Date: Fri, 30 Nov 2018 18:38:32 +0000 From: bugzilla-noreply@freebsd.org To: ppc@FreeBSD.org Subject: [Bug 233414] [PowerPC64] OPTIONS DEBUG_MEMGUARD results in unbootable kernel Message-ID: <bug-233414-21-UEY4wFHCDI@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-233414-21@https.bugs.freebsd.org/bugzilla/> References: <bug-233414-21@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D233414 --- Comment #3 from Leandro Lupori <leandro.lupori@gmail.com> --- I started taking a look at this, also to be able to debug a user-after-free problem. In my case, however, the system boots and crashes only after I ena= ble memguard of an UMA region via sysctl, as following: sysctl vm.memguard.desc=3D'128 Bucket'. Then, if I run make -C /usr/src, for instance, I get a stack like this: #0 vpanic (fmt=3D0xc0000000010a6980 "%s: recursing but non-recursive rw %s= @ %s:%d\n", ap=3D0xe0000000ce0f12f8 "\300") at /usr/home/luporl/base/head/sys/kern/kern_shutdown.c:813 #1 0xc0000000006abf18 in panic (fmt=3D<optimized out>) at /usr/home/luporl/base/head/sys/kern/kern_shutdown.c:804 #2 0xc0000000006a6148 in __rw_wlock_hard (c=3D<optimized out>, v=3D13835058055423348736, file=3D0xc0000000010e73f8 "/usr/home/luporl/base/head/sys/vm/vm_kern.c", line=3D471) at /usr/home/luporl/base/head/sys/kern/kern_rwlock.c:954 #3 0xc0000000006a6a8c in _rw_wlock_cookie (c=3D<optimized out>, file=3D0xc0000000010e73f8 "/usr/home/luporl/base/head/sys/vm/vm_kern.c", line=3D471) at /usr/home/luporl/base/head/sys/kern/kern_rwlock.c:286 #4 0xc000000000a33664 in kmem_back_domain (domain=3D0, object=3D<optimized= out>, addr=3D16140901064502083584, size=3D4096, flags=3D<optimized out>) at /usr/home/luporl/base/head/sys/vm/vm_kern.c:471 #5 0xc000000000a33924 in kmem_back (object=3D0xc0000000019194a8 <kernel_object_store>, addr=3D16140901064502083584, size=3D<optimized out>, flags=3D513) at /usr/home/luporl/base/head/sys/vm/vm_kern.c:540 #6 0xc000000000a2d5b4 in memguard_alloc (req_size=3D1024, flags=3D513) at /usr/home/luporl/base/head/sys/vm/memguard.c:351 #7 0xc000000000a2abd8 in uma_zalloc_arg (zone=3D0xc0000001ffffdb00, udata=3D0x80000020, flags=3D513) at /usr/home/luporl/base/head/sys/vm/uma_core.c:2436 #8 0xc000000000a2b528 in bucket_alloc (zone=3D0xc000000002000b00, udata=3D0x80000020, flags=3D513) at /usr/home/luporl/base/head/sys/vm/uma_core.c:428 #9 0xc000000000a2b0a0 in zone_alloc_bucket (flags=3D<optimized out>, domain=3D<optimized out>, udata=3D<optimized out>, zone=3D<optimized out>) = at /usr/home/luporl/base/head/sys/vm/uma_core.c:2982 #10 uma_zalloc_arg (zone=3D0xc000000002000b00, udata=3D0x0, flags=3D1) at /usr/home/luporl/base/head/sys/vm/uma_core.c:2590 #11 0xc000000000a76194 in uma_zalloc (flags=3D<optimized out>, zone=3D<opti= mized out>) at /usr/home/luporl/base/head/sys/vm/uma.h:362 #12 alloc_pvo_entry (bootstrap=3D<optimized out>) at /usr/home/luporl/base/head/sys/powerpc/aim/mmu_oea64.c:374 #13 0xc000000000a7a354 in moea64_enter (mmu=3D0xc000000001a8e268 <mmu_kernel_obj>, pmap=3D0xc000000001a8eba8 <kernel_pmap_store>, va=3D16140901064502071296, m=3D0xc0000001f469d400, prot=3D3 '\003', flags=3D515, psind=3D<optimized out>) at /usr/home/luporl/base/head/sys/powerpc/aim/mmu_oea64.c:1365 #14 0xc000000000ab2658 in MMU_ENTER (_psind=3D<optimized out>, _flags=3D<op= timized out>, _prot=3D<optimized out>, _p=3D<optimized out>, _va=3D<optimized out>, _pmap=3D<optimized out>, _mmu=3D0xc000000001a8e268 <mmu_kernel_obj>) at ./mmu_if.h:169 #15 pmap_enter (pmap=3D0xc000000001a8eba8 <kernel_pmap_store>, va=3D16140901064502071296, p=3D0xc0000001f469d400, prot=3D3 '\003', flags= =3D515, psind=3D0 '\000') at /usr/home/luporl/base/head/sys/powerpc/powerpc/pmap_dispatch.c:150 #16 0xc000000000a33784 in kmem_back_domain (domain=3D0, object=3D<optimized= out>, addr=3D16140901064502071296, size=3D4096, flags=3D<optimized out>) at /usr/home/luporl/base/head/sys/vm/vm_kern.c:498 #17 0xc000000000a33924 in kmem_back (object=3D0xc0000000019194a8 <kernel_object_store>, addr=3D16140901064502071296, size=3D<optimized out>, flags=3D513) at /usr/home/luporl/base/head/sys/vm/vm_kern.c:540 #18 0xc000000000a2d5b4 in memguard_alloc (req_size=3D1024, flags=3D513) at /usr/home/luporl/base/head/sys/vm/memguard.c:351 #19 0xc000000000a2abd8 in uma_zalloc_arg (zone=3D0xc0000001ffffdb00, udata=3D0x80000020, flags=3D513) at /usr/home/luporl/base/head/sys/vm/uma_core.c:2436 #20 0xc000000000a2b528 in bucket_alloc (zone=3D0xc000000002000b00, udata=3D0x80000020, flags=3D513) at /usr/home/luporl/base/head/sys/vm/uma_core.c:428 #21 0xc000000000a2b0a0 in zone_alloc_bucket (flags=3D<optimized out>, domain=3D<optimized out>, udata=3D<optimized out>, zone=3D<optimized out>) = at /usr/home/luporl/base/head/sys/vm/uma_core.c:2982 #22 uma_zalloc_arg (zone=3D0xc000000002000b00, udata=3D0x0, flags=3D1) at /usr/home/luporl/base/head/sys/vm/uma_core.c:2590 #23 0xc000000000a76194 in uma_zalloc (flags=3D<optimized out>, zone=3D<opti= mized out>) at /usr/home/luporl/base/head/sys/vm/uma.h:362 #24 alloc_pvo_entry (bootstrap=3D<optimized out>) at /usr/home/luporl/base/head/sys/powerpc/aim/mmu_oea64.c:374 #25 0xc000000000a7a354 in vm.memguard.des (mmu=3D0xc000000001a8e268 <mmu_kernel_obj>, pmap=3D0xc000000002221130, va=3D34635493376, m=3D0xc0000001f469d460, prot=3D3 '\003', flags=3D1, psind=3D<optimized out>) at /usr/home/luporl/base/head/sys/powerpc/aim/mmu_oea64.c:1365 #26 0xc000000000ab2658 in MMU_ENTER (_psind=3D<optimized out>, _flags=3D<op= timized out>, _prot=3D<optimized out>, _p=3D<optimized out>, _va=3D<optimized out>, _pmap=3D<optimized out>, _mmu=3D0xc000000001a8e268 <mmu_kernel_obj>) at ./mmu_if.h:169 #27 pmap_enter (pmap=3D0xc000000002221130, va=3D34635493376, p=3D0xc0000001= f469d460, prot=3D3 '\003', flags=3D1, psind=3D0 '\000') at /usr/home/luporl/base/head/sys/powerpc/powerpc/pmap_dispatch.c:150 #28 0xc000000000a30d4c in vm_fault_hold (map=3D0xc000000002221000, vaddr=3D34635493376, fault_type=3D1 '\001', fault_flags=3D0, m_hold=3D0x0) = at /usr/home/luporl/base/head/sys/vm/vm_fault.c:1296 #29 0xc000000000a31414 in vm_fault (map=3D0xc000000002221000, vaddr=3D34635= 493376, fault_type=3D1 '\001', fault_flags=3D0) at /usr/home/luporl/base/head/sys/vm/vm_fault.c:536 #30 0xc000000000ab493c in trap_pfault (frame=3D0xe0000000ce0f2840, user=3D1= ) at /usr/home/luporl/base/head/sys/powerpc/powerpc/trap.c:809 #31 0xc000000000ab5014 in trap (frame=3D0xe0000000ce0f2840) at /usr/home/luporl/base/head/sys/powerpc/powerpc/trap.c:272 #32 0xc000000000aa9fb4 in powerpc_interrupt (framep=3D0xe0000000ce0f2840) at /usr/home/luporl/base/head/sys/powerpc/powerpc/interrupt.c:127 #33 0xc000000000102ee0 in trapagain () at /usr/home/luporl/base/head/sys/powerpc/aim/trap_subr64.S:831 This is from a VM. I also happens on a physical host, but DDB stack trace doesn't have as much information. What seems to me here is that moea64_enter() ends up using uma_zalloc() to allocate a pvo entry, that uses memguard_alloc(), that uses kmem_back(), th= at calls moea64_enter(). This loop is interrupted by the panic on the non-recursive kmem_back_domain() lock. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-233414-21-UEY4wFHCDI>