netbsd-bugs: kern/9822: uvm_fault in biodone / scsipi_done / ahc

Subject: kern/9822: uvm_fault in biodone / scsipi_done / ahc_done
To: None <gnats-bugs@gnats.netbsd.org>
From: Martin J. Laubach <mjl@emsi.priv.at>
List: netbsd-bugs
Date: 04/07/2000 11:57:45
>Number:         9822
>Category:       kern
>Synopsis:       uvm_fault in biodone / scsipi_done / ahc_done
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Apr 07 10:12:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Martin J. Laubach
>Release:        2000-04-05
>Organization:
>Environment:
System: NetBSD asparagus 1.4X NetBSD 1.4X (ASPARAGUS) #2: Wed Apr 5 07:32:11 CEST 2000 mjl@asparagus:/home/temp/devel/cvs/src/sys/arch/i386/compile/ASPARAGUS i386


>Description:
  While editing a file and playing mp3s in another shell, the machine
crashed.

	uvm_fault(0xc02c13c0, 0x0, 0, 3) -> 1

  The crash dump traceback looks like this (the first db_xxx is probably
due to my blind typing at the console hidden behind the X desktop):

(gdb) target kcore /var/crash/netbsd.0.core
#0  0xc0292978 in db_last_command ()
(gdb) where
#0  0xc0292978 in db_last_command ()
#1  0x1179000 in ?? ()
#2  0xc020ea37 in cpu_reboot (howto=260, bootstr=0x0)
    at ../../../../arch/i386/i386/machdep.c:1095
#3  0xc0112f5a in db_reboot_cmd () at ../../../../ddb/db_command.c:592
#4  0xc0112c8c in db_command (last_cmdp=0xc0292978, cmd_table=0xc02927b8)
    at ../../../../ddb/db_command.c:302
#5  0xc0112de6 in db_command_loop () at ../../../../ddb/db_command.c:496
#6  0xc011579e in db_trap (type=6, code=0) at ../../../../ddb/db_trap.c:78
#7  0xc020c75c in kdb_trap (type=6, code=0, regs=0xc4241d44)
    at ../../../../arch/i386/i386/db_interface.c:119
#8  0xc0213988 in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = -1069133528, 
      tf_esi = -1073681564, tf_ebp = -1004266108, tf_ebx = -1067941888, 
      tf_edx = -1070751396, tf_ecx = -1067941764, tf_eax = 0, tf_trapno = 6, 
      tf_err = 2, tf_eip = -1071609435, tf_cs = 8, tf_eflags = 66178, 
      tf_esp = -1067941888, tf_ss = -1073681564, tf_vm86_es = -1004266088, 
      tf_vm86_ds = -1072380002, tf_vm86_fs = -1067941888, 
      tf_vm86_gs = 1073681563}) at ../../../../arch/i386/i386/trap.c:298
#9  0xc0100ce5 in calltrap ()
#10 0xc014c79e in biodone (bp=0xc0588000) at ../../../../kern/vfs_bio.c:948
#11 0xc021548e in scsipi_done (xs=0xc0465128)
    at ../../../../dev/scsipi/scsipi_base.c:668
#12 0xc010702d in ahc_done (ahc=0xc044e400, scb=0xc0450438)
    at ../../../../dev/ic/aic7xxx.c:3428
#13 0xc0102989 in ahc_run_qoutfifo (ahc=0xc044e400)
    at ../../../../dev/ic/aic7xxx.c:575
#14 0xc0103d6e in ahc_intr (arg=0xc044e400)
    at ../../../../dev/ic/aic7xxx.c:1526
#15 0xc01016fc in Xintr11 ()


  A kernel with symbols and the crash dump is available if need be.

>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: