panic: bad pte

From: Igor Sysoev <is_at_rambler-co.ru>
Date: Tue, 11 Nov 2003 14:43:43 +0300 (MSK)
I have core dump caused by "panic: bad pte" on FreeBSD 5.1-CURRENT SMP
cvsuped on date=2003.11.04.02.02.00.  System runs "make -j 64 buildworld"
in a cycle and sometimes paniced with message "bad pte".

-----
Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x24
fault code              = supervisor read, page not present
instruction pointer     = 0x8:0xc050a35b
stack pointer           = 0x10:0xe21c6c88
frame pointer           = 0x10:0xe21c6c9c
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = resume, IOPL = 0
current process         = 42 (irq29: ahd0)
trap number             = 12
panic: page fault
cpuid = 0;
boot() called on cpu#0
-----

-----
(kgdb) where
#0  doadump () at ../../../kern/kern_shutdown.c:240
#1  0xc0515167 in boot (howto=260) at ../../../kern/kern_shutdown.c:372
#2  0xc0515580 in poweroff_wait (junk=0xc06676f0, howto=-1066995772)
    at ../../../kern/kern_shutdown.c:550
#3  0xc063359c in trap_fatal (frame=0xc06676f0, eva=0)
    at ../../../i386/i386/trap.c:821
#4  0xc0632c13 in trap (frame=
      {tf_fs = -1007615976, tf_es = -501481456, tf_ds = -1068433392, tf_edi = 4, tf_esi = 20, tf_ebp = -501453668, tf_isp = -501453708, tf_ebx = 0, tf_edx = -1067055282, tf_ecx = -920489984, tf_eax = 20, tf_trapno = 12, tf_err = 0, tf_eip = -1068457125, tf_cs = 8, tf_eflags = 65683, tf_esp = 91645925, tf_ss = -148261714}) at ../../../i386/i386/trap.c:250
#5  0xc061fbb8 in calltrap () at {standard input}:94
#6  0xc050a7a9 in _mtx_lock_sleep (m=0x14, opts=0, file=0x0, line=0)
    at ../../../kern/kern_mutex.c:635
#7  0xc04ff295 in ithread_loop (arg=0xc7df1080)
    at ../../../kern/kern_intr.c:543
#8  0xc04fded0 in fork_exit (callout=0xc04ff0d0 <ithread_loop>, arg=0x0,
    frame=0x0) at ../../../kern/kern_fork.c:793
-----

But it seems that it's incorrect back trace because the faulting
instruction is in kern/kern_mutex.c:propagate_priority() _at_c050a35b.

Here is disassembled and commented code starting from line 150 in
kern/kern_mutex.c:propagate_priority():

c050a332 cmpl   $0x3,0xe4(%ecx)     # if (TD_ON_RUNQ(td)) {
c050a339 jne    0xc050a350
c050a33b mov    %esi,%edx           # prio -> %edx
c050a33d movzbl %dl,%eax            # prio -> %eax
c050a340 mov    %eax,0x4(%esp,1)    # prio
c050a344 mov    %ecx,(%esp,1)       # td
c050a347 call   0xc052bc10 <sched_prio>  # sched_prio(td, pri);
c050a34c jmp    0xc050a3cb

c050a34e mov    %esi,%esi           # nop

c050a350 mov    %esi,%eax           # prio -> %eax
c050a352 mov    %al,0xdd(%ecx)      # td->td_priority = pri;
c050a358 mov    0x5c(%ecx),%ebx     # m = td->td_blocked;
         FAULT:
c050a35b cmp    0x24(%ebx),%ecx     # if (td == TAILQ_FIRST(&m->mtx_blocked)) {
c050a35e je     0xc050a2f0          # continue;

It seems that td->td_blocked is NULL.


Igor Sysoev
htto://sysoev.ru/en/
Received on Tue Nov 11 2003 - 02:43:47 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:28 UTC