netbsd-bugs: kern/14096: reading from ados filesystem causes kernel panic

Subject: kern/14096: reading from ados filesystem causes kernel panic
To: None <gnats-bugs@gnats.netbsd.org>
From: Petri Koistinen <thoron@legoland.netbsd.org>
List: netbsd-bugs
Date: 09/29/2001 18:39:34
>Number:         14096
>Category:       kern
>Synopsis:       reading from ados filesystem causes kernel panic
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Sep 29 08:36:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Petri Koistinen
>Release:        NetBSD-current Sat Sep 29 15:00 EEST 2001
>Organization:
>Environment:
System: NetBSD legoland 1.5Y NetBSD 1.5Y (BORINGNAMEFORKERNEL) #1: Sat Sep 29 16:07:41 EEST 2001 thoron@legoland:/usr/src/sys/arch/amiga/compile/BORINGNAMEFORKERNEL amiga
Architecture: m68k
Machine: amiga
>Description:
	Kernel crashes if file is readed from ados filesystem.

following commands:
==================

shutdown now
umount /usr
umount /home
cd /mnt/unix /* This is ados filesystem */
ls -l nic.txt /* No problem with this command */
cat nic.txt /* This crashed kernel */

caused:
=======

trap: bad kernel access at 0 pc 4f7de
trap type 8, code = 1050200, v = 0
pid = 197, pc = 0004F7DE, ps = 2000, sfc = 1, dfc = 1
Registers:
             0        1        2        3        4        5        6        7
dreg: 0000002F 00000000 00000000 00000000 0000000D 00000000 00000010 00000802
areg: 00000000 000DB558 00000000 00000000 04CB0A74 00000001 04D53B1C 0DFFF800

Kernel stack (04D53834):
D53834: 000D2938 04D53948 00000080 000D28D2 00000008 01050200 00000000 00000000
D53854: 04D538F0 000D2D8A 00000008 01050200 00000000 04D53948 000D2A70 00000000
D53874: 0004F7DE 00000000 00000008 00000000 00000000 00000000 01050200 04C38C40
D53894: 00000000 04CB0A74 00000001 0B752000 0000000D 00000001 04C420B4 20052000
D538B4: 00000000 000E720C 00000000 04D539B8 00000000 00000001 00100A18 00000008
D538D4: 04D538E4 00000002 00000001 00002000 00000000 04D53938 0008C09E 04D53934
D538F4: 000D344E 00000008 01050200 00000000 04D53948 04C38C40 00000000 00000000
D53914: 00000000 00000000 0000000D 00000000 00000010 00000802 00000000 00000000
D53934: 04D53B1C 00002056 00000008 01050200 00000000 0000002F 00000000 00000000
D53954: 00000000 0000000D 00000000 00000010 00000802 00000000 000DB558 00000000
D53974: 00000000 04CB0A74 00000001 04D53B1C 0DFFF800 00000000 20000004 F7DE4008
D53994: 00000000 01050200 04CB0A74 00000000 0000005C 04D53A94 00000000 00000000
D539B4: 0000000D 000DB558 00000004 00000802 00233E10 04CB0A74 04D53B28 04D53C88
D539D4: 00000000 0023E140 00000802 000E720C 000000C5 04D53A38 04D53A3C 00097AFE
D539F4: 00002000 00000000 04C78000 04C78000 00002000 04C78000 00000000 04C78000
D53A14: 04C78000 00002000 04C78000 00000000 00000000 00000000 00000000 0020FF00
panic: MMU fault
Stopped in pid 197 (cat) at	_cpu_Debugger+0x6: 	unlk a6
db> call_sicallback: 302 more dynamic structures 304 total
<HAND COPIED PART, some info ripped>
trace
_cpu_Debugger()
_panic()
_panictrap()
_trapmmufault()
_trap()
_genfs_getpages()
_ubc_fault()
_uvm_fault()
_trapmmufault()
_trap()
_copyout()
_uiomove()
_adosfs_read()
_vn_read()
_dofileread()
_sys_read()
_syscall()
_trap0()
</HAND COPIED PART>
db> call_sicallback: 204 more dynamic structures 508 total
sync
syncing disks... done

dumping to dev 17,1 offset 31151
dump 66 65 64 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42
41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15
14 13 12 11 10 9 8 7 6 5 4 3 2 1 succeeded

trap: bad kernel access at 0 pc 0
panic: MMU fault
Stopped in pid 197 (cat) at     _cpu_Debugger+0x6:      unlk a6
db> 
(I turned power off.) 


Inspection with gdb:
====================

bash-2.05# gdb netbsd.gdb 
GNU gdb 4.17
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "m68k--netbsd"...
(gdb) target kcore /var/crash/netbsd.17.core
panic: MMU fault
#0  bpendtsleep () at ../../../../kern/kern_synch.c:471
471             asm(".globl bpendtsleep ; bpendtsleep:");
(gdb) bt
#0  bpendtsleep () at ../../../../kern/kern_synch.c:471
#1  0x274ba in bpendtsleep () at ../../../../kern/kern_synch.c:467
#2  0x8f25a in uvm_scheduler () at ../../../../uvm/uvm_glue.c:422
#3  0x19ca0 in main () at ../../../../kern/init_main.c:518
(gdb) frame 0
#0  bpendtsleep () at ../../../../kern/kern_synch.c:471
471             asm(".globl bpendtsleep ; bpendtsleep:");
(gdb) frame 1
#1  0x274ba in bpendtsleep () at ../../../../kern/kern_synch.c:467
467             mi_switch(p);
(gdb) frame 2
#2  0x8f25a in uvm_scheduler () at ../../../../uvm/uvm_glue.c:422
422                     tsleep(&proc0, PVM, "noswap", 0);
(gdb) frame 3
#3  0x19ca0 in main () at ../../../../kern/init_main.c:518
518             uvm_scheduler();


Kernel configuration:
=====================

include "arch/amiga/conf/std.amiga"


maxusers	8
options 	RTC_OFFSET=-180

options 	BB060STUPIDROM	# You need this, if you have a non-DraCo
				# MC68060 with an OS ROM up to (at least) 
				# V40 (OS3.1) and want to boot with the
				# bootblock.
				# You do not need this if you have a DraCo,
				# have no 68060 or NEVER use the bootblock
options		P5PPC68KBOARD	# Phase5 PPC/68K board support

options 	M68060		# support for 060
options 	M060SP		# MC68060 software support (Required for 060)

options 	INET		# IP networking support (Required)

options 	PPP_BSDCOMP	# BSD-Compress compression support for PPP
options 	PPP_DEFLATE	# Deflate compression support for PPP

file-system 	FFS		# Berkeley fast file system
file-system 	ADOSFS		# AmigaDOS file system
file-system 	CD9660		# ISO 9660 + Rock Ridge filesystem
options 	SOFTDEP         # FFS soft updates support.

options 	SYSVSHM		# System V-like shared memory
options 	SYSVMSG		# System V-like messages
options 	SYSVSEM		# System V-like semaphores

options 	KTRACE		# system call tracing support
options 	UCONSOLE	# anyone can redirect a virtual console

options 	SCSIVERBOSE	# Verbose SCSI errors

options 	NTP		# NTP phase/frequency locked loop

options 	DDB		# Kernel debugger
options 	DDB_HISTORY_SIZE=100	# Enable history editing in DDB
options 	DIAGNOSTIC	# Extra kernel sanity checks
options 	DEBUG		# Enable misc. kernel debugging code
options 	SCSIDEBUG	# Add SCSI debugging statements
makeoptions	DEBUG="-g"

options 	CL5426CONSOLE	# Cirrus console

grfcl*		at zbus0		# Picasso II/Piccalo/Spectrum
grf3		at grfcl?
ite3		at grf3			# terminal emulators for grfs

ser0		at mainbus0		# Amiga onboard serial
ms*		at mainbus0		# Amiga mice
a34kbbc0	at mainbus0		# A3000/A4000 battery backed clock

cbiisc0 	at zbus0		# CyberSCSI II
scsibus*	at cbiisc0

wdc0		at mainbus0		# A4000 & A1200 IDE bus
wd*		at wdc? drive ?		#  + drives
atapibus*	at wdc? channel ?	# ATAPI bus
cd*		at atapibus? drive ?	# ATAPI CD-ROM drives

sd*	at scsibus? target ? lun ?	# scsi disks

pseudo-device	loop			# loopback network interface
pseudo-device	ppp		1	# PPP network interfaces
pseudo-device	pty			# pseudo-terminals

pseudo-device  rnd                     # /dev/random and in-kernel generator

config	netbsd root on ? type ?

>How-To-Repeat:
	Mount disk with ados filesustem.
	Read something from file on ados filesystem.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: