NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
kern/56355: dtrace triggers double-fault in supervisor mode
>Number: 56355
>Category: kern
>Synopsis: dtrace triggers double-fault in supervisor mode
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Aug 10 07:25:00 +0000 2021
>Originator: bch
>Release: NetBSD 9.99.88
>Organization:
method logic digital
>Environment:
System: NetBSD katy 9.99.88 NetBSD 9.99.88 (GENERIC) #158: Sat Aug 7 17:01:50 PDT 2021 root@katy:/usr/obj/sys/arch/amd64/compile/GENERIC amd64
Architecture: x86_64
Machine: amd64
>Description:
Example of a successful run on FreeBSD:
# dtrace -n 'fbt:kernel:trap:entry { ustack(); }'
0 57874 trap:entry
libc.so.7`memmove+0x10a
libdtrace.so.2`dtrace_consume+0x2cd
libdtrace.so.2`dtrace_work+0x5d
dtrace`0x206ba3
dtrace`0x20510f
ld-elf.so.1`0x800233000
0 57874 trap:entry
libc.so.7`0x80048b45f
libc.so.7`vfprintf_l+0xb5
dtrace`0x2083bf
dtrace`0x206b44
dtrace`0x20510f
ld-elf.so.1`0x800233000
[...]
Various sample backtraces from ddb in NetBSD after faults by
"# dtrace -n 'fbt:netbsd:trap:entry { ustack(); }'":
[ 861.0276335] fatal double fault in supervisor mode
[ 861.0276335] trap type 13 code 0 rip 0xffffffff8285b388 cs 0x8 rflags 0x10282 cr2 0xffff990078a72ff8 ilevel 0 rsp 0xffff990078a73000
[ 861.0276335] curlwp 0xffff9202722f9340 pid 217.217 lowest kstack 0xffff990078a712c0
kernel: double fault trap, code=0
Stopped in pid 217.217 (rm) at dtrace_fbt:fbt_invop+8: pushq %r13
fbt_invop() at dtrace_fbt:fbt_invop+8
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6181
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6181
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6181
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6181
fbt_invop() at dtrace_fbt:fbt_invop+192
[...]
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6181
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6181
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
elf64_copyargs() at netbsd:elf64_copyargs+28
execve_runproc() at netbsd:execve_runproc+1185
execve1() at netbsd:execve1+79
sys_execve() at netbsd:sys_execve+42
syscall() at netbsd:syscall+406
--- syscall (number 59) ---
netbsd:syscall+406:
ds 35
es 35
fs 0
gs 0
rdi 18446744071564330048 trap
rsi 18446630826036113488
rbp 18446630826036113424
rbx 140187732537344
rdx 140187732537344
rcx 0
rax 18446744071603810864 dtrace_invop_start
r8 1
r9 18446630824154095616
r10 0
r11 0
r12 18446630826036113488
r13 18446744071564330048 trap
r14 18446623137861511552
r15 18446630824163618848
rip 18446744071604384648 fbt_invop+8
cs 8
rflags 66178
rsp 18446630826036113408
ss 16
dtrace_fbt:fbt_invop+8: pushq %r13
Mon Aug 9 08:05:57 PDT 2021
[ 835.7660203] fatal double fault in supervisor mode
[ 835.7660203] trap type 13 code 0 rip 0xffffffff827c3e53 cs 0x8 rflags 0x10082 cr2 0xffffbb80785c6ec8 ilevel 0 rsp 0xffffbb80785c6ed0
[ 835.7660203] curlwp 0xffffa754dd4de200 pid 1983.1983 lowest kstack 0xffffbb80785c52c0
kernel: double fault trap, code=0
Stopped in pid 1983.1983 (sshd) at dtrace:dtrace_dif_emulate+26: movq
%rsi,18446744073709551256(%rbp)
dtrace_dif_emulate() at dtrace:dtrace_dif_emulate+26
dtrace_probe() at dtrace:dtrace_probe+988
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6181
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6181
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6181
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
---
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6181
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6181
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
ds 35
es 35
fs 0
gs 0
rdi 18446646581911618752
rsi 18446668759182373416
rbp 18446668759182373120
rbx 18446668757305319424
rdx 18446668757294981176
rcx 18446668757294981120
rax 1
r8 18446668759182373416
r9 18446668757305319424
r10 0
r11 582
r12 18446646581911618752
r13 18446668757305319424
r14 18446668757305253888
r15 18446668759182373416
rip 18446744071603764819 dtrace_dif_emulate+26
cs 8
rflags 65666
rsp 18446668759182372560
ss 16
dtrace:dtrace_dif_emulate+26: movq %rsi,18446744073709551256(%rbp)
Mon Aug 9 10:10:15 PDT 2021
[ 6969.8811677] fatal double fault in supervisor mode
[ 6969.8811677] trap type 13 code 0 rip 0xffffffff802083a9 cs 0x8 rflags 0x10082 cr2 0
[ 6969.8811677] curlwp 0xffff90c8be4dcac0 pid 2815.2815 lowest kstack 0xffff930078e070
kernel: double fault trap, code=0
Stopped in pid 2815.2815 (dtrace) at netbsd:Xtrap14+9: movq %rdi,0(%
rsp)
Xtrap14() at netbsd:Xtrap14+9
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6181
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6181
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6181
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6181
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6181
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6181
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6181
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
ds 35
es 35
fs 0
gs 0
rdi 127156438688512
rsi 20
rbp 18446624228970107056
rbx 127156438688504
rdx 127156453931168
rcx 0
rax 140187732537344
r8 18446624228970107432
r9 18446624227084328960
r10 0
r11 582
r12 19
r13 1
r14 127156453931168
r15 18446624227089657888
rip 18446744071564198825 Xtrap14+9
cs 8
rflags 65666
rsp 18446624228970106736
ss 0
netbsd:Xtrap14+9: movq %rdi,0(%rsp)
Mon Aug 9 18:07:44 PDT 2021
katy$ Aug 9 16:33:25 katy_v0 su: bch to root on /dev/pts/0
[ 4707.3916637] -bch dtrace_getupstack(): 20
[ 4707.3916637] -bch dtrace_getupstack(): 20
[ 4707.3916637] -bch dtrace_getupstack(): 20
[ 4707.3916637] -bch dtrace_getupstack(): 20
[ 4707.3916637] -bch dtrace_getupstack(): 20
[ 4707.3916637] -bch dtrace_getupstack(): 20
[ 4707.3916637] fatal double fault in supervisor mode
[ 4707.3916637] trap type 13 code 0 rip 0xffffffff827c3e53 cs 0x8 rflags 0x10082 cr2 0
[ 4707.3916637] curlwp 0xfffffbdba1e6b580 pid 502.502 lowest kstack 0xffff9a80784702c0
kernel: double fault trap, code=0
Stopped in pid 502.502 (pickup) at dtrace:dtrace_dif_emulate+26: movq
%rsi,18446744073709551256(%rbp)
dtrace_dif_emulate() at dtrace:dtrace_dif_emulate+26
dtrace_probe() at dtrace:dtrace_probe+988
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6196
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6196
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6196
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6196
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6196
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6196
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
ds 35
es 35
fs 0
gs 0
rdi 18446739519667471936
rsi 18446632475297260072
rbp 18446632475297259776
rbx 18446632473421537280
rdx 18446632473411264568
rcx 18446632473411264512
rax 1
r8 18446632475297260072
r9 18446632473421537280
r10 0
r11 4294967293
r12 18446739519667471936
r13 18446632473421537280
r14 18446632473421602816
r15 18446632475297260072
rip 18446744071603764819 dtrace_dif_emulate+26
cs 8
rflags 65666
rsp 18446632475297259216
ss 0
dtrace:dtrace_dif_emulate+26: movq %rsi,18446744073709551256(%rbp)
Mon Aug 9 18:20:31 PDT 2021
[ 277.0165899] -bch dtrace_getupstack(): 20
[ 277.0165899] -bch dtrace_getupstack(): 20
[ 277.0165899] -bch dtrace_getupstack(): 20
[ 277.0165899] -bch dtrace_getupstack(): 20
[ 277.0165899] -bch dtrace_getupstack(): 20
[ 277.0165899] -bch dtrace_getupstack(): 20
[ 277.0165899] fatal double fault in supervisor mode
[ 277.0165899] trap type 13 code 0 rip 0xffffffff827c3e53 cs 0x8 rflags 0x10082 cr2 00
[ 277.0165899] curlwp 0xffffd45f5ca4b100 pid 1761.1761 lowest kstack 0xffffdd807835020
kernel: double fault trap, code=0
Stopped in pid 1761.1761 (pickup) at dtrace:dtrace_dif_emulate+26: movq
%rsi,18446744073709551256(%rbp)
dtrace_dif_emulate() at dtrace:dtrace_dif_emulate+26
dtrace_probe() at dtrace:dtrace_probe+988
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6196
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6196
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6196
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6196
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6196
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
dtrace_invop_start() at dtrace:dtrace_invop_start+27
dtrace_getupcstack() at dtrace:dtrace_getupcstack+215
dtrace_probe() at dtrace:dtrace_probe+6196
fbt_invop() at dtrace_fbt:fbt_invop+192
dtrace_invop() at dtrace:dtrace_invop+55
ds 35
es 35
fs 0
gs 0
rdi 18446696104877567616
rsi 18446706142575141416
rbp 18446706142575141120
rbx 18446706140700598272
rdx 18446706140690325560
rcx 18446706140690325504
rax 1
r8 18446706142575141416
r9 18446706140700598272
r10 0
r11 4294967293
r12 18446696104877567616
r13 18446706140700598272
r14 18446706140700663808
r15 18446706142575141416
rip 18446744071603764819 dtrace_dif_emulate+26
cs 8
rflags 65666
rsp 18446706142575140560
ss 0
dtrace:dtrace_dif_emulate+26: movq %rsi,18446744073709551256(%rbp)
>How-To-Repeat:
# dtrace -n 'fbt:netbsd:trap:entry { ustack(); }'
>Fix:
Home |
Main Index |
Thread Index |
Old Index