kern/54421: Amap field am_nused becomes negative.

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/54421: Amap field am_nused becomes negative.
From: hannken%eis.cs.tu-bs.de@localhost
Date: Mon, 29 Jul 2019 15:20:00 +0000 (UTC)

>Number:         54421
>Category:       kern
>Synopsis:       Amap field am_nused becomes negative.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Jul 29 15:20:00 +0000 2019
>Originator:     Juergen Hannken-Illjes
>Release:        NetBSD 8.0_STABLE
>Organization:
>Environment:
System: NetBSD builder.isf.cs.tu-bs.de 8.0_STABLE NetBSD 8.0_STABLE (generic.amd64) #1: Sat Jun 8 11:48:26 MEST 2019 build%builder.isf.cs.tu-bs.de@localhost:/build/nbsd8/obj/obj.amd64/sys/arch/amd64/compile/generic.amd64 amd64
Architecture: x86_64
Machine: amd64
>Description:
From time to time running "pgrep" makes the machine crash on kvm_getargv2()..
>How-To-Repeat:
Run "pgrep" and sometimes get a crash:

uvm_fault(0xffffffff8154a940, 0xffffffff81041000, 2) -> e
fatal page fault in supervisor mode
trap type 6 code 0x3 rip 0xffffffff8090f84a cs 0x8 rflags 0x10282 cr2 0xffffffff81041c88 ilevel 0 rsp 0xffff8006d539a9e8
curlwp 0xfffffe936df78a60 pid 28952.1 lowest kstack 0xffff8006d53982c0
panic: trap
cpu4: Begin traceback...
vpanic() at netbsd:vpanic+0x15d
snprintf() at netbsd:snprintf
trap() at netbsd:trap+0xa00
--- trap (number 6) ---
amap_wiperange() at netbsd:amap_wiperange+0x93
amap_pp_adjref() at netbsd:amap_pp_adjref+0x1fc
amap_adjref_anons() at netbsd:amap_adjref_anons+0x67
uvm_map_extract() at netbsd:uvm_map_extract+0x267
uvm_io() at netbsd:uvm_io+0xc7
copyin_vmspace() at netbsd:copyin_vmspace+0x87
copyin_proc() at netbsd:copyin_proc+0x35
copyin_psstrings() at netbsd:copyin_psstrings+0x5b
copy_procargs() at netbsd:copy_procargs+0x78
sysctl_kern_proc_args() at netbsd:sysctl_kern_proc_args+0x36d
sysctl_dispatch() at netbsd:sysctl_dispatch+0xba
sys___sysctl() at netbsd:sys___sysctl+0xd8
syscall() at netbsd:syscall+0x1ec
--- syscall (number 202) ---
73242370351a:
cpu4: End traceback...

GDB Frame 5 (amap_wiperange):

(gdb) print *amap
$1 = {
  am_lock = 0xfffffe8b1d24bd00,
  am_ref = 2,
  am_flags = 1,
  am_maxslot = 20,
  am_nslot = 20,
  am_nused = -2,
  am_slots = 0xfffffe93bdcf4550,
  am_bckptr = 0xfffffe96e873bb50,
  am_anon = 0xfffffe958e466528,
  am_ppref = 0xfffffe9807a935a0,
  am_list = {
    le_next = 0xfffffe91c4710f70,
    le_prev = 0xfffffe9712d21a48
  }
}
(gdb) print *amap->am_bckptr@20
$2 = {10, 11, 0, 13, 14, 1, 9, 17, 2, 3, 4, 5, 7, 6, 5, 4, 3, 2, 0, 0}
(gdb) print *amap->am_slots@20
$3 = {19, 19, -1, 16, 15, 14, 13, 12, 625993664, -380, 231648232, -360, 1831730528, -363, 808729032, -382, -1, 0, 0, 0}
>Fix:
Please ...

Prev by Date: kern/54419: mbuf leak when deleting route
Next by Date: Re: toolchain/54411: std::locale broken
Previous by Thread: kern/54419: mbuf leak when deleting route
Next by Thread: kern/54422: right-hand modifiers don't work for text console magic key sequences
Indexes:

Home | Main Index | Thread Index | Old Index