kern/52718: changes to kern_umtx.c causes panic in cam

Bryan Liesner bleez at verizon.net
Tue May 27 05:40:14 PDT 2003 

>Number:         52718
>Category:       kern
>Synopsis:       changes to kern_umtx.c causes panic in cam
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 27 05:40:12 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Bryan Liesner
>Release:        FreeBSD 5.1-BETA i386
>Organization:
>Environment:
System: FreeBSD gravy.homeunix.net 5.1-BETA FreeBSD 5.1-BETA #0: Mon May 26 15:49:23 EDT 2003 bryan at gravy.homeunix.net:/usr/obj/usr/src/sys/GRAVY i386


	
>Description:
The change from kern_umtx.c rev 1.2 to 1.3 brought out the following
panic on my system.  The panic does not occur if I revert back to 1.2
or if I turn off my USB hard drive (uses EHCI) and run with rev 1.3


Fatal trap 12: page fault while in kernel mode
fault virtual address   = 0x0
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc0135b0a7
stack pointer           = 0x10:0xd68f2c48
frame pointer           = 0x10:0xd68f2c64
code  segment           = base 0x0 limit 0xffff, type 0x1b
processor eflags        = interrupt enabled, resume, IOPL=0
current process         = 12 (swi7: tty:sio clock)
trap number             = 12
panic page fault

DDB says it was in heap_up+0x27

...

(kgdb) l *heap_up+0x27
0xc0136be7 is in heap_up (../../../cam/cam_queue.c:345).
340	 * equal too, or greater than j respectively.
341	 */
342	static __inline int
343	queue_cmp(cam_pinfo **queue_array, int i, int j)
344	{
345		if (queue_array[i]->priority == queue_array[j]->priority)
346			return (  queue_array[i]->generation
347				- queue_array[j]->generation );
348		else
349			return (  queue_array[i]->priority
(kgdb)
350				- queue_array[j]->priority );
351	}
352
353	/*
354	 * swap: Given an array of cam_pinfo* elements and indexes i and j,
355	 * exchange elements i and j.
356	 */
357	static __inline void
358	swap(cam_pinfo **queue_array, int i, int j)
359	{

>How-To-Repeat:
boot the system
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list