Re: kern/54754: assertion "start < end" failed: uvm_map.c, line 4756 uvm_unmap1 start 0 < end 0

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,tobiasu%tmux.org@localhost
Subject: Re: kern/54754: assertion "start < end" failed: uvm_map.c, line 4756 uvm_unmap1 start 0 < end 0
From: David Holland <dholland-bugs%netbsd.org@localhost>
Date: Wed, 9 Jun 2021 04:30:02 +0000 (UTC)

The following reply was made to PR kern/54754; it has been noted by GNATS.

From: David Holland <dholland-bugs%netbsd.org@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: kern/54754: assertion "start < end" failed: uvm_map.c, line 4756
 uvm_unmap1 start 0 < end 0
Date: Wed, 9 Jun 2021 04:26:30 +0000

 I found the following mails in the gnats admin sewer (the admin
 mailbox receives a copy of everything gnats does, so mail to it
 rapidly gets lost, and sometimes things get raked out later but an
 unknown fraction doesn't -- always mail gnats-bugs@ to file comments
 on PRs, and note that this usually doesn't happen by default if
 replying to yourself)
 
 note that there's a proposed change at the end.
 
    ------
 
 From: Tobias Ulmer <tobiasu%tmux.org@localhost>
 To: gnats-admin%netbsd.org@localhost
 Subject: Re: kern/54754: assertion "start < end" failed: uvm_map.c, line 4756
 	uvm_unmap1 start 0 < end 0
 Date: Mon, 27 Jan 2020 18:07:07 +0100
 
 Mon Jan 27 16:49:33 UTC 2020
 
 NetBSD/sparc64 (u60.tmux.org) (console)
 
 login: tobiasu
 Password:
 Jan 27 16:49:46 u60 login: tobiasu on tty console
 Last login: Tue Oct  1 12:18:39 2019 from 192.168.3.23 on pts/0
 Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
     2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017,
     2018, 2019 The NetBSD Foundation, Inc.  All rights reserved.
 Copyright (c) 1982, 1986, 1989, 1991, 1993
     The Regents of the University of California.  All rights reserved.
 
 NetBSD 9.99.42 (GENERIC) #0: Sun Jan 26 15:52:00 UTC 2020
 
 Welcome to NetBSD!
 
 This system is running a development snapshot of the NetBSD operating system,
 also known as NetBSD-current.  It is very possible that it has serious bugs,
 regressions, broken features or other problems.  Please bear this in mind
 and use the system with care.
 
 You are encouraged to test this version as thoroughly as possible.  Should you
 encounter any problem, please report it back to the development team using the
 send-pr(1) utility (requires a working MTA).  If yours is not properly set up,
 use th
 [  51.3813873] panic: kernel diagnostic assertion "start < end" failed: file "/home/source/ab/HEAD/src/sys/uvm/uvm_map.c", line 4749 uvm_unmap1: map 0x102568bc0: start 0 < end 0
 [  51.5713981] cpu1: Begin traceback...
 [  51.6114043] cpu1: End traceback...
 [  51.6514026] Frame pointer is at 0x1880eebc1
 [  51.7014044] Call traceback:
 [  51.7414067]  netbsd:cpu_reboot+0x240(1cc3570, 102604400, ff0f0000000001, 1880ef61c, 4, 1c6f400) fp = 1880eeca1
 [  51.8614124]  netbsd:kern_reboot+0x14(104, 0, 1cbe000, 0, 0, 102604400) fp = 1880eed51
 [  51.9614191]  netbsd:vpanic+0x14c(104, 0, 19a0688, 1880ef7f8, e0048000, 1c3c400) fp = 1880eee01
 [  52.0614237]  netbsd:kern_assert+0x34(19a0688, 1880ef7f8, 1cc2000, 1cc3400, 104, 1cc33c0) fp = 1880eeeb1
 [  52.1714299]  netbsd:uvm_unmap1+0x88(19a0688, 1918b70, 199f400, 199fa40, 128d, 18fd840) fp = 1880eef71
 [  52.2914367]  netbsd:execve_runproc+0x398(102568bc0, 0, 0, 0, 0, 1022aed00) fp = 1880ef051
 [  52.3914424]  netbsd:execve1+0x58(102604400, 1880efa10, 0, 0, 102568bc0, 10255e970) fp = 1880ef151
 [  52.4914490]  netbsd:sys_execve+0x24(102604400, 1, 40228090, ffffffffffffffff, ffffffffffffd0f0, 402f4400) fp = 1880ef431
 [  52.6214554]  netbsd:syscall+0x410(102604400, 1880efde0, 1880efdd0, 1, 40b063f0, 6cebac5) fp = 1880ef4f1
 [  52.7414631]  netbsd:1011724+0(1880efed0, 1880eff58, 40b60480, 3, 2, 102604400) fp = 1880ef621
 [  52.8414688]  netbsd:40c74fe8+0(40228090, ffffffffffffd0f0, 402f4400, fefefefefefefeff, ffffffffffffffff, ff000000000000) fp = ffffffffffffc381
 
 [  52.9914763] dumping to dev 7,1 offset 4196485
 
    ------
 
 From: Tobias Ulmer <tobiasu%tmux.org@localhost>
 To: kern-bug-people%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
 Subject: Re: kern/54754: assertion "start < end" failed: uvm_map.c, line 4756
 	uvm_unmap1 start 0 < end 0
 Date: Mon, 27 Jan 2020 22:23:59 +0100
 
 On Tue, Dec 10, 2019 at 07:50:00PM +0000, tobiasu%tmux.org@localhost wrote:
 > >Number:         54754
 > >Category:       kern
 > >Synopsis:       assertion "start < end" failed: uvm_map.c, line 4756 uvm_unmap1 start 0 < end 0
 > >Confidential:   no
 > >Severity:       serious
 > >Priority:       medium
 > >Responsible:    kern-bug-people
 > >State:          open
 > >Class:          sw-bug
 > >Submitter-Id:   net
 > >Arrival-Date:   Tue Dec 10 19:50:00 +0000 2019
 > >Originator:     Tobias Ulmer
 > >Release:        NetBSD 9.99.21 (GENERIC) #0: Mon Dec 9 04:51:04 UTC 2019
 > >Organization:
 > >Environment:
 > >Description:
 > Machine hits assertion on login. Full serial console session below, two traces near the end.
 
 >From 9.99.41:
 
 [  51.3813873] panic: kernel diagnostic assertion "start < end" failed: file "/home/source/ab/HEAD/src/sys/uvm/uvm_map.c", line 4749 uvm_unmap1: map 0x102568bc0: start 0 < end 0
 [  51.5713981] cpu1: Begin traceback...
 [  51.6114043] cpu1: End traceback...
 [  51.6514026] Frame pointer is at 0x1880eebc1
 [  51.7014044] Call traceback:
 [  51.7414067]  netbsd:cpu_reboot+0x240(1cc3570, 102604400, ff0f0000000001, 1880ef61c, 4, 1c6f400) fp = 1880eeca1
 [  51.8614124]  netbsd:kern_reboot+0x14(104, 0, 1cbe000, 0, 0, 102604400) fp = 1880eed51
 [  51.9614191]  netbsd:vpanic+0x14c(104, 0, 19a0688, 1880ef7f8, e0048000, 1c3c400) fp = 1880eee01
 [  52.0614237]  netbsd:kern_assert+0x34(19a0688, 1880ef7f8, 1cc2000, 1cc3400, 104, 1cc33c0) fp = 1880eeeb1
 [  52.1714299]  netbsd:uvm_unmap1+0x88(19a0688, 1918b70, 199f400, 199fa40, 128d, 18fd840) fp = 1880eef71
 [  52.2914367]  netbsd:execve_runproc+0x398(102568bc0, 0, 0, 0, 0, 1022aed00) fp = 1880ef051
 [  52.3914424]  netbsd:execve1+0x58(102604400, 1880efa10, 0, 0, 102568bc0, 10255e970) fp = 1880ef151
 [  52.4914490]  netbsd:sys_execve+0x24(102604400, 1, 40228090, ffffffffffffffff, ffffffffffffd0f0, 402f4400) fp = 1880ef431
 [  52.6214554]  netbsd:syscall+0x410(102604400, 1880efde0, 1880efdd0, 1, 40b063f0, 6cebac5) fp = 1880ef4f1
 [  52.7414631]  netbsd:1011724+0(1880efed0, 1880eff58, 40b60480, 3, 2, 102604400) fp = 1880ef621
 [  52.8414688]  netbsd:40c74fe8+0(40228090, ffffffffffffd0f0, 402f4400, fefefefefefefeff, ffffffffffffffff, ff000000000000) fp = ffffffffffffc381
 
 > >How-To-Repeat:
 > Log in, either via serial or ssh, watch the machine crash and burn.
 > >Fix:
 
 uvm_deallocate is called with start=0 size=(vaddr_t)-1 and wrongly
 calculates the end page, wrapping to 0.
 
 uvm_unmap etc. expect 'end' to point to the last address in the page.
 
 I've been hitting this on login because the shell was corrupted and
 terminted with SIGABRT.
 
 diff --git a/sys/uvm/uvm_user.c b/sys/uvm/uvm_user.c
 index a2d5f3fd4a30..77f510e14441 100644
 --- a/sys/uvm/uvm_user.c
 +++ b/sys/uvm/uvm_user.c
 @@ -51,5 +51,5 @@ uvm_deallocate(struct vm_map *map, vaddr_t start, vsize_t size)
  	if (size == 0)
  		return;
  
 -	uvm_unmap(map, trunc_page(start), round_page(start + size));
 +	uvm_unmap(map, trunc_page(start), trunc_page(start + size) + PAGE_MASK);
  }

Prev by Date: Re: toolchain/55940 (can't "quit" from gdb pager prompt)
Next by Date: Re: kern/54899: crash DIAGNOSTIC in extent_alloc_region in ahd driver attach
Previous by Thread: Re: kern/54754: assertion "start < end" failed: uvm_map.c, line 4756 uvm_unmap1 start 0 < end 0
Next by Thread: PR/54743 CVS commit: [netbsd-9] src/bin/sh
Indexes:

Home | Main Index | Thread Index | Old Index