NetBSD Problem Report #56614

From Manuel.Bouyer@lip6.fr  Tue Jan 11 08:15:57 2022
Return-Path: <Manuel.Bouyer@lip6.fr>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id DA8CB1A9239
	for <gnats-bugs@gnats.NetBSD.org>; Tue, 11 Jan 2022 08:15:57 +0000 (UTC)
Message-Id: <20220111081542.3B9586E66@armandeche.soc.lip6.fr>
Date: Tue, 11 Jan 2022 09:15:42 +0100 (MET)
From: Manuel.Bouyer@lip6.fr
Reply-To: Manuel.Bouyer@lip6.fr
To: gnats-bugs@NetBSD.org
Subject: kernel panic on tmux
X-Send-Pr-Version: 3.95

>Number:         56614
>Category:       kern
>Synopsis:       kernel panic on tmux
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Jan 11 08:20:00 +0000 2022
>Closed-Date:    Tue Jan 11 17:05:51 +0000 2022
>Last-Modified:  Tue Jan 11 17:05:51 +0000 2022
>Originator:     Manuel Bouyer
>Release:        NetBSD 9.99.93
>Organization:
>Environment:
System: NetBSD comore 9.99.93 NetBSD 9.99.93 (XEN3_DOMU) #11: Tue Jan 11 09:02:24 CET 2022  bouyer@bip:/dsk/l1/misc/bouyer/tmp/amd64/obj/dsk/l1/misc/bouyer/HEAD/clean/src/sys/arch/amd64/compile/XEN3_DOMU amd64
Architecture: x86_64
Machine: amd64
>Description:
	With a -HEAD kernel, running a netbsd-9 userland, I get a panic
	when starting tmux:
[ 140.3443697] uvm_fault(0xffffb900020b28b8, 0x0, 1) -> e
[ 140.3443697] fatal page fault in supervisor mode
[ 140.3443697] trap type 6 code 0 rip 0xffffffff80238b80 cs 0xe030 rflags 0x10202 cr2 0x310 ilevel 0 rsp 0xffffb9003c0d4a48
[ 140.3443697] curlwp 0xffffb90001a800c0 pid 1098.1098 lowest kstack 0xffffb9003c0d02c0
kernel: page fault trap, code=0
Stopped in pid 1098.1098 (tmux) at      netbsd:rw_enter+0x40:   movq    0(%rdi),
%rax
rw_enter() at netbsd:rw_enter+0x40
VOP_READDIR() at netbsd:VOP_READDIR+0x46
vn_readdir() at netbsd:vn_readdir+0xe8
sys___getdents30() at netbsd:sys___getdents30+0x72
syscall() at netbsd:syscall+0x9c
--- syscall (number 390) ---

	A forced fsck doesn't find any filesystem issue.
	This didn't happen with a kernel from a few days ago (thurday or
	friday last week).

>How-To-Repeat:
	boot a -HEAD kernel on a -9 userland, start a new tmux session
>Fix:

>Release-Note:

>Audit-Trail:
From: Manuel Bouyer <bouyer@antioche.eu.org>
To: gnats-bugs@netbsd.org
Cc: kern-bug-people@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: Re: kern/56614: kernel panic on tmux
Date: Tue, 11 Jan 2022 09:34:19 +0100

 On Tue, Jan 11, 2022 at 08:20:01AM +0000, Manuel.Bouyer@lip6.fr wrote:
 > >Number:         56614
 > >Category:       kern
 > >Synopsis:       kernel panic on tmux
 > >Confidential:   no
 > >Severity:       critical
 > >Priority:       high
 > >Responsible:    kern-bug-people
 > >State:          open
 > >Class:          sw-bug
 > >Submitter-Id:   net
 > >Arrival-Date:   Tue Jan 11 08:20:00 +0000 2022
 > >Originator:     Manuel Bouyer
 > >Release:        NetBSD 9.99.93
 > >Organization:
 > >Environment:
 > System: NetBSD comore 9.99.93 NetBSD 9.99.93 (XEN3_DOMU) #11: Tue Jan 11 09:02:24 CET 2022  bouyer@bip:/dsk/l1/misc/bouyer/tmp/amd64/obj/dsk/l1/misc/bouyer/HEAD/clean/src/sys/arch/amd64/compile/XEN3_DOMU amd64
 > Architecture: x86_64
 > Machine: amd64
 > >Description:
 > 	With a -HEAD kernel, running a netbsd-9 userland, I get a panic
 > 	when starting tmux:
 > [ 140.3443697] uvm_fault(0xffffb900020b28b8, 0x0, 1) -> e
 > [ 140.3443697] fatal page fault in supervisor mode
 > [ 140.3443697] trap type 6 code 0 rip 0xffffffff80238b80 cs 0xe030 rflags 0x10202 cr2 0x310 ilevel 0 rsp 0xffffb9003c0d4a48
 > [ 140.3443697] curlwp 0xffffb90001a800c0 pid 1098.1098 lowest kstack 0xffffb9003c0d02c0
 > kernel: page fault trap, code=0
 > Stopped in pid 1098.1098 (tmux) at      netbsd:rw_enter+0x40:   movq    0(%rdi),
 > %rax
 > rw_enter() at netbsd:rw_enter+0x40
 > VOP_READDIR() at netbsd:VOP_READDIR+0x46
 > vn_readdir() at netbsd:vn_readdir+0xe8
 > sys___getdents30() at netbsd:sys___getdents30+0x72
 > syscall() at netbsd:syscall+0x9c
 > --- syscall (number 390) ---

 reverting procfs_vnops.c to 1.220 fixes it

 -- 
 Manuel Bouyer <bouyer@antioche.eu.org>
      NetBSD: 26 ans d'experience feront toujours la difference
 --

From: "J. Hannken-Illjes" <hannken@mailbox.org>
To: NetBSD GNATS <gnats-bugs@netbsd.org>
Cc: 
Subject: Re: kern/56614: kernel panic on tmux
Date: Tue, 11 Jan 2022 11:37:40 +0100

 --Apple-Mail=_7924C4EC-2776-494A-ACA5-5E6AAB06C160
 Content-Transfer-Encoding: 7bit
 Content-Type: text/plain;
 	charset=us-ascii

 Seems to be line 1571 of procfs_vnops.c:

 	procfs_proc_unlock(p);

 and "p" points to garbage.

 Should revert procfs_vnops.c to rev. 1.120

 --
 J. Hannken-Illjes - hannken@mailbox.org

 --Apple-Mail=_7924C4EC-2776-494A-ACA5-5E6AAB06C160
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
 	filename=signature.asc
 Content-Type: application/pgp-signature;
 	name=signature.asc
 Content-Description: Message signed with OpenPGP

 -----BEGIN PGP SIGNATURE-----

 iQIzBAEBCAAdFiEEyLVMkhxs8fxixv+2IOocBq6p/bMFAmHdXfQACgkQIOocBq6p
 /bN/nBAApOp7GuMZmf4EQS7UkIQmynXi2TlooxvsBsXh8qolpyBNXPDzjdMJd5Xn
 /AaaQuoSsGD32QWZ/yP/oLF1lOaFzUNf4tZiC8BUdcD+x/9aPKH+53xypukR3qfK
 /oFRVVYPNVFLQXMCFlvTFV1nmkm3QUnQf36i1UqGgzQdOtt1UDqgSa2IhevIDq1x
 S65k1mnWeln911z55THeXfa/FPd2l1JoW/LMlt5l0QjvZ9Aosm7qFv1XZ+gOztJb
 U0+I0yh6Yx9PpmFsVTUEM957IF8Il0CQJNm7sZGTFFf7AeBXtT5X7h9XBMqlCxkt
 wwOjcsHDZXia8HCtjnWgtvgbjj7orv2MNsOqljsILvhceCwzAKiQ9eKWz+EU23rA
 HFrpcCXFhsPwHsb5XYl5aO3+EKBd8i3LNU5rptxX3g9txFyu+405KNWLc2JBkIP7
 eK+MPzoa7/ZlkQM/H37Z6fhvnpKf4TO0WJY2j9Cw6GFUp9g8Y0nM8AdLmyjt69FN
 1Qcr/i+IYbfwl2234uVA88O9tMLBfSXDobJlIDO17JMv6R80KetqHJbEJ/0Sfpr9
 +gKtbaWw7Zqqa8bE0ScjdXRyDwT72FxqiS4/T7mvIQEhp5CJlzhm+xyiRmttjIPB
 OzJei/UElrCOnkiiKrJS/s8VyLCOoy16vBIjUBKfi2Oav5m/Z+w=
 =FDCu
 -----END PGP SIGNATURE-----

 --Apple-Mail=_7924C4EC-2776-494A-ACA5-5E6AAB06C160--

From: "Juergen Hannken-Illjes" <hannken@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/56614 CVS commit: src/sys/miscfs/procfs
Date: Tue, 11 Jan 2022 11:10:46 +0000

 Module Name:	src
 Committed By:	hannken
 Date:		Tue Jan 11 11:10:46 UTC 2022

 Modified Files:
 	src/sys/miscfs/procfs: procfs_vnops.c

 Log Message:
 Use a single "p" variable.

 Should fix PR kern/56614: kernel panic on tmux


 To generate a diff of this commit:
 cvs rdiff -u -r1.222 -r1.223 src/sys/miscfs/procfs/procfs_vnops.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->closed
State-Changed-By: bouyer@NetBSD.org
State-Changed-When: Tue, 11 Jan 2022 17:05:51 +0000
State-Changed-Why:
Fixed, thanks !


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.