Subject: port-vax/28379: kernel panic "usrptmap space leakage" when mmap()ing a file
To: None <port-vax-maintainer@netbsd.org, gnats-admin@netbsd.org,>
From: None <kirk@ba23.org>
List: netbsd-bugs
Date: 11/21/2004 18:38:00
>Number: 28379
>Category: port-vax
>Synopsis: kernel panic "usrptmap space leakage" when mmap()ing a file
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: port-vax-maintainer
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Nov 21 18:38:00 +0000 2004
>Originator: Kirk Russell
>Release: NetBSD 2.0_RC4 200410130000
>Organization:
www.ba23.org
>Environment:
NetBSD bronzevax.on.kr 2.0_RC4 NetBSD 2.0_RC4 (GENERIC) #0: Sat Oct 16 06:14:30
UTC 2004 autobuild@tgm.netbsd.org:/autobuild/netbsd-2-0/vax/OBJ/autobuild/netbs
d-2-0/src/sys/arch/vax/compile/GENERIC vax
>Description:
I used the "dt" test utility (a dd clone http://www.ba23.org/page0100.html#dt)
to create a new file, using the mmap() API and the kernel crashed:
panic: usrptmap space leakage
I upgraded to NetBSD 2.0_RC4 200410130000. I'm using a VAX 4000 Model 700A,
with the following modules:
slot one MS690-D
slot two MS690-D clone
slot three MS690-D clone
slot four MS690-D
slot five KA692
slot six DESQA-SA
slot seven CXY08
slot eight CMD CQD 203M
slot nine TQK50-AA
slot ten empty
slot eleven empty
slot twelve empty
NetBSD 2.0_RC4 (GENERIC) #0: Sat Oct 16 06:14:30 UTC 2004
autobuild@tgm.netbsd.org:/autobuild/netbsd-2-0/vax/OBJ/autobuild/netbsd-2-0/src/sys/arch/vax/compile/GENERIC
VAX 4000/705A
cpu0: KA694, ucode rev 2
total memory = 511 MB
avail memory = 493 MB
mainbus0 (root)
ibus0 at mainbus0
ze0 at ibus0
ze0: hardware address 08:00:2b:3b:1f:df
device shac at ibus0 not configured
uba0 at ibus0: Q22
dhu0 at uba0 csr 160440 vec 300 ipl 17
dhu0: rom(1) version 17 rom(0) version 18
dhu0: DHV-11
mtc0 at uba0 csr 174500 vec 774 ipl 17
mscpbus0 at mtc0: version 4 model 3
mscpbus0: DMA burst size set to 4
mt0 at mscpbus0 drive 0: TK50
uda0 at uba0 csr 172150 vec 770 ipl 17
mscpbus1 at uda0: version 6 model 13
mscpbus1: DMA burst size set to 4
ra0 at mscpbus1 drive 0: RA90
ra1 at mscpbus1 drive 1: RA90
ra2 at mscpbus1 drive 2: RA90
ra3 at mscpbus1 drive 3: RA90
ra4 at mscpbus1 drive 4: RA90
ra5 at mscpbus1 drive 5: RA90
qt0 at uba0 csr 174440 vec 764 ipl 17
qt0: delqa-plus in Turbo mode, hardware address 08:00:2b:3f:a8:b7
Kernelized RAIDframe activated
ra0: size 4110479 sectors
ra1: size 4110479 sectors
ra2: size 4110479 sectors
ra3: size 4110479 sectors
ra4: size 4110479 sectors
ra5: size 4110479 sectors
boot device: ra0
root on ra0a dumps on ra0b
root file system type: ffs
bronzevax# uname -a
NetBSD bronzevax.on.kr 2.0_RC4 NetBSD 2.0_RC4 (GENERIC) #0: Sat Oct 16 06:14:30 UTC 2004 autobuild@tgm.netbsd.org:/autobuild/netbsd-2-0/vax/OBJ/autobuild/netbsd-2-0/src/sys/arch/vax/compile/GENERIC vax
bronzevax# dt of=/tmp/a bs=123p limit=1g+1p disable=stats enable=mmap
panic: usrptmap space leakage
Stopped in pid 415.1 (dt) at netbsd:rmptep: function "rmptep()", entry-mask 0
x40
bleq pmap_rmproc+0xaa
db> ps
PID PPID PGRP UID S FLAGS LWPS COMMAND WAIT
>415 405 415 0 2 0x4002 1 dt
405 1 405 0 2 0x4003 1 ksh pause
272 1 272 0 2 0 1 cron nanosle
393 1 393 0 2 0 1 inetd kqread
367 1 367 0 2 0x100 1 sendmail select
327 1 327 0 2 0 1 ntpd pause
218 1 218 0 2 0 1 syslogd poll
5 0 0 0 2 0x20200 1 aiodoned aiodone
4 0 0 0 2 0x20200 1 ioflush syncer
3 0 0 0 2 0x20200 1 pagedaemon pgdaemo
2 0 0 0 2 0x20200 1 lfs_writer lfswrit
1 0 1 0 2 0x4000 1 init wait
0 -1 0 0 2 0x20200 1 swapper schedul
db> trace
panic: usrptmap space leakage
Stack traceback :
0xa746ad18: rmptep+0x0(0xa0937f80,0x7ef000)
0xa746ad64: grow_p0+0x34(0xa0937f80,0x1fb978)
0xa746ada0: pmap_enter+0x72(0xa0937f80,0x3f72f000,0x4ecd000,0x1,0x21)
0xa746addc: uvm_fault+0xc25(0x813ec1b8,0x3f72f000,0,0x1)
0xa746aef4: trap+0x259(0xa746afb4)
>>>show config
KA692-A V2.3, VMB 2.14
Scan of main memory
Memory board 0: 00000000 to 07FFFFFF, 128MB, 262144 good pages, 0 bad pages
Memory board 1: 08000000 to 0FFFFFFF, 128MB, 262144 good pages, 0 bad pages
Memory board 2: 10000000 to 17FFFFFF, 128MB, 262144 good pages, 0 bad pages
Memory board 3: 18000000 to 1FFFFFFF, 128MB, 262144 good pages, 0 bad pages
Total of 512MB, 1048576 good pages, 0 bad pages, 352 reserved pages
UQSSP Disk Controller 0 (772150)
-DUA0 (RA90)
-DUA1 (RA90)
-DUA2 (RA90)
-DUA3 (RA90)
-DUA4 (RA90)
-DUA5 (RA90)
UQSSP Tape Controller 0 (774500)
-MUA0 (TK50)
Ethernet Adapter
-EZA0 (08-00-2B-3B-1F-DF)
Ethernet Adapter 0 (774440)
-XQA0 (08-00-2B-3F-A8-B7)
Scan of Qbus I/O Space
-20000120 (760440) = 0080 DHQ11/DHV11/CXA16/CXB16/CXY08
-20000122 (760442) = F081
-20000124 (760444) = DD18
-20000126 (760446) = 0000
-20000128 (760450) = 0000
-2000012A (760452) = 0000
-2000012C (760454) = 8000
-2000012E (760456) = 0000
-20001468 (772150) = 0000 RQDX3/KDA50/RRD50/RQC25/KFQSA-DISK
-2000146A (772152) = 0B00
-20001920 (774440) = FF08 DELQA/DEQNA/DESQA
-20001922 (774442) = FF00
-20001924 (774444) = FF2B
-20001926 (774446) = FF3F
-20001928 (774450) = FFA8
-2000192A (774452) = FFB7
-2000192C (774454) = 8000
-2000192E (774456) = 1030
-20001940 (774500) = 0000 TQK50/TQK70/TU81E/RV20/KFQSA-TAPE
-20001942 (774502) = 0BC0
-20001F40 (777500) = 0020 IPCR
Scan of Qbus Memory Space
>How-To-Repeat:
I compiled "dt" with Netbsd 1.6.2.
# dt of=/tmp/a bs=123p limit=1g+1p disable=stats enable=mmap
>Fix:
unknown