Re: Reproducable kernel crash

[Kalvis Duckmanton <kalvisd%gmail.com@localhost>]

On 27/2/24 23:29, Martin Husemann wrote:
> I enabled PMAPDEBUG and expanded a few of the printfs to get more information.
> The (obvious) problem is that pm_count and the number of pcbs in pm_pcbs
> gets out of sync.
>
> The sequence that triggers it is a failing sys__lwp_create() syscall
> where the lwpid_t * supposed to get the lwp ID of the newly created
> lwp is bogus, so copyout fails and we lwp_exit() the new lwp right away
> (before it ever had a chance to run).
>
> basically:
>
> 	do_lwp_create( ...., &l2, ...);
> 	lwp_exit(l2);
>
> There is a pmap_activate() call in there that makes l2's pm_pcbs have
> two entries, and then during lwp_exit only the active one gets removed.
>
> Anyone have an idea where the second PCB for that fresh lwp could come from
> (or where it is set)?

At the risk of going off on a tangent - in uvm_map.c:uvmspace_free(), 
shortly before the call to pmap_destroy(), there is a call to 
pmap_remove_all(), with the comment

    /*
     * at this point, there should be no other references to the map.
     * delete all of the mappings, then destroy the pmap.
     */

The VAX implementation of pmap_remove_all() merely returns 'false', 
which seems a bit odd.

Should it do something?

kalvis