netbsd-bugs: Re: port-i386/9368: i386 kernel trap in gdt

Subject: Re: port-i386/9368: i386 kernel trap in gdt_compact()
To: None <gnats-bugs@gnats.netbsd.org>
From: Chris G. Demetriou <cgd@netbsd.org>
List: netbsd-bugs
Date: 02/07/2000 14:39:57
cgd@netbsd.org writes:
> >How-To-Repeat:
> Unknown.  Run out of processes on an i386 system?  I'm gonna try
> it again, with a kernel from the latest 1.4-branch sources.

This would seem to be a pretty good method.  I just tripped the bug
again (doing the same thing, this time intentionally), after having
built a kernel with up to date 1.4-branch sources (as of about noon
PST feb 7, 2000).

I built the kernel with debugging symbols this time, to get more of a
clue about the problem.

The traceback (down to the trap, because that's all gdb seems willing
to do -- see pr 9367 8-) looked like:

#0  0xf023ea26 in sys_sysarch () at ../../../../arch/i386/i386/trap.c:250
#1  0xf02381b7 in cpu_reboot (howto=0x100, bootstr=0x0)
    at ../../../../arch/i386/i386/machdep.c:1353
#2  0xf0189aa8 in log (level=0xf023ea26, fmt=0x0)
    at ../../../../kern/subr_prf.c:212
#3  0xf023ecb5 in trap (frame={tf_es = 0xf0170010, tf_ds = 0x10, tf_edi = 0xb, 
      tf_esi = 0x3, tf_ebp = 0xf0386ef4, tf_ebx = 0x102, tf_edx = 0x100, 
      tf_ecx = 0xfcc9e000, tf_eax = 0xfcca1000, tf_trapno = 0x6, tf_err = 0x0, 
      tf_eip = 0xf02369d0, tf_cs = 0x8, tf_eflags = 0x10286, tf_esp = 0x102, 
      tf_ss = 0xf0385000, tf_vm86_es = 0xfce7ec4c, tf_vm86_ds = 0x5d, 
      tf_vm86_fs = 0x58, tf_vm86_gs = 0xf01841bb})
    at ../../../../arch/i386/i386/trap.c:310


To track down the problem further, I then did:

(gdb) list *0xf02369d0
0xf02369d0 is in gdt_compact (../../../../arch/i386/i386/gdt.c:124).
119             struct pcb *pcb;
120             int slot = NGDT, oslot;
121
122             for (p = allproc.lh_first; p != 0; p = p->p_list.le_next) {
123                     pcb = &p->p_addr->u_pcb;
124                     oslot = IDXSEL(pcb->pcb_tss_sel);
125                     if (oslot >= gdt_count) {
126                             while (gdt[slot].sd.sd_type != SDT_SYSNULL) {
127                                     if (++slot >= gdt_count)
128                                             panic("gdt_compact botch 1");



As before, the last few messages on console (kernel printfs) were:

boot device: sd0
root on sd0a dumps on sd0b
root file system type: ffs
proc: table is full
proc: table is full
proc: table is full
proc: table is full
proc: table is full
proc: table is full
proc: table is full
proc: table is full
proc: table is full
proc: table is full
proc: table is full
fatal page fault in supervisor mode
trap type 6 code 0 eip f02369d0 cs 8 eflags 10286 cr2 fcc9e068 cpl 0
panic: trap
syncing disks... 4 4 done



cgd
-- 
Chris Demetriou - cgd@netbsd.org - http://www.netbsd.org/People/Pages/cgd.html
Disclaimer: Not speaking for NetBSD, just expressing my own opinion.