From owner-freebsd-bugs@FreeBSD.ORG  Fri Dec 29 20:00:38 2006
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@hub.freebsd.org
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 5204216A403
	for <freebsd-bugs@hub.freebsd.org>;
	Fri, 29 Dec 2006 20:00:38 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40])
	by mx1.freebsd.org (Postfix) with ESMTP id E68EA13C428
	for <freebsd-bugs@hub.freebsd.org>;
	Fri, 29 Dec 2006 20:00:37 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id kBTK0be3063824
	for <freebsd-bugs@freefall.freebsd.org>; Fri, 29 Dec 2006 20:00:37 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id kBTK0b6Y063822;
	Fri, 29 Dec 2006 20:00:37 GMT (envelope-from gnats)
Date: Fri, 29 Dec 2006 20:00:37 GMT
Message-Id: <200612292000.kBTK0b6Y063822@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: John Baldwin <jhb@FreeBSD.org>
Cc: 
Subject: Re: kern/102654: panic: sleeping thread
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: John Baldwin <jhb@FreeBSD.org>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Dec 2006 20:00:38 -0000

The following reply was made to PR kern/102654; it has been noted by GNATS.

From: John Baldwin <jhb@FreeBSD.org>
To: Eric van Gyzen <eric@vangyzen.net>
Cc: bug-followup@FreeBSD.org
Subject: Re: kern/102654: panic: sleeping thread
Date: Fri, 29 Dec 2006 12:51:33 -0500

 On Thursday 28 December 2006 09:44, Eric van Gyzen wrote:
 > John Baldwin wrote:
 > > Please get a trace of the bad thread mentioned in the panic message
 > > (pid 72378).  You can do this in kgdb via:
 > > 
 > > (gdb) proc 72378
 > > (gdb) where
 > 
 > (kgdb) where
 > #0  0xc0535347 in sched_switch (td=0xc3989000, newtd=0xc21f9180, flags=1)
 >     at /freebsd/src/sys/kern/sched_4bsd.c:973
 > #1  0xc052a3f6 in mi_switch (flags=1, newtd=0x0)
 >     at /freebsd/src/sys/kern/kern_synch.c:336
 > #2  0xc0542316 in sleepq_switch (wchan=0x0)
 >     at /freebsd/src/sys/kern/subr_sleepqueue.c:445
 > #3  0xc0542406 in sleepq_wait (wchan=0xc39812cc)
 >     at /freebsd/src/sys/kern/subr_sleepqueue.c:525
 > #4  0xc04f98a8 in cv_wait (cvp=0xc39812cc, mp=0xc0704650)
 >     at /freebsd/src/sys/kern/kern_condvar.c:128
 > #5  0xc0529ab0 in _sx_xlock (sx=0xc398129c, file=0x0, line=0)
 >     at /freebsd/src/sys/kern/kern_sx.c:188
 > #6  0xc0608737 in _vm_map_lock_read (map=0x0, file=0x0, line=0)
 >     at /freebsd/src/sys/vm/vm_map.c:380
 > #7  0xc060b77a in vm_map_lookup (var_map=0xcf87eaa0, vaddr=0, 
 >     fault_typea=2 '\002', out_entry=0xcf87eaa4, object=0x0, pindex=0x0, 
 >     out_prot=0x0, wired=0xcf87ea7c) at /freebsd/src/sys/vm/vm_map.c:2997
 > #8  0xc0603df1 in vm_fault (map=0xc3981258, vaddr=0, fault_type=2 '\002', 
 >     fault_flags=8) at /freebsd/src/sys/vm/vm_fault.c:235
 > #9  0xc066a28b in trap_pfault (frame=0xcf87eb64, usermode=0, eva=44)
 >     at /freebsd/src/sys/i386/i386/trap.c:721
 > #10 0xc0669f75 in trap (frame=
 >       {tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = -1077279048, tf_esi = -1013443816, tf_ebp = -813175892, tf_isp = -813175920, tf_ebx = -1049774136, tf_edx = 32, tf_ecx = -1055370736, tf_eax = -1055370692, tf_trapno = 12, tf_err = 2, tf_eip = -1067033356, tf_cs = 32, tf_eflags = 66050, tf_esp = 72037381, tf_ss = -1013443816}) at /freebsd/src/sys/i386/i386/trap.c:434
 > #11 0xc065985a in calltrap () at /freebsd/src/sys/i386/i386/exception.s:139
 > #12 0xc0665cf4 in pmap_remove_entry (pmap=0xc3981318, m=0xc1185210, va=32)
 >     at /freebsd/src/sys/i386/i386/pmap.c:1501
 
 This is the real bug.  The sleeping thread bit is just a secondary panic.  I
 think this might be fixed in 6.2.  You can ask alc@ about it.
 
 > #13 0xc06666b8 in pmap_enter (pmap=0xc3981318, va=672849920, m=0xc1151df0, 
 >     prot=7 '\a', wired=0) at /freebsd/src/sys/i386/i386/pmap.c:1965
 > #14 0xc0605233 in vm_fault (map=0xc3981258, vaddr=672849920, 
 >     fault_type=2 '\002', fault_flags=8) at /freebsd/src/sys/vm/vm_fault.c:904
 > #15 0xc066a28b in trap_pfault (frame=0xcf87ed38, usermode=1, eva=672849928)
 >     at /freebsd/src/sys/i386/i386/trap.c:721
 > #16 0xc0669e63 in trap (frame=
 >       {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 672849928, tf_esi = 672043528, tf_ebp = -1077941352, tf_isp = -813175452, tf_ebx = 671548376, tf_edx = 8, tf_ecx = 671895552, tf_eax = 671442684, tf_trapno = 12, tf_err = 7, tf_eip = 671442684, tf_cs = 51, tf_eflags = 66055, tf_esp = -1077941408, tf_ss = 59})
 >     at /freebsd/src/sys/i386/i386/trap.c:333
 > #17 0xc065985a in calltrap () at /freebsd/src/sys/i386/i386/exception.s:139
 > #18 0x280566fc in ?? ()
 > 
 > (kgdb) f 12
 > #12 0xc0665cf4 in pmap_remove_entry (pmap=0xc3981318, m=0xc1185210, va=32)
 >     at /freebsd/src/sys/i386/i386/pmap.c:1501
 > 1501            TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
 > 
 > (kgdb) p m
 > $1 = 0xc1185210
 > 
 > (kgdb) p m->md
 > $2 = {pv_list_count = 1, pv_list = {tqh_first = 0xc16db7c8, 
 >     tqh_last = 0xc16db7d0}}
 > 
 > (kgdb) p *m->md.pv_list.tqh_last
 > $4 = (struct pv_entry *) 0x20
 > 
 > (kgdb) p pv
 > $10 = 0xc16db7c8
 > 
 > (kgdb) p *pv
 > $11 = {pv_pmap = 0xc3981318, pv_va = 672849920, pv_list = {tqe_next = 0x20, 
 >     tqe_prev = 0xc118523c}, pv_plist = {tqe_next = 0xc1629408, 
 >     tqe_prev = 0xc1526cb8}}
 > 
 > 
 
 -- 
 John Baldwin