netbsd-bugs: port-sparc64/24126: crash in pmap

Subject: port-sparc64/24126: crash in pmap_remove
To: None <gnats-bugs@gnats.NetBSD.org>
From: Martin Husemann <martin@duskware.de>
List: netbsd-bugs
Date: 01/17/2004 12:23:44
>Number:         24126
>Category:       port-sparc64
>Synopsis:       crash in pmap_remove
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    port-sparc64-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jan 17 11:24:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Martin Husemann
>Release:        NetBSD 1.6ZH
>Organization:
>Environment:
System: NetBSD setting-sun.duskware.de 1.6ZH NetBSD 1.6ZH (SETTINGSUN) #0: Fri Jan 16 15:07:58 MET 2004 martin@setting-sun.duskware.de:/usr/src/sys/arch/sparc64/compile/SETTINGSUN sparc64
Architecture: sparc64
Machine: sparc64
>Description:

After runing build.sh (w/o -j) nearly to completition trying to update my
slow U5 to -current it crashed:

trap type 0x34: pc=100a98c npc=100a990 pstate=820006<PRIV,IE>
kernel trap 34: mem address not aligned
Stopped in pid 16914.1 (nbmakewhatis) at        netbsd:pseg_get+0x3c:   ldxa            [
%o2 + %g0] 20, %o2
db> bt
pmap_remove_pv(f8ca920, c98e000, 1ed3f80, 1, 672d, 0) at netbsd:pmap_remove_pv+0x180
pmap_remove(1862cb8, c98e000, c990000, 2, da9f1, 1824d70) at netbsd:pmap_remove+0x108
ubc_alloc(da9f140, 0, f983978, 1, 0, 0) at netbsd:ubc_alloc+0x1b4
ffs_read(0, 109437c, 58, 269a600, 0, 0) at netbsd:ffs_read+0x9c
vn_read(0, ca295c8, f983b90, 2964900, 1, 11030a0) at netbsd:vn_read+0xd0
dofileread(f4509f0, 3, ca29590, 2000, 2000, ca295c8) at netbsd:dofileread+0x94
sys_read(f4509f0, f983dd0, f983dc0, 10d9bcc, f983de8, 0) at netbsd:sys_read+0x5c
syscall(f983ed0, 3, 0, 40730800, 800, 407307fc) at netbsd:syscall+0x33c
?(3, 2e6000, 2000, 0, 0, 0) at 0x1008cb8
db> mach pmap f8ca920
pmap 0xf8ca920: ctx 0 refs 260874912 physaddr 4056a000 psegs 0x2f73686172652f6d
seg 0 => 4000
db> mach pv c98e000
pv@0x1ec3338: next=0x0 pmap=0x1862cb8 va=0x10cec006
db> mach pmap 0x1862cb8
pmap 0x1862cb8: ctx 0 refs 6 physaddr 2000 psegs 0x2000
seg 0 => 4000

the instruction it fails at is:

        ldxa    [%o2] ASI_PHYS_CACHED, %o2              ! Load page table pointer

and %o2 is 0x6e657743444b5765 (obviously bogus)

Still reaper fallout?

>How-To-Repeat:

Probably "fork end exit lots of processes"

>Fix:
Sorry, n/a
>Release-Note:
>Audit-Trail:
>Unformatted: