NetBSD Problem Report #54421

From hannken@eis.cs.tu-bs.de  Mon Jul 29 15:18:05 2019
Return-Path: <hannken@eis.cs.tu-bs.de>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 0CFAD7A162
	for <gnats-bugs@gnats.NetBSD.org>; Mon, 29 Jul 2019 15:18:05 +0000 (UTC)
Message-Id: <20190729151758.B4484CBACE@builder.isf.cs.tu-bs.de>
Date: Mon, 29 Jul 2019 17:17:58 +0200 (MEST)
From: hannken@eis.cs.tu-bs.de
Reply-To: hannken@eis.cs.tu-bs.de
To: gnats-bugs@NetBSD.org
Subject: Amap field am_nused becomes negative.
X-Send-Pr-Version: 3.95

>Number:         54421
>Category:       kern
>Synopsis:       Amap field am_nused becomes negative.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    ad
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Jul 29 15:20:00 +0000 2019
>Closed-Date:    Tue Oct 20 09:26:36 +0000 2020
>Last-Modified:  Tue Oct 20 09:26:36 +0000 2020
>Originator:     Juergen Hannken-Illjes
>Release:        NetBSD 8.0_STABLE
>Organization:
>Environment:
System: NetBSD builder.isf.cs.tu-bs.de 8.0_STABLE NetBSD 8.0_STABLE (generic.amd64) #1: Sat Jun 8 11:48:26 MEST 2019 build@builder.isf.cs.tu-bs.de:/build/nbsd8/obj/obj.amd64/sys/arch/amd64/compile/generic.amd64 amd64
Architecture: x86_64
Machine: amd64
>Description:
From time to time running "pgrep" makes the machine crash on kvm_getargv2()..
>How-To-Repeat:
Run "pgrep" and sometimes get a crash:

uvm_fault(0xffffffff8154a940, 0xffffffff81041000, 2) -> e
fatal page fault in supervisor mode
trap type 6 code 0x3 rip 0xffffffff8090f84a cs 0x8 rflags 0x10282 cr2 0xffffffff81041c88 ilevel 0 rsp 0xffff8006d539a9e8
curlwp 0xfffffe936df78a60 pid 28952.1 lowest kstack 0xffff8006d53982c0
panic: trap
cpu4: Begin traceback...
vpanic() at netbsd:vpanic+0x15d
snprintf() at netbsd:snprintf
trap() at netbsd:trap+0xa00
--- trap (number 6) ---
amap_wiperange() at netbsd:amap_wiperange+0x93
amap_pp_adjref() at netbsd:amap_pp_adjref+0x1fc
amap_adjref_anons() at netbsd:amap_adjref_anons+0x67
uvm_map_extract() at netbsd:uvm_map_extract+0x267
uvm_io() at netbsd:uvm_io+0xc7
copyin_vmspace() at netbsd:copyin_vmspace+0x87
copyin_proc() at netbsd:copyin_proc+0x35
copyin_psstrings() at netbsd:copyin_psstrings+0x5b
copy_procargs() at netbsd:copy_procargs+0x78
sysctl_kern_proc_args() at netbsd:sysctl_kern_proc_args+0x36d
sysctl_dispatch() at netbsd:sysctl_dispatch+0xba
sys___sysctl() at netbsd:sys___sysctl+0xd8
syscall() at netbsd:syscall+0x1ec
--- syscall (number 202) ---
73242370351a:
cpu4: End traceback...

GDB Frame 5 (amap_wiperange):

(gdb) print *amap
$1 = {
  am_lock = 0xfffffe8b1d24bd00,
  am_ref = 2,
  am_flags = 1,
  am_maxslot = 20,
  am_nslot = 20,
  am_nused = -2,
  am_slots = 0xfffffe93bdcf4550,
  am_bckptr = 0xfffffe96e873bb50,
  am_anon = 0xfffffe958e466528,
  am_ppref = 0xfffffe9807a935a0,
  am_list = {
    le_next = 0xfffffe91c4710f70,
    le_prev = 0xfffffe9712d21a48
  }
}
(gdb) print *amap->am_bckptr@20
$2 = {10, 11, 0, 13, 14, 1, 9, 17, 2, 3, 4, 5, 7, 6, 5, 4, 3, 2, 0, 0}
(gdb) print *amap->am_slots@20
$3 = {19, 19, -1, 16, 15, 14, 13, 12, 625993664, -380, 231648232, -360, 1831730528, -363, 808729032, -382, -1, 0, 0, 0}
>Fix:
Please ...

>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: kern-bug-people->ad
Responsible-Changed-By: ad@NetBSD.org
Responsible-Changed-When: Tue, 16 Jun 2020 23:13:52 +0000
Responsible-Changed-Why:
I will take a look.


From: "J. Hannken-Illjes" <hannken@eis.cs.tu-bs.de>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: kern/54421 (Amap field am_nused becomes negative.)
Date: Wed, 17 Jun 2020 13:12:03 +0200

 --Apple-Mail=_5CCF281B-D6FD-4609-8DD6-E374C33CB0EA
 Content-Transfer-Encoding: 7bit
 Content-Type: text/plain;
 	charset=us-ascii

 As I suppose this was the same as kern/55366
 "Assertion "ref >= 0" file "sys/uvm/uvm_amap.c" failed.

 For kern/55366 I have a coredump.

 --
 J. Hannken-Illjes - hannken@eis.cs.tu-bs.de - TU Braunschweig (Germany)

 --Apple-Mail=_5CCF281B-D6FD-4609-8DD6-E374C33CB0EA
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
 	filename=signature.asc
 Content-Type: application/pgp-signature;
 	name=signature.asc
 Content-Description: Message signed with OpenPGP

 -----BEGIN PGP SIGNATURE-----

 iQEzBAEBCAAdFiEE2BL3ha7Xao4WUZVYKoaVJdNr+uEFAl7p+oMACgkQKoaVJdNr
 +uHEDAgAn9YblI2jBnn2lMvp8Ua2ReMdTAjb2BK9UpENx0VOYAJ+5QnwJlm/njAs
 cUGVb++XljmZYJoUgudqpPLDDHN8Nh9s2MKnHS8XDfFZIkrFcSHhneVJToDgt0RD
 MskIGjyGsdcuPkBw32ZZRoT8A/a87TMjbh82Z1jT38YhgcH5yhXPkopVVNx8V8Ie
 2Wmk2FhIU9G57SL0FFTPClS3CNbfCgZj00ImmLcGfBH/syVrwyu2Bft1n71bimlY
 Lf52kxpWPaX355G/ZMYOCwjrryg1zmXj2sLzlYx4sDNJLI81U9KzD/UcYrXGygsN
 0PlnHPXWya69KQNKxQwjrJUNWJ0KVw==
 =Vesm
 -----END PGP SIGNATURE-----

 --Apple-Mail=_5CCF281B-D6FD-4609-8DD6-E374C33CB0EA--

State-Changed-From-To: open->closed
State-Changed-By: hannken@NetBSD.org
State-Changed-When: Tue, 20 Oct 2020 09:26:36 +0000
State-Changed-Why:
Fixed with PR #55366.


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.