NetBSD Problem Report #51436
From martin@aprisoft.de Mon Aug 22 10:55:30 2016
Return-Path: <martin@aprisoft.de>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
by mollari.NetBSD.org (Postfix) with ESMTPS id A28D07A285
for <gnats-bugs@gnats.NetBSD.org>; Mon, 22 Aug 2016 10:55:30 +0000 (UTC)
Message-Id: <20160822105519.60EBE5CC761@emmas.aprisoft.de>
Date: Mon, 22 Aug 2016 12:55:19 +0200 (CEST)
From: martin@NetBSD.org
Reply-To: martin@NetBSD.org
To: gnats-bugs@NetBSD.org
Subject: tmpfs mount crashes when tmpfs is autoloaded as a module
X-Send-Pr-Version: 3.95
>Number: 51436
>Category: kern
>Synopsis: tmpfs mount crashes when tmpfs is autoloaded as a module
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Aug 22 11:00:00 +0000 2016
>Closed-Date: Mon Aug 29 16:02:08 +0000 2016
>Last-Modified: Sat Sep 24 13:10:02 +0000 2016
>Originator: Martin Husemann
>Release: NetBSD 7.99.36
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD whoever-brings-the-night.aprisoft.de 7.99.36 NetBSD 7.99.36 (WHOEVER) #15: Mon Aug 22 12:42:20 CEST 2016 martin@martins.aprisoft.de:/ssd/src/sys/arch/sparc64/compile/WHOEVER sparc64
Architecture: sparc64
Machine: sparc64
>Description:
I use a modular kernel w/o tmpfs. When trying to mount the first tmpfs,
the system crashes due to a NULL deref. After sprinkinling some noinline
attrbiutes and printfs I see that VFS_NEWVNODE fails with error 28,
which makes vcache_new() for the tmpfs root vnode fail as well - and
deliver a NULL vp, which then causes the crash.
I am not sure the struct mount *mp passed here is ok:
# mount /var/shm
error from VFS_NEWVNODE: 28
panic: vcache_new for tmpfs root failed: 28
Stopped in pid 7.1 (mount_tmpfs) at netbsd:cpu_Debugger+0x4: nop
db{1}> mach stack
Window 0 frame64 0x260727650 locals, ins:
1c8b648 0 107653c78 0 0 3 ae0 2
2035418 260727848 1ce5400 1ce6800 104 1ce6a50 260726f01=sp 1548284=pc:netbsd:pan
ic+0x24
Window 1 frame64 0x260727700 locals, ins:
1092fa2d0 1092fa410 10764d7a8 1 18b3440 18ba058 0 10
2035418 1c 260727890 1c9a800 260727888 1c 260726fc1=sp 2038c50=pc:tmpfs:tmpfs_mo
unt+0x330
Window 2 frame64 0x2607277c0 locals, ins:
80000000 18b4998 18b4098 0 0 1092fad50 1092b9400 2607279e0
1092c5008 ffffffffffe14400 10764d7a8 107653c78 200003 0 260727141=sp 1597140=pc:
netbsd:VFS_MOUNT+0x20
db{1}> show mount 0x1092fa2d0
vnodecovered = 0x0 data = 0x0
fs_bshift -1 dev_bshift = -1
flag = 0x0
iflag = 0x18238a0<IMNT_HAS_TRANS>
refcnt = 1 unmounting @ 0x1092fa318 updating @ 0x1092fac20
statvfs cache:
bsize = 0
frsize = 0
iosize = 0
blocks = 0
bfree = 0
bavail = 0
bresvd = 0
files = 0
ffree = 0
favail = 0
fresvd = 0
f_fsidx = { 0x0, 0x0 }
owner = 0
namemax = 0
flag = 0xffffffffffffffff<MNT_SOFTDEP,MNT_NODEVMTIME,MNT_SYMPERM,MNT_EXP
UBLIC,MNT_EXNORESPORT,MNT_NOATIME,MNT_LOG,MNT_EXTATTR,MNT_DISCARD,MNT_GETARGS,MN
T_UNUSED,MNT_IGNORE,MNT_FORCE,MNT_RELOAD,MNT_RELATIME,MNT_UPDATE,MNT_NOCOREDUMP,
MNT_ROOTFS,MNT_QUOTA,MNT_LOCAL
syncwrites = 0
asyncwrites = 0
syncreads = 0
asyncreads = 0
fstypename =
mntonname = ,P
mntfromname =
locked vnodes =
>How-To-Repeat:
s/a
>Fix:
n/a
>Release-Note:
>Audit-Trail:
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/51436: tmpfs mount crashes when tmpfs is autoloaded as a module
Date: Mon, 22 Aug 2016 13:01:08 +0200
Should have mentioned: built-in tmpfs works fine.
Martin
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/51436: tmpfs mount crashes when tmpfs is autoloaded as a module
Date: Mon, 22 Aug 2016 23:30:42 +0200
With some hints from Jürgen I added more printfs and now end up with this
failure mode:
# mount /var/shm
tmpfs_mem_info: size: 0 uvmexp.wired: 0
tmpfs_mem_info: returning 0
tmpfs_node_get: nodes 0 max 2097155
tmpfs_mem_info: size: 0 uvmexp.wired: 0
tmpfs_mem_info: returning 0
tmpfs_bytes_max: avail 0 limit 2147483648
tmpfs_bytes_max: returning 0
tmpfs_mem_incr failed, returning NULL
error from VFS_NEWVNODE: 28
panic: vcache_new for tmpfs root failed: 28
Stopped in pid 68.1 (mount_tmpfs) at netbsd:cpu_Debugger+0x4: nop
db{0}> show uvm
Current UVM status:
pagesize=8192 (0x2000), pagemask=0x1fff, pageshift=13
, ncolors=32 1031154 VM pages: 707 active, 0 inactive, 0 wired, 1021192 free
pages 249 anon, 170 file, 288 exec
freemin=256, free-target=341, wired-max=343718
cpu0:
faults=6270, traps=3592, intrs=103023, ctxswitch=11936
softint=24018, syscalls=3731
cpu1:
faults=3752, traps=2187, intrs=81425, ctxswitch=4067
softint=3633, syscalls=4735
fault counts:
noram=0, noanon=0, pgwait=0, pgrele=0
ok relocks(total)=189(189), anget(retrys)=1100(0), amapcopy=692
neighbor anon/obj pg=1121/7364, gets(lock/unlock)=2639/189
cases: anon=666, anoncow=434, obj=1938, prcopy=701, przero=1194
daemon and swap counts:
woke=0, revs=0, scans=0, obscans=0, anscans=0
busy=0, freed=0, reactivate=0, deactivate=0
pageouts=0, pending=0, nswget=0
nswapdev=0, swpgavail=0
swpages=0, swpginuse=0, swpgonly=0, paging=0
The whole thing works on a machine with less memory installed.
Martin
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/51436: tmpfs mount crashes when tmpfs is autoloaded as a module
Date: Tue, 23 Aug 2016 09:13:47 +0200
This looks like a MD issue (toolchain or kobj_machdep relocation code),
tmpfs_mem_info() is not collecting the data in uvmexp correctly (but
uvmexp itself is fine and addresses to it/its fields are calculated
correctly).
Martin
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: kern/51436: tmpfs mount crashes when tmpfs is autoloaded as a module
Date: Tue, 23 Aug 2016 22:00:39 +0200
On Tue, Aug 23, 2016 at 09:13:47AM +0200, Martin Husemann wrote:
> This looks like a MD issue (toolchain or kobj_machdep relocation code),
> tmpfs_mem_info() is not collecting the data in uvmexp correctly (but
> uvmexp itself is fine and addresses to it/its fields are calculated
> correctly).
The code generated looks ok, but after relocation some offsets are off by
0x400 - so a kobj_machdep issue.
Martin
From: "David A. Holland" <dholland@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/51436 CVS commit: src/sys/fs/tmpfs
Date: Fri, 26 Aug 2016 21:44:24 +0000
Module Name: src
Committed By: dholland
Date: Fri Aug 26 21:44:24 UTC 2016
Modified Files:
src/sys/fs/tmpfs: tmpfs_vfsops.c
Log Message:
In the event that loading the root vnode fails, bail out of
tmpfs_mount instead of crashing.
Came up in PR 51436, where kmem issues caused internal allocations to
wrongly fail. However, that could happen for real sometime (e.g.
probably if you tried to mount a new tmpfs when the system was very
low on memory, or possibly for other reasons entirely) and crashing
isn't the ticket.
(This is not a fix for PR 51436)
To generate a diff of this commit:
cvs rdiff -u -r1.67 -r1.68 src/sys/fs/tmpfs/tmpfs_vfsops.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/51436 CVS commit: src/sys/arch/sparc64/sparc64
Date: Mon, 29 Aug 2016 15:57:07 +0000
Module Name: src
Committed By: martin
Date: Mon Aug 29 15:57:07 UTC 2016
Modified Files:
src/sys/arch/sparc64/sparc64: kobj_machdep.c
Log Message:
The target of the OLO10 relocation is the simd13 field of the instruction,
so use a 13 bit target mask.
Fixes PR kern/51436 (I broke this myself in rev 1.4)
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/sys/arch/sparc64/sparc64/kobj_machdep.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: martin@NetBSD.org
State-Changed-When: Mon, 29 Aug 2016 16:02:08 +0000
State-Changed-Why:
I broke it, I fixed it.
From: "Soren Jacobsen" <snj@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/51436 CVS commit: [netbsd-7] src/sys/arch/sparc64/sparc64
Date: Sat, 10 Sep 2016 06:38:54 +0000
Module Name: src
Committed By: snj
Date: Sat Sep 10 06:38:54 UTC 2016
Modified Files:
src/sys/arch/sparc64/sparc64 [netbsd-7]: kobj_machdep.c
Log Message:
Pull up following revision(s) (requested by martin in ticket #1248):
sys/arch/sparc64/sparc64/kobj_machdep.c: revision 1.6
The target of the OLO10 relocation is the simd13 field of the instruction,
so use a 13 bit target mask.
Fixes PR kern/51436 (I broke this myself in rev 1.4)
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.5.4.1 src/sys/arch/sparc64/sparc64/kobj_machdep.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Soren Jacobsen" <snj@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/51436 CVS commit: [netbsd-7-0] src/sys/arch/sparc64/sparc64
Date: Sat, 10 Sep 2016 06:40:03 +0000
Module Name: src
Committed By: snj
Date: Sat Sep 10 06:40:03 UTC 2016
Modified Files:
src/sys/arch/sparc64/sparc64 [netbsd-7-0]: kobj_machdep.c
Log Message:
Pull up following revision(s) (requested by martin in ticket #1248):
sys/arch/sparc64/sparc64/kobj_machdep.c: revision 1.6
The target of the OLO10 relocation is the simd13 field of the instruction,
so use a 13 bit target mask.
Fixes PR kern/51436 (I broke this myself in rev 1.4)
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.5.8.1 src/sys/arch/sparc64/sparc64/kobj_machdep.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Manuel Bouyer" <bouyer@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/51436 CVS commit: [netbsd-6] src/sys/arch/sparc64/sparc64
Date: Sat, 24 Sep 2016 13:06:41 +0000
Module Name: src
Committed By: bouyer
Date: Sat Sep 24 13:06:41 UTC 2016
Modified Files:
src/sys/arch/sparc64/sparc64 [netbsd-6]: kobj_machdep.c
Log Message:
Pull up following revision(s) (requested by martin in ticket #1405):
sys/arch/sparc64/sparc64/kobj_machdep.c: revision 1.5
sys/arch/sparc64/sparc64/kobj_machdep.c: revision 1.6
Follow rev. 1.54, 1.55 of libexec/ld.elf_so/arch/sparc64/mdreloc.c.
The target of the OLO10 relocation is the simd13 field of the instruction,
so use a 13 bit target mask.
Fixes PR kern/51436 (I broke this myself in rev 1.4)
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.4.14.1 src/sys/arch/sparc64/sparc64/kobj_machdep.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Manuel Bouyer" <bouyer@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/51436 CVS commit: [netbsd-6-1] src/sys/arch/sparc64/sparc64
Date: Sat, 24 Sep 2016 13:06:45 +0000
Module Name: src
Committed By: bouyer
Date: Sat Sep 24 13:06:45 UTC 2016
Modified Files:
src/sys/arch/sparc64/sparc64 [netbsd-6-1]: kobj_machdep.c
Log Message:
Pull up following revision(s) (requested by martin in ticket #1405):
sys/arch/sparc64/sparc64/kobj_machdep.c: revision 1.5
sys/arch/sparc64/sparc64/kobj_machdep.c: revision 1.6
Follow rev. 1.54, 1.55 of libexec/ld.elf_so/arch/sparc64/mdreloc.c.
The target of the OLO10 relocation is the simd13 field of the instruction,
so use a 13 bit target mask.
Fixes PR kern/51436 (I broke this myself in rev 1.4)
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.4.28.1 src/sys/arch/sparc64/sparc64/kobj_machdep.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Manuel Bouyer" <bouyer@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/51436 CVS commit: [netbsd-6-0] src/sys/arch/sparc64/sparc64
Date: Sat, 24 Sep 2016 13:06:48 +0000
Module Name: src
Committed By: bouyer
Date: Sat Sep 24 13:06:48 UTC 2016
Modified Files:
src/sys/arch/sparc64/sparc64 [netbsd-6-0]: kobj_machdep.c
Log Message:
Pull up following revision(s) (requested by martin in ticket #1405):
sys/arch/sparc64/sparc64/kobj_machdep.c: revision 1.5
sys/arch/sparc64/sparc64/kobj_machdep.c: revision 1.6
Follow rev. 1.54, 1.55 of libexec/ld.elf_so/arch/sparc64/mdreloc.c.
The target of the OLO10 relocation is the simd13 field of the instruction,
so use a 13 bit target mask.
Fixes PR kern/51436 (I broke this myself in rev 1.4)
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.4.20.1 src/sys/arch/sparc64/sparc64/kobj_machdep.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home