Subject: kern/4654: bad system response when swapping and "pmap_pageable: bad PT page va 400d9000 next 0xf3ca4ea4" messages
To: None <gnats-bugs@gnats.netbsd.org>
From: None <kivinen@ssh.fi>
List: netbsd-bugs
Date: 12/09/1997 16:59:59 
>Number:         4654
>Category:       kern
>Synopsis:       bad system response when swapping and "pmap_pageable: bad PT page va 400d9000 next 0xf3ca4ea4" messages
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Dec  9 07:05:04 1997
>Last-Modified:
>Originator:     Tero Kivinen
>Organization:
Ssh Communcations Security Ltd
>Release:        1.3_BETA
>Environment:
	
System: NetBSD ietf-kaakeli.ssh.fi 1.3_BETA NetBSD 1.3_BETA (KAAKELI) #4: Fri Dec 5 06:38:03 EET 1997 ztk@kaakeli.ssh.fi:/usr/src/sys/arch/i386/compile/KAAKELI i386


>Description:

	If you run program that will wildly allocate and touch memory
	and system starts to swap on disk, it behaves very badly. It
	doesn't respond anything until the offending program runs out
	of swap space or hits the memory limit.

	After running this kind of program I noticed several (some hundreds)
	pmap_pageable: bad PT page va 400d9000 next 0xf3ca4ea4"
	messages on the console:

pmap_pageable: bad PT page va a1000 next 0xf3ca4df0
pmap_pageable: bad PT page va a1000 next 0xf3ca4df0
pmap_pageable: bad PT page va a1000 next 0xf3ca4df0
...
pmap_pageable: bad PT page va a1000 next 0xf3ca4df0
pmap_pageable: bad PT page va a1000 next 0xf3ca4df0
pmap_pageable: bad PT page va a1000 next 0xf3ca4df0
pmap_pageable: bad PT page va a1000 next 0xf3ca4df0
pmap_pageable: bad PT page va 400b3000 next 0xf3ca4df0
pmap_pageable: bad PT page va 400b3000 next 0xf3ca4df0
pmap_pageable: bad PT page va 400b3000 next 0xf3ca4df0
pmap_pageable: bad PT page va 400b3000 next 0xf3ca4df0
pmap_pageable: bad PT page va 400b3000 next 0xf3ca4df0
pmap_pageable: bad PT page va 400b3000 next 0xf3ca4df0
pmap_pageable: bad PT page va 400b3000 next 0xf3ca4df0
pmap_pageable: bad PT page va 400b3000 next 0xf3ca4df0
pmap_pageable: bad PT page va 400b2000 next 0xf3ca4df0
pmap_pageable: bad PT page va 400b2000 next 0xf3ca4df0
pmap_pageable: bad PT page va 400b2000 next 0xf3ca4df0
pmap_pageable: bad PT page va 400b2000 next 0xf3ca4df0
pmap_pageable: bad PT page va 400b2000 next 0xf3ca4df0
pmap_pageable: bad PT page va 400b2000 next 0xf3ca4df0
...
pmap_pageable: bad PT page va 400b2000 next 0xf3ca4df0
pmap_pageable: bad PT page va 400b2000 next 0xf3ca4df0
pmap_pageable: bad PT page va 4000 next 0xf3ca4df0
pmap_pageable: bad PT page va 4000 next 0xf3ca4ff4
pmap_pageable: bad PT page va 4000 next 0xf3ca4ff4
pmap_pageable: bad PT page va efbfc000 next 0xf3ca4ff4
pmap_pageable: bad PT page va efbfc000 next 0xf3ca4ff4
pmap_pageable: bad PT page va efbfc000 next 0xf3ca4ff4
pmap_pageable: bad PT page va efbfc000 next 0xf3ca4ff4
pmap_pageable: bad PT page va efbfd000 next 0xf3ca4ff4
pmap_pageable: bad PT page va efbfd000 next 0xf3ca4ff4
pmap_pageable: bad PT page va efbfd000 next 0xf3ca4ff4
pmap_pageable: bad PT page va efbfc000 next 0xf3ca4ff4
pmap_pageable: bad PT page va efbfc000 next 0xf3ca4ff4
pmap_pageable: bad PT page va 4000 next 0xf3ca4ea4
pmap_pageable: bad PT page va 4000 next 0xf3ca4ea4
pmap_pageable: bad PT page va 4000 next 0xf3ca4ea4
pmap_pageable: bad PT page va 400d9000 next 0xf3ca4cf4
pmap_pageable: bad PT page va 400d9000 next 0xf3ca4cf4
pmap_pageable: bad PT page va 400d9000 next 0xf3ca4cf4
pmap_pageable: bad PT page va 400d9000 next 0xf3ca4cf4
pmap_pageable: bad PT page va 400d9000 next 0xf3ca4cf4
pmap_pageable: bad PT page va 400d9000 next 0xf3ca4cf4
pmap_pageable: bad PT page va 400d9000 next 0xf3ca4cf4
pmap_pageable: bad PT page va 4000 next 0xf3ca4cf4
pmap_pageable: bad PT page va 4000 next 0xf3ca4cf4
pmap_pageable: bad PT page va 400d9000 next 0xf3ca4cf4
...

>How-To-Repeat:

	Set limit to something big enough (limit datasize 1024M) and
	run this program and wait for 10 minutes until it finally runs
	out of swap or hits the datasize limit. During this the
	machine might seems to be crashed.
----------------------------------------------------------------------
#include <stdlib.h>
#include <stdio.h>

int main(int argc, char **argv)
{
  int i;
  char *p;

  for(i = 0; i < 10000000; i++)
    {
      p = malloc(1024*1024);
      memset(p, 0, 1024*1024);
      printf("%d\r", i);
      fflush(stdout);
    }
}
----------------------------------------------------------------------

>Fix:

>Audit-Trail:
>Unformatted: