Excerpts from netbsd: 10-Nov-97 vm_fault crash... again Dave
Huang@bga.com (308)

> Perhaps it's related to forking/execing? 

I had a problem which looked similar last year.
It was a disappearing PDE, showing up at another place.
I also came to the conclusion that the bug is triggered by
process creation / termination.
Iirc, I armed pmap_remove() with some checks and found
that the PDE was zeroed there.
However, I couldn't track it down further. (changed the
driver layout instead)

Here is the original report:

---------- Forwarded message begins here ----------

I encountered a strange problem in a driver for a
homegrown PCI card:

The card (CAMAC controller) does DMA. For sake of
latency, I do the transfer directly into the user buffer.
(not mapped into kernel space - vmapbuf() causes too much
overhead)
The driver function is laid out as follows:

while(todo>0){
	len=min(64k, todo)
	vslock(buf, len)
	s=splbio()
	[start DMA]
	res=tsleep()
	splx(s)
	[error handling for res]
	vsunlock(buf, len, 1)
	todo-=len
	buf+=len
}

If the machine is heavily loaded (esp. process creation) the
"vsunlock()" occasionaly causes a panic in "vm_fault_unwire()":
"unwire: page not in pmap". The reason is (I checked it explicitely
before calling "vsunlock()") that the page directory entry for
the user buffer became zero in the meantime.
(The check tests
vm_map_pmap(&curproc->p_vmspace->vm_map)->pm_pdir[((vm_offset_t)(buf) >>
PDSHIFT)&1023]
)
The system is NetBSD-1.1.