npxdna causing kernel traps

Sat Jun 19 12:59:45 GMT 2004

On Sat, 19 Jun 2004, Static wrote:

> I have a fresh install of 5.2.1 which i then upgraded to -current.  I'm
> now getting the following message scrolling on the console
>
> kernel trap 22 with interrupts disabled
> kernel: npxdna: fpcurthread == curthread X times

Should be fixed in rev.1.592 of i386/machdep.c.  Sorry about that.

> trap:
>
> Fatal trap 12: page fault while in kernel mode
> fault virtual address   = 0x100
> fault code              = supervisor read, page not present
> instruction pointer     = 0x8:0xc05ce9c4
> stack pointer           = 0x10:0xcc598a9c`
> frame pointer           = 0x10:0xcc598a9c`
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                          = DPL, pres 1, def32 1, gran 1
> processor eflags        = resume, IOPL = 0
> current process         = 54139 (make)
> kernel: type 12 trap, code=0
> Stopped at      npxdrop+0x20:   movl    0x100(%eax),%eax
>
> db> trace
> npxdrop(cc598d48,cc598ac4,c05c1c68,c1122dc0,48) at npxdrop+0x20
> fpstate_drop(c1122dc0,48,c14c0400,cc598b8c,0) at fpstate_drop+0x31
> exec_setregs(c1122dc0,80480b8,bfbfebf8,0,20) at exec_setregs+0xf8
> kern_execve(c1122dc0,8069644,80695b4,80695c4,0) at kern_execve+0xb81
> execve(c1122dc0,cc598d14,c,c1122dc0,3) at execve+0x18
> syscall(2f,2f,2f,0,0) at syscall+0x1d0
> Xint0x80_syscall() at Xint0x80_syscall+0x1f
> --- syscall (0, FreeBSD ELF32, nosys), eip=0x80480b8, esp=0bfbfebf8,ebp =
> 0 ---

This is a side effect of the bug that I suspected but didn't see in
normal operation.  npxdna() fixes up the problem OK except for printing
an error message, but trap() enables interrupts and npxdrop() is depending
on them staying disabled.  Switching context to an ithread is possible and
causes the above null pointer panic.

Bruce