Subject: port-amiga/4197: panic after use of Xserver shared memory capabilities
To: None <gnats-bugs@gnats.netbsd.org>
From: None <ingolf@mipool.uni-jena.de>
List: netbsd-bugs
Date: 09/30/1997 23:16:30
>Number: 4197
>Category: port-amiga
>Synopsis: Kernel panic (MMU fault) after use of Xamiga shared memory
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: gnats-admin (GNATS administrator)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Sep 30 23:20:04 1997
>Last-Modified:
>Originator: Ingolf Koch
>Organization:
Ingolf Koch Balin@IRC ingolf@mipool.uni-jena.de
FSU Jena, Institut fuer Angewandte Mathematik, 07740 Jena
>Release: 1.2.1
>Environment:
System: NetBSD maus.rz.uni-jena.de 1.2.1 NetBSD 1.2.1 (MAUS) #0: Thu May 22 19:55:02 MET DST 1997 ingolf@maus.rz.uni-jena.de:/usr/src/sys/arch/amiga/compile/MAUS amiga
>Description:
After using the Xserver's shared memory capabilities on CV64,
terminating the Xserver leads to a MMU fault.
The crash happens just before /dev/grf5 is switched back to
console mode.
Xserver may be the one contained in
ftp://ftp.uni-regensburg.de/pub/NetBSD-Amiga/contrib/X11/X11R6.1/
bin12/X11R6.1-bin-01Oct96.tar.gz
or
ftp://ftp.uni-regensburg.de/pub/NetBSD-Amiga/contrib/X11/X11R6.1/
bin12/Xamiga.s3.gz
Using gdb on the kernel dump leads to the following:
GDB is free software and you are welcome to distribute copies of it
under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.11 (m68k-netbsd), Copyright 1993 Free Software Foundation, Inc...
panic: MMU fault
#0 panic (fmt=0x100 "") at ../../../../kern/subr_prf.c:131
131 }
(kgdb) where
#0 panic (fmt=0x100 "") at ../../../../kern/subr_prf.c:131
#1 0x281ee in panic (fmt=0xcca7b "MMU fault")
at ../../../../kern/subr_prf.c:130
#2 0xccc6a in panictrap (type=8, code=10813952, v=50593793, fp=0x1e71d08)
at ../../../../arch/amiga/amiga/trap.c:249
#3 0xccfb0 in trapmmufault (type=8, code=10813952, v=50593793, fp=0x1e71d08,
p=0x5bd200, sticks=0) at ../../../../arch/amiga/amiga/trap.c:508
#4 0xcd2b0 in trap (type=8, code=10813952, v=50593793, frame={F_t = {
tf_regs = {50593983, 64, 0, 0, 64, 2, 0, 13, 50593793, 31923644,
764508, 892592, 1, 892592, 31923552, 234880584}, tf_pad = 0,
tf_stackadj = 0, tf_sr = 8192, tf_pc = 764556, tf_format = 4,
tf_vector = 8}, F_u = {F_fmt2 = {f_iaddr = 50593793}, F_fmt3 = {
f_ea = 50593793}, F_fmt4 = {f_fa = 50593793, f_fslw = 10813952},
F_fmt7 = {f_ea = 50593793, f_ssw = 165, f_wb3s = 512, f_wb2s = 772,
f_wb1s = 1, f_fa = 31923660, f_wb3a = 763180, f_wb3d = 64,
f_wb2a = 50331648, f_wb2d = 2565, f_wb1a = 1, f_wb1d = 0,
f_pd1 = 1338, f_pd2 = 135924148, f_pd3 = 0}, F_fmt9 = {
f_iaddr = 50593793, f_iregs = {165, 512, 772, 1}}, F_fmtA = {
f_ir0 = 772, f_ssw = 1, f_ipsc = 165, f_ipsb = 512,
f_dcfa = 50593793, f_ir1 = 487, f_ir2 = 7628, f_dob = 763180,
f_ir3 = 0, f_ir4 = 64}, F_fmtB = {f_ir0 = 772, f_ssw = 1,
f_ipsc = 165, f_ipsb = 512, f_dcfa = 50593793, f_ir1 = 487,
f_ir2 = 7628, f_dob = 763180, f_ir3 = 0, f_ir4 = 64, f_ir5 = 768,
f_ir6 = 0, f_sba = 2565, f_ir7 = 0, f_ir8 = 1, f_dib = 0, f_iregs = {
0, 1338, 2074, 2484, 0, 0, 87, 30720, 487, 7800, 91, 53760, 91,
53760, 93, 38912, 480, 7632, 79, 0, 85, 54785}}}})
at ../../../../arch/amiga/amiga/trap.c:706
#5 0x21b8 in addrerr ()
#6 0xba52c in cv_load_mon (gp=0x577800, md=0xd9eb0)
at ../../../../arch/amiga/dev/grf_cv.c:1319
#7 0xb979c in cv_mode (gp=0x577800, cmd=2, arg=0x0, a2=0, a3=0)
at ../../../../arch/amiga/dev/grf_cv.c:815
#8 0xb3388 in grfoff (dev=0) at ../../../../arch/amiga/dev/grf.c:383
#9 0xb3068 in grfclose (dev=0, flags=3, mode=8192, p=0x5bd200)
at ../../../../arch/amiga/dev/grf.c:215
#10 0x44a0c in spec_close (v=0x1e71e78)
at ../../../../miscfs/specfs/spec_vnops.c:644
#11 0x9f1de in ufsspec_close (v=0x1e71e78)
at ../../../../ufs/ufs/ufs_vnops.c:1792
#12 0x3e5ae in vn_close (vp=0x5b8800, flags=0, cred=0x581d00, p=0x5bd200)
at ../../../../sys/vnode_if.h:166
#13 0x3ec06 in vn_closefile (fp=0x0, p=0x5bd200)
at ../../../../kern/vfs_vnops.c:436
#14 0x1f268 in closef (fp=0x5e3c80, p=0x5bd200)
at ../../../../kern/kern_descrip.c:753
#15 0x1f0dc in fdfree (p=0x5bd200) at ../../../../kern/kern_descrip.c:695
#16 0x20092 in exit1 (p=0x5bd200, rv=256) at ../../../../kern/kern_exit.c:139
#17 0x1ffc8 in sys_exit (p=0x5bd200, v=0x0, retval=0x1e71f80)
at ../../../../kern/kern_exit.c:93
#18 0xcd3f6 in syscall (code=1, frame={F_t = {tf_regs = {1, 46, -1, 31,
292816, 360496, 0, 0, 135924144, 0, 0, 1319796, 1319800, 135995488,
234880604, 234880584}, tf_pad = 0, tf_stackadj = 0, tf_sr = 16,
tf_pc = 135924148, tf_format = 0, tf_vector = 128}, F_u = {F_fmt2 = {
f_iaddr = 150013450}, F_fmt3 = {f_ea = 150013450}, F_fmt4 = {
f_fa = 150013450, f_fslw = 0}, F_fmt7 = {f_ea = 150013450,
f_ssw = 0, f_wb3s = 0, f_wb2s = 0, f_wb1s = 0, f_fa = 0,
f_wb3a = 150012426, f_wb3d = 0, f_wb2a = 150012938, f_wb2d = 0,
f_wb1a = 0, f_wb1d = 0, f_pd1 = 0, f_pd2 = 0, f_pd3 = 0}, F_fmt9 = {
f_iaddr = 150013450, f_iregs = {0, 0, 0, 0}}, F_fmtA = {
f_ir0 = 2289, f_ssw = 1546, f_ipsc = 0, f_ipsb = 0, f_dcfa = 0,
f_ir1 = 0, f_ir2 = 0, f_dob = 150012426, f_ir3 = 0, f_ir4 = 0},
F_fmtB = {f_ir0 = 2289, f_ssw = 1546, f_ipsc = 0, f_ipsb = 0,
f_dcfa = 0, f_ir1 = 0, f_ir2 = 0, f_dob = 150012426, f_ir3 = 0,
f_ir4 = 0, f_ir5 = 2289, f_ir6 = 1034, f_sba = 0, f_ir7 = 0,
f_ir8 = 0, f_dib = 0, f_iregs = {0 <repeats 22 times>}}}})
at ../../../../arch/amiga/amiga/trap.c:831
#19 0x22f8 in trap0 ()
Cannot access memory at address 0xdfffe5c.
So the crash appears while executing grf_cv code.
More details available on request.
>How-To-Repeat:
On an Amiga 4000 w/ CyberStorm060, CyberVision64, NetBSD 1.2.1,
and X11R6.1 run mpeg_play w/o the -shmem_off option. After that,
terminate the X server. (Do a sync before killing X.)
>Fix:
No idea.
>Audit-Trail:
>Unformatted: