On Sat, Apr 13, 2024 at 06:14:25PM +0200, Martin Pieuchot wrote: > On 30/03/24(Sat) 18:38, Martin Pieuchot wrote: > > Hello Alexander, > > > > Thanks for the report. > > > > On 01/03/24(Fri) 16:39, Alexander Bluhm wrote: > > > Hi, > > > > > > An OpenBSD 7.4 machine on KVM running postgress and pagedaemon > > > crashed in amap_wipeout(). > > > > > > bluhm > > > > > > kernel: protection fault trap, code=0 > > > Stopped at amap_wipeout+0x76: movq %rcx,0x28(%rax) > > > > The problem is an incorrect call to amap_wipeout() in OOM situation > > inside amap_copy(). At this moment the amap being copied/allocated > > is not in the global list. That's why you see this incorrect > > dereference which corresponds to: > > > > amap_list_remove(amap); > > > > > ddb{3}> show panic > > > the kernel did not panic > > > > > > ddb{3}> trace > > > amap_wipeout(fffffd8015b154d0) at amap_wipeout+0x76 > > > uvm_fault_check(ffff8000232d6a20,ffff8000232d6a58,ffff8000232d6a80) at > > > uvm_faul > > > t_check+0x2ad > > > uvm_fault(fffffd811d150748,7d42519fb000,0,1) at uvm_fault+0xfb > > > upageflttrap(ffff8000232d6b80,7d42519fb3c0) at upageflttrap+0x65 > > > usertrap(ffff8000232d6b80) at usertrap+0x1ee > > > recall_trap() at recall_trap+0x8 > > > end of kernel > > > end trace frame: 0x7d42519fb3f0, count: -6 > > > > Diff below should fix it. I don't know how to test it. > > > > ok? > > Anyone?
ok jsg@ > > > Index: uvm/uvm_amap.c > > =================================================================== > > RCS file: /cvs/src/sys/uvm/uvm_amap.c,v > > diff -u -p -r1.92 uvm_amap.c > > --- uvm/uvm_amap.c 11 Apr 2023 00:45:09 -0000 1.92 > > +++ uvm/uvm_amap.c 30 Mar 2024 17:30:10 -0000 > > @@ -662,9 +658,10 @@ amap_copy(struct vm_map *map, struct vm_ > > > > chunk = amap_chunk_get(amap, lcv, 1, PR_NOWAIT); > > if (chunk == NULL) { > > - /* amap_wipeout() releases the lock. */ > > - amap->am_ref = 0; > > - amap_wipeout(amap); > > + amap_unlock(srcamap); > > + /* Destroy the new amap. */ > > + amap->am_ref--; > > + amap_free(amap); > > return; > > } > > > > > >