NetBSD Problem Report #55980

From www@netbsd.org  Sat Feb  6 17:54:55 2021
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 65C261A9239
	for <gnats-bugs@gnats.NetBSD.org>; Sat,  6 Feb 2021 17:54:55 +0000 (UTC)
Message-Id: <20210206175454.0D5A81A923A@mollari.NetBSD.org>
Date: Sat,  6 Feb 2021 17:54:53 +0000 (UTC)
From: prlw1@cam.ac.uk
Reply-To: prlw1@cam.ac.uk
To: gnats-bugs@NetBSD.org
Subject: panic:  kernel diagnostic assertion "atomic_load_relaxed...
X-Send-Pr-Version: www-1.0

>Number:         55980
>Category:       kern
>Synopsis:       panic:  kernel diagnostic assertion "atomic_load_relaxed...
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Feb 06 17:55:00 +0000 2021
>Last-Modified:  Wed Jun 02 16:35:01 +0000 2021
>Originator:     Patrick Welche
>Release:        NetBSD-9.99.80/amd64
>Organization:
>Environment:
NetBSD 9.99.80 (GENERIC) #59: Sat Feb  6 13:13:44 GMT 2021               
total memory = 159 GB               
cpu23: AMD Opteron(tm) Processor 6174, id 0x100f91               

>Description:
Unfortunately all I have is from a tmux tip serial console:

[ 9916.0148407] panic: kernel diagnostic assertion "atomic_load_relaxed(&pp->pp 
[ 9916.0448418] cpu1: Begin traceback...                                        
[ 9916.0548410] vpanic() at netbsd:vpanic+0x156                                 
[ 9916.0648412] __x86_indirect_thunk_rax() at netbsd:__x86_indirect_thunk_rax   
[ 9916.0748414] pmap_clear_attrs() at netbsd:pmap_clear_attrs+0x124             
[ 9916.0948428] uvm_pagemarkdirty() at netbsd:uvm_pagemarkdirty+0x37b           
[ 9916.1048420] uao_get() at netbsd:uao_get+0x315                               
[ 9916.1148407] ubc_fault() at netbsd:ubc_fault+0x16a                           
[ 9916.1248414] uvm_fault_internal() at netbsd:uvm_fault_internal+0x57a         
[ 9916.1348416] trap() at netbsd:trap+0x5b7                                     
[ 9916.1448423] --- trap (number 6) ---                                         
[ 9916.1548415] copyin() at netbsd:copyin+0x2f                                  
[ 9916.1648407] uiomove() at netbsd:uiomove+0xba                                
[ 9916.1748414] ubc_uiomove() at netbsd:ubc_uiomove+0x157                       
[ 9916.1848421] tmpfs_write() at netbsd:tmpfs_write+0xff                        
[ 9916.1948418] VOP_WRITE() at netbsd:VOP_WRITE+0x40                            
[ 9916.2048415] vn_write() at netbsd:vn_write+0xe0                              
[ 9916.2148427] dofilewrite() at netbsd:dofilewrite+0x80                        
[ 9916.2248429] sys_write() at netbsd:sys_write+0x49                            
[ 9916.2348431] syscall() at netbsd:syscall+0x23e                               
[ 9916.2448428] --- syscall (number 4) ---                                      
[ 9916.2548430] netbsd:syscall+0x23e:                                           
[ 9916.2648437] cpu1: End traceback...                                          
[ 9916.2748425] rebooting...                                                    


>How-To-Repeat:

>Fix:

>Audit-Trail:
From: Patrick Welche <prlw1@cam.ac.uk>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: kern/55980: panic:  kernel diagnostic assertion
 "atomic_load_relaxed...
Date: Wed, 2 Jun 2021 17:32:36 +0100

 Managed to reproduce this a couple of times since, with coredumps,
 e.g., 31 May source, 9.99.82/amd64.

 First, the full message is:

 System panicked: kernel diagnostic assertion "atomic_load_relaxed(&pp->pp_pte.pte_va) == 0" failed: file "../../../../arch/x86/x86/pmap.c", line 4573 


 #3  0xffffffff80ec68f3 in kern_assert (
     fmt=fmt@entry=0xffffffff8134d970 "kernel %sassertion \"%s\" failed: file \"%s\", line %d ") at ../../../../../../lib/libkern/kern_assert.c:51
 #4  0xffffffff8055f6e7 in pmap_clear_attrs (pg=pg@entry=0xffff9580002bde80, 
     clearbits=clearbits@entry=1) at ../../../../arch/x86/x86/pmap.c:4573
 #5  0xffffffff80cb1a7b in uvm_pagemarkdirty (pg=pg@entry=0xffff9580002bde80, 
     newstatus=newstatus@entry=0) at ../../../../uvm/uvm_page_status.c:124
 #6  0xffffffff80c96beb in uao_get (uobj=0xffff93e9a7973100, 
     offset=<optimized out>, pps=0xffff958b756c87b0, npagesp=<optimized out>, 
     centeridx=<optimized out>, access_type=<optimized out>, advice=0, 
     flags=7170) at ../../../../uvm/uvm_aobj.c:1041
 #7  0xffffffff80c997e2 in ubc_fault (ufi=0xffff958b756c88d0, 
     ign1=<optimized out>, ign2=<optimized out>, ign3=<optimized out>, 
     ign4=<optimized out>, access_type=<optimized out>, flags=<optimized out>)
     at ../../../../uvm/uvm_bio.c:386
 #8  0xffffffff80c9c598 in uvm_fault_internal (
     orig_map=orig_map@entry=0xffffffff81904f40 <kernel_map_store>, 
     vaddr=vaddr@entry=18446627024758292480, access_type=access_type@entry=2, 
     fault_flag=fault_flag@entry=0) at ../../../../uvm/uvm_fault.c:917
 #9  0xffffffff802288c0 in trap (frame=0xffff958b756c8b70)
     at ../../../../arch/amd64/amd64/trap.c:520
 #10 0xffffffff802210e3 in alltraps ()
 #11 0xffff958b6ad6c000 in ?? ()
 #12 0x0000704428b68000 in ?? ()
 #13 0x0000704428b6803b in ?? ()
 #14 0xffff93ec64ea8228 in ?? ()
 #15 0x00007f7ffffff000 in ?? ()
 #16 0xffff958b756c8d00 in ?? ()
 #17 0xffff940072af25c0 in ?? ()
 #18 0xffffffff80dc1ea5 in genfs_islocked (v=<optimized out>)
     at ../../../../miscfs/genfs/genfs_vnops.c:394
 #19 0xffffffff80c99f87 in ubc_uiomove (uobj=uobj@entry=0xffff93e9a7973100, 
     uio=uio@entry=0xffff958b756c8ef0, todo=59, advice=1970048736, 
     advice@entry=0, flags=0, flags@entry=2) at ../../../../uvm/uvm_bio.c:779
 #20 0xffffffff80bdcc27 in tmpfs_write (v=<optimized out>)
     at ../../../../fs/tmpfs/tmpfs_vnops.c:642
 #21 0xffffffff80db7b03 in VOP_WRITE (vp=vp@entry=0xffff93f6895212c0, 
     uio=uio@entry=0xffff958b756c8ef0, ioflag=ioflag@entry=16, 
     cred=cred@entry=0xffff940071889dc0) at ../../../../kern/vnode_if.c:540
 #22 0xffffffff80daf3b7 in vn_write (fp=<optimized out>, 
     offset=0xffff93ec7aacfac0, uio=0xffff958b756c8ef0, 
     cred=0xffff940071889dc0, flags=1) at ../../../../kern/vfs_vnops.c:612
 #23 0xffffffff80d50a4b in dofilewrite (fd=fd@entry=4, fp=0xffff93ec7aacfac0, 
     buf=0x704428b68000, nbyte=59, offset=<optimized out>, flags=flags@entry=1, retval=retval@entry=0xffff958b756c8fb0) at ../../../../kern/sys_generic.c:350
 #24 0xffffffff80d50b60 in sys_write (l=<optimized out>, uap=0xffff958b756c9000, retval=0xffff958b756c8fb0) at ../../../../kern/sys_generic.c:318
 #25 0xffffffff80565ece in sy_call (rval=0xffff958b756c8fb0, uap=0xffff958b756c9000, l=0xffff940070bf32c0, sy=0xffffffff81882b00 <sysent+96>) at ../../../../sys/syscallvar.h:65
 #26 sy_invoke (code=4, rval=0xffff958b756c8fb0, uap=0xffff958b756c9000, l=0xffff940070bf32c0, sy=0xffffffff81882b00 <sysent+96>) at ../../../../sys/syscallvar.h:94
 #27 syscall (frame=0xffff958b756c9000) at ../../../../arch/x86/x86/syscall.c:138
 (gdb) frame 4
 (gdb) print *pp
 $1 = {pp_u = {rb = {rbt_root = 0x0, rbt_ops = 0xffff958b6101c000, 
       rbt_minmax = {0x0, 0x0}}, link = {le_next = 0x0, 
       le_prev = 0xffff958b6101c000}, s = {pte = {pte_ptp = 0x0, 
         pte_va = 18446627024593338368}, pvlist = {lh_first = 0x0}, 
       attrs = 0 '\000'}}, pp_lock = {u = {mtxa_owner = 1537, s = {
         mtxs_dummy = 1 '\001', mtxs_ipl = {_ipl = 6 '\006'}, 
         mtxs_lock = 0 '\000', mtxs_unused = 0 '\000'}}}}
 (gdb) print *pg
 $2 = {pageq = {queue = {tqe_next = 0x1, tqe_prev = 0x1}, list = {
       le_next = 0x1, le_prev = 0x1}}, pqflags = 0, flags = 1606, 
   phys_addr = 74025328640, loan_count = 0, wire_count = 0, uanon = 0x0, 
   uobject = 0xffff93e9a7973100, offset = 0, interlock = {u = {mtxa_owner = 0, 
       s = {mtxs_dummy = 0 '\000', mtxs_ipl = {_ipl = 0 '\000'}, 
         mtxs_lock = 0 '\000', mtxs_unused = 0 '\000'}}}, pdqueue = {
     tqe_next = 0x0, tqe_prev = 0x0}, mdpage = {mp_pp = {pp_u = {rb = {
           rbt_root = 0x0, rbt_ops = 0xffff958b6101c000, rbt_minmax = {0x0, 
             0x0}}, link = {le_next = 0x0, le_prev = 0xffff958b6101c000}, s = {
           pte = {pte_ptp = 0x0, pte_va = 18446627024593338368}, pvlist = {
             lh_first = 0x0}, attrs = 0 '\000'}}, pp_lock = {u = {
           mtxa_owner = 1537, s = {mtxs_dummy = 1 '\001', mtxs_ipl = {
               _ipl = 6 '\006'}, mtxs_lock = 0 '\000', 
             mtxs_unused = 0 '\000'}}}}}}
 (gdb) print pg->flags
 $3 = 1606   == 0x646  = TABLED AOBJ FAKE BUSY DIRTY

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.