netbsd-bugs: kern/36388: data access fault in copyout when running savecore

Subject: kern/36388: data access fault in copyout when running savecore
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <martin@aprisoft.de>
List: netbsd-bugs
Date: 05/25/2007 11:40:01

>Number:         36388
>Category:       kern
>Synopsis:       data access fault in copyout when running savecore
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri May 25 11:40:01 +0000 2007
>Originator:     Martin Husemann
>Release:        NetBSD 4.99.20
>Organization:
>Environment:
System: NetBSD nelly.aprisoft.de 4.99.20 NetBSD 4.99.20 (NELLY) #4: Mon May 21 10:15:44 CEST 2007 martin@nelly.aprisoft.de:/usr/src/sys/arch/sparc64/compile/NELLY sparc64
Architecture: sparc64
Machine: sparc64
>Description:

When booting a -current kernel on my U2 with root (ffs) and swap on raid0:

Building databases...
Starting syslogd.
Checking for core dump...
cpu0: kdb breakpoint at 10083f4
1 tt=68 tstate=4411000601 tpc=0x100a868 tnpc=0x100a86c
Stopped in pid 191.1 (savecore) at      0x10083f8:      nop
db> bt
uiomove(157b328, 400, cd57bc8, 1207718, 945, 40b3cb24) at netbsd:uiomove+0xa4
mmrw(e, cd57bc8, 0, 0, 700, 11859c0) at netbsd:mmrw+0x138
spec_read(6, 10001, 1, 1207718, 92a, badcafe) at netbsd:spec_read+0x1e0
ufsspec_read(cd57a18, 10001, 294, badcafe, badcafe, badcafe) at netbsd:ufsspec_r
ead+0x48
VOP_READ(ce27330, cd57bc8, 0, c3c1ef0, badcafe, badcafe) at netbsd:VOP_READ+0x28

vn_read(c3f7290, cd57cf8, cd57bc8, c3c1ef0, 0, badcafe) at netbsd:vn_read+0xa4
dofileread(0, 4, c3f7290, 205438, 400, cd57cf8) at netbsd:dofileread+0x78
sys_pread(0, cd57dc0, cd57e00, ffffffffffffc138, 40208800, badcafe) at netbsd:sy
s_pread+0x12c
syscall_plain(cd57ed0, 5, 40b3cb24, 40b3cb28, 1, 40b3cb24) at netbsd:syscall_pla
in+0x130
?(ad, 4, 205438, 400, 0, 157b328) at 0x10093e4
db> x/i 0x100a868
netbsd:copyout+0x158:   ldx             [%o0 + %g0], %g1
db> show registers
tstate      0x9911041401
pc          0x10083f8
npc         0x10083fc
[..]
o0          0x157b328
[..]
o7          0x112f01c   copyout_vmspace+0x5c
[..]

So the call comes from copyout_vmspace, where we optimize since the vmspace
is the one used by curproc. The kaddr passed (0x157b328) is not valid
though (unless I misunderstand something):

db> mach kmap 0x157b328
No mapping for 0x157b328


>How-To-Repeat:
run savecore with swap/dump on raid0b?

>Fix:
n/a