Subject: Re: CVS commit: src/sys/kern
To: Manuel Bouyer <bouyer@antioche.eu.org>
From: Darren Reed <darrenr@NetBSD.org>
List: port-i386
Date: 01/28/2006 13:56:28
On Sat, Jan 28, 2006 at 02:48:38PM +0100, Manuel Bouyer wrote:
> > >From a digital camera:
> > -------------------------
> > fatal protection fault in supervisor mode
> > trap type 4 code 7fb eip c0100b7f cs 8 eflags 10246 cr2 804eeac ilevel 0
> > panic: trap
> > Begin traceback...
> > trap() at netbsd:trap+0x149
> > --- trap (number 4) ---
> > cpu_switch(c0363ba0,0,ca342000,282,c0365a20) at netbsd:cpu_switch+0x9f
> > fatal protection fault in supervisor mode
> > trap type 4 code 7fb eip c0100b7f cs 8 eflags 10246 cr2 804eeac ilevel 0
> > Faulted in mid-traceback:aborting...
> > <system hang>
>
> So DDB_COMMANDONENTER="trace" would probably have worked as well.
> Can you see where 0xc0100b7f points in your kernel ?
> I suspect cpu_switch() or trap().
cpu_switch()
> If you use DDB_COMMANDONENTER="show registers; trace" (in this order as
> trace doesn't completely work) we would also have the esp (stack pointer)
> value.
>
This doesn't exist in 3.0
> You could also try disas 0xc0100b7f
(gdb) disas cpu_switch+0x9f
Dump of assembler code for function idle_loop:
0xc0100b73 <idle_loop>: mov 0xc0367668,%ecx
0xc0100b79 <idle_loop+6>: test %ecx,%ecx
0xc0100b7b <idle_loop+8>: jne 0xc0100b63 <idle_zero>
0xc0100b7d <idle_loop+10>: sti
0xc0100b7e <idle_loop+11>: hlt
0xc0100b7f <idle_loop+12>: nop
End of assembler dump.
> My current theory is that cpu_switch(), while restoring a context, loaded
> %esp with a bogus value.
Nasty.
Darren