From rivers@dignus.com Mon Nov 15 09:58:34 1999
Return-Path: <rivers@dignus.com>
Received: from smtp2.vnet.net (smtp2.vnet.net [166.82.1.32])
	by hub.freebsd.org (Postfix) with ESMTP id A926714A1F
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 15 Nov 1999 09:58:33 -0800 (PST)
	(envelope-from rivers@dignus.com)
Received: from dignus.com (ponds.vnet.net [166.82.177.48])
	by smtp2.vnet.net (8.9.1a/8.9.1) with ESMTP id MAA07281
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 15 Nov 1999 12:58:31 -0500 (EST)
Received: from lakes.dignus.com (lakes.dignus.com [10.0.0.3])
	by dignus.com (8.9.2/8.8.5) with ESMTP id MAA13226
	for <FreeBSD-gnats-submit@freebsd.org>; Mon, 15 Nov 1999 12:58:30 -0500 (EST)
Received: (from rivers@localhost) by lakes.dignus.com (8.9.3/8.6.9) id MAA02091; Mon, 15 Nov 1999 12:58:30 -0500 (EST)
Message-Id: <199911151758.MAA02091@lakes.dignus.com>
Date: Mon, 15 Nov 1999 12:58:30 -0500 (EST)
From: Thomas David Rivers <rivers@dignus.com>
Reply-To: rivers@dignus.com
To: FreeBSD-gnats-submit@freebsd.org
Subject: 3.3-RELEASE panic in pmap_pte_quick()
X-Send-Pr-Version: 3.2

>Number:         14900
>Category:       kern
>Synopsis:       3.3-RELEASE panic in pmap_pte_quick()
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Nov 15 10:00:00 PST 1999
>Closed-Date:    Wed May 30 02:15:26 PDT 2001
>Last-Modified:  Wed May 30 02:16:03 PDT 2001
>Originator:     Thomas David Rivers
>Release:        FreeBSD 3.3-RELEASE i386
>Organization:
Dignus, LLC
>Environment:

 3.3-RELEASE running on a P200, w/ 64Meg memory, AHA2940.

>Description:

 I have seen, every-now-and-then, panics with 3.3-RELEASE.  
 
 After observing when these occur, I was able to put together
 a sequence of programs to run which will cause the panic.

 My debugging of the kernel indicates that pmap_pte_quick() 
 is being passed a bad `pmap' parm.  Although, I'm unable
 to take it from there.

 Here's the traceback:

	pmap_pte_quick()+12
	pmap_ts_referenced()
	vm_pageout_page_stats()
	vm_pageout()
	kproc_start()
	fork_trampoline()

 The particular instruction which causes the panic is:

	movl 0(%edx,%eax,4),%ecx

 which comes from the source line:

	if (pde = (unsigned) pmap->pm_pdir[va >> PDRSHIFT]) {

 this is the instruction to reference the pm_pdir array. %edx
 should contain a correct value for pmap->pm_pdir, but contains
 trash (or, at least an address outside of the kernel's address
 table.)  %edx is loaded from the in-coming `pmap' parm.
	

>How-To-Repeat:

	I have the reproduction - unfortunately it involves running
	a purchase program, so I'm not at liberty to hand it out.

	I will be happy to test any potential fixes.

>Fix:

		


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: sos 
State-Changed-When: Wed May 30 02:15:26 PDT 2001 
State-Changed-Why:  
Upgrade to 4.3 and get back to us if problem persists. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=14900 
>Unformatted:
