From owner-freebsd-current@FreeBSD.ORG Tue Dec 9 11:14:10 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1170616A4CF; Tue, 9 Dec 2003 11:14:10 -0800 (PST) Received: from mx.dsl.isometry.net (cpc3-oxfd2-6-0-cust207.oxfd.cable.ntl.com [81.103.193.207]) by mx1.FreeBSD.org (Postfix) with ESMTP id EBD4243D31; Tue, 9 Dec 2003 11:14:05 -0800 (PST) (envelope-from robin@isometry.net) Received: from isometry.net (ishadow.dsl.isometry.net [195.137.51.150]) by mx.dsl.isometry.net (Postfix) with ESMTP id 3138A1A9; Tue, 9 Dec 2003 19:14:03 +0000 (UTC) Message-ID: <3FD61EF9.8080708@isometry.net> Date: Tue, 09 Dec 2003 19:14:01 +0000 From: Robin Breathe User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4 X-Accept-Language: en-us, en MIME-Version: 1.0 To: John Baldwin References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: current@freebsd.org Subject: Re: Fatal trap 12: page fault while in kernel mode(subr_turnstile.c) w/ trace X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Dec 2003 19:14:10 -0000 John Baldwin wrote: > Oof, you seem to have possibly hit a corrupted thread object. Sounds unpleasant. >>(kgdb) l *0xc0537aa6 >>0xc0537aa6 is in turnstile_wait (/usr/src/sys/kern/subr_turnstile.c:439). >>434 td = curthread; >>435 tc = TC_LOOKUP(lock); >>436 mtx_assert(&tc->tc_lock, MA_OWNED); >>437 MPASS(td->td_turnstile != NULL); >>438 MPASS(owner != NULL); >>439 MPASS(owner->td_proc->p_magic == P_MAGIC); >>440 >>441 /* If the passed in turnstile is NULL, use this thread's >>turnstile. */ >>442 if (ts == NULL) { >>443 ts = td->td_turnstile; >>(kgdb) > > owner is not NULL, but it blew up trying to read owner->td_proc. > Hmm, actually then, I think the owner pointer is bad. There was > a while after one of the KSE commits when people would get panics > with a thread whose td_proc was NULL, but I don't know if that bug > was ever figured out or fixed. For owner to be wrong though, > mtx_lock in the relevant mutex must have been corrupted somehow. I see (partially). Is there anything I can do to help track the culprit, running the command which leads to panic inside gdb? Anything vaguely sensible? It would obviously be a bonus if we could track this bad-boy down before 5.2 gets out the door. - Robin -- Robin Breathe robin@isometry.net +441865741800