netbsd-bugs: kern/32429: setting MAXDSIZ > 1GB on 1.6.x alpha causes a "panic: trap"

Subject: kern/32429: setting MAXDSIZ > 1GB on 1.6.x alpha causes a "panic: trap"
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: Greg A. Woods <woods@planix.com>
List: netbsd-bugs
Date: 01/02/2006 07:15:51

>Number:         32429
>Category:       kern
>Synopsis:       setting MAXDSIZ over 1GB on 1.6.x alpha causes a "panic: trap"
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Jan 02 07:15:51 +0000 2006
>Originator:     Greg A. Woods
>Release:        NetBSD 1.6.2_STABLE (cvs update on 20051127)
>Organization:
Planix, Inc.; Toronto, Ontario; Canada
>Environment:
System: NetBSD building 1.6.2_STABLE
Architecture: alpha
Machine: alpha
>Description:

	NetBSD/alpha has a MAXDSIZ default setting of 1GB thus limiting
	all processes to a hard RLIMIT_DATA of the same.

	When MAXDSIZ is increased beyond 1GB in order to try to allow a
	process to have an RLIMIT_DATA of more than 1GB, the kernel will
	quickly panic when put under any significant load.

	Note that everything works fine in single user mode with just
	one process running:

	[console]<@> # ulimit -d $((8*1024*1024*1024))
	[console]<@> # ulimit -a
	time(cpu-seconds)    unlimited
	file(blocks)         unlimited
	coredump(blocks)     unlimited
	data(kbytes)         8388608
	stack(kbytes)        2048
	lockedmem(kbytes)    4860504
	memory(kbytes)       14581512
	nofiles(descriptors) 64
	processes            160
	[console]<@> # time zonec -v -f dnsbl.sorbs.net.nsd sorbs.zonec &
	[1] zonec -v -f dnsbl.sorbs.net.nsd sorbs.zonec 
[[ ... wait for some time ... ]]
	[console]<@> # ps -u 
	USER PID %CPU    %MEM     VSZ     RSS TT STAT STARTED    TIME COMMAND
	root  76 99.0 -38534.9 1191528 1149864 C0 R    10:24PM 3:17.11 zonec -v -f dnsbl
	root  72  0.0   -19.3     608     560 C0 S    10:23PM 0:00.49 ksh 
	root  15  0.0   -21.7     728     632 C0 Is   10:19PM 0:01.49 -sh 
	root 107  0.0   -13.4     384     384 C0 R+   10:28PM 0:00.00 ps -u 


>How-To-Repeat:

	options 	MAXDSIZ="(8UL*1024*1024*1024)"


	boot to multiuser, and observe a panic shortly afterwards:

	CPU 3: fatal kernel trap:
	
	CPU 3    trap entry = 0x2 (memory management fault)
	CPU 3    a0         = 0x2a0
	CPU 3    a1         = 0x1
	CPU 3    a2         = 0x0
	CPU 3    pc         = 0xfffffc0000300a50
	CPU 3    ra         = 0xfffffc0000300a44
	CPU 3    pv         = 0xfffffc0000300994
	CPU 3    curproc    = 0xfffffc00b3be8ba8
	CPU 3        pid = 328, comm = imapd
	
	panic: trap
	Stopped in pid 328 (imapd) at   cpu_Debugger+0x4:       ret     zero,(ra)
	db{3}> trace
	cpu_Debugger() at cpu_Debugger+0x4
	panic() at panic+0x160
	trap() at trap+0x6ec
	XentMM() at XentMM+0x20
	--- memory management fault (from ipl 0) ---
	copyinstr() at copyinstr+0x54
	namei() at namei+0xb8
	sys___stat13() at sys___stat13+0x5c
	syscall_plain() at syscall_plain+0x158
	XentSys() at XentSys+0x5c
	--- syscall (278) ---
	--- user mode ---
	db{3}>


>Fix:

	unknown