Date: Wed, 29 Oct 2003 11:49:35 -0600 From: Dan Nelson <dnelson@allantgroup.com> To: John Baldwin <jhb@FreeBSD.org> Cc: current@FreeBSD.org Subject: Re: page fault in propagate_priority Message-ID: <20031029174935.GG2284@dan.emsphone.com> In-Reply-To: <XFMail.20031029122926.jhb@FreeBSD.org> References: <20031028234825.GB2284@dan.emsphone.com> <XFMail.20031029122926.jhb@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Oct 29), John Baldwin said: > On 28-Oct-2003 Dan Nelson wrote: > > In the last episode (Oct 28), John Baldwin said: > >> On 28-Oct-2003 Dan Nelson wrote: > >> > The fault address is 0x24 so it looks like a null pointer > >> > dereference of some sort. I've added asserts to > >> > propagate_priority any place a pointer to a structure is > >> > dereferenced, so if it happens again I should have the line > >> > number at least. > >> > > >> > panic1 was on an Oct 15 kernel, panic2 was on an Oct 27 kernel. > >> > >> It might help some if you could use gdb -k on your kernel.debug > >> and do 'l *propagate_priority+0x66' to see where it is dying. > > > > Yes, definitely :) > > > > (gdb) l *propagate_priority+0x66 > > 0xc0575b36 is in propagate_priority (../../../kern/kern_mutex.c:178). > > 171 m = td->td_blocked; > > 172 MPASS(m != NULL); > > 173 > > 174 /* > > 175 * Check if the thread needs to be moved up on > > 176 * the blocked chain > > 177 */ > > 178 if (td == TAILQ_FIRST(&m->mtx_blocked)) { > > 179 continue; > > 180 } > > 181 > > 182 td1 = TAILQ_PREV(td, threadqueue, td_lockq); > > > > So I guess m was NULL here. If I had INVARIANTS enabled, it would have > > paniced at line 172. Time to re-enable those kernel debug options :) > > Well, mtx_blocked might be null. You don't happen to have ADAPTIVE_MUTEXES > on do you? Nope, don't have that set. I still think m was null, since the fault was at 0x24, and gdb says that mtx_blocked is 24 bytes into struct mtx. If mtx_blocked were null, you'd get a fault on 0x0 (since tqh_first is the first element of mtx_blocked): (gdb) p &((struct mtx *)0)->mtx_blocked $1 = (struct {...} *) 0x24 -- Dan Nelson dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031029174935.GG2284>