I have core dump caused by "panic: bad pte" on FreeBSD 5.1-CURRENT SMP cvsuped on date=2003.11.04.02.02.00. System runs "make -j 64 buildworld" in a cycle and sometimes paniced with message "bad pte". ----- Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x24 fault code = supervisor read, page not present instruction pointer = 0x8:0xc050a35b stack pointer = 0x10:0xe21c6c88 frame pointer = 0x10:0xe21c6c9c code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = resume, IOPL = 0 current process = 42 (irq29: ahd0) trap number = 12 panic: page fault cpuid = 0; boot() called on cpu#0 ----- ----- (kgdb) where #0 doadump () at ../../../kern/kern_shutdown.c:240 #1 0xc0515167 in boot (howto=260) at ../../../kern/kern_shutdown.c:372 #2 0xc0515580 in poweroff_wait (junk=0xc06676f0, howto=-1066995772) at ../../../kern/kern_shutdown.c:550 #3 0xc063359c in trap_fatal (frame=0xc06676f0, eva=0) at ../../../i386/i386/trap.c:821 #4 0xc0632c13 in trap (frame= {tf_fs = -1007615976, tf_es = -501481456, tf_ds = -1068433392, tf_edi = 4, tf_esi = 20, tf_ebp = -501453668, tf_isp = -501453708, tf_ebx = 0, tf_edx = -1067055282, tf_ecx = -920489984, tf_eax = 20, tf_trapno = 12, tf_err = 0, tf_eip = -1068457125, tf_cs = 8, tf_eflags = 65683, tf_esp = 91645925, tf_ss = -148261714}) at ../../../i386/i386/trap.c:250 #5 0xc061fbb8 in calltrap () at {standard input}:94 #6 0xc050a7a9 in _mtx_lock_sleep (m=0x14, opts=0, file=0x0, line=0) at ../../../kern/kern_mutex.c:635 #7 0xc04ff295 in ithread_loop (arg=0xc7df1080) at ../../../kern/kern_intr.c:543 #8 0xc04fded0 in fork_exit (callout=0xc04ff0d0 <ithread_loop>, arg=0x0, frame=0x0) at ../../../kern/kern_fork.c:793 ----- But it seems that it's incorrect back trace because the faulting instruction is in kern/kern_mutex.c:propagate_priority() _at_c050a35b. Here is disassembled and commented code starting from line 150 in kern/kern_mutex.c:propagate_priority(): c050a332 cmpl $0x3,0xe4(%ecx) # if (TD_ON_RUNQ(td)) { c050a339 jne 0xc050a350 c050a33b mov %esi,%edx # prio -> %edx c050a33d movzbl %dl,%eax # prio -> %eax c050a340 mov %eax,0x4(%esp,1) # prio c050a344 mov %ecx,(%esp,1) # td c050a347 call 0xc052bc10 <sched_prio> # sched_prio(td, pri); c050a34c jmp 0xc050a3cb c050a34e mov %esi,%esi # nop c050a350 mov %esi,%eax # prio -> %eax c050a352 mov %al,0xdd(%ecx) # td->td_priority = pri; c050a358 mov 0x5c(%ecx),%ebx # m = td->td_blocked; FAULT: c050a35b cmp 0x24(%ebx),%ecx # if (td == TAILQ_FIRST(&m->mtx_blocked)) { c050a35e je 0xc050a2f0 # continue; It seems that td->td_blocked is NULL. Igor Sysoev htto://sysoev.ru/en/Received on Tue Nov 11 2003 - 02:43:47 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:28 UTC