From vangyzen@vangyzen.net  Tue Aug 29 18:25:18 2006
Return-Path: <vangyzen@vangyzen.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 49D3A16A4ED
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 29 Aug 2006 18:25:18 +0000 (UTC)
	(envelope-from vangyzen@vangyzen.net)
Received: from smtp.vangyzen.net (static-70-96-250-22.br1.lkv.mn.frontiernet.net [70.96.250.22])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E318443D67
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 29 Aug 2006 18:25:14 +0000 (GMT)
	(envelope-from vangyzen@vangyzen.net)
Received: by smtp.vangyzen.net (Postfix, from userid 1001)
	id E38B26D41E; Tue, 29 Aug 2006 13:25:13 -0500 (CDT)
Message-Id: <20060829182513.E38B26D41E@smtp.vangyzen.net>
Date: Tue, 29 Aug 2006 13:25:13 -0500 (CDT)
From: Eric van Gyzen <eric@vangyzen.net>
Reply-To: Eric van Gyzen <eric@vangyzen.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc: Eric van Gyzen <eric@vangyzen.net>
Subject: panic: sleeping thread
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         102654
>Category:       kern
>Synopsis:       [panic]: sleeping thread
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 29 18:30:16 GMT 2006
>Closed-Date:    Mon Feb 26 05:02:14 GMT 2007
>Last-Modified:  Mon Feb 26 05:02:14 GMT 2007
>Originator:     Eric van Gyzen
>Release:        FreeBSD 6.1-RELEASE-p1 i386
>Organization:
>Environment:

This kernel does NOT have lock debugging options such as WITNESS.

>Description:

Sleeping thread (tid 100242, pid 72378) owns a non-sleepable lock
panic: sleeping thread

(kgdb) info threads
  115 Thread 100242 (PID=72378: pkg_info)  0xc0535347 in sched_switch (
    td=0xc3989000, newtd=0xc21f9180, flags=1)
    at /freebsd/src/sys/kern/sched_4bsd.c:973
[snip]

(kgdb) thread 115
[Switching to thread 115 (Thread 100242)]#0  0xc0535347 in sched_switch (
    td=0xc3989000, newtd=0xc21f9180, flags=1)
    at /freebsd/src/sys/kern/sched_4bsd.c:973
973			cpu_switch(td, newtd);

(kgdb) p *td
$1 = {td_proc = 0xc3982830, td_ksegrp = 0xc38d5c60, td_plist = {
    tqe_next = 0x0, tqe_prev = 0xc3982840}, td_kglist = {tqe_next = 0x0, 
    tqe_prev = 0xc38d5c6c}, td_slpq = {tqe_next = 0x0, tqe_prev = 0xc23dbda0}, 
  td_lockq = {tqe_next = 0x0, tqe_prev = 0xcf930bb0}, td_runq = {
    tqe_next = 0x0, tqe_prev = 0x0}, td_selq = {tqh_first = 0x0, 
    tqh_last = 0xc3989030}, td_sleepqueue = 0x0, td_turnstile = 0xc38ddcc0, 
  td_umtxq = 0xc2505d00, td_tid = 100242, td_flags = 16777216, 
  td_inhibitors = 2, td_pflags = 0, td_dupfd = 0, td_wchan = 0xc39812cc, 
  td_wmesg = 0xc06b4787 "user map", td_lastcpu = 0 '\0', td_oncpu = 255 '', 
  td_owepreempt = 0 '\0', td_locks = 1, td_blocked = 0x0, td_ithd = 0x0, 
  td_lockname = 0x0, td_contested = {lh_first = 0xc21e7900}, 
  td_sleeplocks = 0x0, td_intr_nesting_level = 0, td_pinned = 1, 
  td_mailbox = 0x0, td_ucred = 0xc2d42200, td_standin = 0x0, td_upcall = 0x0, 
  td_sticks = 1, td_uuticks = 0, td_usticks = 0, td_intrval = 0, 
  td_oldsigmask = {__bits = {0, 0, 0, 0}}, td_sigmask = {__bits = {0, 0, 0, 
      0}}, td_siglist = {__bits = {0, 0, 0, 0}}, td_generation = 2, 
  td_sigstk = {ss_sp = 0x0, ss_size = 0, ss_flags = 4}, td_kflags = 0, 
  td_xsig = 0, td_profil_addr = 0, td_profil_ticks = 0, td_base_pri = 196 '', 
  td_priority = 196 '', td_pcb = 0xcf87ed90, td_state = TDS_INHIBITED, 
  td_retval = {673771520, 671577088}, td_slpcallout = {c_links = {sle = {
        sle_next = 0x0}, tqe = {tqe_next = 0x0, tqe_prev = 0xc724e568}}, 
    c_time = -193029909, c_arg = 0xc3989000, 
    c_func = 0xc054279c <sleepq_timeout>, c_mtx = 0x0, c_flags = 18}, 
  td_frame = 0xcf87ed38, td_kstack_obj = 0xc321e6b4, td_kstack = 3481784320, 
  td_kstack_pages = 2, td_altkstack_obj = 0x0, td_altkstack = 0, 
  td_altkstack_pages = 0, td_critnest = 1, td_md = {md_spinlock_count = 1, 
    md_saved_flags = 582}, td_sched = 0xc3989154}

(kgdb) p *td->td_proc
$2 = {p_list = {le_next = 0xc39c5624, le_prev = 0xc0705184}, p_ksegrps = {
    tqh_first = 0xc38d5c60, tqh_last = 0xc38d5c64}, p_threads = {
    tqh_first = 0xc3989000, tqh_last = 0xc3989008}, p_suspended = {
    tqh_first = 0x0, tqh_last = 0xc3982848}, p_ucred = 0xc2d42200, 
  p_fd = 0xc3a30800, p_fdtol = 0x0, p_stats = 0xc37f7800, 
  p_limit = 0xc39f4000, p_sigacts = 0xc25d4000, p_flag = 16384, p_sflag = 1, 
  p_state = PRS_NORMAL, p_pid = 72378, p_hash = {le_next = 0x0, 
    le_prev = 0xc21662e8}, p_pglist = {le_next = 0xc263ec48, 
    le_prev = 0xc39c5674}, p_pptr = 0xc39c5624, p_sibling = {le_next = 0x0, 
    le_prev = 0xc39c5688}, p_children = {lh_first = 0x0}, p_mtx = {
    mtx_object = {lo_class = 0xc06d8484, lo_name = 0xc06a64d2 "process lock", 
      lo_type = 0xc06a64d2 "process lock", lo_flags = 4390912, lo_list = {
        tqe_next = 0x0, tqe_prev = 0x0}, lo_witness = 0x0}, mtx_lock = 4, 
    mtx_recurse = 0}, p_oppid = 0, p_vmspace = 0xc3981258, p_swtime = 0, 
  p_realtimer = {it_interval = {tv_sec = 0, tv_usec = 0}, it_value = {
      tv_sec = 0, tv_usec = 0}}, p_rux = {rux_runtime = {sec = 0, 
      frac = 44322835734215130}, rux_uticks = 0, rux_sticks = 1, 
    rux_iticks = 0, rux_uu = 0, rux_su = 0, rux_iu = 0}, p_crux = {
    rux_runtime = {sec = 0, frac = 0}, rux_uticks = 0, rux_sticks = 0, 
    rux_iticks = 0, rux_uu = 0, rux_su = 0, rux_iu = 0}, p_profthreads = 0, 
  p_maxthrwaits = 0, p_traceflag = 0, p_tracevp = 0x0, p_tracecred = 0x0, 
  p_textvp = 0xc2dbecc0, p_siglist = {__bits = {0, 0, 0, 0}}, 
  p_lock = 2 '\002', p_sigiolst = {slh_first = 0x0}, p_sigparent = 20, 
  p_sig = 0, p_code = 0, p_stops = 0, p_stype = 0, p_step = 0 '\0', 
  p_pfsflags = 0 '\0', p_nlminfo = 0x0, p_aioinfo = 0x0, p_singlethread = 0x0, 
  p_suspcount = 0, p_xthread = 0x0, p_boundary_count = 0, 
  p_procscopegrp = 0x0, p_magic = 3203398350, 
  p_comm = "pkg_info", '\0' <repeats 11 times>, p_pgrp = 0xc23ab780, 
  p_sysent = 0xc06f3f60, p_args = 0xc2a46bc0, 
  p_cpulimit = 9223372036854775807, p_nice = 0 '\0', p_xstat = 0, p_klist = {
    kl_list = {slh_first = 0x0}, kl_lock = 0xc0508678 <knlist_mtx_lock>, 
    kl_unlock = 0xc05086ac <knlist_mtx_unlock>, 
    kl_locked = 0xc05086e8 <knlist_mtx_locked>, kl_lockarg = 0xc3982898}, 
  p_numthreads = 1, p_numksegrps = 1, p_md = {md_ldt = 0x0}, p_itcallout = {
    c_links = {sle = {sle_next = 0x0}, tqe = {tqe_next = 0x0, 
        tqe_prev = 0x0}}, c_time = 0, c_arg = 0x0, c_func = 0, c_mtx = 0x0, 
    c_flags = 16}, p_acflag = 0, p_ru = 0x0, p_peers = 0x0, 
  p_leader = 0xc3982830, p_emuldata = 0x0, p_label = 0x0, p_sched = 0xc3982a3c}

>How-To-Repeat:

I don't know.  It happened during the nightly portaudit run.

I have the kernel.debug, vmcore, and sources if you're interested.

>Fix:

I was hoping /you/ could help with that...
>Release-Note:
>Audit-Trail:

From: Eric van Gyzen <eric@vangyzen.net>
To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-bugs@FreeBSD.org
Cc:  
Subject: Re: kern/102654: panic: sleeping thread
Date: Thu, 14 Dec 2006 09:05:15 -0600

 I just realized I forgot to submit a backtrace:
 
 (kgdb) bt
 #0  doadump () at pcpu.h:165
 #1  0xc0523d45 in boot (howto=260) at /freebsd/src/sys/kern/kern_shutdown.c:402
 #2  0xc052400c in panic (fmt=0xc06a8c28 "sleeping thread")
     at /freebsd/src/sys/kern/kern_shutdown.c:558
 #3  0xc0543e7c in propagate_priority (td=0xc3989000)
     at /freebsd/src/sys/kern/subr_turnstile.c:196
 #4  0xc054465e in turnstile_wait (lock=0xc070db20, owner=0xc3989000)
     at /freebsd/src/sys/kern/subr_turnstile.c:634
 #5  0xc051b2f4 in _mtx_lock_sleep (m=0xc070db20, tid=3256848768, opts=0, 
     file=0x0, line=0) at /freebsd/src/sys/kern/kern_mutex.c:565
 #6  0xc06154ba in vm_pagezero (arg=0x0)
     at /freebsd/src/sys/vm/vm_zeroidle.c:159
 #7  0xc050daa8 in fork_exit (callout=0xc0615464 <vm_pagezero>, arg=0x0, 
     frame=0xcc9b4d38) at /freebsd/src/sys/kern/kern_fork.c:805
 #8  0xc06598bc in fork_trampoline ()
     at /freebsd/src/sys/i386/i386/exception.s:208
 

From: Robert Watson <rwatson@FreeBSD.org>
To: Eric van Gyzen <eric@vangyzen.net>
Cc: FreeBSD-gnats-submit@FreeBSD.org
Subject: Re: kern/102654: panic: sleeping thread
Date: Thu, 21 Dec 2006 20:00:39 +0000 (GMT)

 On Thu, 14 Dec 2006, Eric van Gyzen wrote:
 
 > I just realized I forgot to submit a backtrace:
 >
 > (kgdb) bt
 > #0  doadump () at pcpu.h:165
 > #1  0xc0523d45 in boot (howto=260) at /freebsd/src/sys/kern/kern_shutdown.c:402
 > #2  0xc052400c in panic (fmt=0xc06a8c28 "sleeping thread")
 >    at /freebsd/src/sys/kern/kern_shutdown.c:558
 > #3  0xc0543e7c in propagate_priority (td=0xc3989000)
 >    at /freebsd/src/sys/kern/subr_turnstile.c:196
 > #4  0xc054465e in turnstile_wait (lock=0xc070db20, owner=0xc3989000)
 >    at /freebsd/src/sys/kern/subr_turnstile.c:634
 > #5  0xc051b2f4 in _mtx_lock_sleep (m=0xc070db20, tid=3256848768, opts=0,
 >    file=0x0, line=0) at /freebsd/src/sys/kern/kern_mutex.c:565
 > #6  0xc06154ba in vm_pagezero (arg=0x0)
 >    at /freebsd/src/sys/vm/vm_zeroidle.c:159
 > #7  0xc050daa8 in fork_exit (callout=0xc0615464 <vm_pagezero>, arg=0x0,
 >    frame=0xcc9b4d38) at /freebsd/src/sys/kern/kern_fork.c:805
 > #8  0xc06598bc in fork_trampoline ()
 >    at /freebsd/src/sys/i386/i386/exception.s:208
 
 The attached patch, appropriately munged for the version of FreeBSD you're 
 running, may help.  Or not, I suppose. :-)
 
 Robert N M Watson
 Computer Laboratory
 University of Cambridge
 
 Index: vm_zeroidle.c
 ===================================================================
 RCS file: /home/ncvs/src/sys/vm/vm_zeroidle.c,v
 retrieving revision 1.41
 diff -u -r1.41 vm_zeroidle.c
 --- vm_zeroidle.c	6 Dec 2006 06:34:57 -0000	1.41
 +++ vm_zeroidle.c	21 Dec 2006 19:55:53 -0000
 @@ -155,6 +155,7 @@
   			wakeup_needed = TRUE;
   			msleep(&zero_state, &vm_page_queue_mtx,
   			    PDROP, "pgzero", hz * 300);
 +			vm_page_unlock_queues();
   		}
   	}
   }

From: Robert Watson <rwatson@FreeBSD.org>
To: Eric van Gyzen <eric@vangyzen.net>
Cc: FreeBSD-gnats-submit@FreeBSD.org
Subject: Re: kern/102654: panic: sleeping thread
Date: Thu, 21 Dec 2006 21:02:19 +0000 (GMT)

 On Thu, 21 Dec 2006, Robert Watson wrote:
 
 > The attached patch, appropriately munged for the version of FreeBSD you're
 > running, may help.  Or not, I suppose. :-)
 >
 > Index: vm_zeroidle.c
 > ===================================================================
 > RCS file: /home/ncvs/src/sys/vm/vm_zeroidle.c,v
 > retrieving revision 1.41
 > diff -u -r1.41 vm_zeroidle.c
 > --- vm_zeroidle.c	6 Dec 2006 06:34:57 -0000	1.41
 > +++ vm_zeroidle.c	21 Dec 2006 19:55:53 -0000
 > @@ -155,6 +155,7 @@
 >   			wakeup_needed = TRUE;
 >   			msleep(&zero_state, &vm_page_queue_mtx,
 >   			    PDROP, "pgzero", hz * 300);
 > +			vm_page_unlock_queues();
 >   		}
 >   	}
 >   }
 
 Actually, I have misread the code above, the PDROP flag causes the mutex to be 
 dropped and not picked up again during the sleep, so what I thought the source 
 of the problem is not the problem.  Please do not use this patch :-).
 
 Robert N M Watson
 Computer Laboratory
 University of Cambridge

From: John Baldwin <john@baldwin.cx>
To: bug-followup@freebsd.org, eric@vangyzen.net
Cc:  
Subject: Re: kern/102654: panic: sleeping thread
Date: Thu, 28 Dec 2006 00:56:58 -0500

 Please get a trace of the bad thread mentioned in the panic message
 (pid 72378).  You can do this in kgdb via:
 
 (gdb) proc 72378
 (gdb) where
 
 Note that this bug may already be fixed in 6.2.
 
 -- 
 John Baldwin
State-Changed-From-To: open->feedback 
State-Changed-By: remko 
State-Changed-When: Thu Dec 28 06:32:39 UTC 2006 
State-Changed-Why:  
John requested feedback, make the PR reflect that. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=102654 

From: Eric van Gyzen <eric@vangyzen.net>
To: John Baldwin <john@baldwin.cx>
Cc: bug-followup@freebsd.org, eric@vangyzen.net
Subject: Re: kern/102654: panic: sleeping thread
Date: Thu, 28 Dec 2006 08:44:49 -0600

 John Baldwin wrote:
 > Please get a trace of the bad thread mentioned in the panic message
 > (pid 72378).  You can do this in kgdb via:
 > 
 > (gdb) proc 72378
 > (gdb) where
 
 (kgdb) where
 #0  0xc0535347 in sched_switch (td=0xc3989000, newtd=0xc21f9180, flags=1)
     at /freebsd/src/sys/kern/sched_4bsd.c:973
 #1  0xc052a3f6 in mi_switch (flags=1, newtd=0x0)
     at /freebsd/src/sys/kern/kern_synch.c:336
 #2  0xc0542316 in sleepq_switch (wchan=0x0)
     at /freebsd/src/sys/kern/subr_sleepqueue.c:445
 #3  0xc0542406 in sleepq_wait (wchan=0xc39812cc)
     at /freebsd/src/sys/kern/subr_sleepqueue.c:525
 #4  0xc04f98a8 in cv_wait (cvp=0xc39812cc, mp=0xc0704650)
     at /freebsd/src/sys/kern/kern_condvar.c:128
 #5  0xc0529ab0 in _sx_xlock (sx=0xc398129c, file=0x0, line=0)
     at /freebsd/src/sys/kern/kern_sx.c:188
 #6  0xc0608737 in _vm_map_lock_read (map=0x0, file=0x0, line=0)
     at /freebsd/src/sys/vm/vm_map.c:380
 #7  0xc060b77a in vm_map_lookup (var_map=0xcf87eaa0, vaddr=0, 
     fault_typea=2 '\002', out_entry=0xcf87eaa4, object=0x0, pindex=0x0, 
     out_prot=0x0, wired=0xcf87ea7c) at /freebsd/src/sys/vm/vm_map.c:2997
 #8  0xc0603df1 in vm_fault (map=0xc3981258, vaddr=0, fault_type=2 '\002', 
     fault_flags=8) at /freebsd/src/sys/vm/vm_fault.c:235
 #9  0xc066a28b in trap_pfault (frame=0xcf87eb64, usermode=0, eva=44)
     at /freebsd/src/sys/i386/i386/trap.c:721
 #10 0xc0669f75 in trap (frame=
       {tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = -1077279048, tf_esi = -1013443816, tf_ebp = -813175892, tf_isp = -813175920, tf_ebx = -1049774136, tf_edx = 32, tf_ecx = -1055370736, tf_eax = -1055370692, tf_trapno = 12, tf_err = 2, tf_eip = -1067033356, tf_cs = 32, tf_eflags = 66050, tf_esp = 72037381, tf_ss = -1013443816}) at /freebsd/src/sys/i386/i386/trap.c:434
 #11 0xc065985a in calltrap () at /freebsd/src/sys/i386/i386/exception.s:139
 #12 0xc0665cf4 in pmap_remove_entry (pmap=0xc3981318, m=0xc1185210, va=32)
     at /freebsd/src/sys/i386/i386/pmap.c:1501
 #13 0xc06666b8 in pmap_enter (pmap=0xc3981318, va=672849920, m=0xc1151df0, 
     prot=7 '\a', wired=0) at /freebsd/src/sys/i386/i386/pmap.c:1965
 #14 0xc0605233 in vm_fault (map=0xc3981258, vaddr=672849920, 
     fault_type=2 '\002', fault_flags=8) at /freebsd/src/sys/vm/vm_fault.c:904
 #15 0xc066a28b in trap_pfault (frame=0xcf87ed38, usermode=1, eva=672849928)
     at /freebsd/src/sys/i386/i386/trap.c:721
 #16 0xc0669e63 in trap (frame=
       {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 672849928, tf_esi = 672043528, tf_ebp = -1077941352, tf_isp = -813175452, tf_ebx = 671548376, tf_edx = 8, tf_ecx = 671895552, tf_eax = 671442684, tf_trapno = 12, tf_err = 7, tf_eip = 671442684, tf_cs = 51, tf_eflags = 66055, tf_esp = -1077941408, tf_ss = 59})
     at /freebsd/src/sys/i386/i386/trap.c:333
 #17 0xc065985a in calltrap () at /freebsd/src/sys/i386/i386/exception.s:139
 #18 0x280566fc in ?? ()
 
 (kgdb) f 12
 #12 0xc0665cf4 in pmap_remove_entry (pmap=0xc3981318, m=0xc1185210, va=32)
     at /freebsd/src/sys/i386/i386/pmap.c:1501
 1501            TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
 
 (kgdb) p m
 $1 = 0xc1185210
 
 (kgdb) p m->md
 $2 = {pv_list_count = 1, pv_list = {tqh_first = 0xc16db7c8, 
     tqh_last = 0xc16db7d0}}
 
 (kgdb) p *m->md.pv_list.tqh_last
 $4 = (struct pv_entry *) 0x20
 
 (kgdb) p pv
 $10 = 0xc16db7c8
 
 (kgdb) p *pv
 $11 = {pv_pmap = 0xc3981318, pv_va = 672849920, pv_list = {tqe_next = 0x20, 
     tqe_prev = 0xc118523c}, pv_plist = {tqe_next = 0xc1629408, 
     tqe_prev = 0xc1526cb8}}
State-Changed-From-To: feedback->open 
State-Changed-By: remko 
State-Changed-When: Thu Dec 28 15:21:44 UTC 2006 
State-Changed-Why:  
The requested feedback had been recieved. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=102654 

From: John Baldwin <jhb@FreeBSD.org>
To: Eric van Gyzen <eric@vangyzen.net>
Cc: bug-followup@FreeBSD.org
Subject: Re: kern/102654: panic: sleeping thread
Date: Fri, 29 Dec 2006 12:51:33 -0500

 On Thursday 28 December 2006 09:44, Eric van Gyzen wrote:
 > John Baldwin wrote:
 > > Please get a trace of the bad thread mentioned in the panic message
 > > (pid 72378).  You can do this in kgdb via:
 > > 
 > > (gdb) proc 72378
 > > (gdb) where
 > 
 > (kgdb) where
 > #0  0xc0535347 in sched_switch (td=0xc3989000, newtd=0xc21f9180, flags=1)
 >     at /freebsd/src/sys/kern/sched_4bsd.c:973
 > #1  0xc052a3f6 in mi_switch (flags=1, newtd=0x0)
 >     at /freebsd/src/sys/kern/kern_synch.c:336
 > #2  0xc0542316 in sleepq_switch (wchan=0x0)
 >     at /freebsd/src/sys/kern/subr_sleepqueue.c:445
 > #3  0xc0542406 in sleepq_wait (wchan=0xc39812cc)
 >     at /freebsd/src/sys/kern/subr_sleepqueue.c:525
 > #4  0xc04f98a8 in cv_wait (cvp=0xc39812cc, mp=0xc0704650)
 >     at /freebsd/src/sys/kern/kern_condvar.c:128
 > #5  0xc0529ab0 in _sx_xlock (sx=0xc398129c, file=0x0, line=0)
 >     at /freebsd/src/sys/kern/kern_sx.c:188
 > #6  0xc0608737 in _vm_map_lock_read (map=0x0, file=0x0, line=0)
 >     at /freebsd/src/sys/vm/vm_map.c:380
 > #7  0xc060b77a in vm_map_lookup (var_map=0xcf87eaa0, vaddr=0, 
 >     fault_typea=2 '\002', out_entry=0xcf87eaa4, object=0x0, pindex=0x0, 
 >     out_prot=0x0, wired=0xcf87ea7c) at /freebsd/src/sys/vm/vm_map.c:2997
 > #8  0xc0603df1 in vm_fault (map=0xc3981258, vaddr=0, fault_type=2 '\002', 
 >     fault_flags=8) at /freebsd/src/sys/vm/vm_fault.c:235
 > #9  0xc066a28b in trap_pfault (frame=0xcf87eb64, usermode=0, eva=44)
 >     at /freebsd/src/sys/i386/i386/trap.c:721
 > #10 0xc0669f75 in trap (frame=
 >       {tf_fs = 8, tf_es = 40, tf_ds = 40, tf_edi = -1077279048, tf_esi = -1013443816, tf_ebp = -813175892, tf_isp = -813175920, tf_ebx = -1049774136, tf_edx = 32, tf_ecx = -1055370736, tf_eax = -1055370692, tf_trapno = 12, tf_err = 2, tf_eip = -1067033356, tf_cs = 32, tf_eflags = 66050, tf_esp = 72037381, tf_ss = -1013443816}) at /freebsd/src/sys/i386/i386/trap.c:434
 > #11 0xc065985a in calltrap () at /freebsd/src/sys/i386/i386/exception.s:139
 > #12 0xc0665cf4 in pmap_remove_entry (pmap=0xc3981318, m=0xc1185210, va=32)
 >     at /freebsd/src/sys/i386/i386/pmap.c:1501
 
 This is the real bug.  The sleeping thread bit is just a secondary panic.  I
 think this might be fixed in 6.2.  You can ask alc@ about it.
 
 > #13 0xc06666b8 in pmap_enter (pmap=0xc3981318, va=672849920, m=0xc1151df0, 
 >     prot=7 '\a', wired=0) at /freebsd/src/sys/i386/i386/pmap.c:1965
 > #14 0xc0605233 in vm_fault (map=0xc3981258, vaddr=672849920, 
 >     fault_type=2 '\002', fault_flags=8) at /freebsd/src/sys/vm/vm_fault.c:904
 > #15 0xc066a28b in trap_pfault (frame=0xcf87ed38, usermode=1, eva=672849928)
 >     at /freebsd/src/sys/i386/i386/trap.c:721
 > #16 0xc0669e63 in trap (frame=
 >       {tf_fs = 59, tf_es = 59, tf_ds = 59, tf_edi = 672849928, tf_esi = 672043528, tf_ebp = -1077941352, tf_isp = -813175452, tf_ebx = 671548376, tf_edx = 8, tf_ecx = 671895552, tf_eax = 671442684, tf_trapno = 12, tf_err = 7, tf_eip = 671442684, tf_cs = 51, tf_eflags = 66055, tf_esp = -1077941408, tf_ss = 59})
 >     at /freebsd/src/sys/i386/i386/trap.c:333
 > #17 0xc065985a in calltrap () at /freebsd/src/sys/i386/i386/exception.s:139
 > #18 0x280566fc in ?? ()
 > 
 > (kgdb) f 12
 > #12 0xc0665cf4 in pmap_remove_entry (pmap=0xc3981318, m=0xc1185210, va=32)
 >     at /freebsd/src/sys/i386/i386/pmap.c:1501
 > 1501            TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
 > 
 > (kgdb) p m
 > $1 = 0xc1185210
 > 
 > (kgdb) p m->md
 > $2 = {pv_list_count = 1, pv_list = {tqh_first = 0xc16db7c8, 
 >     tqh_last = 0xc16db7d0}}
 > 
 > (kgdb) p *m->md.pv_list.tqh_last
 > $4 = (struct pv_entry *) 0x20
 > 
 > (kgdb) p pv
 > $10 = 0xc16db7c8
 > 
 > (kgdb) p *pv
 > $11 = {pv_pmap = 0xc3981318, pv_va = 672849920, pv_list = {tqe_next = 0x20, 
 >     tqe_prev = 0xc118523c}, pv_plist = {tqe_next = 0xc1629408, 
 >     tqe_prev = 0xc1526cb8}}
 > 
 > 
 
 -- 
 John Baldwin

From: Eric van Gyzen <eric@vangyzen.net>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/102654: [panic]: sleeping thread
Date: Sun, 25 Feb 2007 16:16:00 -0600

 As far as I'm concerned, you can close this PR.  I have been running 6.2 
 since the release and haven't seen this panic.  (Granted, I saw it only once 
 on 6.1.)
 
 Or you might assign it to alc@ per the suggestion by jhb@.
 
 Eric
State-Changed-From-To: open->closed 
State-Changed-By: linimon 
State-Changed-When: Mon Feb 26 05:01:49 UTC 2007 
State-Changed-Why:  
Submitter notes this is no longer seen on 6.2. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=102654 
>Unformatted:
