port-sparc: zs problems again?

Subject: zs problems again?
To: None <port-sparc@netbsd.org>
From: Chuck Silvers <chuq@chuq.com>
List: port-sparc
Date: 02/22/1999 08:53:57
hi y'all,

yesterday I updated my sources again for the first time in a month or so,
and now zsstart trips over a NULL pointer as soon as a user process
tries to print something to the console (this is on a sparcstation 1, btw).
is anyone else seeing this?


root file system type: nfs
init: copying out path `/sbin/init' 11
data fault: pc=0xf0106300 addr=0x0 ser=80<INVAL>
panic: kernel fault
Stopped in swapctl at   _Debugger+0x4:  jmpl            [%o7 + 0x8], %g0
db> t
_mem_access_fault(0xf18d4200, 0x80, 0x0, 0xf0106300, 0x40, 0xf18e2988) at _mem_
access_fault+0x2ac
normal_mem_fault(0xf0214b54, 0x1, 0x13, 0x0, 0xf021d400, 0x64) at normal_mem_fault+0x28
_zsstart(0xf18c8000, 0xf01061cc, 0xf18e2e28, 0xf0221900, 0x1, 0xf0058d4c) at _zsstart+0x130
_ttstart(0xf18c8000, 0x5cb, 0x37, 0xf18d2500, 0xf18dd018, 0xf18e0018) at _ttstart+0x18
_ttwrite(0xf18c8000, 0xf18e2e28, 0x1, 0x37, 0xf0040008, 0xf18e2fb0) at _ttwrite+0x36c
_zswrite(0x0, 0xf18e2e28, 0x1, 0xf0105f40, 0xc00, 0x0) at _zswrite+0x4c
_cnwrite(0x0, 0xf18e2e28, 0x1, 0x0, 0xf0113540, 0x64) at _cnwrite+0x88
_spec_write(0x0, 0xf005f010, 0x30, 0xf0214100, 0xf18ce180, 0xf0167400) at _spec_write+0xd4
_nfsspec_write(0xf18e2d98, 0x30, 0xf024fc00, 0xf00b97ec, 0xf18d2500, 0x64) at _nfsspec_write+0x60
_vn_write(0x3, 0xf18e0018, 0xf18e2e28, 0xf0221900, 0x1, 0xf0058d4c) at _vn_write+0xfc
_dofilewrite(0xf18d2500, 0x1, 0x37, 0x1e400, 0x37, 0xf18e0018) at _dofilewrite+0x80
_sys_write(0xf18d2500, 0xf18e2f28, 0xf18e2f20, 0xf0038680, 0x0, 0xf18e2fb0) at _sys_write+0x60
_syscall(0x4, 0xf18e2fb0, 0x0, 0x1c, 0x0, 0x0) at _syscall+0x1ec
syscall(0x1, 0x1e400, 0x37, 0xf01621e8, 0x0, 0x64) at syscall+0x120
db> ps
 PID             PPID       PGRP        UID S   FLAGS          COMMAND    WAIT
>8                  4          4          0 2  0x4006          swapctl
 4                  1          4          0 3  0x4086               sh    wait
 3                  0          0          0 3 0x20204       swapreaper  reaper
 2                  0          0          0 3 0x20204   swappagedaemon daemon_
 1                  0          1          0 3  0x4084             init    wait
 0                 -1          0          0 3 0x20204          swapper schedul

the crash is on the line 738 of z8530tty.c:

		zs_write_data(cs, *zst->zst_tba);

the only way that zst->zst_tba is set is by setting it to tp->t_outq.c_cf,
which is in fact 0 for zs unit 0.  actually, the struct tty pointed to by
zstty_cd.cd_devs[0]->zst_tty looks like a page from exec_map...
the address is page-aligned and the data contained there are
argv and environment strings for swapctl.  very weird.

-Chuck