look at this, also to be able to debug a user-after-free
problem. In my case, however, the system boots and crashes only after I enable
memguard of an UMA region via sysctl, as following:
sysctl vm.memguard.desc='128 Bucket'.
Then, if I run make -C /usr/src, for instance, I get a stack like this:
#0 vpanic (fmt=0xc0000000010a6980 "%s: recursing but non-recursive rw %s @
%s:%d\n", ap=0xe0000000ce0f12f8 "\300") at
/usr/home/luporl/base/head/sys/kern/kern_shutdown.c:813
#1 0xc0000000006abf18 in panic (fmt=<optimized out>) at
/usr/home/luporl/base/head/sys/kern/kern_shutdown.c:804
#2 0xc0000000006a6148 in __rw_wlock_hard (c=<optimized out>,
v=13835058055423348736, file=0xc0000000010e73f8
"/usr/home/luporl/base/head/sys/vm/vm_kern.c", line=471)
at /usr/home/luporl/base/head/sys/kern/kern_rwlock.c:954
#3 0xc0000000006a6a8c in _rw_wlock_cookie (c=<optimized out>,
file=0xc0000000010e73f8 "/usr/home/luporl/base/head/sys/vm/vm_kern.c",
line=471)
at /usr/home/luporl/base/head/sys/kern/kern_rwlock.c:286
#4 0xc000000000a33664 in kmem_back_domain (domain=0, object=<optimized out>,
addr=16140901064502083584, size=4096, flags=<optimized out>) at
/usr/home/luporl/base/head/sys/vm/vm_kern.c:471
#5 0xc000000000a33924 in kmem_back (object=0xc0000000019194a8
<kernel_object_store>, addr=16140901064502083584, size=<optimized out>,
flags=513)
at /usr/home/luporl/base/head/sys/vm/vm_kern.c:540
#6 0xc000000000a2d5b4 in memguard_alloc (req_size=1024, flags=513) at
/usr/home/luporl/base/head/sys/vm/memguard.c:351
#7 0xc000000000a2abd8 in uma_zalloc_arg (zone=0xc0000001ffffdb00,
udata=0x80000020, flags=513) at
/usr/home/luporl/base/head/sys/vm/uma_core.c:2436
#8 0xc000000000a2b528 in bucket_alloc (zone=0xc000000002000b00,
udata=0x80000020, flags=513) at
/usr/home/luporl/base/head/sys/vm/uma_core.c:428
#9 0xc000000000a2b0a0 in zone_alloc_bucket (flags=<optimized out>,
domain=<optimized out>, udata=<optimized out>, zone=<optimized out>) at
/usr/home/luporl/base/head/sys/vm/uma_core.c:2982
#10 uma_zalloc_arg (zone=0xc000000002000b00, udata=0x0, flags=1) at
/usr/home/luporl/base/head/sys/vm/uma_core.c:2590
#11 0xc000000000a76194 in uma_zalloc (flags=<optimized out>, zone=<optimized
out>) at /usr/home/luporl/base/head/sys/vm/uma.h:362
#12 alloc_pvo_entry (bootstrap=<optimized out>) at
/usr/home/luporl/base/head/sys/powerpc/aim/mmu_oea64.c:374
#13 0xc000000000a7a354 in moea64_enter (mmu=0xc000000001a8e268
<mmu_kernel_obj>, pmap=0xc000000001a8eba8 <kernel_pmap_store>,
va=16140901064502071296, m=0xc0000001f469d400, prot=3 '\003',
flags=515, psind=<optimized out>) at
/usr/home/luporl/base/head/sys/powerpc/aim/mmu_oea64.c:1365
#14 0xc000000000ab2658 in MMU_ENTER (_psind=<optimized out>, _flags=<optimized
out>, _prot=<optimized out>, _p=<optimized out>, _va=<optimized out>,
_pmap=<optimized out>,
_mmu=0xc000000001a8e268 <mmu_kernel_obj>) at ./mmu_if.h:169
#15 pmap_enter (pmap=0xc000000001a8eba8 <kernel_pmap_store>,
va=16140901064502071296, p=0xc0000001f469d400, prot=3 '\003', flags=515,
psind=0 '\000')
at /usr/home/luporl/base/head/sys/powerpc/powerpc/pmap_dispatch.c:150
#16 0xc000000000a33784 in kmem_back_domain (domain=0, object=<optimized out>,
addr=16140901064502071296, size=4096, flags=<optimized out>) at
/usr/home/luporl/base/head/sys/vm/vm_kern.c:498
#17 0xc000000000a33924 in kmem_back (object=0xc0000000019194a8
<kernel_object_store>, addr=16140901064502071296, size=<optimized out>,
flags=513)
at /usr/home/luporl/base/head/sys/vm/vm_kern.c:540
#18 0xc000000000a2d5b4 in memguard_alloc (req_size=1024, flags=513) at
/usr/home/luporl/base/head/sys/vm/memguard.c:351
#19 0xc000000000a2abd8 in uma_zalloc_arg (zone=0xc0000001ffffdb00,
udata=0x80000020, flags=513) at
/usr/home/luporl/base/head/sys/vm/uma_core.c:2436
#20 0xc000000000a2b528 in bucket_alloc (zone=0xc000000002000b00,
udata=0x80000020, flags=513) at
/usr/home/luporl/base/head/sys/vm/uma_core.c:428
#21 0xc000000000a2b0a0 in zone_alloc_bucket (flags=<optimized out>,
domain=<optimized out>, udata=<optimized out>, zone=<optimized out>) at
/usr/home/luporl/base/head/sys/vm/uma_core.c:2982
#22 uma_zalloc_arg (zone=0xc000000002000b00, udata=0x0, flags=1) at
/usr/home/luporl/base/head/sys/vm/uma_core.c:2590
#23 0xc000000000a76194 in uma_zalloc (flags=<optimized out>, zone=<optimized
out>) at /usr/home/luporl/base/head/sys/vm/uma.h:362
#24 alloc_pvo_entry (bootstrap=<optimized out>) at
/usr/home/luporl/base/head/sys/powerpc/aim/mmu_oea64.c:374
#25 0xc000000000a7a354 in vm.memguard.des (mmu=0xc000000001a8e268
<mmu_kernel_obj>, pmap=0xc000000002221130, va=34635493376,
m=0xc0000001f469d460, prot=3 '\003', flags=1, psind=<optimized out>)
at /usr/home/luporl/base/head/sys/powerpc/aim/mmu_oea64.c:1365
#26 0xc000000000ab2658 in MMU_ENTER (_psind=<optimized out>, _flags=<optimized
out>, _prot=<optimized out>, _p=<optimized out>, _va=<optimized out>,
_pmap=<optimized out>,
_mmu=0xc000000001a8e268 <mmu_kernel_obj>) at ./mmu_if.h:169
#27 pmap_enter (pmap=0xc000000002221130, va=34635493376, p=0xc0000001f469d460,
prot=3 '\003', flags=1, psind=0 '\000') at
/usr/home/luporl/base/head/sys/powerpc/powerpc/pmap_dispatch.c:150
#28 0xc000000000a30d4c in vm_fault_hold (map=0xc000000002221000,
vaddr=34635493376, fault_type=1 '\001', fault_flags=0, m_hold=0x0) at
/usr/home/luporl/base/head/sys/vm/vm_fault.c:1296
#29 0xc000000000a31414 in vm_fault (map=0xc000000002221000, vaddr=34635493376,
fault_type=1 '\001', fault_flags=0) at
/usr/home/luporl/base/head/sys/vm/vm_fault.c:536
#30 0xc000000000ab493c in trap_pfault (frame=0xe0000000ce0f2840, user=1) at
/usr/home/luporl/base/head/sys/powerpc/powerpc/trap.c:809
#31 0xc000000000ab5014 in trap (frame=0xe0000000ce0f2840) at
/usr/home/luporl/base/head/sys/powerpc/powerpc/trap.c:272
#32 0xc000000000aa9fb4 in powerpc_interrupt (framep=0xe0000000ce0f2840) at
/usr/home/luporl/base/head/sys/powerpc/powerpc/interrupt.c:127
#33 0xc000000000102ee0 in trapagain () at
/usr/home/luporl/base/head/sys/powerpc/aim/trap_subr64.S:831
This is from a VM. I also happens on a physical host, but DDB stack trace
doesn't have as much information.
What seems to me here is that moea64_enter() ends up using uma_zalloc() to
allocate a pvo entry, that uses memguard_alloc(), that uses kmem_back(), that
calls moea64_enter(). This loop is interrupted by the panic on the
non-recursive kmem_back_domain() lock.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ppc
mailing list