Marcus MERIGHI wrote:
> [email protected] (Stefan Kempf), 2016.01.28 (Thu) 20:57 (CET):
> > Marcus MERIGHI wrote:
> >
> > Let's see what the stack pointer looks like when you get the illegal
> > instruction. Can you try this please:
> >
> > We need to see the lines that say [ stack ]
>
> 00007F7FFDFE1000 28672K [ stack ]
> 00007F7FFFBE1000 4028K read/write [ stack ]
> 00007F7FFFFD0000 64K read/write [ stack ]
> 00007F7FFFFE0000 4K [ stack ]
>
> > Now, back in top, hit ctrl+c to make it crash. Then run:
> >
> > $ gdb -q /usr/bin/top top.core
> > (gdb) info reg
> >
> > And send us the output of the 'info reg' command.
>
> rsp 0x7f7ffffdf848 0x7f7ffffdf848
0x7f7ffffdf848 is within 00007F7FFFFD0000 + 64K, which is mapped
read/write, so the process seems to enter the kernel with a proper
stack pointer.
We need to see how it looks like from within the kernel (and whether
the illegal instruction is really raised from within sendsig()). Can you
try the diff below?
Before booting the new kernel, add to your sysctl.conf:
ddb.panic=1
ddb.console=1
ddb.panic=1 should be enough though
You should get a kernel panic now instead of an illegal instruction
signal if you try running ping or top. We need the output of the panic
message and the output of the following commands:
ddb> trace
ddb> show proc
This will also print something like vmspace=<address>.
Use this address for the next command:
ddb> show map /f <address>
Thanks for helping remote-debugging :-)
Index: arch/amd64/amd64/machdep.c
===================================================================
RCS file: /cvs/src/sys/arch/amd64/amd64/machdep.c,v
retrieving revision 1.217
diff -u -p -r1.217 machdep.c
--- arch/amd64/amd64/machdep.c 21 Oct 2015 07:59:17 -0000 1.217
+++ arch/amd64/amd64/machdep.c 30 Jan 2016 09:39:57 -0000
@@ -527,6 +527,7 @@ sendsig(sig_t catcher, int sig, int mask
siginfo_t ksi;
register_t sp, scp, sip;
u_long sss;
+ int userstack;
#ifdef DEBUG
if ((sigdebug & SDB_FOLLOW) && (!sigpid || p->p_pid == sigpid))
@@ -540,10 +541,13 @@ sendsig(sig_t catcher, int sig, int mask
/* Allocate space for the signal handler context. */
if ((p->p_sigstk.ss_flags & SS_DISABLE) == 0 &&
- !sigonstack(tf->tf_rsp) && (psp->ps_sigonstack & sigmask(sig)))
+ !sigonstack(tf->tf_rsp) && (psp->ps_sigonstack & sigmask(sig))) {
sp = (register_t)p->p_sigstk.ss_sp + p->p_sigstk.ss_size;
- else
+ userstack = 0;
+ } else {
sp = tf->tf_rsp - 128;
+ userstack = 1;
+ }
sp &= ~15ULL; /* just in case */
sss = (sizeof(ksc) + 15) & ~15;
@@ -553,8 +557,18 @@ sendsig(sig_t catcher, int sig, int mask
sp -= fpu_save_len;
ksc.sc_fpstate = (struct fxsave64 *)sp;
if (copyout(&p->p_addr->u_pcb.pcb_savefpu.fp_fxsave,
- (void *)sp, fpu_save_len))
+ (void *)sp, fpu_save_len)) {
+ panic("sendsig 1: fxsave %p, sp %p, fxave_size %zu, "
+ "savefpu_size %zu, fpu_save_len %zu, tf_rsp %p, "
+ "userstack %d",
+ &p->p_addr->u_pcb.pcb_savefpu.fp_fxsave,
+ (void *)sp,
+ sizeof(p->p_addr->u_pcb.pcb_savefpu.fp_fxsave),
+ sizeof(p->p_addr->u_pcb.pcb_savefpu),
+ fpu_save_len, (void *)tf->tf_rsp,
+ userstack);
sigexit(p, SIGILL);
+ }
/* Signal handlers get a completely clean FP state */
p->p_md.md_flags &= ~MDP_USEDFPU;
@@ -566,13 +580,22 @@ sendsig(sig_t catcher, int sig, int mask
sss += (sizeof(ksi) + 15) & ~15;
initsiginfo(&ksi, sig, code, type, val);
- if (copyout(&ksi, (void *)sip, sizeof(ksi)))
+ if (copyout(&ksi, (void *)sip, sizeof(ksi))) {
+ panic("sendsig 2: sip %p, tf_rsp %p, ksi_size %zu, "
+ "userstack %d",
+ (void *)sip, (void *)tf->tf_rsp, sizeof(ksi),
+ userstack);
sigexit(p, SIGILL);
+ }
}
scp = sp - sss;
- if (copyout(&ksc, (void *)scp, sizeof(ksc)))
+ if (copyout(&ksc, (void *)scp, sizeof(ksc))) {
+ panic("sendsig 3: scp %p, tf_rsp %p, ksc_size %zu, "
+ "userstack %d",
+ (void *)scp, (void *)tf->tf_rsp, sizeof(ksc), userstack);
sigexit(p, SIGILL);
+ }
/*
* Build context to run handler in.
