netbsd-bugs: kern/34706: hpcsh panics in nfs

Subject: kern/34706: hpcsh panics in nfs_sigintr() with nmp == NULL
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <uwe@NetBSD.org>
List: netbsd-bugs
Date: 10/04/2006 00:10:00

>Number:         34706
>Category:       kern
>Synopsis:       hpcsh panics in nfs_sigintr() with nmp == NULL
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Oct 04 00:10:00 +0000 2006
>Originator:     Valeriy E. Ushakov
>Release:        NetBSD 4.99.1
>Organization:
>Environment:
This is NetBSD/hpcsh (Jornada 690, sh3, little endian)
The machine runs diskless, root on NFS
Kernel is NetBSD 4.99.1 (NADA) #3: Fri Sep 22 05:23:39 MSD 2006
/usr/src is from September 14

Machine is in the DDB prompt, so no uname for now.

>Description:
While compiling wm/pekwm

if c++ -DHAVE_CONFIG_H -I. -I. -I..   -DPNG_NO_ASSEMBLER_CODE -I/usr/pkg/include -I/usr/include -I/usr/pkg/include/freetype2 -I/usr/X11R6/include  -O -I/usr/pkg/include -I/usr/include -I/usr/pkg/include/freetype2 -I/usr/X11R6/include  -I/usr/X11R6/include -I/usr/pkg/include -I/usr/pkg/include/freetype2 -I/usr/pkg/include -I/usr/pkg/include -DXTHREADS -I/usr/pkg/include -I/usr/X11R6/include -DSYSCONFDIR=\"/usr/pkg/etc/pekwm\" -DDATADIR=\"/usr/pkg/share\" -MT Config.o -MD -MP -MF ".deps/Config.Tpo" -c -o Config.o Config.cc; \
	then mv -f ".deps/Config.Tpo" ".deps/Config.Po"; else rm -f ".deps/Config.Tpo"; exit 1; fi

panic: tlb_exception: invalid user-space access from kernel mode
expevt=40 va=00000004 ssr=40000031 spc=8c057272 lwp=0x8ef0d8d0 onfault=0x0
general_exception: ipl=240
Stopped in pid 9.1 (pagedaemon) at netbsd:cpu_Debugger+0x6: mov r14, r15
db> bt
cpu_Debugger() at netbsd:panic+0xaa
panic() at netbsd:tlb_exception+0x45e
tlb_exception() at 0x8c0004b8
<EXPEVT 040; SSR=40000031> at netbsd:nfs_sigintr+0x16
nfs_sigintr() at netbsd:nfs_timer+0x44
nfs_timer() at netbsd:softclock+0x1d2
softclock() at netbsd:softintr_dispatch+0x62
softintr_dispatch() at netbsd:tmu1_intr+0x20
tmu1_intr() at netbsd:intc_intr+0xa0
intc_intr() at 0x8c000680
<EXPEVT 000; SSR=40000000> at netbsd:hd6446x_intr_resume+0x1e
hd6446x_intr_resume() at 0
() at 0


The faulting instruction

    nfs_sigintr+0x16:	mov.l	@(4, r4), r0

tries to fetch nmp->nm_flag.  r4 (first argument, i.e. nmp) contains zero.

>How-To-Repeat:
Building wm/pekwm seems to trigger this panic reliably.
Reported by Stephen Borrill netbsd (a) precedence co uk

>Fix: