port-vax: Re: 4.99.14 install

Subject: Re: 4.99.14 install
To: None <port-vax@NetBSD.org>
From: Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
List: port-vax
Date: 03/13/2007 22:14:49
On Tue, Mar 13, 2007 at 06:48:43PM +0100, Hans Rosenfeld wrote:
> A similar problem exists in 4.99.14, but it doesn't panic. No SYN packet
> is sent and after a while ftp stops waiting for the connect() call:

I think I found it, and it _does_ segfault:

panic: Segv in kernel mode: pc 8000eeb9 addr 100ee2c
Stopped in pid 24.1 (ftp) at    netbsd:trap+0x5b9:      movl    $1, -64(fp)
db> trace
panic: Segv in kernel mode: pc %x addr %x
Stack traceback :
0x86e7dcc0: trap+0x5b9(0x86e7dd88)
0x86e7dd88: trap type=0x8 code=0x100ee2c pc=0x8000eeb9 psl=0x8cc0008
0x86e7dd54: tcp_output+0x9b5(0x83d80ce0)
0x86e7de50: tcp_usrreq+0x249(0x83de9d80,0x4,0,0x83f70400,0,0x83f0a000)
0x86e7de90: soconnect+0x71(0x83de9d80,0x83f70400,0x83f0a000)
0x86e7dedc: sys_connect+0xe6(0x83f0a000,0x86e7df54,0x86e7df74)
0x86e7df18: syscall_plain+0x9c(0x86e7dfb4)

There is MOVC3 at that address that causes the fault:

8000eeb5:       d0 ad 8c 56     movl 0xffffff8c(fp),r6
8000eeb9:       28 28 b6 08     movc3 $0x28,*0x8(r6),(r6)

I think this code is the bcopy() on line 1271 in
sys/netinet/tcp_output.c, which is expanded into a memcpy(), which is
compiled using the builtin memcpy(). To verify that it is really this
bcopy() call I wrapped it in printf statements, which also caused the
code to be generated differently:

8000eeb6:       fb 01 ef 33     calls $0x1,800b1ff0 <printf>
8000eeba:       31 0a 00 
8000eebd:       d0 c8 98 00     movl 0x98(r8),r6
8000eec1:       56 
8000eec2:       28 28 b6 08     movc3 $0x28,*0x8(r6),*0x8(r7)
8000eec6:       b7 08 

This code did not cause a segfault, so I guess that the compiler was
doing something wrong before.

Since I wasn't able to build a kernel without builtins or optimizations
without too much fiddling, I just left that printf() in place and tried
to install the system. Didn't work:

panic: Segv in kernel mode: pc 80115af1 addr 83fb6000
Stopped in pid 3.1 (pagedaemon) at      netbsd:trap+0x5b9:      movl $1, -64(fp)
db> trace
panic: Segv in kernel mode: pc %x addr %x
Stack traceback :
0x86e6bdb8: trap+0x5b9(0x86e6be80)
0x86e6be80: trap type=0xc code=0x83fb6000 pc=0x80115af1 psl=0x0
0x86e6be4c: pmap_clear_reference_long+0x8b(0x80471100)
0x86e6bed0: uvmpdpol_balancequeue+0x6c(0)
0x86e6befc: uvm_pageout+0x2f8(0x83f0aa80)

Well.


-- 
%SYSTEM-F-ANARCHISM, The operating system has been overthrown