netbsd-bugs: port-i386/15749: lpt driver crashes on certain large files.

Subject: port-i386/15749: lpt driver crashes on certain large files.
To: None <gnats-bugs@gnats.netbsd.org>
From: None <liman@autonomica.se>
List: netbsd-bugs
Date: 02/27/2002 15:02:20
>Number:         15749
>Category:       port-i386
>Synopsis:       lpt driver crashes sending large files to HP printer.
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    port-i386-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Feb 27 06:02:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     Lars-Johan Liman
>Release:        NetBSD 1.5.2
>Organization:
Autonomica AB, Stockholm, Sweden
>Environment:
System:NetBSD joker.liman.se 1.5.2 NetBSD 1.5.2 (GENERIC) #3: Sat Aug 18 23:37:05 CEST 2001     he@hamster.urc.uninett.no:/usr/src/sys/arch/i386/compile/GENERIC i386	
Architecture: i386
Machine: i386
>Description:
	While sending some large PostScript files to my HP LaserJet
	4MPlus, the entire system crashes or hangs. This is repeatable
	once I find a suitable file, but not all files make it
	crash. It happens even if tested in single user, without
	possibly disturbing processes.

	The system used to run 1.4P without any problems what so
	ever. After upgrade to 1.5.2 the problems started, and tests
	with a 1.5ZA kernel indicate that it is is slightly better,
	but crashes still occur.

	(If this is the system's way of saying "16 MB of RAM and 48 MB
	of swap is just too f-ing small!" you need to improve on your
	error messages. :-)

	Here follows dmesg, and some ddb output. Core dump is
	available at http://www.cafax.se/netbsd/

	#------------------------------------------------------------

	joker:/etc#dmesg
	NetBSD 1.5.2 (GENERIC) #3: Sat Aug 18 23:37:05 CEST 2001
	    he@hamster.urc.uninett.no:/usr/src/sys/arch/i386/compile/GENERIC
	cpu0: Intel Pentium (P54C) (586-class), 74.72 MHz
	total memory = 16000 KB
	avail memory = 9596 KB
	using 225 buffers containing 900 KB of memory
	BIOS32 rev. 0 found at 0xfcb50
	mainbus0 (root)
	pci0 at mainbus0 bus 0: configuration mode 1
	pci0: i/o space, memory space enabled
	pchb0 at pci0 dev 0 function 0
	pchb0: Intel 82437FX System Controller (TSC) (rev. 0x01)
	pcib0 at pci0 dev 7 function 0
	pcib0: Intel 82371FB PCI-to-ISA Bridge (PIIX) (rev. 0x02)
	pciide0 at pci0 dev 7 function 1: Intel 82371FB IDE controller (PIIX) (rev. 0x02)
	pciide0: bus-master DMA support present
	pciide0: primary channel wired to compatibility mode
	wd0 at pciide0 channel 0 drive 0: <QUANTUM TRB850A>
	wd0: drive supports 8-sector pio transfers, lba addressing
	wd0: 810 MB, 1647 cyl, 16 head, 63 sec, 512 bytes/sect x 1660176 sectors
	wd0: 32-bit data port
	wd0: drive supports PIO mode 4, DMA mode 2
	pciide0: primary channel interrupting at irq 14
	wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 (using DMA data transfers)
	pciide0: secondary channel wired to compatibility mode
	wd1 at pciide0 channel 1 drive 0: <IBM-DPTA-372730>
	wd1: drive supports 16-sector pio transfers, lba addressing
	wd1: 26105 MB, 16383 cyl, 16 head, 63 sec, 512 bytes/sect x 53464320 sectors
	wd1: 32-bit data port
	wd1: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 4
	pciide0: secondary channel interrupting at irq 15
	wd1(pciide0:1:0): using PIO mode 4, DMA mode 2 (using DMA data transfers)
	ex0 at pci0 dev 13 function 0: 3Com 3c905C-TX 10/100 Ethernet with mngmt (rev. 0x74)
	ex0: interrupting at irq 11
	ex0: MAC address 00:50:da:3e:02:8e
	ukphy0 at ex0 phy 24: Generic IEEE 802.3u media interface
	ukphy0: OUI 0x001018, model 0x0017, rev. 6
	ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
	tlp0 at pci0 dev 14 function 0: Lite-On 82C169 Ethernet, pass 2.0
	tlp0: interrupting at irq 11
	tlp0: Ethernet address 00:02:e3:08:c9:06
	ukphy1 at tlp0 phy 1: Generic IEEE 802.3u media interface
	ukphy1: BCM5201 10/100 media interface (OUI 0x001018, model 0x0021), rev. 2
	ukphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
	vga1 at pci0 dev 15 function 0: ATI Technologies Mach64 CT (rev. 0x0a)
	wsdisplay0 at vga1
	isa0 at pcib0
	com0 at isa0 port 0x3f8-0x3ff irq 4: ns16550a, working fifo
	com1 at isa0 port 0x2f8-0x2ff irq 3: ns16550a, working fifo
	com1: console
	pckbc0 at isa0 port 0x60-0x64
	pckbd0 at pckbc0 (kbd slot)
	pckbc0: using irq 1 for kbd slot
	wskbd0 at pckbd0
	lpt0 at isa0 port 0x378-0x37b irq 7
	pcppi0 at isa0 port 0x61
	midi0 at pcppi0: PC speaker
	sysbeep0 at pcppi0
	isapnp0 at isa0 port 0x279: ISA Plug 'n Play device support
	npx0 at isa0 port 0xf0-0xff: using exception 16
	fdc0 at isa0 port 0x3f0-0x3f7 irq 6 drq 2
	fd0 at fdc0 drive 0: 1.44MB, 80 cyl, 2 head, 18 sec
	isapnp0: no ISA Plug 'n Play devices found
	biomask f765 netmask ff65 ttymask ffe7
	boot device: wd0
	root on wd0a dumps on wd0b
	root file system type: ffs
	IP Filter: v3.4.9 initialized.  Default = pass all, Logging = enabled
	wsdisplay0: screen 1 added (80x25, vt100 emulation)
	wsdisplay0: screen 2 added (80x25, vt100 emulation)
	wsdisplay0: screen 3 added (80x25, vt100 emulation)
	wsdisplay0: screen 4 added (80x25, vt100 emulation)
	wsmux1: connecting to wsdisplay0

	#------------------------------------------------------------

	# cat dfA033joker.liman.se >/dev/lpt0 


	uvm_fault(0xc283c234, 0x0, 0, 1) -> 1
	kernel: page fault trap, code=0
	Stopped in cat at             0x10:uvm_fault(0xc283c234, 0xbfc00000, 0, 1) -> 1
	     kernel: page fault trap, code=0
	Stopped in cat at       db_disasm+0x1b: movl    PTmap(%eax),%eax
	db> trace
	db_disasm(10,0,c041a7ec,10,2) at db_disasm+0x1b
	db_print_loc_and_inst(10,0,0,c285ccc4,c02fd5a2) at db_print_loc_and_inst+0x26
	db_trap(6,0,1,c285cd1c,0) at db_trap+0xe9
	kdb_trap(6,0,c285cd1c) at kdb_trap+0xc6
	trap() at trap+0x170
	--- trap (number 6) ---
	param.c(c2837978) at       0x10
	bpendtsleep(c069d900,11e,c04c444f,0,0) at bpendtsleep
	lptpushbytes(c069d900,c06f6800,0,c285cee8,c285cee8) at lptpushbytes+0x1b3
	lptwrite(1000,c285cee8,1,1,10000) at lptwrite+0x33
	spec_write(c285ce9c,c285ceb0,c01d9800,c285ce9c,c285cf80) at spec_write+0x80
	ufsspec_write(c285ce9c,c285cf80,10000,c284e030,c285ce9c) at ufsspec_write+0x2d
	vn_write(c284e030,c284e04c,c285cee8,c069df80,1) at vn_write+0xe0
	dofilewrite(c2837978,1,c284e030,8057000,10000) at dofilewrite+0x94
	sys_write(c2837978,c285cf80,c285cf78,10000,0) at sys_write+0x4e
	syscall() at syscall+0x224
	--- syscall (number 4) ---
	 0x804c747:
	db> show registers
	ds                0x10
	es                0x10
	fs                0x10
	gs                0x10
	edi               0x10
	esi         0xc285cd74  end+0x22d170c
	ebp         0xc285cc6c  end+0x22d1604
	ebx               0x10
	edx                0x3
	ecx                  0
	eax                  0
	eip         0xc02fcd13  db_disasm+0x1b
	cs                 0x8
	eflags         0x10056
	esp         0xc285cc34  end+0x22d15cc
	ss          0xc0550010  kernel_map_entry.126+0xabb0
	db_disasm+0x1b: movl    PTmap(%eax),%eax
	db> ps
	 PID             PPID       PGRP        UID S   FLAGS          COMMAND    WAIT
	>17                13         17          0 7  0x4086              cat
	 13                 5         13          0 3  0x4086             tcsh   pause
	 5                  1          5          0 3  0x4086               sh    wait
	 4                  0          0          0 3 0x20204          ioflush  syncer
	 3                  0          0          0 3 0x20204           reaper  reaper
	 2                  0          0          0 3 0x20204       pagedaemon daemon_
	 1                  0          1          0 3  0x4084             init    wait
	 0                 -1          0          0 3 0x20204          swapper schedul
	db> 


>How-To-Repeat:
	cat <the-big-file.ps> >/dev/lpt0
>Fix:
	Unknown.
>Release-Note:
>Audit-Trail:
>Unformatted: