From owner-freebsd-bugs@freebsd.org Wed Nov 4 16:05:56 2020 Return-Path: Delivered-To: freebsd-bugs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D673D4606D5 for ; Wed, 4 Nov 2020 16:05:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (mailman.nyi.freebsd.org [IPv6:2610:1c1:1:606c::50:13]) by mx1.freebsd.org (Postfix) with ESMTP id 4CRBMm5NqMz3gcy for ; Wed, 4 Nov 2020 16:05:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id B8E6E4606D4; Wed, 4 Nov 2020 16:05:56 +0000 (UTC) Delivered-To: bugs@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B8A76460BA8 for ; Wed, 4 Nov 2020 16:05:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CRBMm4WKfz3gmF for ; Wed, 4 Nov 2020 16:05:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7E858FEEF for ; Wed, 4 Nov 2020 16:05:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 0A4G5uFW069727 for ; Wed, 4 Nov 2020 16:05:56 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 0A4G5ufJ069726 for bugs@FreeBSD.org; Wed, 4 Nov 2020 16:05:56 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 250866] lock inversion panic in sys/riscv/riscv/pmap.c:3887 on RISCV 1300123 Date: Wed, 04 Nov 2020 16:05:56 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: dclarke@blastwave.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Nov 2020 16:05:56 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D250866 Bug ID: 250866 Summary: lock inversion panic in sys/riscv/riscv/pmap.c:3887 on RISCV 1300123 Product: Base System Version: CURRENT Hardware: riscv OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: dclarke@blastwave.org While running a test image from Mitchell Horne provided at :=20 https://reviews.freebsd.org/D27045 I was able to use it just fine under qemu and with a ZFS zpool.=20 However after a number of hours while building the various dependencies I ran into the following panic :=20 Kernel page fault with the following non-sleepable locks held: exclusive sleep mutex pmap (pmap) r =3D 0 (0xffffffd1a3420760) locked @ /usr/src/sys/riscv/riscv/pmap.c:3887 exclusive rw pmap pv list (pmap pv list) r =3D 0 (0xffffffc00083ff40) locke= d @ /usr/src/sys/riscv/riscv/pmap.c:3862 shared rw pmap pv global (pmap pv global) r =3D 0 (0xffffffc00083fe00) lock= ed @ /usr/src/sys/riscv/riscv/pmap.c:3860 exclusive rw vm object (vm object) r =3D 0 (0xffffffd1d0046b58) locked @ /usr/src/sys/vm/vnode_pager.c:1239 stack backtrace: 339 -16 - 0B 5424K swapin 1 23:30 4.58% kern= el #0 0xffffffc000302a18 at witness_debugger+0x6celect 0 0:01 2.85% mini= ruby #1 0xffffffc000303ba6 at witness_warn+0x420 #2 0xffffffc000536ff6 at page_fault_handler+0x60 #3 0xffffffc000536cb0 at do_trap_supervisor+0x64 #4 0xffffffc000527288 at cpu_exception_handler_supervisor+0x68 #5 0xffffffc0004f9b70 at vm_object_page_collect_flush+0x10a #6 0xffffffc0004f990e at vm_object_page_clean+0x15e #7 0xffffffc00036a9c0 at vinactivef+0xae #8 0xffffffc00036a1bc at vput_final+0x256 #9 0xffffffc00036a248 at vput+0x32 #10 0xffffffc00037da08 at vn_close1+0x13c #11 0xffffffc00037c466 at vn_closefile+0x44 #12 0xffffffc00024a324 at _fdrop+0x16 #13 0xffffffc00024d258 at closef+0x1e4 #14 0xffffffc00024a7dc at closefp+0x82 #15 0xffffffc00024afb6 at kern_close+0x11e #16 0xffffffc00024ae8c at sys_close+0xe #17 0xffffffc00053734e at do_trap_user+0x23a t[0] =3D=3D 0xffffffd1ffd8d800 t[1] =3D=3D 0x0000000000000030 t[2] =3D=3D 0x0000000000000000 t[3] =3D=3D 0xffffffc062409708 t[4] =3D=3D 0x000000000000000f t[5] =3D=3D 0x0000000000000180 t[6] =3D=3D 0xffffffd00b47ed00 s[0] =3D=3D 0xffffffc062409660 s[1] =3D=3D 0xffffffd0a2cff2e0 s[2] =3D=3D 0xffffffd1a3420778 s[3] =3D=3D 0xffffffd1f3710830 s[4] =3D=3D 0xffffffd1a3420760 s[5] =3D=3D 0xffffffc0624097e0 s[6] =3D=3D 0x0000000000000000 s[7] =3D=3D 0x0000000000001000 s[8] =3D=3D 0xffffffc0624095e0 s[9] =3D=3D 0xfffffffffffff000 s[10] =3D=3D 0x0000000000000001 s[11] =3D=3D 0xffffffc000586443 a[0] =3D=3D 0x0000000045f9e000 a[1] =3D=3D 0x0000000000000000 a[2] =3D=3D 0xffffffd1b6600178 a[3] =3D=3D 0x0000000080000000 a[4] =3D=3D 0x0000000280000000 a[5] =3D=3D 0x0000000000000000 a[6] =3D=3D 0xffffffcf80000000 a[7] =3D=3D 0xffffffc000586443 ra =3D=3D 0xffffffc000533736 sp =3D=3D 0xffffffc062409560 gp =3D=3D 0x0000000000000008 tp =3D=3D 0x0000000000000020 sepc =3D=3D 0xffffffc0005337ba sstatus =3D=3D 0x8000000000006120 panic: Fatal page fault at 0xffffffc0005337ba: 0000000000000000 cpuid =3D 1 time =3D 1604493628 KDB: stack backtrace: db_trace_self() at db_trace_self db_trace_self_wrapper() at db_trace_self_wrapper+0x38 kdb_backtrace() at kdb_backtrace+0x2c vpanic() at vpanic+0x146 panic() at panic+0x26 page_fault_handler() at page_fault_handler+0x17a do_trap_supervisor() at do_trap_supervisor+0x64 cpu_exception_handler_supervisor() at cpu_exception_handler_supervisor+0x68 --- exception 13, tval =3D 0 pmap_remove_write() at pmap_remove_write+0x352 vm_object_page_collect_flush() at vm_object_page_collect_flush+0x10a vm_object_page_clean() at vm_object_page_clean+0x15e vinactivef() at vinactivef+0xae vput_final() at vput_final+0x256 vput() at vput+0x32 vn_close1() at vn_close1+0x13c vn_closefile() at vn_closefile+0x44 _fdrop() at _fdrop+0x16 closef() at closef+0x1e4 closefp() at closefp+0x82 kern_close() at kern_close+0x11e sys_close() at sys_close+0xe do_trap_user() at do_trap_user+0x23a cpu_exception_handler_user() at cpu_exception_handler_user+0x72 --- exception 8, tval =3D 0 KDB: enter: panic [ thread pid 11478 tid 101371 ] Stopped at kdb_enter+0x4c: sd zero,0(a0) db> where Tracing pid 11478 tid 101371 td 0xffffffc0620dfb80 kdb_enter() at kdb_enter+0x4a vpanic() at vpanic+0x164 panic() at panic+0x26 page_fault_handler() at page_fault_handler+0x17a do_trap_supervisor() at do_trap_supervisor+0x64 cpu_exception_handler_supervisor() at cpu_exception_handler_supervisor+0x68 --- exception 13, tval =3D 0 pmap_remove_write() at pmap_remove_write+0x352 vm_object_page_collect_flush() at vm_object_page_collect_flush+0x10a vm_object_page_clean() at vm_object_page_clean+0x15e vinactivef() at vinactivef+0xae vput_final() at vput_final+0x256 vput() at vput+0x32 vn_close1() at vn_close1+0x13c vn_closefile() at vn_closefile+0x44 _fdrop() at _fdrop+0x16 closef() at closef+0x1e4 closefp() at closefp+0x82 kern_close() at kern_close+0x11e sys_close() at sys_close+0xe do_trap_user() at do_trap_user+0x23a cpu_exception_handler_user() at cpu_exception_handler_user+0x72 --- exception 8, tval =3D 0 db>=20 Could be a null pointer deref issue?=20 Seeing tval is 0 could be null pointer not a locking issue. There is also exception 8, tval =3D 0 and maybe that is userspace making a syscall. Not my area of knowledge ... sorry. this probably only happens on FreeBSD CURRENT with the witness options and debugging options enabled.=20 If I can reproduce it that I may be able to gather a dump next time.=20 --=20 Dennis Clarke RISC-V/SPARC/PPC/ARM/CISC UNIX and Linux spoken GreyBeard and suspenders optional --=20 You are receiving this mail because: You are the assignee for the bug.=