From wade@arch.wavefire.com  Fri Sep 17 19:33:28 2004
Return-Path: <wade@arch.wavefire.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 474E316A4CE
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 17 Sep 2004 19:33:28 +0000 (GMT)
Received: from arch.wavefire.com (arch.wavefire.com [64.141.15.247])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D6CD343D48
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 17 Sep 2004 19:33:27 +0000 (GMT)
	(envelope-from wade@arch.wavefire.com)
Received: from arch.wavefire.com (localhost [127.0.0.1])
	by arch.wavefire.com (8.13.1/8.13.1) with ESMTP id i8HJXQaX000788
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 17 Sep 2004 12:33:26 -0700 (PDT)
	(envelope-from wade@arch.wavefire.com)
Received: (from root@localhost)
	by arch.wavefire.com (8.13.1/8.13.1/Submit) id i8HJXPxK000787;
	Fri, 17 Sep 2004 12:33:25 -0700 (PDT)
	(envelope-from wade)
Message-Id: <200409171933.i8HJXPxK000787@arch.wavefire.com>
Date: Fri, 17 Sep 2004 12:33:25 -0700 (PDT)
From: archeron@wavefire.com
Reply-To: archeron@wavefire.com
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Running java applications causes kernel panic.
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         71827
>Category:       kern
>Synopsis:       [sched_ule] [panic] Running java applications causes kernel panic (5.3-BETA4)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    jeff
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Sep 17 19:40:21 GMT 2004
>Closed-Date:    Wed Mar 14 22:58:11 GMT 2007
>Last-Modified:  Wed Mar 14 22:58:11 GMT 2007
>Originator:     Charlie &
>Release:        FreeBSD 5.3-BETA4 i386
>Organization:
>Environment:
System: FreeBSD arch.wavefire.com 5.3-BETA4 FreeBSD 5.3-BETA4 #0: Fri Sep 17 10:09:02 PDT 2004 root@arch.wavefire.com:/usr/obj/usr/src/sys/WORKSTATION-5.0-SMP i386
dmesg output:
root@arch-~:dmesg
Copyright (c) 1992-2004 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD 5.3-BETA4 #0: Fri Sep 17 10:09:02 PDT 2004
    root@arch.wavefire.com:/usr/obj/usr/src/sys/WORKSTATION-5.0-SMP
WARNING: WITNESS option enabled, expect reduced performance.
WARNING: debug.mpsafenet forced to 0 as ipsec requires Giant
WARNING: MPSAFE network stack disabled, expect reduced performance.
ACPI APIC Table: <ASUS   CUV4X-D >
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel Pentium III (604.23-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0x681  Stepping = 1
  Features=0x383fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE>
real memory  = 1073725440 (1023 MB)
avail memory = 1041281024 (993 MB)
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
 cpu0 (BSP): APIC ID:  3
 cpu1 (AP): APIC ID:  0
Security policy loaded: TrustedBSD MAC/MLS (mac_mls)
Security policy loaded: TrustedBSD MAC/portacl (trustedbsd_mac_portacl)
Security policy loaded: TrustedBSD MAC/seeotheruids (mac_seeotheruids)
Security policy loaded: TrustedBSD MAC/Partition (mac_partition)
Security policy loaded: TrustedBSD MAC/Biba (mac_biba)
Security policy loaded: TrustedBSD MAC/BSD Extended (mac_bsdextended)
Security policy loaded: TrustedBSD MAC/ifoff (mac_ifoff)
ioapic0 <Version 1.1> irqs 0-23 on motherboard
netsmb_dev: loaded
npx0: [FAST]
npx0: <math processor> on motherboard
npx0: INT 16 interface
acpi0: <ASUS CUV4X-D> on motherboard
acpi0: Power Button (fixed)
Timecounter "ACPI-safe" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0xe408-0xe40b on acpi0
cpu0: <ACPI CPU> on acpi0
cpu1: <ACPI CPU> on acpi0
acpi_button0: <Power Button> on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
pcib1: <ACPI PCI-PCI bridge> at device 1.0 on pci0
pci1: <ACPI PCI bus> on pcib1
pci1: <display, VGA> at device 0.0 (no driver attached)
isab0: <PCI-ISA bridge> at device 4.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <VIA 82C686B UDMA100 controller> port 0xd800-0xd80f,0x376,0x170-0x177,0x3f6,0x1f0-0x1f7 at device 4.1 on0
ata0: channel #0 on atapci0
ata1: channel #1 on atapci0
pci0: <serial bus, USB> at device 4.2 (no driver attached)
pci0: <serial bus, USB> at device 4.3 (no driver attached)
xl0: <3Com 3c905C-TX Fast Etherlink XL> port 0xb800-0xb87f mem 0xf8800000-0xf880007f irq 19 at device 9.0 on pci0
miibus0: <MII bus> on xl0
xlphy0: <3c905C 10/100 internal PHY> on miibus0
xlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
xl0: Ethernet address: 00:50:da:91:0d:3f
xl0: [GIANT-LOCKED]
ahc0: <Adaptec 2940 Ultra2 SCSI adapter (OEM)> port 0xb400-0xb4ff mem 0xf8000000-0xf8000fff irq 16 at device 12.00
ahc0: [GIANT-LOCKED]
aic7890/91: Ultra2 Wide Channel A, SCSI Id=7, 32/253 SCBs
isp0: <Qlogic ISP 1020/1040 PCI SCSI Adapter> port 0xb000-0xb0ff mem 0xf7800000-0xf7800fff irq 19 at device 13.0 0
isp0: [GIANT-LOCKED]
fdc0: <floppy drive controller> port 0x3f7,0x3f2-0x3f5 irq 6 drq 2 on acpi0
fdc0: FIFO enabled, 8 bytes threshold
fd0: <1440-KB 3.5" drive> on fdc0 drive 0
sio0 port 0x3f8-0x3ff irq 4 on acpi0
sio0: type 16550A, console
sio1 port 0x2f8-0x2ff irq 3 on acpi0
sio1: type 16550A
atkbdc0: <Keyboard controller (i8042)> port 0x64,0x60 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
orm0: <ISA Option ROMs> at iomem 0xcc000-0xd17ff,0xc8000-0xc87ff,0xc0000-0xc7fff on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x100>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounters tick every 10.000 msec
IPsec: Initialized Security Association Processing.
ipfw2 initialized, divert enabled, rule-based forwarding disabled, default to deny, logging limited to 100 packett
ad0: 57259MB <MAXTOR 6L060J3/A93.0500> [116336/16/63] at ata0-master UDMA100
ATAPI_RESET time = 190us
acd0: CDROM <MATSHITA CR-587/7S13> at ata1-master PIO4
Waiting 15 seconds for SCSI devices to settle
da0 at ahc0 bus 0 target 4 lun 0
da0: <COMPAQ HD00441730 3208> Fixed Direct Access SCSI-2 device 
da0: 40.000MB/s transfers (20.000MHz, offset 15, 16bit), Tagged Queueing Enabled
da0: 4094MB (8386000 512 byte sectors: 255H 63S/T 522C)
da1 at ahc0 bus 0 target 8 lun 0
da1: <COMPAQ HD00441730 3208> Fixed Direct Access SCSI-2 device 
da1: 40.000MB/s transfers (20.000MHz, offset 15, 16bit), Tagged Queueing Enabled
da1: 4094MB (8386000 512 byte sectors: 255H 63S/T 522C)
SMP: AP CPU #1 Launched!
Mounting root from ufs:/dev/ad0s2a
WARNING: / was not properly dismounted


>Description:
	I have only noticed this when attempting to run a java 
application, in this case, a freenet server.  The kernel simply
panics with a signal 12 after running a java app for a few seconds, 
or even a minute some times.  If I disable any java apps from startup,
the machine appears stable.

Java version as follows:
root@arch-~:javavm -version 
java version "1.4.2-p6"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2-p6-root_12_mar_2004_07_21)
Java HotSpot(TM) Client VM (build 1.4.2-p6-root_12_mar_2004_07_21, mixed mode)

I rebuilt my kernel with the following debugging options:
# Debugging for use in -current
options         DDB                     #Enable the kernel debugger
options        KDB
options        GDB
options        INVARIANTS
options        INVARIANT_SUPPORT
options        WITNESS
options        WITNESS_SKIPSPIN
makeoptions     DEBUG=-g
makeoptions     PREEMPTION

I was unable to obtain a kernal core however.
Prior to the debugging kernel, I was receiving the following dump 
to the serial console:
login: kernel trap 12 with interrupts disabled


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 03
fault virtual address   = 0x174
fault code              = supervisor write, page not present
instruction pointer     = 0x8:0xc052967b
stack pointer           = 0x10:0xe4dfec04
frame pointer           = 0x10:0xe4dfec10
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, def32 1, gran 1
processor eflags        = resume, IOPL = 0
current process         = 4 (g_down)
[thread 100032]
Stopped at      runq_remove+0x2b:       movl    %eax,0x4(%esi)
db>

Now all I get is:
root@arch-~:panic: sched_add: kse 0xc298c494 (java) already in run queue
cpuid = 1
KDB: enter: panic

Kernel config may be found at: 
	http://archeron.wavefire.com/~wade/WORKSTATION-5.0-SMP

If I can provide any additional information, please just ask.

 -Wade Klaver
>How-To-Repeat:
	run Java.
>Fix:

	
>Release-Note:
>Audit-Trail:

From: Wade Klaver <archeron@wavefire.com>
To: freebsd-gnats-submit@FreeBSD.org, archeron@wavefire.com
Cc:  
Subject: Re: kern/71827: Running java applications causes kernel panic.
Date: Fri, 17 Sep 2004 14:12:26 -0700

 I managed to get this to crash to the kernel debugger.  The following is my 
 debugger session, although you may require additional info as I have no clue 
 what I am doing here :)  I will try to supply a proper crashdump once I get a 
 bigger swap partition.
 ...
 panic: sched_add: kse 0xc27beb14 (java) already in run queue
 cpuid = 0
 KDB: enter: panic
 [thread 100139]
 Stopped at      kdb_enter+0x2b: nop
 db> trace
 kdb_enter(c0750068) at kdb_enter+0x2b
 panic(c0751456,c27beb14,c298ea08,c07ee768,c2303380) at panic+0x127
 sched_add_internal(c27be9c0,1) at sched_add_internal+0x6d
 sched_add(c27be9c0,0) at sched_add+0x24
 slot_fill(c2303380,e741ec90,c0519828,c2990680,c2990680) at slot_fill+0x53
 sched_thread_exit(c2990680,c2990680) at sched_thread_exit+0x17
 thread_exit(c298e8c0,c07be480,0,c074dc7c,507) at thread_exit+0xa8
 thread_userret(c2990680,e741ed48) at thread_userret+0x145
 userret(c2990680,e741ed48,2,2,2) at userret+0x57
 syscall(2f,2f,2f,bf516c5c,4d998590) at syscall+0x2d9
 Xint0x80_syscall() at Xint0x80_syscall+0x1f
 --- syscall (0, FreeBSD ELF32, nosys), eip = 0x480f38e3, esp = 0xbf516af4, ebp 
 = 0xbf516b80 ---
 db>
 
 -- 
 Wade Klaver
 Wavefire Technologies Corporation
 GPG Public Key at http://archeron.wavefire.com
 
 /"\   ASCII Ribbon Campaign  .
 \ / - NO HTML/RTF in e-mail  .
  X  - NO Word docs in e-mail .
 / \ -----------------------------------------------------------------

From: Wade Klaver <archeron@wavefire.com>
To: freebsd-gnats-submit@FreeBSD.org, archeron@wavefire.com
Cc:  
Subject: Re: kern/71827: Running java applications causes kernel panic.
Date: Wed, 22 Sep 2004 16:44:55 -0700

 New developments.
 First, this box has been updated:
 
 Second, I finally have a proper core and backtrace:
 root@-/:savecore /opt/crash/ /dev/ad0s1b
 savecore: reboot after panic: sched_add: kse 0xc6983cb4 (java) already in run 
 queue
 savecore: unable to open bounds file, using 0
 savecore: writing core to vmcore.0
 ...
 Script started on Wed Sep 22 16:40:09 2004
 bash-2.05b# ls 
 -l /opt/crash[3P/opt/crashsavecore /opt/crash/ /dev/ad0s1b
 bash-2.05b# [19Pls /opt/crash[4h-l [4l/opt/crash
 bash-2.05b# [Kkgdb kernel.debug /opt/crash/vmcore.0
 [GDB will not be able to debug user-mode threads: /usr/lib/libthread_db.so: 
 Undefined symbol "ps_pglobal_lookup"]
 GNU gdb 6.1.1 [FreeBSD]
 Copyright 2004 Free Software Foundation, Inc.
 GDB is free software, covered by the GNU General Public License, and you are
 welcome to change it and/or distribute copies of it under certain conditions.
 Type "show copying" to see the conditions.
 There is absolutely no warranty for GDB.  Type "show warranty" for details.
 This GDB was configured as "i386-marcel-freebsd".
 doadump () at pcpu.h:159
 (kgdb) bt full
 #0  doadump () at pcpu.h:159
 No locals.
 #1  0xc0454b7e in db_fncall (dummy1=0, dummy2=0, dummy3=-1065307904, 
 dummy4=0xe7795898 "Xy\204P")
     at /usr/src/sys/ddb/db_command.c:531
 	fn_addr = -1068434840
 	args = {0 <repeats 11 times>}
 	nargs = 11
 	retval = 0
 	func = (fcn_10args_t *) 0xc050fa68 <doadump>
 	t = 0
 #2  0xc045498c in db_command (last_cmdp=0xc07b4d64, cmd_table=0x0, 
 aux_cmd_tablep=0xc0778be8, aux_cmd_tablep_end=0xc0778bec)
     at /usr/src/sys/ddb/db_command.c:349
 	cmd = (struct command *) 0xc077f660
 	t = 0
 	modif = "Xy\204P\000\200\001\000\000\000
 Xy\003\000\000Xy\000\000\000\000Xy\003\000\000Xyg\003\000\000\003\000\000\r\000\000\000Xy\002gXy\003\000\000\001\000\017\003x\000\000\000`V{\000\000\000\000\020YyhEtLfE\000\000\000\000`V{]E"
 	addr = 0
 	count = -1065307904
 	have_addr = 0
 	result = 0
 #3  0xc0454a54 in db_command_loop () at /usr/src/sys/ddb/db_command.c:455
 No locals.
 #4  0xc04565b9 in db_trap (type=3, code=0) at /usr/src/sys/ddb/db_main.c:221
 	jb = {{_jb = {-411477680, -411477700, -411477628, -1018255328, 0, 
 -1069193902, 2, -1018255328, 0, -411477624, 
       -1068309664, 2}}}
 	prev_jb = (void *) 0x0
 	bkpt = 0
 #5  0xc05278bf in kdb_trap (type=3, code=0, tf=0x1) 
 at /usr/src/sys/kern/subr_kdb.c:418
 	did_stop_cpus = 1
 	handled = -1018255328
 #6  0xc069da60 in trap (frame=
       {tf_fs = -411500520, tf_es = -1068367856, tf_ds = -1066074096, tf_edi = 
 -1066069624, tf_esi = 1, tf_ebp = -411477480, tf_isp = -411477500, tf_ebx = 
 -411477436, tf_edx = 0, tf_ecx = -1056882688, tf_eax = 18, tf_trapno = 3, 
 tf_err = 0, tf_eip = -1068337629, tf_cs = 8, tf_eflags = 134, tf_esp = 
 -411477448, tf_ss = -1068432621}) at /usr/src/sys/i386/i386/trap.c:576
 	td = (struct thread *) 0xc34ea820
 	p = (struct proc *) 0xc68f1a80
 	sticks = 3883489752
 	i = 0
 	ucode = 0
 	type = 3
 	code = 0
 	eva = 0
 #7  0xc068e27a in calltrap () at /usr/src/sys/i386/i386/exception.s:140
 No locals.
 #8  0xe7790018 in ?? ()
 No symbol table info available.
 #9  0xc0520010 in sched_class (kg=0xc0751188, class=256) 
 at /usr/src/sys/kern/sched_ule.c:1433
 	kseq = (struct kseq *) 0x1
 	ke = (struct td_sched *) 0x0
 	td = (struct thread *) 0xe7795a44
 	nclass = 0
 	oclass = 3
 #10 0xc0510313 in panic (fmt=0x86 <Address 0x86 out of bounds>) 
 at /usr/src/sys/kern/kern_shutdown.c:537
 ---Type <return> to continue, or q <return> to quit---
 	td = (struct thread *) 0xc34ea820
 	bootopt = 256
 	newpanic = 8
 	ap = 0xc0527623 "\220\211U\211WVS\005o|"
 	buf = "sched_add: kse 0xc6983cb4 (java) already in run queue", '\0' <repeats 
 202 times>
 #11 0xc052054d in sched_add_internal (td=0xc6983b60, preemptive=1) 
 at /usr/src/sys/kern/sched_ule.c:1692
 	kseq = (struct kseq *) 0xc07c0260
 	kg = (struct ksegrp *) 0x0
 	ke = (struct td_sched *) 0xc6983cb4
 	canmigrate = -1065622656
 	class = 0
 #12 0xc05204d8 in sched_add (td=0x0, flags=0) 
 at /usr/src/sys/kern/sched_ule.c:1672
 No locals.
 #13 0xc0520b61 in slot_fill (kg=0xc68f2af0) at kern_switch.c:217
 	td = (struct thread *) 0x0
 #14 0xc051fcb8 in sched_switch (td=0xc34ea820, newtd=0x0, flags=1) 
 at /usr/src/sys/kern/sched_ule.c:1277
 	ke = (struct td_sched *) 0xc34ea974
 #15 0xc0515ee4 in mi_switch (flags=1, newtd=0x0) 
 at /usr/src/sys/kern/kern_synch.c:340
 	new_switchtime = {sec = 109174, frac = 7524514413860760694}
 	td = (struct thread *) 0xc34ea820
 	p = (struct proc *) 0xc68f1a80
 	__func__ = "mi_switch"
 #16 0xc052fa9c in turnstile_wait (ts=0xc2aec0c0, lock=0xc07be3c0, 
 owner=0xc23799c0) at /usr/src/sys/kern/subr_turnstile.c:562
 	tc = (struct turnstile_chain *) 0xc07c9938
 	td = (struct thread *) 0xc34ea820
 	td1 = (struct thread *) 0xc34eab60
 #17 0xc05086fb in _mtx_lock_sleep (m=0xc07be3c0, td=0xc34ea820, opts=0, 
 file=0xc074c79b "/usr/src/sys/kern/kern_condvar.c", 
     line=334) at /usr/src/sys/kern/kern_mutex.c:551
 	ts = (struct turnstile *) 0xc2aec0c0
 	owner = (struct thread *) 0xc23799c0
 	v = 0
 #18 0xc05082e9 in _mtx_lock_flags (m=0xc07be3c0, opts=0, file=0xc074c79b 
 "/usr/src/sys/kern/kern_condvar.c", line=334)
     at /usr/src/sys/kern/kern_mutex.c:264
 No locals.
 #19 0xc04efb36 in cv_timedwait_sig (cvp=0xc07ee8c4, mp=0xc07ee8a0, timo=90001) 
 at /usr/src/sys/kern/kern_condvar.c:334
 	_giantcnt = 0
 	Giant__wf = 0xc0753b81 "/usr/src/sys/kern/sys_generic.c"
 	Giant__wl = 864
 	sq = (struct sleepqueue *) 0xc3736220
 	td = (struct thread *) 0xc34ea820
 	rval = 0
 	sig = 0
 	mp__wf = 0xc0753b81 "/usr/src/sys/kern/sys_generic.c"
 	mp__wl = 912
 	__func__ = "cv_timedwait_sig"
 #20 0xc0533a4b in poll (td=0xc34ea820, uap=0xe7795d14) 
 at /usr/src/sys/kern/sys_generic.c:937
 	bits = (struct pollfd *) 0xe7795be0
 	smallbits = {{fd = 119, events = 9, revents = 0}, {fd = -1068463931, events = 
 -7296, revents = -16261}, {fd = 0, 
     events = -3832, revents = -16268}, {fd = 711, events = -7232, revents = 
 -16261}, {fd = 762, events = 24891, 
     revents = -16267}, {fd = -411476948, events = -31844, revents = -16304}, 
 {fd = -1065622592, events = 0, revents = 0}, {
     fd = -1066049221, events = 762, revents = 0}, {fd = 0, events = 23756, 
 revents = -6279}, {fd = -1018255328, 
     events = 23676, revents = -6279}, {fd = -411476936, events = -23360, 
 revents = -16241}, {fd = -411476884, 
     events = 31919, revents = -16303}, {fd = -1064247360, events = -14608, 
 revents = 26849}, {fd = 42608563, 
     events = -12974, revents = -10772}, {fd = -411476796, events = 23692, 
 revents = -6279}, {fd = 1091337, events = 7936, 
 ---Type <return> to continue, or q <return> to quit---
     revents = -16263}, {fd = -411476852, events = -22496, revents = -15538}, 
 {fd = -1028354832, events = 23680, 
     revents = -6279}, {fd = -1068401236, events = 23692, revents = -6279}, {fd 
 = -411476808, events = -22496, 
     revents = -15538}, {fd = -411476832, events = 32261, revents = -16303}, 
 {fd = -411476852, events = 6784, 
     revents = -14705}, {fd = -1028354832, events = -22496, revents = -15538}, 
 {fd = -1068500367, events = 23736, 
     revents = -6279}, {fd = 134546372, events = 8, revents = 0}, {fd = 
 -411476808, events = 0, revents = 0}, {fd = 0, 
     events = 10992, revents = -14705}, {fd = 1095893493, events = 11994, 
 revents = 353}, {fd = 0, events = 6784, 
     revents = -14705}, {fd = 0, events = -22496, revents = -15538}, {fd = 
 -963700096, events = 23872, revents = -6279}, {
     fd = -1068500705, events = -1717, revents = -16305}}
 	atv = {tv_sec = 110072, tv_usec = 962453}
 	rtv = {tv_sec = 109172, tv_usec = 962453}
 	ttv = {tv_sec = 900, tv_usec = 0}
 	error = 0
 	timo = 90001
 	ncoll = 15592
 	nfds = 1
 	ni = 8
 #21 0xc069e1f7 in syscall (frame=
       {tf_fs = 138149935, tf_es = 47, tf_ds = -1082523601, tf_edi = 139359744, 
 tf_esi = 139359232, tf_ebp = -1095568936, tf_isp = -411476620, tf_ebx = 
 1208629308, tf_edx = 136764896, tf_ecx = 0, tf_eax = 209, tf_trapno = 22, 
 tf_err = 2, tf_eip = 1208956675, tf_cs = 31, tf_eflags = 642, tf_esp = 
 -1095568980, tf_ss = 47}) at /usr/src/sys/i386/i386/trap.c:1001
 	params = 0xbeb2f1b0 <Address 0xbeb2f1b0 out of bounds>
 	callp = (struct sysent *) 0xc078cc88
 	td = (struct thread *) 0xc34ea820
 	p = (struct proc *) 0xc68f1a80
 	orig_tf_eflags = 642
 	sticks = 5
 	error = 0
 	narg = 3
 	args = {-1095568880, 1, 900000, 0, 0, 0, 5, -963700096}
 	code = 209
 #22 0xc068e2cf in Xint0x80_syscall () 
 at /usr/src/sys/i386/i386/exception.s:201
 No locals.
 #23 0x083c002f in ?? ()
 No symbol table info available.
 #24 0x0000002f in ?? ()
 No symbol table info available.
 #25 0xbf7a002f in ?? ()
 No symbol table info available.
 #26 0x084e7600 in ?? ()
 No symbol table info available.
 #27 0x084e7400 in ?? ()
 No symbol table info available.
 #28 0xbeb2f1d8 in ?? ()
 No symbol table info available.
 #29 0xe7795d74 in ?? ()
 No symbol table info available.
 #30 0x480a383c in ?? ()
 No symbol table info available.
 #31 0x0826dde0 in ?? ()
 No symbol table info available.
 #32 0x00000000 in ?? ()
 No symbol table info available.
 #33 0x000000d1 in ?? ()
 No symbol table info available.
 ---Type <return> to continue, or q <return> to quit---
 #34 0x00000016 in ?? ()
 No symbol table info available.
 #35 0x00000002 in ?? ()
 No symbol table info available.
 #36 0x480f3703 in ?? ()
 No symbol table info available.
 #37 0x0000001f in ?? ()
 No symbol table info available.
 #38 0x00000282 in ?? ()
 No symbol table info available.
 #39 0xbeb2f1ac in ?? ()
 No symbol table info available.
 #40 0x0000002f in ?? ()
 No symbol table info available.
 #41 0x00000000 in ?? ()
 No symbol table info available.
 #42 0x00000000 in ?? ()
 No symbol table info available.
 #43 0x00000000 in ?? ()
 No symbol table info available.
 #44 0x00000000 in ?? ()
 No symbol table info available.
 #45 0x12031000 in ?? ()
 No symbol table info available.
 #46 0xc34ea974 in ?? ()
 No symbol table info available.
 #47 0xc32a3000 in ?? ()
 No symbol table info available.
 #48 0xe7795a98 in ?? ()
 No symbol table info available.
 #49 0xe7795a80 in ?? ()
 No symbol table info available.
 #50 0xc34ea820 in ?? ()
 No symbol table info available.
 #51 0xc051fcff in sched_switch (td=0x480a383c, newtd=0x84e7400, flags=Cannot 
 access memory at address 0xbeb2f1e8
 ) at /usr/src/sys/kern/sched_ule.c:1286
 	ke = (struct td_sched *) 0x84e7600
 Previous frame inner to this frame (corrupt stack?)
 (kgdb) q
 bash-2.05b# exit
 
 Script done on Wed Sep 22 16:40:43 2004
 
 
 FreeBSD arch.wavefire.com 5.3-BETA5 FreeBSD 5.3-BETA5 #2: Mon Sep 20 17:10:46 
 PDT 2004     root@arch.wavefire.com:/usr/obj/usr/src/sys/WORKSTATION-5.0-SMP  
 i386
 
 I am hearing that sched_ule is not a priority for now so I shall leave this as 
 my final post on this subject.  If anyone wants more info, please let me 
 know.
 
  -Wade Klaver
Responsible-Changed-From-To: freebsd-bugs->jeff 
Responsible-Changed-By: glebius 
Responsible-Changed-When: Fri Nov 19 19:23:53 GMT 2004 
Responsible-Changed-Why:  
Assign to ULE author. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=71827 
State-Changed-From-To: open->feedback 
State-Changed-By: linimon 
State-Changed-When: Wed Mar 14 22:22:37 UTC 2007 
State-Changed-Why:  
The ULE scheduler has been extensively upgraded -CURRENT.  Does this 
problem still occur there? 

http://www.freebsd.org/cgi/query-pr.cgi?pr=71827 
State-Changed-From-To: feedback->closed 
State-Changed-By: linimon 
State-Changed-When: Wed Mar 14 22:58:01 UTC 2007 
State-Changed-Why:  
Submitter's email address bounces. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=71827 
>Unformatted:
