From mexas@bristol.ac.uk  Mon May  9 08:52:00 2011
Return-Path: <mexas@bristol.ac.uk>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A9DD2106564A
	for <FreeBSD-gnats-submit@freebsd.org>; Mon,  9 May 2011 08:52:00 +0000 (UTC)
	(envelope-from mexas@bristol.ac.uk)
Received: from dirj.bris.ac.uk (dirj.bris.ac.uk [137.222.10.78])
	by mx1.freebsd.org (Postfix) with ESMTP id 6AE648FC1A
	for <FreeBSD-gnats-submit@freebsd.org>; Mon,  9 May 2011 08:52:00 +0000 (UTC)
Received: from ncsd.bris.ac.uk ([137.222.10.59] helo=ncs.bris.ac.uk)
	by dirj.bris.ac.uk with esmtp (Exim 4.72)
	(envelope-from <mexas@bristol.ac.uk>)
	id 1QJLwM-0004Oy-Td
	for FreeBSD-gnats-submit@freebsd.org; Mon, 09 May 2011 09:35:43 +0100
Received: from mech-cluster241.men.bris.ac.uk ([137.222.187.241])
	by ncs.bris.ac.uk with esmtpsa (TLSv1:AES256-SHA:256)
	(Exim 4.72)
	(envelope-from <mexas@bristol.ac.uk>)
	id 1QJLwM-0006aE-MR
	for FreeBSD-gnats-submit@freebsd.org; Mon, 09 May 2011 09:35:42 +0100
Received: from mech-cluster241.men.bris.ac.uk (localhost [127.0.0.1])
	by mech-cluster241.men.bris.ac.uk (8.14.4/8.14.4) with ESMTP id p498Zg5t008793
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 9 May 2011 09:35:42 +0100 (BST)
	(envelope-from mexas@mech-cluster241.men.bris.ac.uk)
Received: (from mexas@localhost)
	by mech-cluster241.men.bris.ac.uk (8.14.4/8.14.4/Submit) id p498ZgdJ008792;
	Mon, 9 May 2011 09:35:42 +0100 (BST)
	(envelope-from mexas)
Message-Id: <201105090835.p498ZgdJ008792@mech-cluster241.men.bris.ac.uk>
Date: Mon, 9 May 2011 09:35:42 +0100 (BST)
From: Anton Shterenlikht <mexas@bristol.ac.uk>
Reply-To: Anton Shterenlikht <mexas@bristol.ac.uk>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: ia64 -current r221488 panic if kern.maxssiz=536748033 or above
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         156900
>Category:       ia64
>Synopsis:       ia64 -current r221488 panic if kern.maxssiz=536748033 or above
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-ia64
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon May 09 09:00:18 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Anton Shterenlikht
>Release:        FreeBSD 9.0-CURRENT ia64
>Organization:
University of Bristol, UK
>Environment:
System: FreeBSD mech-cluster241.men.bris.ac.uk 9.0-CURRENT FreeBSD 9.0-CURRENT #3 r221488: Thu May 5 12:39:44 BST 2011 root@mech-cluster241.men.bris.ac.uk:/usr/obj/usr/src/sys/TZAV ia64


	
>Description:

On ia64 (Madison and Madison II) starting at least with
r221488, I get this panic on boot if kern.maxssiz=536748033
or above:

Trying to mount root from ufs:/dev/da0p2 [rw]...
panic: mutex Giant owned at /usr/src/sys/kern/kern_exit.c:125
cpuid = 0
KDB: enter: panic
[ thread pid 1 tid 100001 ]
Stopped at      kdb_enter+0x92: [I2]    addl r14=0xffffffffffe236c8,gp ;;
db>
db> show thread
Thread 100001 at 0xe000000010fc8000:
 proc (pid 1): 0xe000000010fc2000
 name: kernel
 stack: 0xa0000000ec748000-0xa0000000ec74ffff
 flags: 0x10004  pflags: 0
 state: RUNNING (CPU 0)
 priority: 84
 container lock: sched lock 0 (0x9ffc000000b04900)
db>
db> bt
Tracing pid 1 tid 100001 td 0xe000000010fc8000
kdb_enter(0x9ffc0000009e1f00, 0x9ffc0000009e1f00, 0x9ffc0000004063d0, 0x793) at kdb_enter+0x92
panic(0x9ffc0000009e0278, 0x9ffc0000009e05c8, 0x9ffc0000009db7b8, 0x7d) at panic+0x2e0
_mtx_assert(0x9ffc000000aed898, 0x0, 0x9ffc0000009db7b8, 0x7d, 0x9ffc0000003ada10) at
+_mtx_assert+0x200
exit1(0xe000000010fc8000, 0x6, 0x152e, 0x375) at exit1+0x40
kern_execve(0xe000000010fc8000, 0xa0000000ec74f4e0, 0x9ffc0000009db658, 0x0, 0xa0000000ec74f420) at
+kern_execve+0x1ed0
execve(0xe000000010fc8000, 0xa0000000ec74f538, 0x9ffc000000376c20, 0x91a, 0x91a) at execve+0x60
start_init(0x7fffffffffffffd8, 0x7ffffffffffffff2, 0x9ffc000000a7a7d2, 0x9ffc000000a7a7c8) at
+start_init+0x4a0
fork_exit(0x9ffc000000a2b5d0, 0x0, 0xa0000000ec74f550) at fork_exit+0x110
enter_userland() at enter_userland
db>


If the limit is reduced by 1 to kern.maxssiz=536748032,
the boot goes ahead fine.



	
>How-To-Repeat:

1. update to r221488.
2. set kern.maxssiz=536748033 (either in /boot/loader.conf
or in the loader directly).
3. boot

	
>Fix:

Marcel's analysis of the problem (in case anybody
else it looking at this):

*quote*
On ia64 each process has 2 stacks. There's the traditional
memory stack that grows downwards and the there's the RSE
register stack that grows upwards.

Before my change, the RSE stack started at offset 0 in
region 4 (=0x8000000000000000) and the register stack
started close to the top in region 4 (=9fffffffffffxxxx).

After my change, region 4 belongs to the kernel and the
last region of the process is region 3. The register stack
stayed at the top of the region (=0x7fffffffffffxxxx), but
I moved the RSE register stack closer to the register stack:
        (USRSTACK - (2 * MAXSSIZ) - PAGE_SIZE)

It's this change that causes the problem. The maxssiz is
effectively bounded by the distance between the RSE stack
(bottom) and the memory stack (top). This used to be close
(1<<61), but is now close to (1<<29) (~512MB = 536870912)
*end quote*


	


>Release-Note:
>Audit-Trail:
>Unformatted:
