Subject: kern/32429: setting MAXDSIZ > 1GB on 1.6.x alpha causes a "panic: trap"
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: Greg A. Woods <woods@planix.com>
List: netbsd-bugs
Date: 01/02/2006 07:15:51
>Number: 32429
>Category: kern
>Synopsis: setting MAXDSIZ over 1GB on 1.6.x alpha causes a "panic: trap"
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Jan 02 07:15:51 +0000 2006
>Originator: Greg A. Woods
>Release: NetBSD 1.6.2_STABLE (cvs update on 20051127)
>Organization:
Planix, Inc.; Toronto, Ontario; Canada
>Environment:
System: NetBSD building 1.6.2_STABLE
Architecture: alpha
Machine: alpha
>Description:
NetBSD/alpha has a MAXDSIZ default setting of 1GB thus limiting
all processes to a hard RLIMIT_DATA of the same.
When MAXDSIZ is increased beyond 1GB in order to try to allow a
process to have an RLIMIT_DATA of more than 1GB, the kernel will
quickly panic when put under any significant load.
Note that everything works fine in single user mode with just
one process running:
[console]<@> # ulimit -d $((8*1024*1024*1024))
[console]<@> # ulimit -a
time(cpu-seconds) unlimited
file(blocks) unlimited
coredump(blocks) unlimited
data(kbytes) 8388608
stack(kbytes) 2048
lockedmem(kbytes) 4860504
memory(kbytes) 14581512
nofiles(descriptors) 64
processes 160
[console]<@> # time zonec -v -f dnsbl.sorbs.net.nsd sorbs.zonec &
[1] zonec -v -f dnsbl.sorbs.net.nsd sorbs.zonec
[[ ... wait for some time ... ]]
[console]<@> # ps -u
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 76 99.0 -38534.9 1191528 1149864 C0 R 10:24PM 3:17.11 zonec -v -f dnsbl
root 72 0.0 -19.3 608 560 C0 S 10:23PM 0:00.49 ksh
root 15 0.0 -21.7 728 632 C0 Is 10:19PM 0:01.49 -sh
root 107 0.0 -13.4 384 384 C0 R+ 10:28PM 0:00.00 ps -u
>How-To-Repeat:
options MAXDSIZ="(8UL*1024*1024*1024)"
boot to multiuser, and observe a panic shortly afterwards:
CPU 3: fatal kernel trap:
CPU 3 trap entry = 0x2 (memory management fault)
CPU 3 a0 = 0x2a0
CPU 3 a1 = 0x1
CPU 3 a2 = 0x0
CPU 3 pc = 0xfffffc0000300a50
CPU 3 ra = 0xfffffc0000300a44
CPU 3 pv = 0xfffffc0000300994
CPU 3 curproc = 0xfffffc00b3be8ba8
CPU 3 pid = 328, comm = imapd
panic: trap
Stopped in pid 328 (imapd) at cpu_Debugger+0x4: ret zero,(ra)
db{3}> trace
cpu_Debugger() at cpu_Debugger+0x4
panic() at panic+0x160
trap() at trap+0x6ec
XentMM() at XentMM+0x20
--- memory management fault (from ipl 0) ---
copyinstr() at copyinstr+0x54
namei() at namei+0xb8
sys___stat13() at sys___stat13+0x5c
syscall_plain() at syscall_plain+0x158
XentSys() at XentSys+0x5c
--- syscall (278) ---
--- user mode ---
db{3}>
>Fix:
unknown