From owner-freebsd-current@FreeBSD.ORG Tue Nov 11 03:43:47 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E3D5416A4CE for ; Tue, 11 Nov 2003 03:43:47 -0800 (PST) Received: from park.rambler.ru (park.rambler.ru [81.19.64.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 802ED43F75 for ; Tue, 11 Nov 2003 03:43:45 -0800 (PST) (envelope-from is@rambler-co.ru) Received: from is.park.rambler.ru (is.park.rambler.ru [81.19.64.102]) by park.rambler.ru (8.12.6/8.12.6) with ESMTP id hABBhhJ6060142 for ; Tue, 11 Nov 2003 14:43:43 +0300 (MSK) (envelope-from is@rambler-co.ru) Date: Tue, 11 Nov 2003 14:43:43 +0300 (MSK) From: Igor Sysoev X-Sender: is@is.park.rambler.ru To: freebsd-current@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: panic: bad pte X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Nov 2003 11:43:48 -0000 I have core dump caused by "panic: bad pte" on FreeBSD 5.1-CURRENT SMP cvsuped on date=2003.11.04.02.02.00. System runs "make -j 64 buildworld" in a cycle and sometimes paniced with message "bad pte". ----- Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x24 fault code = supervisor read, page not present instruction pointer = 0x8:0xc050a35b stack pointer = 0x10:0xe21c6c88 frame pointer = 0x10:0xe21c6c9c code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = resume, IOPL = 0 current process = 42 (irq29: ahd0) trap number = 12 panic: page fault cpuid = 0; boot() called on cpu#0 ----- ----- (kgdb) where #0 doadump () at ../../../kern/kern_shutdown.c:240 #1 0xc0515167 in boot (howto=260) at ../../../kern/kern_shutdown.c:372 #2 0xc0515580 in poweroff_wait (junk=0xc06676f0, howto=-1066995772) at ../../../kern/kern_shutdown.c:550 #3 0xc063359c in trap_fatal (frame=0xc06676f0, eva=0) at ../../../i386/i386/trap.c:821 #4 0xc0632c13 in trap (frame= {tf_fs = -1007615976, tf_es = -501481456, tf_ds = -1068433392, tf_edi = 4, tf_esi = 20, tf_ebp = -501453668, tf_isp = -501453708, tf_ebx = 0, tf_edx = -1067055282, tf_ecx = -920489984, tf_eax = 20, tf_trapno = 12, tf_err = 0, tf_eip = -1068457125, tf_cs = 8, tf_eflags = 65683, tf_esp = 91645925, tf_ss = -148261714}) at ../../../i386/i386/trap.c:250 #5 0xc061fbb8 in calltrap () at {standard input}:94 #6 0xc050a7a9 in _mtx_lock_sleep (m=0x14, opts=0, file=0x0, line=0) at ../../../kern/kern_mutex.c:635 #7 0xc04ff295 in ithread_loop (arg=0xc7df1080) at ../../../kern/kern_intr.c:543 #8 0xc04fded0 in fork_exit (callout=0xc04ff0d0 , arg=0x0, frame=0x0) at ../../../kern/kern_fork.c:793 ----- But it seems that it's incorrect back trace because the faulting instruction is in kern/kern_mutex.c:propagate_priority() @c050a35b. Here is disassembled and commented code starting from line 150 in kern/kern_mutex.c:propagate_priority(): c050a332 cmpl $0x3,0xe4(%ecx) # if (TD_ON_RUNQ(td)) { c050a339 jne 0xc050a350 c050a33b mov %esi,%edx # prio -> %edx c050a33d movzbl %dl,%eax # prio -> %eax c050a340 mov %eax,0x4(%esp,1) # prio c050a344 mov %ecx,(%esp,1) # td c050a347 call 0xc052bc10 # sched_prio(td, pri); c050a34c jmp 0xc050a3cb c050a34e mov %esi,%esi # nop c050a350 mov %esi,%eax # prio -> %eax c050a352 mov %al,0xdd(%ecx) # td->td_priority = pri; c050a358 mov 0x5c(%ecx),%ebx # m = td->td_blocked; FAULT: c050a35b cmp 0x24(%ebx),%ecx # if (td == TAILQ_FIRST(&m->mtx_blocked)) { c050a35e je 0xc050a2f0 # continue; It seems that td->td_blocked is NULL. Igor Sysoev htto://sysoev.ru/en/