NetBSD Problem Report #56514
From martin@duskware.de Sat Nov 20 19:20:54 2021
Return-Path: <martin@duskware.de>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 2AFFF1A923A
for <gnats-bugs@gnats.NetBSD.org>; Sat, 20 Nov 2021 19:20:54 +0000 (UTC)
From: martin@NetBSD.org
Reply-To: martin@NetBSD.org
To: gnats-bugs@NetBSD.org
Subject: sparc userland on sparc64 has broken jemalloc or sh(1) is freeing bogus memory
X-Send-Pr-Version: 3.95
>Number: 56514
>Category: bin
>Synopsis: sparc userland on sparc64 has broken jemalloc or sh(1) is freeing bogus memory
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Nov 20 19:25:00 +0000 2021
>Originator: Martin Husemann
>Release: NetBSD 9.99.92
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD thirdstage.duskware.de 9.99.92 NetBSD 9.99.92 (MODULAR) #508: Sat Nov 20 16:11:11 CET 2021 martin@thirdstage.duskware.de:/usr/src/sys/arch/sparc64/compile/MODULAR sparc64
Architecture: sparc64
Machine: sparc64
>Description:
After seeing that COMPAT_NETBSD32 test runs work pretty well on amd64 and
aarch64 I thought I'd retry "the original" - by running atf tests of sparc
userland on a sparc64 machine.
It fails badly with (slighly random) core dumps from /bin/sh, like:
Reading symbols from /bin/sh...
Reading symbols from /usr/libdata/debug//bin/sh.debug...
[New process 25774]
Core was generated by `sh'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 extent_sn_get (extent=0x1000000) at /work/src/external/bsd/jemalloc/lib/../include/jemalloc/internal/extent_inlines.h:74
74 /work/src/external/bsd/jemalloc/lib/../include/jemalloc/internal/extent_inlines.h: No such file or directory.
(gdb) bt
#0 extent_sn_get (extent=0x1000000) at /work/src/external/bsd/jemalloc/lib/../include/jemalloc/internal/extent_inlines.h:74
#1 extent_sn_comp (b=0x3660b600, a=0x1000000) at /work/src/external/bsd/jemalloc/lib/../include/jemalloc/internal/extent_inlines.h:377
#2 extent_snad_comp (b=0x3660b600, a=0x1000000) at /work/src/external/bsd/jemalloc/lib/../include/jemalloc/internal/extent_inlines.h:411
#3 arena_bin_lower_slab (arena=0x366003c0, slab=0x3660b600, bin=0x366081e8, tsdn=<optimized out>) at /work/src/external/bsd/jemalloc/lib/../dist/src/arena.c:1515
#4 0x364dbd04 in arena_dalloc_bin_locked_impl (tsdn=<optimized out>, arena=0x366003c0, slab=0x3660b600, ptr=<optimized out>, junked=<optimized out>)
at /work/src/external/bsd/jemalloc/lib/../dist/src/arena.c:1550
#5 0x36495d58 in je_tcache_bin_flush_small (tsd=0x363c6040, tcache=<optimized out>, tbin=0x363c63c8, binind=27, rem=16)
at /work/src/external/bsd/jemalloc/lib/../include/jemalloc/internal/tsd.h:138
#6 0x364e5a50 in tcache_dalloc_small (slow_path=false, binind=27, ptr=0x3686a000, tcache=0x363c6130, tsd=<optimized out>)
at /work/src/external/bsd/jemalloc/lib/../include/jemalloc/internal/tcache_inlines.h:178
#7 arena_dalloc (slow_path=false, alloc_ctx=<synthetic pointer>, tcache=0x363c6130, ptr=0x3686a000, tsdn=<optimized out>)
at /work/src/external/bsd/jemalloc/lib/../include/jemalloc/internal/arena_inlines_b.h:224
#8 idalloctm (slow_path=false, is_internal=false, alloc_ctx=<synthetic pointer>, tcache=0x363c6130, ptr=0x3686a000, tsdn=<optimized out>)
at /work/src/external/bsd/jemalloc/lib/../include/jemalloc/internal/jemalloc_internal_inlines_c.h:118
#9 ifree (slow_path=false, tcache=0x363c6130, ptr=0x3686a000, tsd=<optimized out>) at /work/src/external/bsd/jemalloc/lib/../dist/src/jemalloc.c:2259
#10 free (ptr=0x3686a000) at /work/src/external/bsd/jemalloc/lib/../dist/src/jemalloc.c:2433
#11 0x0001843c in evalcommand (cmd=<optimized out>, flgs=<optimized out>, backcmd=<optimized out>) at /work/src/bin/sh/eval.c:1242
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb) p *extent
Cannot access memory at address 0x1000000
>How-To-Repeat:
Extract sparc userland, eg. under /test32 and populate /test32/dev. Then:
chroot /test32
sysctl -w kern.defcorename=/tmp/%n.core
cd /usr/tests/bin/sh
atf-run t_builtins | atf-report
>Fix:
n/a
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.