NetBSD Problem Report #45369

From martin@duskware.de  Thu Sep 15 20:08:02 2011
Return-Path: <martin@duskware.de>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id 7E87F63B86B
	for <gnats-bugs@gnats.NetBSD.org>; Thu, 15 Sep 2011 20:08:02 +0000 (UTC)
Message-Id: <20110915200802.7E87F63B86B@www.NetBSD.org>
Date: Thu, 15 Sep 2011 20:08:02 +0000 (UTC)
From: martin@NetBSD.org
Reply-To: martin@NetBSD.org
To: gnats-bugs@gnats.NetBSD.org
Subject: reproducable crash when running out of disk space
X-Send-Pr-Version: 3.95

>Number:         45369
>Category:       kern
>Synopsis:       reproducable crash when running out of disk space
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Sep 15 20:10:00 +0000 2011
>Closed-Date:    Thu Oct 27 18:42:17 +0000 2011
>Last-Modified:  Thu Oct 27 18:42:17 +0000 2011
>Originator:     Martin Husemann
>Release:        NetBSD 5.99.55
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD night-owl.duskware.de 5.99.55 NetBSD 5.99.55 (NIGHT-OWL) #45: Sun Sep 4 10:32:07 CEST 2011 martin@night-owl.duskware.de:/usr/src/sys/arch/amd64/compile/NIGHT-OWL amd64
Architecture: x86_64
Machine: amd64
>Description:

The following anita command (pkgsrc/misc/py-anita) runs out of disk space
and then imediately fails a kernel assertion:

anita --memory-size 256M --disk-size 500M --workdir ./workdir test http://nyftp.netbsd.org/pub/NetBSD-daily/HEAD/201109140130Z/amd64/

Unfortunately no backtrace. The assertion is:

kernel diagnostic assertion "uvm_page_locked_p(pg)" failed: file "/home/builds/ab/HEAD/src/sys/arch/x86/x86/pmap.c", line 3214

>How-To-Repeat:
s/a

>Fix:
n/a

>Release-Note:

>Audit-Trail:
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: kern/45369: reproducable crash when running out of disk space
Date: Sat, 17 Sep 2011 10:12:37 +0200

 Here is a how to repeat it manually, without qemu. For easy of example
 I assume you have run the mentioned anita command already, so all files
 are in place (if not: workdir/download contains an amd64/ directory which
 then contains the binary and the installation directory ...)

 # create an empty test directory
 mkdir /tmp/test
 # create empty (and too small) disk image file
 dd if=/dev/zero bs=1m count=512 of=/tmp/test/wd0.img
 # create CD image for install sets
 makefs -t cd9660 -o rockridge /tmp/test/inst.iso workdir/download
 # invoke qemu with boot floppy
 qemu-system-x86_64 -nographic -m 256M -cdrom /tmp/test/inst.iso -drive file=/tmp/test/wd0.img,if=ide,index=0,media=disk -fda workdir/download/amd64/installation/floppy/boot-com1.fs
 # wait for disk change prompt, then use Ctrl-A c to switch from console to
 # monitor and enter:
 change floppy0 workdir/download/amd64/installation/floppy/boot2.fs
 # verify the result:
 info block
 # return to console by another Ctrl-A c
 # press enter, watch spinning...
 # repeat for other floppies
 # ...
 # now sysinst shows up, ack "English" and "unchanged"
 # select "Install"
 # select "Yes"
 # Hit enter to continue
 # Custom installation
 # select the following sets:
 # kernel (GENERIC), modules, base, system, compiler tools,
 # miscellaneous, test programs.
 # install sets
 # ack geometry
 # use entire disk
 # install bootcode
 # set size of partitions
 # accept suggested defaults
 # ack partitions
 # ack disk name
 # select Yes to continue
 # use serial port com 0 for bootblocks
 # use CDROM

 voila: crash happens when disk image fills up. Unfortunately the install
 kernel on the boot floppies is stripped:

 kernel diagnostic assertion "!pmap_extract(pmap_kernel(), va + UBC_UMAP_ADDR(umap), NULL)" failed: file "/home/builds/ab/HEAD/src/sys/uvm/uvm_bio.c", line 800
 fatal breakpoint trap in supervisor mode
 trap type 1 code 0 rip ffffffff80251e55 cs 8 rflags 246 cr2  ffff800012944000 cpl 0 rsp ffff800013254980
 Stopped in pid 3023.1 (tar) at  ffffffff80251e55:       leave
 db{0}> bt
 ?() at ffffffff80251e55
 ?() at ffffffff806a1263
 ?() at ffffffff80803599
 ?() at ffffffff8076f2ac
 ?() at ffffffff8077e928
 ?() at ffffffff8079d273
 ?() at ffffffff8079e0b6
 ?() at ffffffff80721526
 ?() at ffffffff807b0371
 ?() at ffffffff8079a3af
 ?() at ffffffff806ba62c

 but it should be easy to modify the above procedure by using the bootable CD
 image instead, key point only is the too small target disk image.

 Martin

From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: kern/45369: reproducable crash when running out of disk space
Date: Sat, 17 Sep 2011 22:13:37 +0200

 On Sat, Sep 17, 2011 at 10:12:37AM +0200, Martin Husemann wrote:
 > but it should be easy to modify the above procedure by using the bootable CD
 > image instead, key point only is the too small target disk image.

 Indeed it is, and the backtrace is:

 ubc_purge() + 0x1a4
 uvm_obj_destroy() + 0x27
 vnfree() + 0x51
 vrelel() + 0x36d
 ufs_remove() + 0xcf
 VOP_REMOVE() + 0x37
 do_sys_unlink() + 0x154

 Martin

From: "Chuck Silvers" <chs@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/45369 CVS commit: src/sys/ufs
Date: Tue, 20 Sep 2011 14:01:33 +0000

 Module Name:	src
 Committed By:	chs
 Date:		Tue Sep 20 14:01:33 UTC 2011

 Modified Files:
 	src/sys/ufs/ffs: ffs_alloc.c
 	src/sys/ufs/lfs: lfs_vnops.c
 	src/sys/ufs/ufs: ufs_inode.c

 Log Message:
 strengthen the assertions about pages existing during block allocation,
 which were incorrectly relaxed last year.  add some comments so that
 the intent of these is hopefully clearer.

 in ufs_balloc_range(), don't free pages or mark them dirty if
 allocating their backing store failed.  this fixes PR 45369.


 To generate a diff of this commit:
 cvs rdiff -u -r1.128 -r1.129 src/sys/ufs/ffs/ffs_alloc.c
 cvs rdiff -u -r1.237 -r1.238 src/sys/ufs/lfs/lfs_vnops.c
 cvs rdiff -u -r1.87 -r1.88 src/sys/ufs/ufs/ufs_inode.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->feedback
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Thu, 29 Sep 2011 00:18:06 +0000
State-Changed-Why:
fixed?


State-Changed-From-To: feedback->closed
State-Changed-By: martin@NetBSD.org
State-Changed-When: Thu, 27 Oct 2011 18:42:17 +0000
State-Changed-Why:
fixed, thanks!


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.