netbsd-bugs: kern/23171: amap_wiperange calls uvm

Subject: kern/23171: amap_wiperange calls uvm_anfree with amap locked
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <chris@pin.lu>
List: netbsd-bugs
Date: 10/16/2003 15:48:12
>Number:         23171
>Category:       kern
>Synopsis:       amap_wiperange calls uvm_anfree with amap locked
>Confidential:   no
>Severity:       critical
>Priority:       low
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Oct 16 15:49:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     Christian Limpach
>Release:        current as of 03/10/14
>Organization:
>Environment:
i386/mp
>Description:
amap_wiperange calls uvm_anfree with amap locked, uvm_anfree can sleep and this will trigger the "switching with held simple_lock" assert in mi_switch/simple_lock_switchcheck:

switching with held simple_lock 0xcb86af48 CPU 0 ../../../../uvm/uvm_amap_i.h:248
simple_lock_switchcheck(cb8694e0,cb8b6000,cb40b004,c026c3fe,cb8694e0) at netbsd:simple_lock
_switchcheck+0x18
mi_switch(cb869270,cb8694e0,371,c0265a7d,cb869270) at netbsd:mi_switch+0xca
sa_switch(cb869270,2,1db,c02659f0,c0677fe0) at netbsd:sa_switch+0x543
ltsleep(c0677fe0,204,c039cd3f,0,cb52bf84) at netbsd:ltsleep+0x3bd
uvm_anfree(cb52bf80,c039c85f,4c9,cb887e24,c09fb000) at netbsd:uvm_anfree+0x190
amap_wiperange(cb86af48,209,f6,c02659f0,cb86af48) at netbsd:amap_wiperange+0x11c
amap_pp_adjref(cb86af48,209,f6,ffffffff,cb8d03c8) at netbsd:amap_pp_adjref+0x1e5
amap_unref(cb86af48,209,f6,0,cb8586d8) at netbsd:amap_unref+0x99
uvm_unmap_detach(cb8d03c8,0,8434000,cb887ec8,833e000) at netbsd:uvm_unmap_detach+0x56
uvm_unmap(cb8585f4,833e000,8434000,0,0) at netbsd:uvm_unmap+0x146
uvm_deallocate(cb8585f4,833e000,f6000,c026620e,0) at netbsd:uvm_deallocate+0x2f
sys_obreak(cb869270,cb887f7c,cb887f74,c030124f,cb869270) at netbsd:sys_obreak+0xe8
syscall_plain() at netbsd:syscall_plain+0xc4
--- syscall (number 17) ---
0x484f5395:
Stopped in pid 162.1 (xmms) at  netbsd:cpu_Debugger+0x4:        leave

(gdb) f 6
#6  0xc02d552c in uvm_anfree (anon=0xcb52bf80) at ../../../../uvm/uvm_anon.c:250
250                                     UVM_UNLOCK_AND_WAIT(pg, &anon->an_lock, 0,
(gdb) up
#7  0xc02d50c4 in amap_wiperange (amap=0xcb86af48, slotoff=521, slots=246)
    at ../../../../uvm/uvm_amap.c:1235
1235                            uvm_anfree(anon);
(gdb) up
#8  0xc02d4f91 in amap_pp_adjref (amap=0xcb86af48, curslot=521, slotlen=246, adjval=-1)
    at ../../../../uvm/uvm_amap.c:1154
1154                            amap_wiperange(amap, lcv, len);
(gdb) up
#9  0xc02d3afd in amap_unref (amap=0xcb86af48, offset=521, len=246, all=0)
    at ../../../../uvm/uvm_amap_i.h:276
276                             amap_pp_adjref(amap, offset, len, -1);
(gdb) up
#10 0xc02df4de in uvm_unmap_detach (first_entry=0xcb8d03c8, flags=0)
    at ../../../../uvm/uvm_map.c:325
325             amap_unref(entry->aref.ar_amap, entry->aref.ar_pageoff,

>How-To-Repeat:
unknown
>Fix:
amap_unlock/amap_lock around the uvm_anfree call?

>Release-Note:
>Audit-Trail:
>Unformatted: