kern/51393: Reproducible KASSERT in UVM

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/51393: Reproducible KASSERT in UVM
From: max%m00nbsd.net@localhost
Date: Sat, 6 Aug 2016 16:10:00 +0000 (UTC)

>Number:         51393
>Category:       kern
>Synopsis:       Reproducible KASSERT in UVM
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Aug 06 16:10:00 +0000 2016
>Originator:     Maxime Villard
>Release:        NetBSD-current (7.99.35)
>Organization:
>Environment:
Just a VirtualBox VM, GENERIC amd64.
>Description:
This KASSERTMSG in uvm_map.c is easy to trigger.

2115 	KASSERTMSG(!topdown || hint <= orig_hint, "hint: %jx, orig_hint: %jx",
2116 	    (uintmax_t)hint, (uintmax_t)orig_hint);

The output is:
	hint: 3ff000
	orig_hint: 0
>How-To-Repeat:
The following code triggers the kassert:

#include <stdio.h>
#include <stdlib.h>
#include <sys/mman.h>
#define PAGE_SIZE 4096

int main()
{
	char *buf;
	void *addr = (void *)((size_t)-1);
	int ret;

	buf = mmap((void *)PAGE_SIZE, PAGE_SIZE, PROT_READ|PROT_WRITE,
	    MAP_FIXED|MAP_ANON|MAP_PRIVATE,-1,0);
	printf("buf1 = %p\n", buf);

	ret = munmap(NULL, PAGE_SIZE);
	printf("ret = %d\n", ret);

	buf = mmap(addr, PAGE_SIZE, PROT_READ|PROT_WRITE,
	    MAP_TRYFIXED|MAP_ANON|MAP_PRIVATE, -1, 0);
	/* NOTREACHED */
}

$ gcc -o mapnull mapnull.c
$ ./mapnull
buf1 = 0xffffffffffffffff
ret = -1
panic: kernel diagnostic assertion ...



>Fix:
I haven't investigated it.

Prev by Date: Re: bin/51027 (/bin/sh misparses $10 (etc))
Next by Date: Re: kern/51393: Reproducible KASSERT in UVM
Previous by Thread: xsrc/51390: pckbc and pms behaving strange (broken) after resume in Xorg.
Next by Thread: Re: kern/51393: Reproducible KASSERT in UVM
Indexes:

Home | Main Index | Thread Index | Old Index