NetBSD Problem Report #34706

From www@NetBSD.org  Wed Oct  4 00:07:27 2006
Return-Path: <www@NetBSD.org>
Received: by narn.NetBSD.org (Postfix, from userid 31301)
	id 5DF3263B9D6; Wed,  4 Oct 2006 00:07:27 +0000 (UTC)
Message-Id: <20061004000727.5DF3263B9D6@narn.NetBSD.org>
Date: Wed,  4 Oct 2006 00:07:27 +0000 (UTC)
From: uwe@NetBSD.org
Reply-To: uwe@NetBSD.org
To: gnats-bugs@NetBSD.org
Subject: hpcsh panics in nfs_sigintr() with nmp == NULL
X-Send-Pr-Version: www-1.0

>Number:         34706
>Notify-List:    Stephen Borrill <netbsd@precedence.co.uk>
>Category:       port-sh3
>Synopsis:       hpcsh panics in nfs_sigintr() with nmp == NULL
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    uwe
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Oct 04 00:10:00 +0000 2006
>Closed-Date:    Fri May 23 17:13:51 +0000 2008
>Last-Modified:  Fri May 23 17:13:51 +0000 2008
>Originator:     Valeriy E. Ushakov
>Release:        NetBSD 4.99.1
>Organization:
>Environment:
This is NetBSD/hpcsh (Jornada 690, sh3, little endian)
The machine runs diskless, root on NFS
Kernel is NetBSD 4.99.1 (NADA) #3: Fri Sep 22 05:23:39 MSD 2006
/usr/src is from September 14

Machine is in the DDB prompt, so no uname for now.

>Description:
While compiling wm/pekwm

if c++ -DHAVE_CONFIG_H -I. -I. -I..   -DPNG_NO_ASSEMBLER_CODE -I/usr/pkg/include -I/usr/include -I/usr/pkg/include/freetype2 -I/usr/X11R6/include  -O -I/usr/pkg/include -I/usr/include -I/usr/pkg/include/freetype2 -I/usr/X11R6/include  -I/usr/X11R6/include -I/usr/pkg/include -I/usr/pkg/include/freetype2 -I/usr/pkg/include -I/usr/pkg/include -DXTHREADS -I/usr/pkg/include -I/usr/X11R6/include -DSYSCONFDIR=\"/usr/pkg/etc/pekwm\" -DDATADIR=\"/usr/pkg/share\" -MT Config.o -MD -MP -MF ".deps/Config.Tpo" -c -o Config.o Config.cc; \
	then mv -f ".deps/Config.Tpo" ".deps/Config.Po"; else rm -f ".deps/Config.Tpo"; exit 1; fi

panic: tlb_exception: invalid user-space access from kernel mode
expevt=40 va=00000004 ssr=40000031 spc=8c057272 lwp=0x8ef0d8d0 onfault=0x0
general_exception: ipl=240
Stopped in pid 9.1 (pagedaemon) at netbsd:cpu_Debugger+0x6: mov r14, r15
db> bt
cpu_Debugger() at netbsd:panic+0xaa
panic() at netbsd:tlb_exception+0x45e
tlb_exception() at 0x8c0004b8
<EXPEVT 040; SSR=40000031> at netbsd:nfs_sigintr+0x16
nfs_sigintr() at netbsd:nfs_timer+0x44
nfs_timer() at netbsd:softclock+0x1d2
softclock() at netbsd:softintr_dispatch+0x62
softintr_dispatch() at netbsd:tmu1_intr+0x20
tmu1_intr() at netbsd:intc_intr+0xa0
intc_intr() at 0x8c000680
<EXPEVT 000; SSR=40000000> at netbsd:hd6446x_intr_resume+0x1e
hd6446x_intr_resume() at 0
() at 0


The faulting instruction

    nfs_sigintr+0x16:	mov.l	@(4, r4), r0

tries to fetch nmp->nm_flag.  r4 (first argument, i.e. nmp) contains zero.

>How-To-Repeat:
Building wm/pekwm seems to trigger this panic reliably.
Reported by Stephen Borrill netbsd (a) precedence co uk

>Fix:

>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: kern-bug-people->uwe@NetBSD.org
Responsible-Changed-By: uwe@netbsd.org
Responsible-Changed-When: Sun, 27 May 2007 00:54:10 +0000
Responsible-Changed-Why:
This is a bug in sh3 tlb code, I have a fix ready.


Responsible-Changed-From-To: uwe@NetBSD.org->uwe
Responsible-Changed-By: uwe@netbsd.org
Responsible-Changed-When: Sun, 27 May 2007 11:59:41 +0000
Responsible-Changed-Why:
Oops, "Responsible" should be set to the account name, not the email.
Thanks to Veego for reminding me.


From: "Valeriy E. Ushakov" <uwe@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: PR/34706 CVS commit: src/sys/arch/sh3/sh3
Date: Sun, 27 May 2007 12:21:25 +0000 (UTC)

 Module Name:	src
 Committed By:	uwe
 Date:		Sun May 27 12:21:25 UTC 2007

 Modified Files:
 	src/sys/arch/sh3/sh3: mmu_sh3.c

 Log Message:
 In sh3_tlb_update we need to ensure we are not interrupted while
 meesing with the TLB.  That would usually show up as misterious kernel
 crashes under heavy load.

 Prettify the code while here so that traversal of the memory mapped
 TLB arrays looks congruent in all functions.

 Fixes PR 34706


 To generate a diff of this commit:
 cvs rdiff -r1.11 -r1.12 src/sys/arch/sh3/sh3/mmu_sh3.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

From: Jeff Rizzo <riz@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: PR/34706 CVS commit: [netbsd-4] src/sys/arch/sh3/sh3
Date: Wed, 30 May 2007 18:46:47 +0000 (UTC)

 Module Name:	src
 Committed By:	riz
 Date:		Wed May 30 18:46:45 UTC 2007

 Modified Files:
 	src/sys/arch/sh3/sh3 [netbsd-4]: mmu_sh3.c

 Log Message:
 Pull up following revision(s) (requested by uwe in ticket #680):
 	sys/arch/sh3/sh3/mmu_sh3.c: revision 1.12
 In sh3_tlb_update we need to ensure we are not interrupted while
 meesing with the TLB.  That would usually show up as misterious kernel
 crashes under heavy load.
 Prettify the code while here so that traversal of the memory mapped
 TLB arrays looks congruent in all functions.
 Fixes PR 34706


 To generate a diff of this commit:
 cvs rdiff -r1.11 -r1.11.18.1 src/sys/arch/sh3/sh3/mmu_sh3.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->closed
State-Changed-By: tsutsui@NetBSD.org
State-Changed-When: Sat, 24 May 2008 02:13:51 +0900
State-Changed-Why:
Fixed about a year ago.


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.