NetBSD Problem Report #55597

From martin@duskware.de  Sat Aug 22 09:09:49 2020
Return-Path: <martin@duskware.de>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id BEF8D1A9249
	for <gnats-bugs@gnats.NetBSD.org>; Sat, 22 Aug 2020 09:09:48 +0000 (UTC)
From: martin@NetBSD.org
Reply-To: martin@NetBSD.org
To: gnats-bugs@NetBSD.org
Subject: amap KASSERTs/panics
X-Send-Pr-Version: 3.95

>Number:         55597
>Category:       kern
>Synopsis:       amap KASSERTs/panics
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Aug 22 09:10:00 +0000 2020
>Last-Modified:  Tue Oct 20 09:35:01 +0000 2020
>Originator:     Martin Husemann
>Release:        NetBSD 9.99.71
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD space-truckin.duskware.de 9.99.71 NetBSD 9.99.71 (GENERIC) #102: Fri Aug 21 19:02:48 CEST 2020 martin@seven-days-to-the-wolves.aprisoft.de:/work/src/sys/arch/evbarm/compile/GENERIC evbarm
Architecture: earmv7hfeb
Machine: evbarm
>Description:

During several ATF runs I got a sequence of amap related panics, with
various levels of diagnostic available:


t_audio (1/2): 159 test cases
[...]
[ 41059.7554972] uvm_fault(0x80b6e908, 0, 1) -> e
[ 41059.7655086] Fatal kernel mode data abort: 'Translation Fault (S)'
[ 41059.7655086] trapframe: 0xc7f5bc50
[ 41059.7755008] FSR=00000005, FAR=00000000, spsr=800c0213
[ 41059.7755008] r0 =00000000, r1 =9331c040, r2 =9331c168, r3 =94646300
[ 41059.7855041] r4 =9beee890, r5 =00000000, r6 =0000000b, r7 =00000128
[ 41059.7955016] r8 =00000024, r9 =00000000, r10=00000000, r11=c7f5bcec
[ 41059.7955016] r12=80093f24, ssp=c7f5bca0, slr=80003270, pc =80409a80
Stopped in pid 10273.10273 (audiotest) at       netbsd:amap_wiperange+0x174:

This is: 

0x80409a80 is in amap_wiperange (../../../../uvm/uvm_amap.c:1308).
1303                                    continue;
1304                            }
1305                            stop--; /* drop stop, since anon will be removed */
1306                    }
1307                    anon = amap->am_anon[curslot];
1308                    KASSERT(anon->an_lock == amap->am_lock);


Could anon be NULL?

Another one in the ptrace tests (have seen this backtrace in a previous run
too but had no proper logging enabled, so not sure it happend at the same
place):

    traceme_lwpinfo2: [0.187480s] Passed.
    traceme_lwpinfo2_lwpstatus: [0.159634s] Passed.
    traceme_lwpinfo2_lwpstatus_pl_name: [0.218605s] Passed.
    traceme_lwpinfo2_lwpstatus_pl_private: [0.198824s] Passed.
    traceme_lwpinfo2_lwpstatus_pl_sigmask: [0.197590s] Passed.
    traceme_lwpinfo3: [0.217410s] Passed.
    traceme_lwpinfo3_lwpstatus: 
[ 2596.6324836] panic: kernel diagnostic assertion "anon != NULL && anon->an_ref != 0" failed: file "../../../../uvm/uvm_amap.c", line 777 
[ 2596.6511788] cpu0: Begin traceback...
[ 2596.6511788] 0xc88a5d3c: netbsd:db_panic+0x14
[ 2596.6618087] 0xc88a5d54: netbsd:vpanic+0xe4
[ 2596.6618087] 0xc88a5d6c: netbsd:__aeabi_uldivmod
[ 2596.6714532] 0xc88a5dbc: netbsd:amap_wipeout+0xb4
[ 2596.6714532] 0xc88a5dfc: netbsd:uvm_unmap_detach+0x80
[ 2596.6817913] 0xc88a5e24: netbsd:uvmspace_free+0xf0
[ 2596.6929471] 0xc88a5ecc: netbsd:exit1+0x1a0
[ 2596.6929471] 0xc88a5eec: netbsd:sys_exit+0x3c
[ 2596.7029680] 0xc88a5fac: netbsd:syscall+0x188
[ 2596.7029680] cpu0: End traceback...


and this is:

(gdb) list *(amap_wipeout+0xb4)
0x804092f0 is in amap_wipeout (../../../../uvm/uvm_amap.c:779).
774     
775                     slot = amap->am_slots[lcv];
776                     anon = amap->am_anon[slot];
777                     KASSERT(anon != NULL && anon->an_ref != 0);
778     
779                     KASSERT(anon->an_lock == amap->am_lock);
780                     UVMHIST_LOG(maphist,"  processing anon %#jx, ref=%jd",
781                         (uintptr_t)anon, anon->an_ref, 0, 0);


>How-To-Repeat:

as root: cd /usr/tests && atf-run

>Fix:
n/a

>Audit-Trail:
From: "J. Hannken-Illjes" <hannken@eis.cs.tu-bs.de>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: kern/55597: amap KASSERTs/panics
Date: Sat, 22 Aug 2020 13:11:13 +0200

 --Apple-Mail=_17033AA9-F27D-4C4E-A075-C91DA0344996
 Content-Transfer-Encoding: 7bit
 Content-Type: text/plain;
 	charset=us-ascii

 PRs 54421 55366 may be related ...

 --
 J. Hannken-Illjes - hannken@eis.cs.tu-bs.de - TU Braunschweig

 --Apple-Mail=_17033AA9-F27D-4C4E-A075-C91DA0344996
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
 	filename=signature.asc
 Content-Type: application/pgp-signature;
 	name=signature.asc
 Content-Description: Message signed with OpenPGP

 -----BEGIN PGP SIGNATURE-----

 iQEzBAEBCAAdFiEE2BL3ha7Xao4WUZVYKoaVJdNr+uEFAl9A/VEACgkQKoaVJdNr
 +uHc/Af9GNfHeyBrqtB4QA9cjgkITWuv0i3XVjvcRuctN845tl47o6t+ApObo2r9
 dJ4z/ApMn8QVXDdHi7VCoV/deP4U4+lxIotOyV5KCRIFDx1/GDPl6N44dyqgo6s1
 tmBY31hpyPbgaZW+4j4JUKANjZL5xSze5J4cHKsKgfGjrjRzi6HSD7es8Ix9Wtmj
 JQgesJVBb9WPp+2sSXuM/NY6vUSDlegPRUcZ+cO5K8vJXYvx+aNet8KqnH2vQFVC
 GWSumDrUNJMwCIi0OEpopB/1cmkecPR4raCO/5DGv3WflRS80gmPuG11r4p+mJpY
 uqEZoNMwIsEq1qZhhyHzxwHEUkbBvQ==
 =x//M
 -----END PGP SIGNATURE-----

 --Apple-Mail=_17033AA9-F27D-4C4E-A075-C91DA0344996--

From: "J. Hannken-Illjes" <hannken@eis.cs.tu-bs.de>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: kern/55597: amap KASSERTs/panics
Date: Tue, 20 Oct 2020 11:30:34 +0200

 --Apple-Mail=_BE186E37-F7DD-43F3-8C85-C0CCEB51658D
 Content-Transfer-Encoding: 7bit
 Content-Type: text/plain;
 	charset=us-ascii

 This should be fixed with

 	sys/uvm/uvm_amap.c: revision 1.125
 	sys/uvm/uvm_io.c: revision 1.29

 from PR #55366.  Please confirm.

 --
 J. Hannken-Illjes - hannken@eis.cs.tu-bs.de - TU Braunschweig (Germany)

 --Apple-Mail=_BE186E37-F7DD-43F3-8C85-C0CCEB51658D
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
 	filename=signature.asc
 Content-Type: application/pgp-signature;
 	name=signature.asc
 Content-Description: Message signed with OpenPGP

 -----BEGIN PGP SIGNATURE-----

 iQEzBAEBCAAdFiEE2BL3ha7Xao4WUZVYKoaVJdNr+uEFAl+OrjoACgkQKoaVJdNr
 +uHb4QgAnkTn3UZF4vEgpJaOmKxXW9vDfTxKViqH69/0KYb6VpL3Rg1iVMrVPEOZ
 LCGlYDNOc8GVgxJBwtQh4Mzx2A38K91t+qbdlfum13IiXNz9pFKxuahHmu0gBYvg
 XCff/wPkHN7zJB3JKjLGux3WfdkbEoLOd0pKwr5bFVfU8Cs/SnNTFo/wyxLAngWq
 9pKjAMB5Y/7MDEL2H+0gQLF7GXYFc1L4j+mnijQkq3hjYs0A7HE5fSlC5yUVjNtg
 tuaq1bOiiNJ043Axz6GwN59ht7kSjQk33d2ye7lHcQbK5gLSCOpwcQRfVowQyjrz
 3Vi32nmRhDWLlXwzApwBB7jJAiDhOg==
 =fTRm
 -----END PGP SIGNATURE-----

 --Apple-Mail=_BE186E37-F7DD-43F3-8C85-C0CCEB51658D--
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.