Bug 14900
| Summary: | 3.3-RELEASE panic in pmap_pte_quick() | ||
|---|---|---|---|
| Product: | Base System | Reporter: | Thomas David Rivers <rivers> |
| Component: | kern | Assignee: | freebsd-bugs (Nobody) <bugs> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | 3.3-RELEASE | ||
| Hardware: | Any | ||
| OS: | Any | ||
State Changed From-To: open->closed Upgrade to 4.3 and get back to us if problem persists. |
I have seen, every-now-and-then, panics with 3.3-RELEASE. After observing when these occur, I was able to put together a sequence of programs to run which will cause the panic. My debugging of the kernel indicates that pmap_pte_quick() is being passed a bad `pmap' parm. Although, I'm unable to take it from there. Here's the traceback: pmap_pte_quick()+12 pmap_ts_referenced() vm_pageout_page_stats() vm_pageout() kproc_start() fork_trampoline() The particular instruction which causes the panic is: movl 0(%edx,%eax,4),%ecx which comes from the source line: if (pde = (unsigned) pmap->pm_pdir[va >> PDRSHIFT]) { this is the instruction to reference the pm_pdir array. %edx should contain a correct value for pmap->pm_pdir, but contains trash (or, at least an address outside of the kernel's address table.) %edx is loaded from the in-coming `pmap' parm. How-To-Repeat: I have the reproduction - unfortunately it involves running a purchase program, so I'm not at liberty to hand it out. I will be happy to test any potential fixes.