From owner-freebsd-current  Mon Apr 29  5:59: 9 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mail.speakeasy.net (mail11.speakeasy.net [216.254.0.211])
	by hub.freebsd.org (Postfix) with ESMTP id 0EB0B37B416
	for <current@FreeBSD.org>; Mon, 29 Apr 2002 05:57:41 -0700 (PDT)
Received: (qmail 14846 invoked from network); 29 Apr 2002 12:57:38 -0000
Received: from unknown (HELO server.baldwin.cx) ([216.27.160.63]) (envelope-sender <jhb@FreeBSD.org>)
          by mail11.speakeasy.net (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP
          for <current@FreeBSD.org>; 29 Apr 2002 12:57:38 -0000
Received: from laptop.baldwin.cx (laptop.baldwin.cx [192.168.0.4])
	by server.baldwin.cx (8.11.6/8.11.6) with ESMTP id g3TCvbv26470;
	Mon, 29 Apr 2002 08:57:37 -0400 (EDT)
	(envelope-from jhb@FreeBSD.org)
Message-ID: <XFMail.20020429085651.jhb@FreeBSD.org>
X-Mailer: XFMail 1.5.2 on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <Pine.NEB.3.96L.1020428094421.64976J-100000@fledge.watson.org>
Date: Mon, 29 Apr 2002 08:56:51 -0400 (EDT)
From: John Baldwin <jhb@FreeBSD.org>
To: Robert Watson <rwatson@FreeBSD.org>
Subject: RE: page fault in _mtx_lock_flags
Cc: current@FreeBSD.org
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG


On 28-Apr-2002 Robert Watson wrote:
> 
> As usual, GENERIC -CURRENT head from last night, from the main tree. 
> Dual-proc SMP box netbooted using PXE.  System usually boots, does a
> buildkernel -j 8 over NFS, then reboots and repeats.  This time it didn't. 
> 
> I actually have two boxes doing this, which does seem to double the rate
> of panics I get.
> 
> APIC_IO: Testing 8254 interrupt delivery
> APIC_IO: Broken MP table detected: 8254 is not connected to IOAPIC #0 intpin
> 2
> APIC_IO: routing 8254 via 8259 and IOAPIC #0 intpin 0
> ad0: 19458MB <ST320420A> [39535/16/63] at ata0-master UDMA33
> acd0: CDROM <MATSHITA CR-176> at ata1-master PIO4
> doSuMnPt:i nAgP  rCoPoUt  #f1r oLma unnfcsh:etsray irq 10
> NFS ROOT: 192.168.50.1:/cboss/devel/nfsroot/crash1.cboss.tislabs.com
> 
> 
> Fatal trap 12: page fault while in kernel mode
> cpuid = 0; lapic.id = 00000000
> fault virtual address   = 0x7974748b

These are ASCII chars, somehow a pointer to a mutex has been overwritten
with a string.

"yyt<some unprintable char>"

> fault code              = supervisor write, page not present
> instruction pointer     = 0x8:0xc02449b6
> stack pointer           = 0x10:0xc93dea14
> frame pointer           = 0x10:0xc93dea20
> code segment            = base 0x0, limit 0xfffff, type 0x1b
>                         = DPL 0, pres 1, def32 1, gran 1
> processor eflags        = interrupt enabled, resume, IOPL = 0
> current process         = 41 (sh)
> kernel: type 12 trap, code=0
> Stopped at      _mtx_lock_flags+0x42:   lock cmpxchgl   %ecx,0x18(%ebx)
> db> trace
> _mtx_lock_flags(79747473,0,c03cb862,e3) at _mtx_lock_flags+0x42

Same here.  See the first arg which is supposed to be a mutex pointer.

"ytts"

-- 

John Baldwin <jhb@FreeBSD.org>  <><  http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve!"  -  http://www.FreeBSD.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message