Date: Sun, 3 May 2020 11:08:27 -0700 From: Mark Millard <marklmi@yahoo.com> To: "vangyzen@freebsd.org" <vangyzen@FreeBSD.org>, svn-src-head@freebsd.org, FreeBSD Current <freebsd-current@freebsd.org>, FreeBSD Hackers <freebsd-hackers@freebsd.org>, FreeBSD PowerPC ML <freebsd-ppc@freebsd.org> Cc: Brandon Bergren <bdragon@FreeBSD.org> Subject: Re: svn commit: r360233 - in head: contrib/jemalloc . . . : This partially breaks a 2-socket 32-bit powerpc (old PowerMac G4) based on head -r360311 Message-ID: <8479DD58-44F6-446A-9CA5-D01F0F7C1B38@yahoo.com> In-Reply-To: <C24EE1A1-FAED-42C2-8204-CA7B1D20A369@yahoo.com> References: <C24EE1A1-FAED-42C2-8204-CA7B1D20A369@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[At around 4AM local time dhcient got a signal 11, despite the jemalloc revert. The other exmaples have not happened.] On 2020-May-2, at 18:46, Mark Millard <marklmi at yahoo.com> wrote: > [I'm only claiming the new jemalloc is involved and that > reverting avoids the problem.] >=20 > I've been reporting to some lists problems with: >=20 > dhclient > sendmail > rpcbind > mountd > nfsd >=20 > getting SIGSEGV (signal 11) crashes and some core > dumps on the old 2-socket (1 core per socket) 32-bit > PowerMac G4 running head -r360311. >=20 > Mika=C3=ABl Urankar sent a note suggesting that I try > testing reverting head -r360233 for my head -r360311 > context. He got it right . . . >=20 >=20 > Context: >=20 > The problem was noticed by an inability to have > other machines do a: >=20 > mount -onoatime,soft OLDPOWERMAC-LOCAL-IP:/... /mnt >=20 > sort of operation and to have succeed. By contrast, on > the old PowerMac G4 I could initiate mounts against > other machines just fine. >=20 > I do not see any such problems on any of (all based > on head -r360311): >=20 > powerpc64 (old PowerMac G5 2-sockets with 2 cores each) > armv7 (OrangePi+ 2ed) > aarch64 (Rock64, RPi4, RPi3, > OverDrive 1000, > Macchiatobin Double Shot) > amd64 (ThreadRipper 1950X) >=20 > So I expect something 32-bit powerpc specific > is somehow involved, even if jemalloc is only > using whatever it is. >=20 > (A kyua run with a debug kernel did not find other > unexpected signal 11 sources on the 32-bit PowerMac > compared to past kyua runs, at least that I noticed. > There were a few lock order reversals that I do not > know if they are expected or known-safe or not. > I've reported those reversals to the lists as well.) >=20 >=20 > Recent experiments based on the suggestion: >=20 > Doing the buildworld, buildkernel and installing just > the new kernel and rebooting made no difference. >=20 > But then installing the new world and rebooting did > make things work again: I no longer get core files > for the likes of (old cores from before the update): >=20 > # find / -name "*.core" -print > /var/spool/clientmqueue/sendmail.core > /rpcbind.core > /mountd.core > /nfsd.core >=20 > Nor do I see the various notices for sendmail > signal 11's that did not leave behind a core file > --or for dhclient (no core file left behind). > And I can mount the old PowerMac's drive from > other machines just fine. >=20 >=20 > Other notes: >=20 > I do not actively use sendmail but it was left > to do its default things, partially to test if > such default things are working. Unfortunately, > PowerMacs have a problematical status under > FreeBSD and my context has my historical > experiments with avoiding various problems. Looking, I see that I got a: pid 572 (dhclient), jid 0, uid 0: exited on signal 11 (core dumped) notice under the reverted build. No instances of the other examples. This is the first that a dhclient example has produced a .core file. gdb indicates 0x5180936c for r7 in: lwz r8,36(r7) as leading to the failure. This was in arena_dalloc_bin_locked_impl (where arena_slab_reg_dalloc and bitmap_unset were apparently inlined). The chain for the example seems to be: fork_privchld -> dispatch_imsg -> jemalloc For reference . . . # gdb dhclient /dhclient.core=20 GNU gdb (GDB) 9.1 [GDB v9.1 for FreeBSD] Copyright (C) 2020 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later = <http://gnu.org/licenses/gpl.html>; . . . Reading symbols from dhclient... Reading symbols from /usr/lib/debug//sbin/dhclient.debug... [New LWP 100089] Core was generated by `dhclient: gem0 [priv]'. Program terminated with signal SIGSEGV, Segmentation fault. #0 bitmap_unset (bitmap=3D0x50407164, binfo=3D<optimized out>, = bit=3D167842154) at = /usr/powerpc32_src/contrib/jemalloc/include/jemalloc/internal/bitmap.h:341= 341 = /usr/powerpc32_src/contrib/jemalloc/include/jemalloc/internal/bitmap.h: = No such file or directory. (gdb) bt -full #0 bitmap_unset (bitmap=3D0x50407164, binfo=3D<optimized out>, = bit=3D167842154) at = /usr/powerpc32_src/contrib/jemalloc/include/jemalloc/internal/bitmap.h:341= goff =3D <optimized out> gp =3D 0x51809390 propagate =3D <optimized out> g =3D <optimized out> i =3D <optimized out> #1 arena_slab_reg_dalloc (slab=3D0x50407140, slab_data=3D0x50407164, = ptr=3D0x50088b50) at jemalloc_arena.c:273 bin_info =3D <optimized out> binind =3D 0 regind =3D 167842154 #2 arena_dalloc_bin_locked_impl (tsdn=3D0x5009f018, arena=3D<optimized = out>, slab=3D<optimized out>, ptr=3D<optimized out>, junked=3D<optimized = out>) at jemalloc_arena.c:1540 slab_data =3D <optimized out> binind =3D <optimized out> bin_info =3D <optimized out> bin =3D <optimized out> nfree =3D <optimized out> #3 0x502916a8 in __je_arena_dalloc_bin_junked_locked (tsdn=3D<optimized = out>, arena=3D<optimized out>, extent=3D<optimized out>, ptr=3D<optimized = out>) at jemalloc_arena.c:1559 No locals. #4 0x50250d2c in __je_tcache_bin_flush_small (tsd=3D0x5009f018, = tcache=3D<optimized out>, tbin=3D0x5009f1c0, binind=3D<optimized out>, = rem=3D24) at jemalloc_tcache.c:149 ptr =3D <optimized out> i =3D 0 extent =3D 0x50407140 bin_arena =3D 0x50400380 bin =3D <optimized out> ndeferred =3D 0 merged_stats =3D <optimized out> arena =3D 0x50400380 nflush =3D 75 __vla_expr0 =3D <optimized out> item_extent =3D 0xffffd1f0 #5 0x502508a0 in __je_tcache_event_hard (tsd=3D<optimized out>, = tcache=3D0x5009f108) at jemalloc_tcache.c:54 tbin_info =3D <optimized out> binind =3D 7 tbin =3D 0x5009f1c0 #6 0x5029a684 in __free (ptr=3D0x500530c0) at = /usr/powerpc32_src/contrib/jemalloc/include/jemalloc/internal/rtree.h:374 tcache =3D 0x5009f108 tsd =3D <optimized out> log_var =3D <optimized out> log_var =3D <optimized out> #7 0x10025994 in dispatch_imsg (ifix=3D<optimized out>, fd=3D10) at = /usr/powerpc32_src/sbin/dhclient/privsep.c:215 hdr =3D {code =3D IMSG_SCRIPT_WRITE_PARAMS, len =3D 3225} lease =3D {next =3D 0x0, expiry =3D 1588504529, renewal =3D = 1588504229, rebind =3D 1588504454, address =3D {len =3D 4, iabuf =3D = "\300\250\001i", '\000' <repeats 11 times>}, nextserver =3D {len =3D 4,=20= iabuf =3D '\000' <repeats 15 times>}, server_name =3D 0x0, = filename =3D 0x0, medium =3D 0x0, is_static =3D 0, is_bootp =3D 0, = options =3D {{len =3D 0, data =3D 0x0}, {len =3D 4,=20 data =3D 0x500530c8 "\377\377\377"}, {len =3D 0, data =3D = 0x0}, {len =3D 4, data =3D 0x500530d0 "\300\250\001\001"}, {len =3D 0, = data =3D 0x0}, {len =3D 0, data =3D 0x0}, {len =3D 4,=20 data =3D 0x500530d8 "\300\250\001\001"}, {len =3D 0, data = =3D 0x0}, {len =3D 0, data =3D 0x0}, {len =3D 0, data =3D 0x0}, {len =3D = 0, data =3D 0x0}, {len =3D 0, data =3D 0x0}, {len =3D 0, data =3D 0x0}, = { len =3D 0, data =3D 0x0}, {len =3D 0, data =3D 0x0}, {len = =3D 20, data =3D 0x50055200 "hsd1.or.comcast.net."}, {len =3D 0, data =3D = 0x0} <repeats 35 times>, {len =3D 4, data =3D 0x500530e0 ""}, {len =3D = 0,=20 data =3D 0x0}, {len =3D 1, data =3D 0x500530e8 "\005"}, = {len =3D 4, data =3D 0x500530f0 "\300\250\001\001"}, {len =3D 0, data =3D = 0x0} <repeats 201 times>}} medium_len =3D <optimized out> medium =3D <optimized out> totlen =3D 3225 filename_len =3D <optimized out> filename =3D 0x0 ret =3D <optimized out> buf =3D <optimized out> mtu =3D <optimized out> servername_len =3D <optimized out> servername =3D 0x0 reason_len =3D <optimized out> reason =3D <optimized out> --Type <RET> for more, q to quit, c to continue without paging-- prefix_len =3D <optimized out> prefix =3D 0x500530c0 "new_" i =3D 0 optlen =3D 0 #8 0x100189f4 in fork_privchld (fd=3D10, fd2=3D<optimized out>) at = /usr/powerpc32_src/sbin/dhclient/dhclient.c:2847 pfd =3D {{fd =3D 10, events =3D 1, revents =3D 1}} nfds =3D <optimized out> #9 0x10017a80 in main (argc=3D<optimized out>, argv=3D<optimized out>) = at /usr/powerpc32_src/sbin/dhclient/dhclient.c:505 pipe_fd =3D {10, 11} rights =3D {cr_rights =3D {1342801412, 18446706484155777024}} immediate_daemon =3D 0 i =3D 0 ch =3D <optimized out> otherpid =3D 8 pw =3D 0x5039b9d8 fd =3D <optimized out> capmode =3D <optimized out> (gdb) disass Dump of assembler code for function arena_dalloc_bin_locked_impl: 0x502916b8 <+0>: mflr r0 0x502916bc <+4>: stw r0,4(r1) 0x502916c0 <+8>: stwu r1,-48(r1) 0x502916c4 <+12>: stw r30,40(r1) 0x502916c8 <+16>: stw r24,16(r1) 0x502916cc <+20>: stw r25,20(r1) 0x502916d0 <+24>: stw r26,24(r1) 0x502916d4 <+28>: stw r27,28(r1) 0x502916d8 <+32>: stw r28,32(r1) 0x502916dc <+36>: stw r29,36(r1) 0x502916e0 <+40>: bl 0x502916e4 = <arena_dalloc_bin_locked_impl+44> 0x502916e4 <+44>: mr r27,r3 0x502916e8 <+48>: mflr r30 0x502916ec <+52>: addis r30,r30,14 0x502916f0 <+56>: addi r30,r30,7788 0x502916f4 <+60>: mr r28,r4 0x502916f8 <+64>: lwz r4,5856(r30) 0x502916fc <+68>: lwz r3,4(r5) 0x50291700 <+72>: mr r29,r5 0x50291704 <+76>: andi. r5,r7,1 0x50291708 <+80>: mr r26,r6 0x5029170c <+84>: lbz r4,0(r4) 0x50291710 <+88>: rlwinm r5,r3,14,25,31 0x50291714 <+92>: mulli r24,r5,224 0x50291718 <+96>: mulli r25,r5,44 0x5029171c <+100>: cmpwi cr1,r4,0 0x50291720 <+104>: cror 4*cr5+lt,4*cr1+eq,gt 0x50291724 <+108>: bge cr5,0x50291a2c = <arena_dalloc_bin_locked_impl+884> 0x50291728 <+112>: lwz r4,0(r29) 0x5029172c <+116>: lwz r6,6036(r30) 0x50291730 <+120>: lwz r7,8(r29) 0x50291734 <+124>: rlwinm r8,r5,2,0,29 0x50291738 <+128>: li r9,1 0x5029173c <+132>: add r24,r28,r24 0x50291740 <+136>: lwzx r6,r6,r8 0x50291744 <+140>: subf r7,r7,r26 0x50291748 <+144>: mulhwu r6,r6,r7 0x5029174c <+148>: rlwinm r7,r6,29,3,29 0x50291750 <+152>: add r7,r29,r7 =3D> 0x50291754 <+156>: lwz r8,36(r7) 0x50291758 <+160>: clrlwi r10,r6,27 0x5029175c <+164>: slw r9,r9,r10 0x50291760 <+168>: xor r9,r9,r8 0x50291764 <+172>: cmplwi r8,0 0x50291768 <+176>: stw r9,36(r7) 0x5029176c <+180>: bne 0x502917e4 = <arena_dalloc_bin_locked_impl+300> 0x50291770 <+184>: lwz r7,4408(r30) 0x50291774 <+188>: mulli r8,r5,44 0x50291778 <+192>: add r5,r7,r8 0x5029177c <+196>: lwz r5,16(r5) 0x50291780 <+200>: cmplwi r5,2 0x50291784 <+204>: blt 0x502917e4 = <arena_dalloc_bin_locked_impl+300 . . . (gdb) info reg r0 0x502916a8 1344870056 r1 0xffffd1a0 4294955424 r2 0x500a6018 1342857240 r3 0x0 0 r4 0x0 0 r5 0x0 0 r6 0xa01116a 167842154 r7 0x5180936c 1367380844 r8 0x0 0 r9 0x1 1 r10 0x1e 30 r11 0x5005d114 1342558484 r12 0x84000c00 2214595584 r13 0x0 0 r14 0xffffd1f0 4294955504 r15 0xfffffffc 4294967292 r16 0x4a 74 r17 0x4b 75 r18 0x0 0 r19 0x504009a0 1346374048 r20 0x0 0 r21 0xffffd1f0 4294955504 r22 0x620 1568 r23 0x50400380 1346372480 r24 0x50400380 1346372480 r25 0x0 0 r26 0x50088b50 1342737232 r27 0x5009f018 1342828568 r28 0x50400380 1346372480 r29 0x50407140 1346400576 r30 0x50373550 1345795408 r31 0xffffd310 4294955792 pc 0x50291754 0x50291754 = <arena_dalloc_bin_locked_impl+156> msr <unavailable> cr 0x42480c00 1112017920 lr 0x502916e4 0x502916e4 = <arena_dalloc_bin_locked_impl+44> ctr 0x5005d114 1342558484 xer 0x0 0 fpscr 0x0 0 vscr <unavailable> vrsave <unavailable> =3D=3D=3D Mark Millard marklmi at yahoo.com ( dsl-only.net went away in early 2018-Mar)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8479DD58-44F6-446A-9CA5-D01F0F7C1B38>