kern/55366: Assertion "ref >= 0" file "sys/uvm/uvm_amap.c" failed.

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/55366: Assertion "ref >= 0" file "sys/uvm/uvm_amap.c" failed.
From: hannken%eis.cs.tu-bs.de@localhost
Date: Thu, 11 Jun 2020 08:45:01 +0000 (UTC)

>Number:         55366
>Category:       kern
>Synopsis:       Assertion "ref >= 0" file "sys/uvm/uvm_amap.c" failed.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jun 11 08:45:00 +0000 2020
>Originator:     Juergen Hannken-Illjes
>Release:        NetBSD 9.99.64
>Organization:
	
>Environment:
	
	
System: NetBSD burner.dd 9.99.64 NetBSD 9.99.64 (work.amd64) #115: Wed Jun 10 14:39:27 MEST 2020 hannken%builder.isf.cs.tu-bs.de@localhost:/work/build/obj/obj.amd64/sys/arch/amd64/compile/work.amd64 amd64
Architecture: x86_64
Machine: amd64
>Description:
	
Assertion "ref >= 0" fails for operation "amap_pp_adjref()".

Here we have this amap:

(gdb) print *amap
$2 = {
  am_lock = 0xffff93ad17182100,
  am_ref = 1,
  am_flags = 0,
  am_maxslot = 18,
  am_nslot = 18,
  am_nused = 3,
  am_slots = 0xffff93ad173c2100,
  am_bckptr = 0xffff93ad1a702b80,
  am_anon = 0xffff93ad219b4c00,
  am_ppref = 0xffff93ad2611ddc0,
  am_list = {
    le_next = 0xffff93ad21f29300,
    le_prev = 0xffff93ad21f293f0
  }
}
(gdb) print *amap->am_ppref@18
$3 = {1, -3, 17, 0 <repeats 15 times>}

The backtrace isL:

#10 0xffffffff80b443b5 in vpanic (fmt=0xffffffff81112bc0 "kernel %sassertion \"%s\" failed: file \"%s\", line %d ", ap=ap@entry=0xffffbf01508a4b78) at src/sys/kern/subr_prf.c:288
#11 0xffffffff80ca9686 in kern_assert (fmt=fmt@entry=0xffffffff81112bc0 "kernel %sassertion \"%s\" failed: file \"%s\", line %d ") at src/sys/lib/libkern/kern_assert.c:51
#12 0xffffffff80a98f2a in amap_pp_adjref (amap=amap@entry=0xffff93ad21f29358, curslot=curslot@entry=0, slotlen=<optimized out>, adjval=adjval@entry=-1) at src/sys/uvm/uvm_amap.c:1218
#13 0xffffffff80a99f37 in amap_adjref_anons (amap=0xffff93ad21f29358, offset=17, len=1, refv=-1, all=<optimized out>) at src/sys/uvm/uvm_amap.c:1577
#14 0xffffffff80aa9c85 in uvm_map_unreference_amap (flags=2, entry=0xffff93ad1b008e80) at src/sys/uvm/uvm_map.c:2368
#15 uvm_unmap_detach (first_entry=0xffff93ad1b008e80, flags=flags@entry=2) at src/sys/uvm/uvm_map.c:2368
#16 0xffffffff80aa4603 in uvm_io (map=0xffff93ad20730e48, uio=uio@entry=0xffffbf01508a4d50, flags=<optimized out>, flags@entry=0) at src/sys/uvm/uvm_io.c:135
#17 0xffffffff80b2d4cc in copyin_vmspace (len=<optimized out>, kaddr=<optimized out>, uaddr=<optimized out>, vm=<optimized out>) at src/sys/kern/subr_copy.c:229
#18 copyin_vmspace (vm=<optimized out>, uaddr=<optimized out>, kaddr=<optimized out>, len=<optimized out>) at src/sys/kern/subr_copy.c:205
#19 0xffffffff80b2d723 in copyin_proc (p=<optimized out>, uaddr=0x7f7fff780fe0, kaddr=0xffffbf01508a4e20, len=32) at src/sys/kern/subr_copy.c:280
#20 0xffffffff80b00794 in sysctl_kern_proc_args (namelen=2, newp=0x0, newlen=<optimized out>, oname=0xffffbf01508a4f30, rnode=0xffffbf001ef44f60, l=0xffff93ad1e27b900, oldlenp=0xffffbf01508a4f28, oldp=0x7f7fff46c324, name=<optimized out>) at src/sys/kern/kern_proc.c:2398
#21 sysctl_kern_proc_args (name=<optimized out>, namelen=<optimized out>, oldp=0x7f7fff46c324, oldlenp=0xffffbf01508a4f28, newp=<optimized out>, newlen=<optimized out>, oname=0xffffbf01508a4f30, l=0xffff93ad1e27b900, rnode=0xffffbf001ef44f60) at src/sys/kern/kern_proc.c:2306
#22 0xffffffff80b179e8 in sysctl_dispatch (name=name@entry=0xffffbf01508a4f30, namelen=<optimized out>, oldp=0x7f7fff46c324, oldlenp=oldlenp@entry=0xffffbf01508a4f28, newp=0x0, newlen=0, oname=oname@entry=0xffffbf01508a4f30, l=l@entry=0xffff93ad1e27b900, rnode=<optimized out>, rnode@entry=0x0) at src/sys/kern/kern_sysctl.c:454
#23 0xffffffff80b17c35 in sys___sysctl (l=0xffff93ad1e27b900, uap=0xffffbf01508a5000, retval=<optimized out>) at src/sys/kern/kern_sysctl.c:310
#24 0xffffffff8066d143 in sy_call (rval=0xffffbf01508a4fb0, uap=0xffffbf01508a5000, l=0xffff93ad1e27b900, sy=0xffffffff81d0cd30 <sysent+4848>) at src/sys/sys/syscallvar.h:65
#25 sy_invoke (code=202, rval=0xffffbf01508a4fb0, uap=0xffffbf01508a5000, l=0xffff93ad1e27b900, sy=0xffffffff81d0cd30 <sysent+4848>) at src/sys/sys/syscallvar.h:94
#26 syscall (frame=0xffffbf01508a5000) at src/sys/arch/x86/x86/syscall.c:138
#27 0xffffffff8032425d in handle_syscall () at src/sys/../external/cddl/osnet/dist/uts/common/fs/zfs/dmu_traverse.c:706

>How-To-Repeat:
	
Run this script on a 16-core VM, DIAGNOSTIC+DEBUG+LOCKDEBUG:

pgloop(){

	while :; do
		pgrep nope
	done
}

for I in $( seq 100 ); do
	pgloop &
done

while :; do
	uptime
	sleep 60
done

Wait 4 to 24 hours and get this assertion.

Same problem seen on -7 and -8 release kernels.
>Fix:
	

>Unformatted:

Prev by Date: Re: bin/55365: cvs(1) mishandles paths to other directories
Next by Date: port-amd64/55367: failure to compile amd64 current with clang
Previous by Thread: bin/55365: cvs(1) mishandles paths to other directories
Next by Thread: port-amd64/55367: failure to compile amd64 current with clang
Indexes:

Home | Main Index | Thread Index | Old Index