Opened 13 months ago

Last modified 2 months ago

#18624 assigned bug

Kernel panic when a program triggers a floating-point trap

Reported by: bhaible Owned by: korli
Priority: normal Milestone: R1/beta6
Component: System/Kernel Version: R1/beta4
Keywords: Cc:
Blocked By: Blocking: #19063
Platform: x86-64

Description

Find attached a program that

1) invokes feenableexcept(FE_INVALID); to turn FE_INVALID floating-point exceptions (not C++ exceptions!) into traps,

2) exercises an arithmetic operation with a signalling NaN, so as to trigger such a FE_INVALID floating-point exception.

How to reproduce:

  • Open a Terminal.
  • Unpack testdir4.tar.gz.
  • Then 
    cd testdir4
./configure
make
make check

Expected outcome: The program crashes with some signal (most likely SIGFPE).

Actual outcome: Kernel panic; screenshot attached.

The program invocation that crashes is one of: 

gltests/test-snan-2 f
gltests/test-snan-2 d
gltests/test-snan-2 l

Attachments (2)

testdir4.tar.gz (176.9 KB ) - added by bhaible 13 months ago.
test case
fpe-crash.png (49.2 KB ) - added by bhaible 13 months ago.
screenshot of kernel panic

Download all attachments as: .zip

Change History (18)

by bhaible, 13 months ago

Attachment: testdir4.tar.gz added

test case

by bhaible, 13 months ago

Attachment: fpe-crash.png added

screenshot of kernel panic

comment:1 by bhaible, 13 months ago

More details:

gltests/test-snan-2 f succeeds.

gltests/test-snan-2 d succeeds.

gltests/test-snan-2 l is the invocation that crashes.

comment:2 by pulkomandy, 13 months ago

the backtrace goes through x86_unexpected_exception, I think that means we are missing some code to handle these?

comment:3 by waddlesplash, 13 months ago

What hrev, please?

Looks similar to #14802 which was solved by hrev55135.

comment:4 by waddlesplash, 13 months ago

Actually it looks even more similar to #15781.

comment:5 by bhaible, 13 months ago

What hrev, please?

I'm using the release from https://www.haiku-os.org/get-haiku/r1beta4/, download timestamp: 2022-12-22.

comment:6 by X512, 13 months ago

I suspect that exception occurs when kernel write FPU registers during contex switch, some of value is SNaN and triggering exceptions by SNaN is enabled in FPU flags. Kernel should not trust FPU flags set by userland and turn off SNaN exceptions before context switch.

comment:8 by korli, 13 months ago

Milestone: UnscheduledR1/beta5

comment:9 by korli, 13 months ago

Resolution: fixed
Status: newclosed

Fixed in hrev57363

comment:10 by bhaible, 12 months ago

Thanks! I confirm it's fixed in hrev57370.

comment:11 by bhaible, 2 months ago

Resolution: fixed
Status: closedreopened

I reproduce it again in Haiku hrev57823 (from 2024-07-15).

How to reproduce: 

tar xfz testdir4.tar.gz
cd testdir4
./configure
make
gltests/test-snan-2 l

comment:12 by waddlesplash, 2 months ago

Blocking: 19063 added

comment:13 by waddlesplash, 2 months ago

Component: SystemSystem/Kernel
Owner: changed from nobody to korli
Status: reopenedassigned

I guess this must've regressed in hrev57381, but that commit indicates that this ticket was re-tested then, so I'm not sure what could've happened.

comment:14 by waddlesplash, 2 months ago

(Since this keeps regressing we should probably add a test to the testsuite.)

comment:15 by bhaible, 2 months ago

(Since this keeps regressing we should probably add a test to the testsuite.)

The foo2.c from #19063 is a single-file reproducer. Feel free to add it to the test suite.

comment:16 by waddlesplash, 2 months ago

Milestone: R1/beta5R1/beta6

move remaining tickets to beta6

Note: See TracTickets for help on using tickets.