From owner-freebsd-ppc@freebsd.org Fri Nov 30 18:38:35 2018 Return-Path: Delivered-To: freebsd-ppc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5BF4B114C568 for ; Fri, 30 Nov 2018 18:38:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id E906170370 for ; Fri, 30 Nov 2018 18:38:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id AB4DA114C567; Fri, 30 Nov 2018 18:38:34 +0000 (UTC) Delivered-To: ppc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8844B114C566 for ; Fri, 30 Nov 2018 18:38:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 279617036E for ; Fri, 30 Nov 2018 18:38:34 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 0229011EA3 for ; Fri, 30 Nov 2018 18:38:33 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id wAUIcWsG043581 for ; Fri, 30 Nov 2018 18:38:32 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id wAUIcWmd043578 for ppc@FreeBSD.org; Fri, 30 Nov 2018 18:38:32 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ppc@FreeBSD.org Subject: [Bug 233414] [PowerPC64] OPTIONS DEBUG_MEMGUARD results in unbootable kernel Date: Fri, 30 Nov 2018 18:38:32 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: leandro.lupori@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ppc@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Rspamd-Queue-Id: E906170370 X-Spamd-Result: default: False [1.58 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_SPAM_LONG(0.59)[0.589,0]; NEURAL_SPAM_MEDIUM(0.55)[0.551,0]; ASN(0.00)[asn:10310, ipnet:2001:1900:2254::/48, country:US]; NEURAL_SPAM_SHORT(0.44)[0.439,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-ppc@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Porting FreeBSD to the PowerPC List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Nov 2018 18:38:35 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D233414 --- Comment #3 from Leandro Lupori --- I started taking a look at this, also to be able to debug a user-after-free problem. In my case, however, the system boots and crashes only after I ena= ble memguard of an UMA region via sysctl, as following: sysctl vm.memguard.desc=3D'128 Bucket'. Then, if I run make -C /usr/src, for instance, I get a stack like this: #0 vpanic (fmt=3D0xc0000000010a6980 "%s: recursing but non-recursive rw %s= @ %s:%d\n", ap=3D0xe0000000ce0f12f8 "\300") at /usr/home/luporl/base/head/sys/kern/kern_shutdown.c:813 #1 0xc0000000006abf18 in panic (fmt=3D) at /usr/home/luporl/base/head/sys/kern/kern_shutdown.c:804 #2 0xc0000000006a6148 in __rw_wlock_hard (c=3D, v=3D13835058055423348736, file=3D0xc0000000010e73f8 "/usr/home/luporl/base/head/sys/vm/vm_kern.c", line=3D471) at /usr/home/luporl/base/head/sys/kern/kern_rwlock.c:954 #3 0xc0000000006a6a8c in _rw_wlock_cookie (c=3D, file=3D0xc0000000010e73f8 "/usr/home/luporl/base/head/sys/vm/vm_kern.c", line=3D471) at /usr/home/luporl/base/head/sys/kern/kern_rwlock.c:286 #4 0xc000000000a33664 in kmem_back_domain (domain=3D0, object=3D, addr=3D16140901064502083584, size=3D4096, flags=3D) at /usr/home/luporl/base/head/sys/vm/vm_kern.c:471 #5 0xc000000000a33924 in kmem_back (object=3D0xc0000000019194a8 , addr=3D16140901064502083584, size=3D, flags=3D513) at /usr/home/luporl/base/head/sys/vm/vm_kern.c:540 #6 0xc000000000a2d5b4 in memguard_alloc (req_size=3D1024, flags=3D513) at /usr/home/luporl/base/head/sys/vm/memguard.c:351 #7 0xc000000000a2abd8 in uma_zalloc_arg (zone=3D0xc0000001ffffdb00, udata=3D0x80000020, flags=3D513) at /usr/home/luporl/base/head/sys/vm/uma_core.c:2436 #8 0xc000000000a2b528 in bucket_alloc (zone=3D0xc000000002000b00, udata=3D0x80000020, flags=3D513) at /usr/home/luporl/base/head/sys/vm/uma_core.c:428 #9 0xc000000000a2b0a0 in zone_alloc_bucket (flags=3D, domain=3D, udata=3D, zone=3D) = at /usr/home/luporl/base/head/sys/vm/uma_core.c:2982 #10 uma_zalloc_arg (zone=3D0xc000000002000b00, udata=3D0x0, flags=3D1) at /usr/home/luporl/base/head/sys/vm/uma_core.c:2590 #11 0xc000000000a76194 in uma_zalloc (flags=3D, zone=3D) at /usr/home/luporl/base/head/sys/vm/uma.h:362 #12 alloc_pvo_entry (bootstrap=3D) at /usr/home/luporl/base/head/sys/powerpc/aim/mmu_oea64.c:374 #13 0xc000000000a7a354 in moea64_enter (mmu=3D0xc000000001a8e268 , pmap=3D0xc000000001a8eba8 , va=3D16140901064502071296, m=3D0xc0000001f469d400, prot=3D3 '\003', flags=3D515, psind=3D) at /usr/home/luporl/base/head/sys/powerpc/aim/mmu_oea64.c:1365 #14 0xc000000000ab2658 in MMU_ENTER (_psind=3D, _flags=3D, _prot=3D, _p=3D, _va=3D, _pmap=3D, _mmu=3D0xc000000001a8e268 ) at ./mmu_if.h:169 #15 pmap_enter (pmap=3D0xc000000001a8eba8 , va=3D16140901064502071296, p=3D0xc0000001f469d400, prot=3D3 '\003', flags= =3D515, psind=3D0 '\000') at /usr/home/luporl/base/head/sys/powerpc/powerpc/pmap_dispatch.c:150 #16 0xc000000000a33784 in kmem_back_domain (domain=3D0, object=3D, addr=3D16140901064502071296, size=3D4096, flags=3D) at /usr/home/luporl/base/head/sys/vm/vm_kern.c:498 #17 0xc000000000a33924 in kmem_back (object=3D0xc0000000019194a8 , addr=3D16140901064502071296, size=3D, flags=3D513) at /usr/home/luporl/base/head/sys/vm/vm_kern.c:540 #18 0xc000000000a2d5b4 in memguard_alloc (req_size=3D1024, flags=3D513) at /usr/home/luporl/base/head/sys/vm/memguard.c:351 #19 0xc000000000a2abd8 in uma_zalloc_arg (zone=3D0xc0000001ffffdb00, udata=3D0x80000020, flags=3D513) at /usr/home/luporl/base/head/sys/vm/uma_core.c:2436 #20 0xc000000000a2b528 in bucket_alloc (zone=3D0xc000000002000b00, udata=3D0x80000020, flags=3D513) at /usr/home/luporl/base/head/sys/vm/uma_core.c:428 #21 0xc000000000a2b0a0 in zone_alloc_bucket (flags=3D, domain=3D, udata=3D, zone=3D) = at /usr/home/luporl/base/head/sys/vm/uma_core.c:2982 #22 uma_zalloc_arg (zone=3D0xc000000002000b00, udata=3D0x0, flags=3D1) at /usr/home/luporl/base/head/sys/vm/uma_core.c:2590 #23 0xc000000000a76194 in uma_zalloc (flags=3D, zone=3D) at /usr/home/luporl/base/head/sys/vm/uma.h:362 #24 alloc_pvo_entry (bootstrap=3D) at /usr/home/luporl/base/head/sys/powerpc/aim/mmu_oea64.c:374 #25 0xc000000000a7a354 in vm.memguard.des (mmu=3D0xc000000001a8e268 , pmap=3D0xc000000002221130, va=3D34635493376, m=3D0xc0000001f469d460, prot=3D3 '\003', flags=3D1, psind=3D) at /usr/home/luporl/base/head/sys/powerpc/aim/mmu_oea64.c:1365 #26 0xc000000000ab2658 in MMU_ENTER (_psind=3D, _flags=3D, _prot=3D, _p=3D, _va=3D, _pmap=3D, _mmu=3D0xc000000001a8e268 ) at ./mmu_if.h:169 #27 pmap_enter (pmap=3D0xc000000002221130, va=3D34635493376, p=3D0xc0000001= f469d460, prot=3D3 '\003', flags=3D1, psind=3D0 '\000') at /usr/home/luporl/base/head/sys/powerpc/powerpc/pmap_dispatch.c:150 #28 0xc000000000a30d4c in vm_fault_hold (map=3D0xc000000002221000, vaddr=3D34635493376, fault_type=3D1 '\001', fault_flags=3D0, m_hold=3D0x0) = at /usr/home/luporl/base/head/sys/vm/vm_fault.c:1296 #29 0xc000000000a31414 in vm_fault (map=3D0xc000000002221000, vaddr=3D34635= 493376, fault_type=3D1 '\001', fault_flags=3D0) at /usr/home/luporl/base/head/sys/vm/vm_fault.c:536 #30 0xc000000000ab493c in trap_pfault (frame=3D0xe0000000ce0f2840, user=3D1= ) at /usr/home/luporl/base/head/sys/powerpc/powerpc/trap.c:809 #31 0xc000000000ab5014 in trap (frame=3D0xe0000000ce0f2840) at /usr/home/luporl/base/head/sys/powerpc/powerpc/trap.c:272 #32 0xc000000000aa9fb4 in powerpc_interrupt (framep=3D0xe0000000ce0f2840) at /usr/home/luporl/base/head/sys/powerpc/powerpc/interrupt.c:127 #33 0xc000000000102ee0 in trapagain () at /usr/home/luporl/base/head/sys/powerpc/aim/trap_subr64.S:831 This is from a VM. I also happens on a physical host, but DDB stack trace doesn't have as much information. What seems to me here is that moea64_enter() ends up using uma_zalloc() to allocate a pvo entry, that uses memguard_alloc(), that uses kmem_back(), th= at calls moea64_enter(). This loop is interrupted by the panic on the non-recursive kmem_back_domain() lock. --=20 You are receiving this mail because: You are the assignee for the bug.=