Date: Thu, 22 Aug 1996 14:57:39 -0500 From: jgreco@ns.sol.net To: FreeBSD-gnats-submit@freebsd.org Subject: kern/1533: VM Crash with massive numbers of mmap's Message-ID: <199608221957.OAA23038@anacreon.sol.net> Resent-Message-ID: <199608222000.NAA11802@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 1533
>Category: kern
>Synopsis: Machine can be panicked by a userland program.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Aug 22 13:00:02 PDT 1996
>Last-Modified:
>Originator: Joe Greco
>Organization:
sol.net Network Services
>Release: FreeBSD 2.1-STABLE i386
>Environment:
Pentium 133, ASUS Triton-II motherboard, 192MB RAM,
3 x NCR 810 SCSI controllers, 15 Hawk 1GB drives plus 2 Barra 4G's,
SMC EtherPower 10/100
Kernel configuration:
Local modifications: DK_NDRIVE --> 32
MSG_BSIZE --> (16384 - 3 * sizeof(unsigned int))
sysctl -w kern.update=300
/sys/i386/conf/NEWSREADER_DB:
#
# NEWSREADER_DB -- Generic machine with WD/AHx/NCR/BTx family disks
#
# $Id: NEWSREADER_DB,v 1.46.2.18 1996/07/16 08:53:04 davidg Exp $
#
machine "i386"
#cpu "I386_CPU"
cpu "I486_CPU"
cpu "I586_CPU"
ident "NEWSREADER_DB"
maxusers 256
options "MAXMEM=262720" #real memory = 67698688 (16528 pages)
#+192MB = 256MB
options MATH_EMULATE #Support for x87 emulation
options INET #InterNETworking
options FFS #Berkeley Fast Filesystem
options NFS #Network Filesystem
options MSDOSFS #MSDOS Filesystem
options "CD9660" #ISO 9660 Filesystem
options PROCFS #Process filesystem
options "COMPAT_43" #Compatible with BSD 4.3
options "SCSI_DELAY=5" #Be pessimistic about Joe SCSI device
options BOUNCE_BUFFERS #include support for DMA bounce buffers
options UCONSOLE #Allow users to grab the console
options "CHILD_MAX=512"
options "OPEN_MAX=256"
#options "NMBCLUSTERS=512"
options SYSVSHM
options SYSVSEM
options SYSVMSG
config kernel root on wd0
controller isa0
controller eisa0
controller pci0
controller fdc0 at isa? port "IO_FD1" bio irq 6 drq 2 vector fdintr
disk fd0 at fdc0 drive 0
#disk fd1 at fdc0 drive 1
#tape ft0 at fdc0 drive 2
#controller wdc0 at isa? port "IO_WD1" bio irq 14 vector wdintr
#disk wd0 at wdc0 drive 0
#disk wd1 at wdc0 drive 1
#controller wdc1 at isa? port "IO_WD2" bio irq 15 vector wdintr
#disk wd2 at wdc1 drive 0
#disk wd3 at wdc1 drive 1
#options ATAPI #Enable ATAPI support for IDE bus
#device wcd0 #IDE CD-ROM
controller ncr0
controller ncr1
controller ncr2
controller ahc0
controller ahc1
#controller bt0 at isa? port "IO_BT0" bio irq ? vector bt_isa_intr
#controller uha0 at isa? port "IO_UHA0" bio irq ? drq 5 vector uhaintr
#controller aha0 at isa? port "IO_AHA0" bio irq ? drq 5 vector ahaintr
#controller aic0 at isa? port 0x340 bio irq 11 vector aicintr
#controller nca0 at isa? port 0x1f88 bio irq 10 vector ncaintr
#controller nca1 at isa? port 0x350 bio irq 5 vector ncaintr
#controller sea0 at isa? bio irq 5 iomem 0xc8000 iosiz 0x2000 vector seaintr
controller scbus0 at ncr0
disk sd0 at scbus0 target 0 unit 0
disk sd1 at scbus0 target 1 unit 0
disk sd2 at scbus0 target 2 unit 0
disk sd3 at scbus0 target 3 unit 0
disk sd4 at scbus0 target 4 unit 0
disk sd5 at scbus0 target 5 unit 0
disk sd6 at scbus0 target 6 unit 0
controller scbus1 at ncr1
disk sd10 at scbus1 target 0 unit 0
disk sd11 at scbus1 target 1 unit 0
disk sd12 at scbus1 target 2 unit 0
disk sd13 at scbus1 target 3 unit 0
disk sd14 at scbus1 target 4 unit 0
disk sd15 at scbus1 target 5 unit 0
disk sd16 at scbus1 target 6 unit 0
controller scbus2 at ncr2
disk sd20 at scbus2 target 0 unit 0
disk sd21 at scbus2 target 1 unit 0
disk sd22 at scbus2 target 2 unit 0
disk sd23 at scbus2 target 3 unit 0
disk sd24 at scbus2 target 4 unit 0
disk sd25 at scbus2 target 5 unit 0
disk sd26 at scbus2 target 6 unit 0
#device sd0
device st0
#device cd0 #Only need one of these, the code dynamically grows
#device wt0 at isa? port 0x300 bio irq 5 drq 1 vector wtintr
#device mcd0 at isa? port 0x300 bio irq 10 vector mcdintr
#controller matcd0 at isa? port 0x230 bio
#device scd0 at isa? port 0x230 bio
# syscons is the default console driver, resembling an SCO console
device sc0 at isa? port "IO_KBD" tty irq 1 vector scintr
# Enable this and PCVT_FREEBSD for pcvt vt220 compatible console driver
#device vt0 at isa? port "IO_KBD" tty irq 1 vector pcrint
#options "PCVT_FREEBSD=210" # pcvt running on FreeBSD 2.1
#options XSERVER # include code for XFree86
# If you have a ThinkPAD, uncomment this along with the rest of the PCVT lines
#options PCVT_SCANSET=2 # IBM keyboards are non-std
# Mandatory, don't remove
device npx0 at isa? port "IO_NPX" irq 13 vector npxintr
#
# Laptop support (see LINT for more options)
#
#device apm0 at isa? # Advanced Power Management
#options APM_BROKEN_STATCLOCK # Workaround some buggy APM BIOS
device sio0 at isa? port "IO_COM1" tty irq 4 vector siointr
device sio1 at isa? port "IO_COM2" tty irq 3 vector siointr
device sio2 at isa? port "IO_COM3" tty irq 5 vector siointr
device sio3 at isa? port "IO_COM4" tty irq 9 vector siointr
device lpt0 at isa? port? tty irq 7 vector lptintr
device lpt1 at isa? port? tty
#device mse0 at isa? port 0x23c tty irq 5 vector mseintr
device psm0 at isa? disable port "IO_KBD" conflicts tty irq 12 vector psmintr
# Order is important here due to intrusive probes, do *not* alphabetize
# this list of network interfaces until the probes have been fixed.
# Right now it appears that the ie0 must be probed before ep0. See
# revision 1.20 of this file.
device de0
#device fxp0
#device vx0
device ed0 at isa? port 0x280 net irq 5 iomem 0xd8000 vector edintr
device ed1 at isa? port 0x300 net irq 5 iomem 0xd8000 vector edintr
#device ie0 at isa? port 0x360 net irq 7 iomem 0xd0000 vector ieintr
#device ep0 at isa? port 0x300 net irq 10 vector epintr
#device ix0 at isa? port 0x300 net irq 10 iomem 0xd0000 iosiz 32768 vector ixintr
#device le0 at isa? port 0x300 net irq 5 iomem 0xd0000 vector le_intr
#device lnc0 at isa? port 0x280 net irq 10 drq 0 vector lncintr
#device ze0 at isa? port 0x300 net irq 5 iomem 0xd8000 vector zeintr
#device zp0 at isa? port 0x300 net irq 10 iomem 0xd8000 vector zpintr
pseudo-device ccd 12 #Concatenated disk driver
pseudo-device loop
pseudo-device ether
pseudo-device log
pseudo-device sl 1
# ijppp uses tun instead of ppp device
pseudo-device ppp 1
pseudo-device tun 1
pseudo-device pty 16
pseudo-device gzip # Exec gzipped a.out's
pseudo-device vn #Vnode driver (turns a file into a device)
pseudo-device bpfilter 8 #Berkeley packet filter
>Description:
Attempting to mmap() thousands of files caused the system to
reboot or panic (can't tell which, the system is many miles away,
but dmesg shows no saved data). It freaked both times I tried it.
The same program, run under Solaris, eventually quit with an
ENOMEM error.
>How-To-Repeat:
Program:
#include <stdio.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/mman.h>
#include <fcntl.h>
#define MAX 1048576
caddr_t array[MAX];
int main()
{
int i = 0;
int fd;
char filename[2048];
struct stat s;
caddr_t this;
while (i < MAX) {
gets(filename);
if ((fd = open(filename, O_RDONLY, 0)) < 0) {
perror(filename);
sleep(1);
} else {
if (fstat(fd, &s) < 0) {
perror("fstat");
sleep(1);
} else {
this = mmap((caddr_t) 0, s.st_size, PROT_READ,
MAP_PRIVATE, fd, (off_t) 0);
if ((int) this == -1) {
perror("mmap");
sleep(1);
} else {
array[i++] = this;
}
}
close(fd);
}
if (! (i % 512)) {
fprintf(stderr, "[%d] .. ", i);
}
}
}
I ran this on a news spool, as follows:
daily-bugle% find /news -type f -print | /tmp/a.out
{output output...} [34816] .. [35328] .. [35840] .. [36352] .. [36864] .. [37376] .. [37888] .. [38400] .. [38912] .. [39424] .. [39936] .. [40448] .. [40960] .. [41472] .. [41984] .. [42496] .. {hang}
In another window I was running "vmstat 1 |grep vnodes|grep K" once a second:
vnodes 16009 2000K 2017K 19661K 17174 0 0 16,128,256
vnodes 16009 2000K 2017K 19661K 17174 0 0 16,128,256
vnodes 16009 2000K 2017K 19661K 17174 0 0 16,128,256
vnodes 16009 2000K 2017K 19661K 17174 0 0 16,128,256
vnodes 16009 2000K 2017K 19661K 17174 0 0 16,128,256
vnodes 16009 2000K 2017K 19661K 17174 0 0 16,128,256
vnodes 16009 2000K 2017K 19661K 17174 0 0 16,128,256
vnodes 16009 2000K 2017K 19661K 17174 0 0 16,128,256
vnodes 16009 2000K 2017K 19661K 17174 0 0 16,128,256
vnodes 16037 2003K 2017K 19661K 17202 0 0 16,128,256
vnodes 16203 2024K 2024K 19661K 17368 0 0 16,128,256
vnodes 16347 2042K 2042K 19661K 17512 0 0 16,128,256
vnodes 16354 2043K 2043K 19661K 17519 0 0 16,128,256
{etc etc}
vnodes 42315 5288K 5288K 19661K 43480 0 0 16,128,256
vnodes 42315 5288K 5288K 19661K 43480 0 0 16,128,256
vnodes 42319 5288K 5288K 19661K 43484 0 0 16,128,256
vnodes 42320 5288K 5288K 19661K 43485 0 0 16,128,256
vnodes 42320 5288K 5288K 19661K 43485 0 0 16,128,256
vnodes 42322 5288K 5288K 19661K 43487 0 0 16,128,256
vnodes 42324 5289K 5289K 19661K 43489 0 0 16,128,256
vnodes 42324 5289K 5289K 19661K 43489 0 0 16,128,256
vnodes 42324 5289K 5289K 19661K 43489 0 0 16,128,256
vnodes 42324 5289K 5289K 19661K 43489 0 0 16,128,256
vnodes 42324 5289K 5289K 19661K 43489 0 0 16,128,256
vnodes 42324 5289K 5289K 19661K 43489 0 0 16,128,256
vnodes 42447 5304K 5304K 19661K 43612 0 0 16,128,256
vnodes 42504 5311K 5311K 19661K 43669 0 0 16,128,256
vnodes 42504 5311K 5311K 19661K 43669 0 0 16,128,256
vnodes 42900 5361K 5361K 19661K 44065 0 0 16,128,256
{hang}
>Fix:
Don't mmap trillions of files. :-) Probably not a good sol'n.
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608221957.OAA23038>